From 25e79499a5c578579c1112bfcbdfb7137748fa84 Mon Sep 17 00:00:00 2001 From: rabbitali Date: Fri, 19 Jul 2024 10:28:52 +0800 Subject: [PATCH 1/1] fix security advisory parsing error --- apollo/cron/download_advisory.py | 6 ++++-- apollo/handler/cve_handler/view.py | 16 ++++++++-------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/apollo/cron/download_advisory.py b/apollo/cron/download_advisory.py index 6ba2f01..5bec2a8 100644 --- a/apollo/cron/download_advisory.py +++ b/apollo/cron/download_advisory.py @@ -115,14 +115,16 @@ class DownloadSATask: file_path = os.path.join(advisory_dir, file_name) advisory_year, advisory_serial_number = re.findall("\d+", file_name) try: - cve_rows, cve_pkg_rows, cve_pkg_docs, _, _ = parse_security_advisory(file_path) + security_cvrf_info = parse_security_advisory(file_path) + security_cvrf_info.sa_year = None + security_cvrf_info.sa_number = None except (KeyError, ParseAdvisoryError) as error: LOGGER.error(error) LOGGER.error("Some error occurred when parse advisory '%s'." % file_name) self._record_download_result(advisory_year, advisory_serial_number, False) continue - save_status_code = proxy.save_security_advisory(file_name, cve_rows, cve_pkg_rows, cve_pkg_docs) + save_status_code = proxy.save_security_advisory(file_name, security_cvrf_info) status = True if save_status_code == SUCCEED else False self._record_download_result(advisory_year, advisory_serial_number, status) diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py index 58d3bb1..200cc0d 100644 --- a/apollo/handler/cve_handler/view.py +++ b/apollo/handler/cve_handler/view.py @@ -466,9 +466,9 @@ class VulUploadAdvisory(BaseResponse): def _save_single_advisory(proxy, file_path): file_name = os.path.basename(file_path) try: - cve_rows, cve_pkg_rows, cve_pkg_docs, sa_year, sa_number = parse_security_advisory(file_path) + security_cvrf_info = parse_security_advisory(file_path) os.remove(file_path) - if not all([cve_rows, cve_pkg_rows, cve_pkg_docs]): + if not all([security_cvrf_info.cve_rows, security_cvrf_info.cve_pkg_rows, security_cvrf_info.cve_pkg_docs]): return WRONG_FILE_FORMAT except (KeyError, ParseAdvisoryError) as error: os.remove(file_path) @@ -476,7 +476,7 @@ class VulUploadAdvisory(BaseResponse): LOGGER.error(error) return WRONG_FILE_FORMAT - status_code = proxy.save_security_advisory(file_name, cve_rows, cve_pkg_rows, cve_pkg_docs, sa_year, sa_number) + status_code = proxy.save_security_advisory(file_name, security_cvrf_info) return status_code @@ -504,8 +504,10 @@ class VulUploadAdvisory(BaseResponse): shutil.rmtree(folder_path) return WRONG_FILE_FORMAT try: - cve_rows, cve_pkg_rows, cve_pkg_docs, sa_year, sa_number = parse_security_advisory(file_path) - if not all([cve_rows, cve_pkg_rows, cve_pkg_docs]): + security_cvrf_info = parse_security_advisory(file_path) + if not all( + [security_cvrf_info.cve_rows, security_cvrf_info.cve_pkg_rows, security_cvrf_info.cve_pkg_docs] + ): shutil.rmtree(folder_path) return WRONG_FILE_FORMAT except (KeyError, ParseAdvisoryError) as error: @@ -519,9 +521,7 @@ class VulUploadAdvisory(BaseResponse): LOGGER.error(error) continue # elasticsearch need 1 second to update doc - status_code = proxy.save_security_advisory( - file_name, cve_rows, cve_pkg_rows, cve_pkg_docs, sa_year, sa_number - ) + status_code = proxy.save_security_advisory(file_name, security_cvrf_info) if status_code != SUCCEED: fail_list.append(file_name) else: -- 2.33.0