From 649b17a163827c89923ddd6d8d33726324bb3ed5 Mon Sep 17 00:00:00 2001 From: even <827656971@qq.com> Date: Wed, 30 Jul 2025 15:47:59 +0800 Subject: [PATCH] =?UTF-8?q?sast=E4=BA=8C=E8=BF=9B=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../process/dto/req/sast/SastVulInfoReq.java | 35 +++++++------- .../process/service/sast/SastService.java | 2 +- .../service/sast/impl/SastServiceImpl.java | 46 ++++++++++++++++++- .../java/cd/casic/server/VulInfoTest.java | 10 ++++ 4 files changed, 73 insertions(+), 20 deletions(-) diff --git a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastVulInfoReq.java b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastVulInfoReq.java index c4042b97..b45eeab2 100644 --- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastVulInfoReq.java +++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastVulInfoReq.java @@ -32,24 +32,25 @@ public class SastVulInfoReq { } defectDetails.add(detail); } + @Data + @NoArgsConstructor + @AllArgsConstructor + public static class DefectDetail { + private String file; + private int line; + private String path; + private List propagationPath = new ArrayList<>(); + private String description; + private String potentialRisk; + + // 便捷方法 + public void addPropagationPath(String path) { + if (propagationPath == null) { + propagationPath = new ArrayList<>(); + } + propagationPath.add(path); + } } -@Data -@NoArgsConstructor -@AllArgsConstructor -class DefectDetail { - private String file; - private int line; - private String path; - private List propagationPath = new ArrayList<>(); - private String description; - private String potentialRisk; - // 便捷方法 - public void addPropagationPath(String path) { - if (propagationPath == null) { - propagationPath = new ArrayList<>(); - } - propagationPath.add(path); - } } \ No newline at end of file diff --git a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java index 985fb7b3..cdbef75f 100644 --- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java +++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java @@ -37,5 +37,5 @@ public interface SastService { List engineLog(String applicationId); SastApplicationBinaryStashResp applicationBinaryStash(SastApplicationBinaryStashReq req) ; SastApplicationStashResp binaryStashScan(String applicationId); - void saveReportVulInfo(List req); + void saveReportVulInfo(List list,String targetType,String targetName,String city,String instanceId,String taskId,String taskType); } diff --git a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java index efe45d0c..c49dab77 100644 --- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java +++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java @@ -9,6 +9,7 @@ import cd.casic.ci.process.process.dataObject.volumnInfo.VulInfo; import cd.casic.ci.process.process.service.pipeline.PipelineService; import cd.casic.ci.process.process.service.sast.SastService; import cd.casic.ci.process.process.service.target.TargetVersionService; +import cd.casic.ci.process.process.service.vulInfo.VulInfoService; import cd.casic.ci.process.properties.SastProperties; import cd.casic.framework.commons.exception.ServiceException; import cd.casic.framework.commons.exception.enums.GlobalErrorCodeConstants; @@ -27,6 +28,7 @@ import org.luaj.vm2.ast.Str; import org.springframework.core.io.FileSystemResource; import org.springframework.http.