sast二进制(未完成TODO待确认)
This commit is contained in:
even
parent
8e36c94130
commit
6b02183616
@ -11,6 +11,7 @@ public class SastUrlConstant {
|
|||||||
public static final String detectionConfig = "/invoke/project/setting/getDetectionConfig";
|
public static final String detectionConfig = "/invoke/project/setting/getDetectionConfig";
|
||||||
public static final String applicationCreate = "/invoke/application/create";
|
public static final String applicationCreate = "/invoke/application/create";
|
||||||
public static final String applicationStash = "/invoke/application/stash";
|
public static final String applicationStash = "/invoke/application/stash";
|
||||||
|
public static final String applicationBinaryStash = "/invoke/application/binary/stash";
|
||||||
public static final String getApplicationEcho = "/invoke/application/getApplicationEcho";
|
public static final String getApplicationEcho = "/invoke/application/getApplicationEcho";
|
||||||
public static final String reportIndex = "/api/report/index";
|
public static final String reportIndex = "/api/report/index";
|
||||||
public static final String reportDownload = "/api/report/index/download";
|
public static final String reportDownload = "/api/report/index/download";
|
||||||
@ -21,5 +22,6 @@ public class SastUrlConstant {
|
|||||||
public static final String jsonReportDownload = "/api/report/index/downloadReport";
|
public static final String jsonReportDownload = "/api/report/index/downloadReport";
|
||||||
public static final String getReportInfo = "/api/report/index/getReportInfo";
|
public static final String getReportInfo = "/api/report/index/getReportInfo";
|
||||||
public static final String stashScan = "/invoke/application/stash/scan/";
|
public static final String stashScan = "/invoke/application/stash/scan/";
|
||||||
|
public static final String binaryStashScan = "/invoke/application/binary/stash/scan/";
|
||||||
public static final String engineLog = "/invoke/engine/%s/log";
|
public static final String engineLog = "/invoke/engine/%s/log";
|
||||||
}
|
}
|
||||||
|
|||||||
@ -0,0 +1,58 @@
|
|||||||
|
package cd.casic.ci.process.dto.req.sast;
|
||||||
|
|
||||||
|
import lombok.Data;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
@Data
|
||||||
|
public class SastApplicationBinaryStashReq {
|
||||||
|
private String applicationId;//不传
|
||||||
|
/**
|
||||||
|
* 当前项目id 写死"893ed995-5b81-474a-96a9-2800281421cd"
|
||||||
|
* */
|
||||||
|
private String projectId;//不传
|
||||||
|
/**
|
||||||
|
* 应用名称,不可重复
|
||||||
|
* */
|
||||||
|
private String applicationName;//可以不传
|
||||||
|
/**
|
||||||
|
* 写死 BINARY
|
||||||
|
* */
|
||||||
|
private String codeSourceFrom;//不传
|
||||||
|
/**
|
||||||
|
* 目标指令集 true-自动识别 false-手动识别
|
||||||
|
* */
|
||||||
|
private Boolean archAutoIdentify;// TODO 询问是否需要写死自动识别
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* */
|
||||||
|
private String targetArchitectures;// TODO 询问作用
|
||||||
|
/**
|
||||||
|
* 上传文件返回的id
|
||||||
|
* */
|
||||||
|
private List<String> fileId;// 上传目标文件,省去页面上传
|
||||||
|
/**
|
||||||
|
* 模板id
|
||||||
|
* */
|
||||||
|
private String templateId;//需要用户选择
|
||||||
|
/**
|
||||||
|
* 分析超时时长
|
||||||
|
* */
|
||||||
|
private Integer analysisTimeoutMs;//需要用户填写
|
||||||
|
/**
|
||||||
|
* k集合大小
|
||||||
|
* */
|
||||||
|
private Integer kSetSize;//需要用户填写
|
||||||
|
/**
|
||||||
|
* CallString长度
|
||||||
|
* */
|
||||||
|
private Integer callStringLength;//需要用户填写
|
||||||
|
/**
|
||||||
|
* 入口地址entryAddress
|
||||||
|
* */
|
||||||
|
private String entryAddress;//需要用户填写
|
||||||
|
/**
|
||||||
|
* z3 是否能够超时
|
||||||
|
* */
|
||||||
|
private Boolean z3TimeoutMsStatus;//需要用户填写
