From 8d532318ac94fc92bee7dc9c4b70e2f5c000004f Mon Sep 17 00:00:00 2001 From: even <827656971@qq.com> Date: Wed, 30 Jul 2025 14:23:56 +0800 Subject: [PATCH] =?UTF-8?q?sast=E4=BA=8C=E8=BF=9B=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/cd/casic/ci/api/SastController.java | 4 ++ .../sast/SastApplicationBinaryStashReq.java | 10 ++++ .../process/dto/req/sast/SastVulInfoReq.java | 55 +++++++++++++++++++ .../engine/worker/sast/SastWorker.java | 3 +- .../process/service/sast/SastService.java | 1 + .../service/sast/impl/SastServiceImpl.java | 38 ++++++++++++- 6 files changed, 107 insertions(+), 4 deletions(-) create mode 100644 modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastVulInfoReq.java diff --git a/modules/module-ci-process-api/src/main/java/cd/casic/ci/api/SastController.java b/modules/module-ci-process-api/src/main/java/cd/casic/ci/api/SastController.java index 804cd5fe..e0bc70fe 100644 --- a/modules/module-ci-process-api/src/main/java/cd/casic/ci/api/SastController.java +++ b/modules/module-ci-process-api/src/main/java/cd/casic/ci/api/SastController.java @@ -145,4 +145,8 @@ public class SastController { SastApplicationStatusResp applicationStatus = sastService.getApplicationStatus(applicationId); return CommonResult.success(applicationStatus); } + @PostMapping("/applicationBinaryStash") + CommonResult applicationBinaryStash(@RequestBody SastApplicationBinaryStashReq req) { + return CommonResult.success(sastService.applicationBinaryStash(req)); + } } diff --git a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastApplicationBinaryStashReq.java b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastApplicationBinaryStashReq.java index 9c360b81..2be9a05a 100644 --- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastApplicationBinaryStashReq.java +++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastApplicationBinaryStashReq.java @@ -1,5 +1,6 @@ package cd.casic.ci.process.dto.req.sast; +import jakarta.validation.constraints.NotBlank; import lombok.Data; import java.util.List; @@ -55,4 +56,13 @@ public class SastApplicationBinaryStashReq { * z3 是否能够超时 * */ private Boolean z3TimeoutMsStatus;//需要用户填写 + /** + * z3超时时间 + * */ + private Integer z3TimeoutMs; + /** + * 流水线id + * */ + @NotBlank + private String pipelineId; } diff --git a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastVulInfoReq.java b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastVulInfoReq.java new file mode 100644 index 00000000..c4042b97 --- /dev/null +++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastVulInfoReq.java @@ -0,0 +1,55 @@ +package cd.casic.ci.process.dto.req.sast; + +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; + +import java.util.ArrayList; +import java.util.List; + +@Data +@NoArgsConstructor +@AllArgsConstructor +public class SastVulInfoReq { + private String id; + private String name; + /** + * UN_KNOWN("未知"), + * DEADLY("严重"), + * SEVERITY("高危"), + * POOR_RISK("中危"), + * LOW_RISK("低危"), + * SAFE("安全"); + * */ + private String severity; + private int count; + private List defectDetails = new ArrayList<>(); + + // 便捷方法 + public void addDefectDetail(DefectDetail detail) { + if (defectDetails == null) { + defectDetails = new ArrayList<>(); + } + defectDetails.add(detail); + } +} + +@Data +@NoArgsConstructor +@AllArgsConstructor +class DefectDetail { + private String file; + private int line; + private String path; + private List propagationPath = new ArrayList<>(); + private String description; + private String potentialRisk; + + // 便捷方法 + public void addPropagationPath(String path) { + if (propagationPath == null) { + propagationPath = new ArrayList<>(); + } + propagationPath.add(path); + } +} \ No newline at end of file diff --git a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/engine/worker/sast/SastWorker.java b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/engine/worker/sast/SastWorker.java index 840ccfc4..89b4eb80 100644 --- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/engine/worker/sast/SastWorker.java +++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/engine/worker/sast/SastWorker.java @@ -132,7 +132,8 @@ public class SastWorker extends BaseWorker { if (reportStatus.getStatus().equals("FAIL")) { throw new ServiceException(GlobalErrorCodeConstants.PIPELINE_ERROR.getCode(),"生成sast报告失败"); } - JSONObject jsonObject = getJSONString(reportId).getJSONObject("task_summary"); + JSONObject reportJson = getJSONString(reportId); + JSONObject jsonObject = reportJson.getJSONObject("task_summary"); JSONObject severity = jsonObject.getJSONObject("defect_severity_distribution"); JSONObject rule = jsonObject.getJSONObject("detection_rule_distribution"); JSONObject res = new JSONObject(); diff --git a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java index 8886444c..985fb7b3 100644 --- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java +++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java @@ -37,4 +37,5 @@ public interface SastService { List engineLog(String applicationId); SastApplicationBinaryStashResp applicationBinaryStash(SastApplicationBinaryStashReq req) ; SastApplicationStashResp binaryStashScan(String applicationId); + void saveReportVulInfo(List req); } diff --git a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java index 0163ff75..efe45d0c 100644 --- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java +++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java @@ -3,8 +3,15 @@ package cd.casic.ci.process.process.service.sast.impl; import cd.casic.ci.process.dto.req.sast.*; import cd.casic.ci.process.dto.resp.report.ReportResp; import cd.casic.ci.process.dto.resp.sast.*; +import cd.casic.ci.process.process.dataObject.pipeline.PipPipeline; +import cd.casic.ci.process.process.dataObject.target.TargetVersion; +import cd.casic.ci.process.process.dataObject.volumnInfo.VulInfo; +import cd.casic.ci.process.process.service.pipeline.PipelineService; import cd.casic.ci.process.process.service.sast.SastService; +import cd.casic.ci.process.process.service.target.TargetVersionService; import cd.casic.ci.process.properties.SastProperties; +import cd.casic.framework.commons.exception.ServiceException; +import cd.casic.framework.commons.exception.enums.GlobalErrorCodeConstants; import cd.casic.framework.commons.pojo.PageParam; import cd.casic.framework.commons.pojo.PageResult; import cd.casic.framework.redis.core.RedisTemplateUtils; @@ -31,9 +38,7 @@ import java.io.InputStream; import java.net.URLDecoder; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; -import java.util.HashMap; -import java.util.List; -import java.util.Map; +import java.util.*; import static cd.casic.ci.process.constant.SastUrlConstant.*; @@ -46,6 +51,10 @@ public class SastServiceImpl implements SastService { private SastProperties sastProperties; @Resource private RestTemplate restTemplate; + @Resource + private PipelineService pipelineService; + @Resource + private TargetVersionService targetVersionService; public static final String TOKEN_PREFIX = "Bearer "; public static final String TOKEN_HEADER_KEY = "authorization"; public static final String REDIS_SAST_TOKEN_KEY = "REDIS_SAST_TOKEN_KEY"; @@ -299,6 +308,19 @@ public class SastServiceImpl implements SastService { @Override public SastApplicationBinaryStashResp applicationBinaryStash(SastApplicationBinaryStashReq req) { HttpHeaders httpHeaders = getHeaders(); + req.setProjectId("893ed995-5b81-474a-96a9-2800281421cd"); + req.setApplicationName("二进制任务"+ UUID.randomUUID().toString()); + req.setCodeSourceFrom("BINARY"); + req.setArchAutoIdentify(true); + String pipelineId = req.getPipelineId(); + PipPipeline pipeline = pipelineService.getById(pipelineId); + String targetVersionId = pipeline.getTargetVersionId(); + TargetVersion targetVersion = targetVersionService.getById(targetVersionId); + File targetFile=new File(targetVersion.getFilePath()); + SastFileUploadResp uploadResp = uploadFile(targetFile); + String id = uploadResp.getId(); + req.setFileId(Collections.singletonList(id)); + log.info("sast二进制上传文件成功,开始调用接口{}",req); HttpEntity entity = new HttpEntity<>(req,httpHeaders); httpHeaders.setContentType(MediaType.APPLICATION_JSON); ResponseEntity exchange = restTemplate.exchange(sastProperties.getBaseUrl() +applicationBinaryStash, HttpMethod.POST,entity,SastApplicationBinaryStashResp.class,new HashMap<>()); @@ -315,6 +337,16 @@ public class SastServiceImpl implements SastService { return exchange.getBody(); } + @Override + public void saveReportVulInfo(List list) { + for (SastVulInfoReq req : list) { + VulInfo vulInfo = new VulInfo(); + // 设置安全等级、名称 + // 设置描述修复措施 + //设置流水线相关属性 + } + } + private HttpHeaders getHeaders(){ HttpHeaders httpHeaders = new HttpHeaders(); httpHeaders.set(TOKEN_HEADER_KEY,TOKEN_PREFIX+getToken());