diff --git a/0001-avoid-500-errors-by-uwsgi.patch b/0001-avoid-500-errors-by-uwsgi.patch deleted file mode 100644 index 892e343..0000000 --- a/0001-avoid-500-errors-by-uwsgi.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 53fa9132c94060f0f9a0285dd813af7805b28718 Mon Sep 17 00:00:00 2001 -From: gongzt -Date: Mon, 5 Dec 2022 21:57:29 +0800 -Subject: [PATCH] Avoid the occasional 500 or query error when the api service is started through uwsgi -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - ---- - aops-apollo.service | 3 +-- - apollo/manage.py | 23 +++++++++++++---------- - setup.py | 5 ++++- - 3 files changed, 18 insertions(+), 13 deletions(-) - -diff --git a/aops-apollo.service b/aops-apollo.service -index 45ab741..1b7dd6f 100644 ---- a/aops-apollo.service -+++ b/aops-apollo.service -@@ -4,8 +4,7 @@ After=network.target - - [Service] - Type=exec --ExecStart=/usr/bin/aops-apollo start --ExecStop=/usr/bin/aops-apollo stop -+ExecStart=/usr/bin/aops-apollo - Restart=on-failure - RestartSec=1 - RemainAfterExit=yes -diff --git a/apollo/manage.py b/apollo/manage.py -index a63f6a0..a367b27 100644 ---- a/apollo/manage.py -+++ b/apollo/manage.py -@@ -16,12 +16,12 @@ Author: - Description: Manager that start aops-manager - """ - from flask import Flask --from flask_apscheduler import APScheduler -+# from flask_apscheduler import APScheduler - import sqlalchemy - - from apollo.conf import configuration - from apollo import BLUE_POINT --from apollo.handler.task_handler.manager.scan_manager import TimedScanManager -+# from apollo.handler.task_handler.manager.scan_manager import TimedScanManager - from apollo.database import ENGINE - from apollo.database.table import create_vul_tables - from apollo.database.mapping import MAPPINGS -@@ -75,22 +75,25 @@ def init_app(): - app = Flask('apollo') - # limit max upload document size - app.config["MAX_CONTENT_LENGTH"] = 16 * 1024 * 1024 -- apscheduler = APScheduler() -- apscheduler.init_app(app) -- apscheduler.start() -+ # apscheduler = APScheduler() -+ # apscheduler.init_app(app) -+ # apscheduler.start() - - for blue, api in BLUE_POINT: - api.init_app(app) - app.register_blueprint(blue) - -- TimedScanManager.add_timed_task(app) -+ # TimedScanManager.add_timed_task(app) - return app - - --init_database() --app = init_app() -- --if __name__ == "__main__": -+def main(): -+ init_database() -+ app = init_app() - ip = configuration.apollo.get('IP') - port = configuration.apollo.get('PORT') - app.run(host=ip, port=port) -+ -+ -+if __name__ == "__main__": -+ main() -diff --git a/setup.py b/setup.py -index 55d6406..83f2e2d 100644 ---- a/setup.py -+++ b/setup.py -@@ -33,6 +33,9 @@ setup( - ('/etc/aops', ['conf/apollo.ini']), - ('/usr/lib/systemd/system', ['aops-apollo.service']) - ], -- scripts=['aops-apollo'], -+ # scripts=['aops-apollo'], -+ entry_points={ -+ "console_scripts": ['aops-apollo=apollo.manage:main'] -+ }, - zip_safe=False - ) --- -Gitee diff --git a/aops-apollo-v1.1.1.tar.gz b/aops-apollo-v1.1.1.tar.gz deleted file mode 100644 index c12942e..0000000 Binary files a/aops-apollo-v1.1.1.tar.gz and /dev/null differ diff --git a/aops-apollo-v1.1.2.tar.gz b/aops-apollo-v1.1.2.tar.gz new file mode 100644 index 0000000..bb86846 Binary files /dev/null and b/aops-apollo-v1.1.2.tar.gz differ diff --git a/aops-apollo.spec b/aops-apollo.spec index d188712..b430b84 100644 --- a/aops-apollo.spec +++ b/aops-apollo.spec @@ -1,14 +1,10 @@ Name: aops-apollo -Version: v1.1.1 -Release: 3 +Version: v1.1.2 +Release: 1 Summary: Cve management service, monitor machine vulnerabilities and provide fix functions. License: MulanPSL2 URL: https://gitee.com/openeuler/%{name} Source0: %{name}-%{version}.tar.gz -Patch0001: cveinfo_api_add_host_id_not_exists_tip.patch -Patch0002: param_length_validate.patch -Patch0003: fix_host_repo_filter_query_failed.patch -Patch0004: 0001-avoid-500-errors-by-uwsgi.patch BuildRequires: python3-setuptools @@ -24,7 +20,7 @@ Cve management service, monitor machine vulnerabilities and provide fix function %prep -%autosetup -n %{name}-%{version} -p1 +%autosetup -n %{name}-%{version} # build for aops-apollo %py3_build @@ -44,6 +40,9 @@ Cve management service, monitor machine vulnerabilities and provide fix function %changelog +* Wed Dec 07 2022 wenxin - v1.1.2-1 +- modify status code for upload security advisories;fix cve query error + * Mon Dec 05 2022 gongzhengtang - v1.1.1-3 - Avoid the occasional 500 or query error when the api - service is started through uwsgi diff --git a/cveinfo_api_add_host_id_not_exists_tip.patch b/cveinfo_api_add_host_id_not_exists_tip.patch deleted file mode 100644 index e208657..0000000 --- a/cveinfo_api_add_host_id_not_exists_tip.patch +++ /dev/null @@ -1,131 +0,0 @@ -From c2e08fd35d24f855347e1cc12acbd814051f64f3 Mon Sep 17 00:00:00 2001 -From: young <954906362@qq.com> -Date: Fri, 2 Dec 2022 11:47:11 +0800 -Subject: [PATCH 1/2] 导出cve信息接口添加host id不存在的提示 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - ---- - apollo/conf/constant.py | 1 + - apollo/database/proxy/cve.py | 1 + - apollo/handler/cve_handler/view.py | 15 +++++++++------ - apollo/handler/task_handler/callback/cve_scan.py | 4 ++-- - 4 files changed, 13 insertions(+), 8 deletions(-) - -diff --git a/apollo/conf/constant.py b/apollo/conf/constant.py -index 95e4181..4fc8a62 100644 ---- a/apollo/conf/constant.py -+++ b/apollo/conf/constant.py -@@ -120,5 +120,6 @@ ES_TEST_FLAG = False - - REPO_FILE = "/etc/yum.repos.d/aops-update.repo" - FILE_NUMBER = 1 -+NO_FILE = 0 - FILE_UPLOAD_PATH = "/opt/aops/cve/upload" - CSV_SAVED_PATH = "/opt/aops/cve/saved" -diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py -index c2291a4..38021d3 100644 ---- a/apollo/database/proxy/cve.py -+++ b/apollo/database/proxy/cve.py -@@ -1275,4 +1275,5 @@ class CveProxy(CveMysqlProxy, CveEsProxy): - if host_info_query: - host_info = host_info_query[0] - return host_info.host_name, cve_list -+ LOGGER.error(f"{host_id} not found in database") - return "", cve_query -diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py -index 4a7466e..d9409a7 100644 ---- a/apollo/handler/cve_handler/view.py -+++ b/apollo/handler/cve_handler/view.py -@@ -22,7 +22,7 @@ import shutil - from flask import jsonify - - from apollo.conf import configuration --from apollo.conf.constant import FILE_UPLOAD_PATH, CSV_SAVED_PATH, FILE_NUMBER -+from apollo.conf.constant import FILE_UPLOAD_PATH, CSV_SAVED_PATH, FILE_NUMBER, NO_FILE - from apollo.database import SESSION - from apollo.database.proxy.cve import CveProxy, CveMysqlProxy - from apollo.function.customize_exception import ParseAdvisoryError -@@ -452,11 +452,14 @@ class VulExportExcel(BaseResponse): - - for host_id in host_id_list: - host_name, cve_info_list = proxy.query_host_name_and_related_cves(host_id, username) -- -- self.filename = f"{host_name}.csv" -- csv_head = ["cve_id", "status"] -- export_csv(cve_info_list, os.path.join( -- self.filepath, self.filename), csv_head) -+ if host_name: -+ self.filename = f"{host_name}.csv" -+ csv_head = ["cve_id", "status"] -+ export_csv(cve_info_list, os.path.join( -+ self.filepath, self.filename), csv_head) -+ -+ if len(os.listdir(self.filepath)) == NO_FILE: -+ return NO_DATA - if len(os.listdir(self.filepath)) > FILE_NUMBER: - zip_filename, zip_save_path = compress_cve(self.filepath, "host.zip") - if zip_filename and zip_save_path: -diff --git a/apollo/handler/task_handler/callback/cve_scan.py b/apollo/handler/task_handler/callback/cve_scan.py -index 817e4e4..1416ed0 100644 ---- a/apollo/handler/task_handler/callback/cve_scan.py -+++ b/apollo/handler/task_handler/callback/cve_scan.py -@@ -32,11 +32,11 @@ class CveScanCallback(TaskCallback): - task_id: task id, - task_info: task info, e.g.: - { -- status:0, -+ "status":0, - "host_id":"127.0.0.1", - "installed_packages":["string"], - "os_version":"string", -- "cves:["string"] -+ "cves":["string"] - } - - Returns: --- -Gitee - - -From f831f7f4e6562df58905211a8a608162a2e5953f Mon Sep 17 00:00:00 2001 -From: young <954906362@qq.com> -Date: Fri, 2 Dec 2022 15:21:56 +0800 -Subject: [PATCH 2/2] 去掉不必要的常量 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - ---- - apollo/conf/constant.py | 1 - - apollo/handler/cve_handler/view.py | 2 +- - 2 files changed, 1 insertion(+), 2 deletions(-) - -diff --git a/apollo/conf/constant.py b/apollo/conf/constant.py -index 4fc8a62..95e4181 100644 ---- a/apollo/conf/constant.py -+++ b/apollo/conf/constant.py -@@ -120,6 +120,5 @@ ES_TEST_FLAG = False - - REPO_FILE = "/etc/yum.repos.d/aops-update.repo" - FILE_NUMBER = 1 --NO_FILE = 0 - FILE_UPLOAD_PATH = "/opt/aops/cve/upload" - CSV_SAVED_PATH = "/opt/aops/cve/saved" -diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py -index d9409a7..f10be78 100644 ---- a/apollo/handler/cve_handler/view.py -+++ b/apollo/handler/cve_handler/view.py -@@ -458,7 +458,7 @@ class VulExportExcel(BaseResponse): - export_csv(cve_info_list, os.path.join( - self.filepath, self.filename), csv_head) - -- if len(os.listdir(self.filepath)) == NO_FILE: -+ if len(os.listdir(self.filepath)) == 0: - return NO_DATA - if len(os.listdir(self.filepath)) > FILE_NUMBER: - zip_filename, zip_save_path = compress_cve(self.filepath, "host.zip") --- -Gitee - diff --git a/fix_host_repo_filter_query_failed.patch b/fix_host_repo_filter_query_failed.patch deleted file mode 100644 index ced64f6..0000000 --- a/fix_host_repo_filter_query_failed.patch +++ /dev/null @@ -1,56 +0,0 @@ -From cf87cb8c7eb076049fc335db8e4edce0a5f09e74 Mon Sep 17 00:00:00 2001 -From: gongzt -Date: Fri, 2 Dec 2022 17:29:49 +0800 -Subject: [PATCH] 修复主机列表查询时选择未设置repo查询无数据 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - ---- - apollo/database/proxy/host.py | 9 +++++++-- - apollo/handler/cve_handler/view.py | 2 +- - 2 files changed, 8 insertions(+), 3 deletions(-) - -diff --git a/apollo/database/proxy/host.py b/apollo/database/proxy/host.py -index 5510125..7fd793a 100644 ---- a/apollo/database/proxy/host.py -+++ b/apollo/database/proxy/host.py -@@ -16,7 +16,7 @@ Author: - Description: Host table operation - """ - from sqlalchemy.exc import SQLAlchemyError --from sqlalchemy import func, case -+from sqlalchemy import func, case, or_ - - from vulcanus.log.log import LOGGER - from vulcanus.restful.status import NO_DATA, DATABASE_QUERY_ERROR, SUCCEED -@@ -202,7 +202,12 @@ class HostMysqlProxy(MysqlProxy): - if