|
||||||
|
}
|
||||||
@ -0,0 +1,19 @@
|
|||||||
|
package cd.casic.ci.process.dto.resp.sast;
|
||||||
|
|
||||||
|
import lombok.Data;
|
||||||
|
|
||||||
|
@Data
|
||||||
|
public class SastApplicationBinaryStashResp {
|
||||||
|
private String applicationId;
|
||||||
|
private String applicationName;
|
||||||
|
private String taskId;
|
||||||
|
private String fileId;
|
||||||
|
private String jobAddBy;
|
||||||
|
private String jobStatus;
|
||||||
|
private String checkStartTime;
|
||||||
|
private String checkEndTime;
|
||||||
|
private String codeQualityMetric; // 这里是JSON字符串
|
||||||
|
private String engineType;
|
||||||
|
private String progress; // 允许为null
|
||||||
|
private String type;
|
||||||
|
}
|
||||||
@ -6,6 +6,7 @@ import cd.casic.ci.process.process.dataObject.history.PipPipelineHisInstance;
|
|||||||
import cd.casic.framework.commons.exception.ServiceException;
|
import cd.casic.framework.commons.exception.ServiceException;
|
||||||
import cd.casic.framework.commons.exception.enums.GlobalErrorCodeConstants;
|
import cd.casic.framework.commons.exception.enums.GlobalErrorCodeConstants;
|
||||||
import jakarta.annotation.Resource;
|
import jakarta.annotation.Resource;
|
||||||
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
|
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
@ -16,6 +17,7 @@ import java.util.concurrent.ConcurrentHashMap;
|
|||||||
import java.util.concurrent.CopyOnWriteArrayList;
|
import java.util.concurrent.CopyOnWriteArrayList;
|
||||||
|
|
||||||
@Component
|
@Component
|
||||||
|
@Slf4j
|
||||||
public class MemoryPostHandlerManager implements PostHandlerManager {
|
public class MemoryPostHandlerManager implements PostHandlerManager {
|
||||||
private final ConcurrentHashMap<String, List<ExecuteTaskPostHandler>> handlerMap = new ConcurrentHashMap<>();
|
private final ConcurrentHashMap<String, List<ExecuteTaskPostHandler>> handlerMap = new ConcurrentHashMap<>();
|
||||||
@Resource
|
@Resource
|
||||||
@ -38,7 +40,13 @@ public class MemoryPostHandlerManager implements PostHandlerManager {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
for (ExecuteTaskPostHandler postHandler : pipExecutePostHandlers) {
|
for (ExecuteTaskPostHandler postHandler : pipExecutePostHandlers) {
|
||||||
postHandlerExecutor.submit(()->postHandler.executeAfterDone(hisInstance));
|
postHandlerExecutor.submit(()->{
|
||||||
|
try {
|
||||||
|
postHandler.executeAfterDone(hisInstance);
|
||||||
|
} catch (Exception e) {
|
||||||
|
log.error("后置执行失败",e);
|
||||||
|
}
|
||||||
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -0,0 +1,105 @@
|
|||||||
|
package cd.casic.ci.process.engine.worker.sast;
|
||||||
|
|
||||||
|
import cd.casic.ci.process.common.WorkAtom;
|
||||||
|
import cd.casic.ci.process.dto.resp.sast.SastApplicationEchoResp;
|
||||||
|
import cd.casic.ci.process.dto.resp.sast.SastApplicationStashResp;
|
||||||
|
import cd.casic.ci.process.dto.resp.sast.SastApplicationStatusResp;
|
||||||
|
import cd.casic.ci.process.dto.resp.sast.SastEngineLogResp;
|
||||||
|
import cd.casic.ci.process.engine.constant.SastConstant;
|
||||||
|
import cd.casic.ci.process.engine.runContext.TaskRunContext;
|
||||||
|
import cd.casic.ci.process.engine.worker.base.BaseWorker;
|
||||||
|
import cd.casic.ci.process.process.converter.SastConverter;
|
||||||
|
import cd.casic.ci.process.process.dataObject.base.PipBaseElement;
|
||||||
|
import cd.casic.ci.process.process.dataObject.task.PipTask;
|
||||||
|
import cd.casic.ci.process.process.service.sast.SastService;
|
||||||
|
import cd.casic.ci.process.process.service.task.TaskService;
|
||||||
|
import com.alibaba.excel.util.StringUtils;
