sast相关修改

2025-06-19 17:04:42 +08:00 · 2025-06-19 17:04:42 +08:00 · c8ebef6ef0
commit c8ebef6ef0
parent b712c13170
5 changed files with 29 additions and 31 deletions
--- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/constant/SastUrlConstant.java
+++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/constant/SastUrlConstant.java
@ -17,4 +17,5 @@ public class SastUrlConstant {
    public static final String reportList = "/api/report/index/pageList";
    public static final String reportDelete = "/api/report/index";
    public static final String getApplicationStatus = "/invoke/application/getStatus/";
    public static final String jsonReportDownload = "/api/report/index/downloadReport";
 }
--- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/engine/worker/SastWorker.java
+++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/engine/worker/SastWorker.java
@ -14,21 +14,13 @@ import cd.casic.ci.process.process.converter.SastConverter;
 import cd.casic.ci.process.process.dataObject.base.PipBaseElement;
 import cd.casic.ci.process.process.dataObject.task.PipTask;
 import cd.casic.ci.process.process.service.sast.SastService;
-import cd.casic.framework.commons.exception.ServiceException;
+import cd.casic.ci.process.process.service.task.TaskService;
 import cd.casic.framework.commons.exception.enums.GlobalErrorCodeConstants;
 import com.alibaba.excel.util.StringUtils;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import jakarta.annotation.Resource;
 import lombok.extern.slf4j.Slf4j;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
@ -42,6 +34,8 @@ public class SastWorker extends BaseWorker {
    private SastService sastService;
    @Resource
    private SastConverter converter;
    @Resource
    private TaskService taskService;
    @Override
    public void execute(TaskRunContext context) {
        PipBaseElement contextDef = context.getContextDef();
@ -69,7 +63,7 @@ public class SastWorker extends BaseWorker {
            SastApplicationCreateResp sastApplicationCreateResp = sastService.applicationCreate(sastApplicationCreateReq);
            log.info("SAST启动任务返回值:{}",JSON.toJSONString(sastApplicationCreateResp));
            append(context,"启动任务完毕");
-            // 检测状态是否完毕
+//             检测状态是否完毕
            applicationStatus = sastService.getApplicationStatus(applicationId);
            int repeat = 0;
            while (!SastConstant.STATUS_JOB_DONE.equals(applicationStatus.getJobStatus())) {
@ -100,6 +94,7 @@ public class SastWorker extends BaseWorker {
            String reportUrl = getReportUrl(applicationId, SastConstant.REPORT_MODE_DETAILS);
            task.getTaskProperties().put(SastConstant.REPORT_JSON,reportJSON);
            task.getTaskProperties().put(SastConstant.REPORT_URL,reportUrl);
            taskService.updateById(task);
        }
    }
    private JSONObject getReportJSON(String applicationId,String model){
@ -109,9 +104,9 @@ public class SastWorker extends BaseWorker {
        sastReportCreateReq.setFormat(SastConstant.REPORT_FORMAT_JSON);
        sastReportCreateReq.setApplicationIds(Collections.singletonList(applicationId));
        log.info("获取JSON报告请求参数{}",JSON.toJSONString(sastReportCreateReq));
-        String jsonReportUrl = sastService.reportIndex(sastReportCreateReq);
+        String reportId = sastService.reportIndex(sastReportCreateReq);
-        log.info("获取JSON报告获得url{}",jsonReportUrl);
+        log.info("获取JSON报告获得url{}",reportId);
-        JSONObject jsonObject = JSON.parseObject(getJSONString(jsonReportUrl)).getJSONObject("task_summary");
+        JSONObject jsonObject = getJSONString(reportId).getJSONObject("task_summary");
        JSONObject severity = jsonObject.getJSONObject("defect_severity_distribution");
        JSONObject rule = jsonObject.getJSONObject("detection_rule_distribution");
        JSONObject res = new JSONObject();
@ -128,23 +123,7 @@ public class SastWorker extends BaseWorker {
        log.info("获取报告请求参数{}",JSON.toJSONString(sastReportCreateReq));
        return sastService.reportIndex(sastReportCreateReq);
    }
-    private String getJSONString(String reportId){
+    private JSONObject getJSONString(String reportId){
-        String s = sastService.reportDownload(reportId);
+        return sastService.jsonReportDownload(reportId);
        URI uri = URI.create(s);
        URL url = null;
        try {
            url = uri.toURL();
        } catch (MalformedURLException e) {
            log.info("sast 创建uri{}",uri);
            log.error("sast 获取json格式报告失败:",e);
        }
        try (InputStream in = url.openStream()) {
            byte[] bytes = in.readAllBytes();
            return new String(bytes, StandardCharsets.UTF_8);
        } catch (IOException e) {
            log.info("获取的url:{}",url);
            log.error("获取json格式报告失败:",e);
            throw new ServiceException(GlobalErrorCodeConstants.PIPELINE_ERROR.getCode(),"获取JSON格式报告失败");
        }
    }
 }
--- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java
+++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java
@ -31,4 +31,6 @@ public interface SastService {
    public void reportDelete(String reportId);
    public SastApplicationStatusResp getApplicationStatus(String applicationId);
    public JSONObject jsonReportDownload(String reportId);
 }
--- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java
+++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java
@ -241,6 +241,16 @@ public class SastServiceImpl implements SastService {
        ResponseEntity<SastApplicationStatusResp> exchange = restTemplate.exchange(uriString, HttpMethod.GET,entity, SastApplicationStatusResp.class,new HashMap<>());
        return exchange.getBody();
    }
    @Override
    public JSONObject jsonReportDownload(String reportId){
        HttpHeaders httpHeaders = getHeaders();
        Map<String, String> entityMap = new HashMap<>();
        HttpEntity<Map<String, String>> entity = new HttpEntity<>(entityMap,httpHeaders);
        String uriString=UriComponentsBuilder.fromUriString(sastProperties.getBaseUrl()+jsonReportDownload)
                .queryParam("reportId",reportId).toUriString();
        ResponseEntity<String> exchange = restTemplate.exchange(uriString, HttpMethod.GET,entity, String.class,new HashMap<>());
        return JSON.parseObject(exchange.getBody());
    }
    private HttpHeaders getHeaders(){
        HttpHeaders httpHeaders = new HttpHeaders();
--- a/ops-server/src/test/java/cd/casic/server/SastTest.java
+++ b/ops-server/src/test/java/cd/casic/server/SastTest.java
@ -12,6 +12,7 @@ import cd.casic.framework.commons.exception.ServiceException;
 import cd.casic.framework.commons.exception.enums.GlobalErrorCodeConstants;
 import cd.casic.framework.redis.core.RedisTemplateUtils;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import jakarta.annotation.Resource;
 import lombok.extern.slf4j.Slf4j;
 import org.junit.jupiter.api.Test;
@ -195,4 +196,9 @@ public class SastTest {
            throw new ServiceException(GlobalErrorCodeConstants.PIPELINE_ERROR.getCode(),"获取JSON格式报告失败");
        }
    }
    @Test
    public void reportDownLoad(){
        JSONObject jsonObject = sastService.jsonReportDownload("3300b586-52d7-4a46-b656-e653a0b2a024");
        System.out.println(jsonObject);
    }
 }