aops-apollo/0006-fix-upload-file.patch

From 2dbc352d9870049fa0f9226e015e5909007355fe Mon Sep 17 00:00:00 2001
From: rearcher <123781007@qq.com>
Date: Mon, 2 Dec 2024 19:48:20 +0800
Subject: [PATCH] fix upload filed error, optimize the generated rollback task
 information

---
 apollo/database/proxy/task/cve_rollback.py |  4 +-
 apollo/handler/cve_handler/view.py         | 45 +++++++++++++++++-----
 2 files changed, 38 insertions(+), 11 deletions(-)

diff --git a/apollo/database/proxy/task/cve_rollback.py b/apollo/database/proxy/task/cve_rollback.py
index 0525602..2e761c9 100644
--- a/apollo/database/proxy/task/cve_rollback.py
+++ b/apollo/database/proxy/task/cve_rollback.py
@@ -117,8 +117,8 @@ class CveRollbackTaskProxy(TaskProxy):
         host_num = cve_fix_task_info.host_num
 
         if lang.startswith("en"):
-            task_name = "ROLLBACK_TASK: %s" % fix_task_name
-            description = "ORIGIN_TASK_DESCRIPTION: %s" % fix_task_description
+            task_name = "Rollback task: %s" % fix_task_name
+            description = "Origin task description: %s" % fix_task_description
         else:
             task_name = "回滚: %s" % fix_task_name
             description = "原CVE修复任务描述: %s" % fix_task_description
diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py
index 200cc0d..25c5d7c 100644
--- a/apollo/handler/cve_handler/view.py
+++ b/apollo/handler/cve_handler/view.py
@@ -20,10 +20,12 @@ import glob
 import os
 import shutil
 import time
+import uuid
 from collections import defaultdict
 from typing import List, Optional
 
-from flask import g
+from flask import g, request
+from werkzeug.utils import secure_filename
 from vulcanus.database.helper import judge_return_code
 from vulcanus.log.log import LOGGER
 from vulcanus.restful.resp.state import (
@@ -430,7 +432,36 @@ class VulGetCveTaskHost(BaseResponse):
         return self.response(code=status_code, data=result)
 
 
-class VulUploadAdvisory(BaseResponse):
+class FileUpload:
+    @classmethod
+    def _upload_file(cls, save_path, file_key="file"):
+        """
+        upload file to save_path
+        Args:
+            save_path (str): path the file to be saved
+            file_key (str): body key for the file
+
+        Returns:
+            int: verify status code
+            str: file_path
+            str: file_name
+        """
+
+        file_name = ""
+        file = request.files.get(file_key)
+        if file is None or not file.filename:
+            return PARAM_ERROR, "", file_name
+        username = g.username
+        filename = secure_filename(file.filename)
+        file_name = str(uuid.uuid4()) + "." + filename.rsplit('.', 1)[-1]
+        if not os.path.exists(os.path.join(save_path, username)):
+            os.makedirs(os.path.join(save_path, username))
+        file_path = os.path.join(save_path, username, file_name)
+        file.save(file_path)
+        return SUCCEED, file_path, file_name
+
+
+class VulUploadAdvisory(BaseResponse, FileUpload):
     """
     Restful interface for importing security advisory xml (compressed files or single file)
     """
@@ -442,13 +473,11 @@ class VulUploadAdvisory(BaseResponse):
             int: status code
         """
         save_path = FILE_UPLOAD_PATH
-        status, username, file_name = self.verify_upload_request(save_path)
+        status, file_path, file_name = self._upload_file(save_path)
 
         if status != SUCCEED:
             return status
 
-        file_path = os.path.join(save_path, username, file_name)
-
         suffix = file_name.split('.')[-1]
         if suffix == "xml":
             status_code = self._save_single_advisory(proxy, file_path)
@@ -548,7 +577,7 @@ class VulUploadAdvisory(BaseResponse):
         return self.response(code=self._handle(callback))
 
 
-class VulUploadUnaffected(BaseResponse):
+class VulUploadUnaffected(BaseResponse, FileUpload):
     """
     Restful interface for importing unaffected cve xml (compressed files or single file)
     """
@@ -560,13 +589,11 @@ class VulUploadUnaffected(BaseResponse):
             int: status code
         """
         save_path = FILE_UPLOAD_PATH
-        status, username, file_name = self.verify_upload_request(save_path)
+        status, file_path, file_name = self._upload_file(save_path)
 
         if status != SUCCEED:
             return status
 
-        file_path = os.path.join(save_path, username, file_name)
-
         suffix = file_name.split('.')[-1]
         if suffix == "xml":
             status_code = self._save_unaffected_cve(proxy, file_path)
-- 
Gitee
fix upload sa failed 2024-12-03 10:43:29 +08:00			`From 2dbc352d9870049fa0f9226e015e5909007355fe Mon Sep 17 00:00:00 2001`
			`From: rearcher <123781007@qq.com>`
			`Date: Mon, 2 Dec 2024 19:48:20 +0800`
			`Subject: [PATCH] fix upload filed error, optimize the generated rollback task`
			`information`

