aops-apollo/0006-fix-upload-file.patch

From 2dbc352d9870049fa0f9226e015e5909007355fe Mon Sep 17 00:00:00 2001
From: rearcher <123781007@qq.com>
Date: Mon, 2 Dec 2024 19:48:20 +0800
Subject: [PATCH] fix upload filed error, optimize the generated rollback task
 information

---
 apollo/database/proxy/task/cve_rollback.py |  4 +-
 apollo/handler/cve_handler/view.py         | 45 +++++++++++++++++-----
 2 files changed, 38 insertions(+), 11 deletions(-)

diff --git a/apollo/database/proxy/task/cve_rollback.py b/apollo/database/proxy/task/cve_rollback.py
index 0525602..2e761c9 100644
--- a/apollo/database/proxy/task/cve_rollback.py
+++ b/apollo/database/proxy/task/cve_rollback.py
@@ -117,8 +117,8 @@ class CveRollbackTaskProxy(TaskProxy):
         host_num = cve_fix_task_info.host_num
 
         if lang.startswith("en"):
-            task_name = "ROLLBACK_TASK: %s" % fix_task_name
-            description = "ORIGIN_TASK_DESCRIPTION: %s" % fix_task_description
+            task_name = "Rollback task: %s" % fix_task_name
+            description = "Origin task description: %s" % fix_task_description
         else:
             task_name = "回滚: %s" % fix_task_name
             description = "原CVE修复任务描述: %s" % fix_task_description
diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py
index 200cc0d..25c5d7c 100644
--- a/apollo/handler/cve_handler/view.py
+++ b/apollo/handler/cve_handler/view.py
@@ -20,10 +20,12 @@ import glob
 import os
 import shutil
 import time
+import uuid
 from collections import defaultdict
 from typing import List, Optional
 
-from flask import g
+from flask import g, request
+from werkzeug.utils import secure_filename
 from vulcanus.database.helper import judge_return_code
 from vulcanus.log.log import LOGGER
 from vulcanus.restful.resp.state import (
@@ -430,7 +432,36 @@ class VulGetCveTaskHost(BaseResponse):
         return self.response(code=status_code, data=result)
 
 
-class VulUploadAdvisory(BaseResponse):
+class FileUpload:
+    @classmethod
+    def _upload_file(cls, save_path, file_key="file"):
+        """
+        upload file to save_path
+        Args:
+            save_path (str): path the file to be saved
+            file_key (str): body key for the file
+
+        Returns:
+            int: verify status code
+            str: file_path
+            str: file_name
+        """
+
+        file_name = ""
+        file = request.files.get(file_key)
+        if file is None or not file.filename:
+            return PARAM_ERROR, "", file_name
+        username = g.username
+        filename = secure_filename(file.filename)
+        file_name = str(uuid.uuid4()) + "." + filename.rsplit('.', 1)[-1]
+        if not os.path.exists(os.path.join(save_path, username)):
+            os.makedirs(os.path.join(save_path, username))
+        file_path = os.path.join(save_path, username, file_name)
+        file.save(file_path)
+        return SUCCEED, file_path, file_name
+
+
+class VulUploadAdvisory(BaseResponse, FileUpload):
     """
     Restful interface for importing security advisory xml (compressed files or single file)
     """
@@ -442,13 +473,11 @@ class VulUploadAdvisory(BaseResponse):
             int: status code
         """
         save_path = FILE_UPLOAD_PATH
-        status, username, file_name = self.verify_upload_request(save_path)
+        status, file_path, file_name = self._upload_file(save_path)
 
         if status != SUCCEED:
             return status
 
-        file_path = os.path.join(save_path, username, file_name)
-
         suffix = file_name.split('.')[-1]
         if suffix == "xml":
             status_code = self._save_single_advisory(proxy, file_path)
@@ -548,7 +577,7 @@ class VulUploadAdvisory(BaseResponse):
         return self.response(code=self._handle(callback))
 
 
-class VulUploadUnaffected(BaseResponse):
+class VulUploadUnaffected(BaseResponse, FileUpload):
     """
     Restful interface for importing unaffected cve xml (compressed files or single file)
     """
@@ -560,13 +589,11 @@ class VulUploadUnaffected(BaseResponse):
             int: status code
         """
         save_path = FILE_UPLOAD_PATH
-        status, username, file_name = self.verify_upload_request(save_path)
+        status, file_path, file_name = self._upload_file(save_path)
 
         if status != SUCCEED:
             return status
 
-        file_path = os.path.join(save_path, username, file_name)
-
         suffix = file_name.split('.')[-1]
         if suffix == "xml":
             status_code = self._save_unaffected_cve(proxy, file_path)
-- 
Gitee