sast二进制

modules/module-ci-process-api/src/main/java/cd/casic/ci/api/SastController.java

@@ -145,4 +145,8 @@ public class SastController {
         SastApplicationStatusResp applicationStatus = sastService.getApplicationStatus(applicationId);
         return CommonResult.success(applicationStatus);
     }
+    @PostMapping("/applicationBinaryStash")
+    CommonResult<SastApplicationBinaryStashResp> applicationBinaryStash(@RequestBody SastApplicationBinaryStashReq req) {
+        return CommonResult.success(sastService.applicationBinaryStash(req));
+    }
 }

modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastApplicationBinaryStashReq.java

@@ -1,5 +1,6 @@
 package cd.casic.ci.process.dto.req.sast;
 
+import jakarta.validation.constraints.NotBlank;
 import lombok.Data;
 
 import java.util.List;
@@ -55,4 +56,13 @@ public class SastApplicationBinaryStashReq {
      * z3 是否能够超时
      * */
     private Boolean z3TimeoutMsStatus;//需要用户填写
+    /**
+     *  z3超时时间
+     * */
+    private Integer z3TimeoutMs;
+    /**
+     *  流水线id
+     * */
+    @NotBlank
+    private String pipelineId;
 }

modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastVulInfoReq.java

@@ -0,0 +1,55 @@
+package cd.casic.ci.process.dto.req.sast;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.util.ArrayList;
+import java.util.List;
+
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+public class SastVulInfoReq {
+    private String id;
+    private String name;
+    /**
+     * UN_KNOWN("未知"),
+     *     DEADLY("严重"),
+     *     SEVERITY("高危"),
+     *     POOR_RISK("中危"),
+     *     LOW_RISK("低危"),
+     *     SAFE("安全");
+     * */
+    private String severity;
+    private int count;
+    private List<DefectDetail> defectDetails = new ArrayList<>();
+
+    // 便捷方法
+    public void addDefectDetail(DefectDetail detail) {
+        if (defectDetails == null) {
+            defectDetails = new ArrayList<>();
+        }
+        defectDetails.add(detail);
+    }
+}
+
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+class DefectDetail {
+    private String file;
+    private int line;
+    private String path;
+    private List<String> propagationPath = new ArrayList<>();
+    private String description;
+    private String potentialRisk;
+
+    // 便捷方法
+    public void addPropagationPath(String path) {
+        if (propagationPath == null) {
+            propagationPath = new ArrayList<>();
+        }
+        propagationPath.add(path);
+    }
+}

modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/engine/worker/sast/SastWorker.java

@@ -132,7 +132,8 @@ public class SastWorker extends BaseWorker {
         if (reportStatus.getStatus().equals("FAIL")) {
             throw new ServiceException(GlobalErrorCodeConstants.PIPELINE_ERROR.getCode(),"生成sast报告失败");
         }
-        JSONObject jsonObject = getJSONString(reportId).getJSONObject("task_summary");
+        JSONObject reportJson = getJSONString(reportId);
+        JSONObject jsonObject = reportJson.getJSONObject("task_summary");
         JSONObject severity = jsonObject.getJSONObject("defect_severity_distribution");
         JSONObject rule = jsonObject.getJSONObject("detection_rule_distribution");
         JSONObject res = new JSONObject();

modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java

@@ -37,4 +37,5 @@ public interface SastService {
     List<SastEngineLogResp> engineLog(String applicationId);
     SastApplicationBinaryStashResp applicationBinaryStash(SastApplicationBinaryStashReq req) ;
     SastApplicationStashResp binaryStashScan(String applicationId);
+    void saveReportVulInfo(List<SastVulInfoReq> req);
 }

modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java

@@ -3,8 +3,15 @@ package cd.casic.ci.process.process.service.sast.impl;
 import cd.casic.ci.process.dto.req.sast.*;
 import cd.casic.ci.process.dto.resp.report.ReportResp;
 import cd.casic.ci.process.dto.resp.sast.*;
+import cd.casic.ci.process.process.dataObject.pipeline.PipPipeline;
+import cd.casic.ci.process.process.dataObject.target.TargetVersion;
+import cd.casic.ci.process.process.dataObject.volumnInfo.VulInfo;
+import cd.casic.ci.process.process.service.pipeline.PipelineService;
 import cd.casic.ci.process.process.service.sast.SastService;
+import cd.casic.ci.process.process.service.target.TargetVersionService;
 import cd.casic.ci.process.properties.SastProperties;
+import cd.casic.framework.commons.exception.ServiceException;
+import cd.casic.framework.commons.exception.enums.GlobalErrorCodeConstants;
 import cd.casic.framework.commons.pojo.PageParam;
 import cd.casic.framework.commons.pojo.PageResult;
 import cd.casic.framework.redis.core.RedisTemplateUtils;
@@ -31,9 +38,7 @@ import java.io.InputStream;
 import java.net.URLDecoder;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
-import java.util.HashMap;
+import java.util.*;
-import java.util.List;
-import java.util.Map;
 
 import static cd.casic.ci.process.constant.SastUrlConstant.*;
 
@@ -46,6 +51,10 @@ public class SastServiceImpl implements SastService {
     private SastProperties sastProperties;
     @Resource
     private RestTemplate restTemplate;
+    @Resource
+    private PipelineService pipelineService;
+    @Resource
+    private TargetVersionService targetVersionService;
     public static final String TOKEN_PREFIX = "Bearer ";
     public static final String TOKEN_HEADER_KEY = "authorization";
     public static final String REDIS_SAST_TOKEN_KEY = "REDIS_SAST_TOKEN_KEY";
@@ -299,6 +308,19 @@ public class SastServiceImpl implements SastService {
     @Override
     public SastApplicationBinaryStashResp applicationBinaryStash(SastApplicationBinaryStashReq req) {
         HttpHeaders httpHeaders = getHeaders();
+        req.setProjectId("893ed995-5b81-474a-96a9-2800281421cd");
+        req.setApplicationName("二进制任务"+ UUID.randomUUID().toString());
+        req.setCodeSourceFrom("BINARY");
+        req.setArchAutoIdentify(true);
+        String pipelineId = req.getPipelineId();
+        PipPipeline pipeline = pipelineService.getById(pipelineId);
+        String targetVersionId = pipeline.getTargetVersionId();
+        TargetVersion targetVersion = targetVersionService.getById(targetVersionId);
+        File targetFile=new File(targetVersion.getFilePath());
+        SastFileUploadResp uploadResp = uploadFile(targetFile);
+        String id = uploadResp.getId();
+        req.setFileId(Collections.singletonList(id));
+        log.info("sast二进制上传文件成功，开始调用接口{}",req);
         HttpEntity<SastApplicationBinaryStashReq> entity = new HttpEntity<>(req,httpHeaders);
         httpHeaders.setContentType(MediaType.APPLICATION_JSON);
         ResponseEntity<SastApplicationBinaryStashResp> exchange = restTemplate.exchange(sastProperties.getBaseUrl() +applicationBinaryStash, HttpMethod.POST,entity,SastApplicationBinaryStashResp.class,new HashMap<>());
@@ -315,6 +337,16 @@ public class SastServiceImpl implements SastService {
         return exchange.getBody();
     }
 
+    @Override
+    public void saveReportVulInfo(List<SastVulInfoReq> list) {
+        for (SastVulInfoReq req : list) {
+            VulInfo vulInfo = new VulInfo();
+            // 设置安全等级、名称
+            // 设置描述修复措施
+            //设置流水线相关属性
+        }
+    }
+
     private HttpHeaders getHeaders(){
         HttpHeaders httpHeaders = new HttpHeaders();
         httpHeaders.set(TOKEN_HEADER_KEY,TOKEN_PREFIX+getToken());