|
||||||
|
import com.alibaba.fastjson.JSON;
|
||||||
|
import com.alibaba.fastjson.JSONObject;
|
||||||
|
import jakarta.annotation.Resource;
|
||||||
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
@Slf4j
|
||||||
|
@WorkAtom(taskType = "SAST_BINARY")
|
||||||
|
public class SastBinaryWorker extends BaseWorker {
|
||||||
|
@Resource
|
||||||
|
private SastService sastService;
|
||||||
|
@Resource
|
||||||
|
private SastConverter converter;
|
||||||
|
@Resource
|
||||||
|
private TaskService taskService;
|
||||||
|
@Override
|
||||||
|
public void execute(TaskRunContext context) {
|
||||||
|
PipBaseElement contextDef = context.getContextDef();
|
||||||
|
String id = contextDef.getId();
|
||||||
|
log.info("==============触发worker执行========");
|
||||||
|
log.info("==========运行context:{}===========", JSON.toJSONString(context));
|
||||||
|
if (contextDef instanceof PipTask task) {
|
||||||
|
String applicationId = (String)(task.getTaskProperties().get(SastConstant.APPLICATION_ID));
|
||||||
|
if (StringUtils.isEmpty(applicationId)) {
|
||||||
|
append(context,"未获取到sast信息");
|
||||||
|
toBadEnding();
|
||||||
|
}
|
||||||
|
SastApplicationStatusResp applicationStatus = sastService.getApplicationStatus(applicationId);
|
||||||
|
SastApplicationEchoResp applicationEcho = sastService.getApplicationEcho(applicationId);
|
||||||
|
append(context,"获取到sast任务配置"+JSON.toJSONString(applicationEcho));
|
||||||
|
if (SastConstant.STATUS_PROGRESSING.equals(applicationStatus.getJobStatus())||SastConstant.STATUS_PENDING.equals(applicationStatus.getJobStatus())) {
|
||||||
|
append(context,"当前任务正在运行中");
|
||||||
|
// toBadEnding();
|
||||||
|
} else{
|
||||||
|
// SastApplicationCreateReq sastApplicationCreateReq = converter.converter(applicationEcho);
|
||||||
|
// List<String> list = applicationEcho.getLodeFiles().stream().map(SastApplicationEchoResp.LodeFile::getFileId).toList();
|
||||||
|
// sastApplicationCreateReq.setFileId(list);
|
||||||
|
// append(context,"开始启动SAST任务,检测文件信息:{}"+JSON.toJSONString(applicationEcho.getLodeFiles()));
|
||||||
|
// log.info("SAST启动任务入参:{}",JSON.toJSONString(sastApplicationCreateReq));
|
||||||
|
SastApplicationStashResp sastApplicationCreateResp = sastService.binaryStashScan(applicationId);
|
||||||
|
log.info("SAST启动二进制任务返回值:{}",JSON.toJSONString(sastApplicationCreateResp));
|
||||||
|
append(context,"启动任务完毕");
|
||||||
|
}
|
||||||
|
// 检测状态是否完毕
|
||||||
|
applicationStatus = sastService.getApplicationStatus(applicationId);
|
||||||
|
List<SastEngineLogResp> oldLogList = new ArrayList<>();
|
||||||
|
int repeat = 0;
|
||||||
|
while (!SastConstant.STATUS_JOB_DONE.equals(applicationStatus.getJobStatus())) {
|
||||||
|
try {
|
||||||
|
Thread.sleep(20000L);
|
||||||
|
} catch (InterruptedException e) {
|
||||||
|
log.error("二进制任务执行失败,R线程中断");
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
applicationStatus=sastService.getApplicationStatus(applicationId);
|
||||||
|
} catch (Exception e) {
|
||||||
|
log.error("二进制任务执行失败",e);
|
||||||
|
append(context,"二进制任务获取状态失败");
|
||||||
|
if (repeat++>3) {
|
||||||
|
append(context,"获取状态失败,尝试超过三次执行失败");
|
||||||
|
toBadEnding();
|
||||||
|
}
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
append(context,"当前SAST二进制任务运行中,运行状态:"+applicationStatus.getJobStatus());
|
||||||
|
if (SastConstant.STATUS_CANCEL.equals(applicationStatus.getJobStatus())) {
|
||||||
|
append(context,"任务被取消");
|
||||||
|
toBadEnding();
|
||||||
|
}
|
||||||
|
List<SastEngineLogResp> logList = sastService.engineLog(applicationId);
|
||||||
|
if (logList.size()>oldLogList.size()) {
|
||||||
|
for (int i = oldLogList.size(); i < logList.size(); i++) {