filter_dict.get("host_group"): - filters.add(Host.host_group_name.in_(filter_dict["host_group"])) - if filter_dict.get("repo"): -- filters.add(Host.repo_name.in_(filter_dict["repo"])) -+ repos = [repo if repo else None for repo in filter_dict["repo"]] -+ if None in repos: -+ filters.add(or_(Host.repo_name.is_(None), -+ Host.repo_name.in_(repos))) -+ else: -+ filters.add(Host.repo_name.in_(repos)) - - return filters - -diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py -index f10be78..7524b10 100644 ---- a/apollo/handler/cve_handler/view.py -+++ b/apollo/handler/cve_handler/view.py -@@ -22,7 +22,7 @@ import shutil - from flask import jsonify - - from apollo.conf import configuration --from apollo.conf.constant import FILE_UPLOAD_PATH, CSV_SAVED_PATH, FILE_NUMBER, NO_FILE -+from apollo.conf.constant import FILE_UPLOAD_PATH, CSV_SAVED_PATH, FILE_NUMBER - from apollo.database import SESSION - from apollo.database.proxy.cve import CveProxy, CveMysqlProxy - from apollo.function.customize_exception import ParseAdvisoryError --- -Gitee - diff --git a/param_length_validate.patch b/param_length_validate.patch deleted file mode 100644 index 3848089..0000000 --- a/param_length_validate.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 3a85482819891c6cdfa1d47be372640c0c67620c Mon Sep 17 00:00:00 2001 -From: gongzt -Date: Thu, 1 Dec 2022 23:06:53 +0800 -Subject: [PATCH] 更改参数有效性校验长度判断错误 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - ---- - apollo/function/schema/task.py | 9 ++++++--- - apollo/handler/task_handler/view.py | 5 ----- - 2 files changed, 6 insertions(+), 8 deletions(-) - -diff --git a/apollo/function/schema/task.py b/apollo/function/schema/task.py -index e19c3ed..59f72db 100644 ---- a/apollo/function/schema/task.py -+++ b/apollo/function/schema/task.py -@@ -151,9 +151,12 @@ class GenerateRepoTaskSchema(Schema): - """ - validators for parameter of /vulnerability/task/repo/generate - """ -- task_name = fields.String(required=True, validate=lambda s: 0 < s <= 20) -- description = fields.String(required=True, validate=lambda s: 0 < s <= 50) -- repo_name = fields.String(required=True, validate=lambda s: 0 < s <= 20) -+ task_name = fields.String( -+ required=True, validate=lambda s: 0 < len(s) <= 20) -+ description = fields.String( -+ required=True, validate=lambda s: 0 < len(s) <= 50) -+ repo_name = fields.String( -+ required=True, validate=lambda s: 0 < len(s) <= 20) - info = fields.List(fields.Nested(CveHostInfoDictSchema), required=True, - validate=lambda s: len(s) > 0) - -diff --git a/apollo/handler/task_handler/view.py b/apollo/handler/task_handler/view.py -index cfd0d9b..318f693 100644 ---- a/apollo/handler/task_handler/view.py -+++ b/apollo/handler/task_handler/view.py -@@ -102,10 +102,6 @@ class VulScanHost(BaseResponse): - """ - access_token = request.headers.get('access_token') - # connect to database -- task_proxy = TaskProxy(configuration) -- if not task_proxy.connect(SESSION): -- return DATABASE_CONNECT_ERROR -- - proxy = TaskMysqlProxy() - if not proxy.connect(SESSION): - LOGGER.error("Connect to database fail, return.") -@@ -116,7 +112,6 @@ class VulScanHost(BaseResponse): - host_list = args['host_list'] - host_info = proxy.get_scan_host_info(username, host_list) - if not self._verify_param(host_list, host_info): -- proxy.close() - LOGGER.error( - "There are some host in %s that can not be scanned.", host_list) - return PARAM_ERROR --- -Gitee -