sast二进制

2025-07-30 15:47:59 +08:00 · 2025-07-30 15:47:59 +08:00 · 649b17a163
commit 649b17a163
parent 8d532318ac
4 changed files with 73 additions and 20 deletions
--- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastVulInfoReq.java
+++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastVulInfoReq.java
@ -32,12 +32,10 @@ public class SastVulInfoReq {
        }
        defectDetails.add(detail);
    }
-}
-
    @Data
    @NoArgsConstructor
    @AllArgsConstructor
-class DefectDetail {
+    public static class DefectDetail {
        private String file;
        private int line;
        private String path;
@ -53,3 +51,6 @@ class DefectDetail {
            propagationPath.add(path);
        }
 }
+
+
+}
--- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java
+++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java
@ -37,5 +37,5 @@ public interface SastService {
    List<SastEngineLogResp> engineLog(String applicationId);
    SastApplicationBinaryStashResp applicationBinaryStash(SastApplicationBinaryStashReq req) ;
    SastApplicationStashResp binaryStashScan(String applicationId);
-    void saveReportVulInfo(List<SastVulInfoReq> req);
+    void saveReportVulInfo(List<SastVulInfoReq> list,String targetType,String targetName,String city,String instanceId,String taskId,String taskType);
 }
--- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java
+++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java
@ -9,6 +9,7 @@ import cd.casic.ci.process.process.dataObject.volumnInfo.VulInfo;
 import cd.casic.ci.process.process.service.pipeline.PipelineService;
 import cd.casic.ci.process.process.service.sast.SastService;
 import cd.casic.ci.process.process.service.target.TargetVersionService;
+import cd.casic.ci.process.process.service.vulInfo.VulInfoService;
 import cd.casic.ci.process.properties.SastProperties;
 import cd.casic.framework.commons.exception.ServiceException;
 import cd.casic.framework.commons.exception.enums.GlobalErrorCodeConstants;
@ -27,6 +28,7 @@ import org.luaj.vm2.ast.Str;
 import org.springframework.core.io.FileSystemResource;
 import org.springframework.http.*;
 import org.springframework.stereotype.Service;
+import org.springframework.util.CollectionUtils;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.client.RestTemplate;
@ -55,10 +57,13 @@ public class SastServiceImpl implements SastService {
    private PipelineService pipelineService;
    @Resource
    private TargetVersionService targetVersionService;
+    @Resource
+    private VulInfoService vulInfoService;
    public static final String TOKEN_PREFIX = "Bearer ";
    public static final String TOKEN_HEADER_KEY = "authorization";
    public static final String REDIS_SAST_TOKEN_KEY = "REDIS_SAST_TOKEN_KEY";

+
    private SastTokenResp getTokenRemote(){
        HttpHeaders httpHeaders = new HttpHeaders();
        HttpEntity<SastProperties> httpEntity = new HttpEntity<SastProperties>(sastProperties,httpHeaders);
@ -338,13 +343,37 @@ public class SastServiceImpl implements SastService {
    }

    @Override
-    public void saveReportVulInfo(List<SastVulInfoReq> list) {
+    public void saveReportVulInfo(List<SastVulInfoReq> list,String targetType,String targetName,String city,String instanceId,String taskId,String taskType) {
+        if (CollectionUtils.isEmpty(list)) {
+            return;
+        }
+        List<VulInfo> vulInfos = new ArrayList<>(list.size());
        for (SastVulInfoReq req : list) {
            VulInfo vulInfo = new VulInfo();
            // 设置安全等级、名称
+            vulInfo.setVulTitle(req.getName());
+            String severity = req.getSeverity();
+            List<SastVulInfoReq.DefectDetail> defectDetails = req.getDefectDetails();
            // 设置描述修复措施
-            //设置流水线相关属性
+            if (CollectionUtils.isEmpty(defectDetails)) {
+                continue;
            }
+            //设置流水线相关属性,因为漏洞描述还有漏洞修复建议列表里面每一项都是一样的，所以直接取第一个
+            SastVulInfoReq.DefectDetail first = defectDetails.getFirst();
+            String description = first.getDescription();
+            String potentialRisk = first.getPotentialRisk();
+            vulInfo.setSolution(potentialRisk);
+            vulInfo.setVulDescription(description);
+            vulInfo.setSeverity(securityLevelToSeverity(severity));
+            vulInfo.setTargetType(targetType);
+            vulInfo.setTargetName(targetName);
+            vulInfo.setCity(city);
+            vulInfo.setInstanceId(instanceId);
+            vulInfo.setTaskId(taskId);
+            vulInfo.setTaskType(taskType);
+            vulInfos.add(vulInfo);
+        }
+        vulInfoService.saveBatch(vulInfos);
    }

    private HttpHeaders getHeaders(){
@ -352,4 +381,17 @@ public class SastServiceImpl implements SastService {
        httpHeaders.set(TOKEN_HEADER_KEY,TOKEN_PREFIX+getToken());
        return httpHeaders;
    }
+    private Integer securityLevelToSeverity(String securityLevel) {
+        if (securityLevel == null) {
+            return 0;
+        }
+        // 映射规则：严重 -> 1, 高危 -> 2, 中危 -> 3, 低危 -> 4
+        return switch (securityLevel) {
+            case "严重" -> 1;
+            case "高危" -> 2;
+            case "中危" -> 3;
+            case "安全", "低危" -> 4;
+            default -> 0;
+        };
+    }
 }
--- a/ops-server/src/test/java/cd/casic/server/VulInfoTest.java
+++ b/ops-server/src/test/java/cd/casic/server/VulInfoTest.java
@ -1,13 +1,17 @@
 package cd.casic.server;

 import cd.casic.ci.process.constant.PipelineTargetTypeConstant;
+import cd.casic.ci.process.dto.req.sast.SastVulInfoReq;
 import cd.casic.ci.process.dto.req.testCase.TestCaseAITaskCreateReq;
 import cd.casic.ci.process.dto.resp.ScaVulInfoResp;
 import cd.casic.ci.process.process.converter.VulInfoConverter;
 import cd.casic.ci.process.process.dataObject.target.TargetVersion;
 import cd.casic.ci.process.process.dataObject.volumnInfo.VulInfo;
+import cd.casic.ci.process.process.service.sast.SastService;
 import cd.casic.ci.process.process.service.testCase.TestCaseAIGeneratorService;
 import cd.casic.ci.process.process.service.vulInfo.VulInfoService;
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
 import jakarta.annotation.Resource;
 import lombok.extern.slf4j.Slf4j;
 import org.junit.jupiter.api.Test;
@ -34,6 +38,8 @@ public class VulInfoTest {
    private VulInfoService vulInfoService;
    @Resource
    private VulInfoConverter converter;
+    @Resource
+    private SastService sastService;
    @Test
    public void test() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        System.out.println(vulInfoService.scaVulCountGet(681));
@ -61,5 +67,9 @@ public class VulInfoTest {
        });
        vulInfoService.saveBatch(vulInfos);

+    }
+    @Test
+    public void sastTest(){
+
    }
 }