|
||||||
|
SastEngineLogResp logResp = logList.get(i);
|
||||||
|
append(context,logResp.getPrettyPrint());
|
||||||
|
}
|
||||||
|
oldLogList = logList;
|
||||||
|
}
|
||||||
|
repeat = 0;
|
||||||
|
}
|
||||||
|
// JSONObject reportJSON = getReportJSON(applicationId, SastConstant.REPORT_MODE_DETAILS,context);
|
||||||
|
// String reportUrl = getReportUrl(applicationId, SastConstant.REPORT_MODE_DETAILS);
|
||||||
|
// task.getTaskProperties().put(SastConstant.REPORT_JSON,reportJSON);
|
||||||
|
// task.getTaskProperties().put(SastConstant.REPORT_URL,reportUrl);
|
||||||
|
taskService.updateById(task);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -126,7 +126,7 @@ public class ScaBinaryWorker extends HttpWorker {
|
|||||||
postHandlerManager.registerPostHandler(new ExecuteTaskPostHandler(pipTask.getId(),pipelineId) {
|
postHandlerManager.registerPostHandler(new ExecuteTaskPostHandler(pipTask.getId(),pipelineId) {
|
||||||
@Override
|
@Override
|
||||||
public void executeAfterDone(PipPipelineHisInstance pipPipelineHisInstance) {
|
public void executeAfterDone(PipPipelineHisInstance pipPipelineHisInstance) {
|
||||||
vulInfoService.scaToVulInfoSave(scaTaskId,pipeline.getTargetType(),fileName,"长沙",pipPipelineHisInstance.getId(),taskId,"APPLICATION");
|
vulInfoService.scaToVulInfoSave(scaTaskId,pipeline.getTargetType(),fileName,"长沙",pipPipelineHisInstance.getId(),taskId,"BINARY");
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|||||||
@ -124,7 +124,7 @@ public class ScaMirrorWorker extends HttpWorker {
|
|||||||
postHandlerManager.registerPostHandler(new ExecuteTaskPostHandler(pipTask.getId(),pipelineId) {
|
postHandlerManager.registerPostHandler(new ExecuteTaskPostHandler(pipTask.getId(),pipelineId) {
|
||||||
@Override
|
@Override
|
||||||
public void executeAfterDone(PipPipelineHisInstance pipPipelineHisInstance) {
|
public void executeAfterDone(PipPipelineHisInstance pipPipelineHisInstance) {
|
||||||
vulInfoService.scaToVulInfoSave(scaTaskId,pipeline.getTargetType(),fileName,"长沙",pipPipelineHisInstance.getId(),taskId,"APPLICATION");
|
vulInfoService.scaToVulInfoSave(scaTaskId,pipeline.getTargetType(),fileName,"长沙",pipPipelineHisInstance.getId(),taskId,"MIRROR");
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|||||||
@ -122,7 +122,7 @@ public class ScaSbomWorker extends HttpWorker {
|
|||||||
postHandlerManager.registerPostHandler(new ExecuteTaskPostHandler(pipTask.getId(),pipelineId) {
|
postHandlerManager.registerPostHandler(new ExecuteTaskPostHandler(pipTask.getId(),pipelineId) {
|
||||||
@Override
|
@Override
|
||||||
public void executeAfterDone(PipPipelineHisInstance pipPipelineHisInstance) {
|
public void executeAfterDone(PipPipelineHisInstance pipPipelineHisInstance) {
|
||||||
vulInfoService.scaToVulInfoSave(scaTaskId,pipeline.getTargetType(),fileName,"长沙",pipPipelineHisInstance.getId(),taskId,"APPLICATION");
|
vulInfoService.scaToVulInfoSave(scaTaskId,pipeline.getTargetType(),fileName,"长沙",pipPipelineHisInstance.getId(),taskId,"SCA_S_BOM");
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,9 +1,6 @@
|
|||||||
package cd.casic.ci.process.process.service.sast;
|
package cd.casic.ci.process.process.service.sast;
|
||||||
|
|
||||||
import cd.casic.ci.process.dto.req.sast.SastApplicationCreateReq;
|
import cd.casic.ci.process.dto.req.sast.*;
|
||||||
import cd.casic.ci.process.dto.req.sast.SastApplicationStashReq;
|
|
||||||
import cd.casic.ci.process.dto.req.sast.SastIdentifiedLanguageTaskReq;
|
|
||||||
import cd.casic.ci.process.dto.req.sast.SastReportCreateReq;
|
|
||||||
import cd.casic.ci.process.dto.resp.sast.*;
|
import cd.casic.ci.process.dto.resp.sast.*;