*; import org.springframework.stereotype.Service; +import org.springframework.util.CollectionUtils; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.web.client.RestTemplate; @@ -55,10 +57,13 @@ public class SastServiceImpl implements SastService { private PipelineService pipelineService; @Resource private TargetVersionService targetVersionService; + @Resource + private VulInfoService vulInfoService; public static final String TOKEN_PREFIX = "Bearer "; public static final String TOKEN_HEADER_KEY = "authorization"; public static final String REDIS_SAST_TOKEN_KEY = "REDIS_SAST_TOKEN_KEY"; + private SastTokenResp getTokenRemote(){ HttpHeaders httpHeaders = new HttpHeaders(); HttpEntity httpEntity = new HttpEntity(sastProperties,httpHeaders); @@ -338,13 +343,37 @@ public class SastServiceImpl implements SastService { } @Override - public void saveReportVulInfo(List list) { + public void saveReportVulInfo(List list,String targetType,String targetName,String city,String instanceId,String taskId,String taskType) { + if (CollectionUtils.isEmpty(list)) { + return; + } + List vulInfos = new ArrayList<>(list.size()); for (SastVulInfoReq req : list) { VulInfo vulInfo = new VulInfo(); // 设置安全等级、名称 + vulInfo.setVulTitle(req.getName()); + String severity = req.getSeverity(); + List defectDetails = req.getDefectDetails(); // 设置描述修复措施 - //设置流水线相关属性 + if (CollectionUtils.isEmpty(defectDetails)) { + continue; + } + //设置流水线相关属性,因为漏洞描述还有漏洞修复建议列表里面每一项都是一样的,所以直接取第一个 + SastVulInfoReq.DefectDetail first = defectDetails.getFirst(); + String description = first.getDescription(); + String potentialRisk = first.getPotentialRisk(); + vulInfo.setSolution(potentialRisk); + vulInfo.setVulDescription(description); + vulInfo.setSeverity(securityLevelToSeverity(severity)); + vulInfo.setTargetType(targetType); + vulInfo.setTargetName(targetName); + vulInfo.setCity(city); + vulInfo.setInstanceId(instanceId); + vulInfo.setTaskId(taskId); + vulInfo.setTaskType(taskType); + vulInfos.add(vulInfo); } + vulInfoService.saveBatch(vulInfos); } private HttpHeaders getHeaders(){ @@ -352,4 +381,17 @@ public class SastServiceImpl implements SastService { httpHeaders.set(TOKEN_HEADER_KEY,TOKEN_PREFIX+getToken()); return httpHeaders; } + private Integer securityLevelToSeverity(String securityLevel) { + if (securityLevel == null) { + return 0; + } + // 映射规则:严重 -> 1, 高危 -> 2, 中危 -> 3, 低危 -> 4 + return switch (securityLevel) { + case "严重" -> 1; + case "高危" -> 2; + case "中危" -> 3; + case "安全", "低危" -> 4; + default -> 0; + }; + } } diff --git a/ops-server/src/test/java/cd/casic/server/VulInfoTest.java b/ops-server/src/test/java/cd/casic/server/VulInfoTest.java index 2ae14a04..f447d289 100644 --- a/ops-server/src/test/java/cd/casic/server/VulInfoTest.java +++ b/ops-server/src/test/java/cd/casic/server/VulInfoTest.java @@ -1,13 +1,17 @@ package cd.casic.server; import cd.casic.ci.process.constant.PipelineTargetTypeConstant; +import cd.casic.ci.process.dto.req.sast.SastVulInfoReq; import cd.casic.ci.process.dto.req.testCase.TestCaseAITaskCreateReq; import cd.casic.ci.process.dto.resp.ScaVulInfoResp; import cd.casic.ci.process.process.converter.VulInfoConverter; import cd.casic.ci.process.process.dataObject.target.TargetVersion; import cd.casic.ci.process.process.dataObject.volumnInfo.VulInfo; +import cd.casic.ci.process.process.service.sast.SastService; import cd.casic.ci.process.process.service.testCase.TestCaseAIGeneratorService; import cd.casic.ci.process.process.service.vulInfo.VulInfoService; +import com.alibaba.fastjson.JSONArray; +import com.alibaba.fastjson.JSONObject; import jakarta.annotation.Resource; import lombok.extern.slf4j.Slf4j; import org.junit.jupiter.api.Test; @@ -34,6 +38,8 @@ public class VulInfoTest { private VulInfoService vulInfoService; @Resource private VulInfoConverter converter; + @Resource + private SastService sastService; @Test public void test() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException { System.out.println(vulInfoService.scaVulCountGet(681)); @@ -61,5 +67,9 @@ public class VulInfoTest { }); vulInfoService.saveBatch(vulInfos); + } + @Test + public void sastTest(){ + } }