			`---`
			`apollo/database/proxy/task/cve_rollback.py \| 4 +-`
			`apollo/handler/cve_handler/view.py \| 45 +++++++++++++++++-----`
			`2 files changed, 38 insertions(+), 11 deletions(-)`

			`diff --git a/apollo/database/proxy/task/cve_rollback.py b/apollo/database/proxy/task/cve_rollback.py`
			`index 0525602..2e761c9 100644`
			`--- a/apollo/database/proxy/task/cve_rollback.py`
			`+++ b/apollo/database/proxy/task/cve_rollback.py`
			`@@ -117,8 +117,8 @@ class CveRollbackTaskProxy(TaskProxy):`
			`host_num = cve_fix_task_info.host_num`

			`if lang.startswith("en"):`
			`- task_name = "ROLLBACK_TASK: %s" % fix_task_name`
			`- description = "ORIGIN_TASK_DESCRIPTION: %s" % fix_task_description`
			`+ task_name = "Rollback task: %s" % fix_task_name`
			`+ description = "Origin task description: %s" % fix_task_description`
			`else:`
			`task_name = "回滚: %s" % fix_task_name`
			`description = "原CVE修复任务描述: %s" % fix_task_description`
			`diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py`
			`index 200cc0d..25c5d7c 100644`
			`--- a/apollo/handler/cve_handler/view.py`
			`+++ b/apollo/handler/cve_handler/view.py`
			`@@ -20,10 +20,12 @@ import glob`
			`import os`
			`import shutil`
			`import time`
			`+import uuid`
			`from collections import defaultdict`
			`from typing import List, Optional`

			`-from flask import g`
			`+from flask import g, request`
			`+from werkzeug.utils import secure_filename`
			`from vulcanus.database.helper import judge_return_code`
			`from vulcanus.log.log import LOGGER`
			`from vulcanus.restful.resp.state import (`
			`@@ -430,7 +432,36 @@ class VulGetCveTaskHost(BaseResponse):`
			`return self.response(code=status_code, data=result)`


			`-class VulUploadAdvisory(BaseResponse):`
			`+class FileUpload:`
			`+ @classmethod`
			`+ def _upload_file(cls, save_path, file_key="file"):`
			`+ """`
			`+ upload file to save_path`
			`+ Args:`
			`+ save_path (str): path the file to be saved`
			`+ file_key (str): body key for the file`
			`+`
			`+ Returns:`
			`+ int: verify status code`
			`+ str: file_path`
			`+ str: file_name`
			`+ """`
			`+`
			`+ file_name = ""`
			`+ file = request.files.get(file_key)`
			`+ if file is None or not file.filename:`
			`+ return PARAM_ERROR, "", file_name`
			`+ username = g.username`
			`+ filename = secure_filename(file.filename)`
			`+ file_name = str(uuid.uuid4()) + "." + filename.rsplit('.', 1)[-1]`
			`+ if not os.path.exists(os.path.join(save_path, username)):`
			`+ os.makedirs(os.path.join(save_path, username))`
			`+ file_path = os.path.join(save_path, username, file_name)`
			`+ file.save(file_path)`
			`+ return SUCCEED, file_path, file_name`
			`+`
			`+`
			`+class VulUploadAdvisory(BaseResponse, FileUpload):`
			`"""`
			`Restful interface for importing security advisory xml (compressed files or single file)`
			`"""`
			`@@ -442,13 +473,11 @@ class VulUploadAdvisory(BaseResponse):`
			`int: status code`
			`"""`
			`save_path = FILE_UPLOAD_PATH`
			`- status, username, file_name = self.verify_upload_request(save_path)`
			`+ status, file_path, file_name = self._upload_file(save_path)`

			`if status != SUCCEED:`
			`return status`

			`- file_path = os.path.join(save_path, username, file_name)`
			`-`
			`suffix = file_name.split('.')[-1]`
			`if suffix == "xml":`
			`status_code = self._save_single_advisory(proxy, file_path)`
			`@@ -548,7 +577,7 @@ class VulUploadAdvisory(BaseResponse):`
			`return self.response(code=self._handle(callback))`


			`-class VulUploadUnaffected(BaseResponse):`
			`+class VulUploadUnaffected(BaseResponse, FileUpload):`
			`"""`
			`Restful interface for importing unaffected cve xml (compressed files or single file)`
			`"""`
			`@@ -560,13 +589,11 @@ class VulUploadUnaffected(BaseResponse):`
			`int: status code`
			`"""`
			`save_path = FILE_UPLOAD_PATH`
			`- status, username, file_name = self.verify_upload_request(save_path)`
			`+ status, file_path, file_name = self._upload_file(save_path)`

			`if status != SUCCEED:`
			`return status`

			`- file_path = os.path.join(save_path, username, file_name)`
			`-`
			`suffix = file_name.split('.')[-1]`
			`if suffix == "xml":`
			`status_code = self._save_unaffected_cve(proxy, file_path)`
			`--`
			`Gitee`