|
||||||
import cd.casic.framework.commons.pojo.PageParam;
|
import cd.casic.framework.commons.pojo.PageParam;
|
||||||
import cd.casic.framework.commons.pojo.PageResult;
|
import cd.casic.framework.commons.pojo.PageResult;
|
||||||
@ -38,4 +35,6 @@ public interface SastService {
|
|||||||
public SastReportStatusResp getReportStatus(String reportId);
|
public SastReportStatusResp getReportStatus(String reportId);
|
||||||
SastApplicationStashResp stashScan(String applicationId);
|
SastApplicationStashResp stashScan(String applicationId);
|
||||||
List<SastEngineLogResp> engineLog(String applicationId);
|
List<SastEngineLogResp> engineLog(String applicationId);
|
||||||
|
SastApplicationBinaryStashResp applicationBinaryStash(SastApplicationBinaryStashReq req) ;
|
||||||
|
SastApplicationStashResp binaryStashScan(String applicationId);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,9 +1,6 @@
|
|||||||
package cd.casic.ci.process.process.service.sast.impl;
|
package cd.casic.ci.process.process.service.sast.impl;
|
||||||
|
|
||||||
import cd.casic.ci.process.dto.req.sast.SastApplicationCreateReq;
|
import cd.casic.ci.process.dto.req.sast.*;
|
||||||
import cd.casic.ci.process.dto.req.sast.SastApplicationStashReq;
|
|
||||||
import cd.casic.ci.process.dto.req.sast.SastIdentifiedLanguageTaskReq;
|
|
||||||
import cd.casic.ci.process.dto.req.sast.SastReportCreateReq;
|
|
||||||
import cd.casic.ci.process.dto.resp.report.ReportResp;
|
import cd.casic.ci.process.dto.resp.report.ReportResp;
|
||||||
import cd.casic.ci.process.dto.resp.sast.*;
|
import cd.casic.ci.process.dto.resp.sast.*;
|
||||||
import cd.casic.ci.process.process.service.sast.SastService;
|
import cd.casic.ci.process.process.service.sast.SastService;
|
||||||
@ -299,6 +296,25 @@ public class SastServiceImpl implements SastService {
|
|||||||
return JSONArray.parseArray(exchange.getBody(), SastEngineLogResp.class);
|
return JSONArray.parseArray(exchange.getBody(), SastEngineLogResp.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public SastApplicationBinaryStashResp applicationBinaryStash(SastApplicationBinaryStashReq req) {
|
||||||
|
HttpHeaders httpHeaders = getHeaders();
|
||||||
|
HttpEntity<SastApplicationBinaryStashReq> entity = new HttpEntity<>(req,httpHeaders);
|
||||||
|
httpHeaders.setContentType(MediaType.APPLICATION_JSON);
|
||||||
|
ResponseEntity<SastApplicationBinaryStashResp> exchange = restTemplate.exchange(sastProperties.getBaseUrl() +applicationBinaryStash, HttpMethod.POST,entity,SastApplicationBinaryStashResp.class,new HashMap<>());
|
||||||
|
return exchange.getBody();
|
||||||
|
}
|
||||||
|
@Override
|
||||||
|
public SastApplicationStashResp binaryStashScan(String applicationId) {
|
||||||
|
HttpHeaders httpHeaders = getHeaders();
|
||||||
|
Map<String, String> entityMap = new HashMap<>();
|
||||||
|
HttpEntity<Map<String, String>> entity = new HttpEntity<>(entityMap,httpHeaders);
|
||||||
|
String uriString=sastProperties.getBaseUrl()+binaryStashScan+applicationId;
|
||||||
|
log.info("sast 开始任务url:{}",uriString);
|
||||||
|
ResponseEntity<SastApplicationStashResp> exchange = restTemplate.exchange(uriString, HttpMethod.POST,entity, SastApplicationStashResp.class,new HashMap<>());
|
||||||
|
return exchange.getBody();
|
||||||
|
}
|
||||||
|
|
||||||
private HttpHeaders getHeaders(){
|
private HttpHeaders getHeaders(){
|
||||||
HttpHeaders httpHeaders = new HttpHeaders();
|
HttpHeaders httpHeaders = new HttpHeaders();
|
||||||
httpHeaders.set(TOKEN_HEADER_KEY,TOKEN_PREFIX+getToken());
|
httpHeaders.set(TOKEN_HEADER_KEY,TOKEN_PREFIX+getToken());
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user