From f638cdad81ed94f5e5085b6d813550555d242dd1 Mon Sep 17 00:00:00 2001 From: even <827656971@qq.com> Date: Fri, 13 Jun 2025 12:08:32 +0800 Subject: [PATCH] =?UTF-8?q?sast=E6=8E=A5=E5=8F=A3=EF=BC=8C=E6=8A=A5?= =?UTF-8?q?=E5=91=8A=20=E7=94=9F=E6=88=90=E4=B8=8E=E4=B8=8B=E8=BD=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/cd/casic/ci/api/SastController.java | 11 ++++ .../ci/process/constant/SastUrlConstant.java | 6 +- .../dto/req/sast/SastReportCreateReq.java | 62 +++++++++++++++++++ .../process/service/sast/SastService.java | 4 ++ .../service/sast/impl/SastServiceImpl.java | 44 ++++++++++--- .../ci/process/properties/SastProperties.java | 2 + 6 files changed, 115 insertions(+), 14 deletions(-) create mode 100644 modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastReportCreateReq.java diff --git a/modules/module-ci-process-api/src/main/java/cd/casic/ci/api/SastController.java b/modules/module-ci-process-api/src/main/java/cd/casic/ci/api/SastController.java index 831f2fee..170885c2 100644 --- a/modules/module-ci-process-api/src/main/java/cd/casic/ci/api/SastController.java +++ b/modules/module-ci-process-api/src/main/java/cd/casic/ci/api/SastController.java @@ -3,11 +3,13 @@ package cd.casic.ci.api; import cd.casic.ci.process.dto.req.sast.SastApplicationCreateReq; import cd.casic.ci.process.dto.req.sast.SastEngineConfigReq; import cd.casic.ci.process.dto.req.sast.SastIdentifiedLanguageTaskReq; +import cd.casic.ci.process.dto.req.sast.SastReportCreateReq; import cd.casic.ci.process.dto.resp.sast.*; import cd.casic.ci.process.process.service.sast.SastService; import cd.casic.framework.commons.exception.enums.GlobalErrorCodeConstants; import cd.casic.framework.commons.pojo.CommonResult; import jakarta.annotation.Resource; +import jakarta.servlet.http.HttpServletResponse; import jakarta.validation.constraints.Negative; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; @@ -74,4 +76,13 @@ public class SastController { SastApplicationEchoResp applicationEcho = sastService.getApplicationEcho(applicationId); return CommonResult.success(applicationEcho); } + @PostMapping("/reportIndex") + public CommonResult reportIndex(@RequestBody SastReportCreateReq req){ + String reportId = sastService.reportIndex(req); + return CommonResult.success(reportId); + } + @GetMapping("/reportDownload") + public CommonResult reportDownLoad(String reportId){ + return CommonResult.success(sastService.reportDownload(reportId)); + } } diff --git a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/constant/SastUrlConstant.java b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/constant/SastUrlConstant.java index f28de3b6..e524d436 100644 --- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/constant/SastUrlConstant.java +++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/constant/SastUrlConstant.java @@ -1,10 +1,6 @@ package cd.casic.ci.process.constant; public class SastUrlConstant { - // 本地使用vpn调用内网ip - public static final String baseUrl="http://192.168.31.93"; - // 远程服务调用 外网ip -// public static final String baseUrl="http://39.155.212.109:22880"; // 获取token public static final String getToken="/api/login/noCaptcha"; public static final String applicationExist = "/invoke/application/exists"; @@ -15,4 +11,6 @@ public class SastUrlConstant { public static final String detectionConfig = "/invoke/project/setting/getDetectionConfig"; public static final String applicationCreate = "/invoke/application/create"; public static final String getApplicationEcho = "/invoke/application/getApplicationEcho"; + public static final String reportIndex = "/api/report/index"; + public static final String reportDownload = "/api/report/index/download"; } diff --git a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastReportCreateReq.java b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastReportCreateReq.java new file mode 100644 index 00000000..6fe9038f --- /dev/null +++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastReportCreateReq.java @@ -0,0 +1,62 @@ +package cd.casic.ci.process.dto.req.sast; + +import lombok.Data; + +import java.util.List; + +@Data +public class SastReportCreateReq { + /** + * 报告模式: + * SUMMARY - 概要模式 + * DETAILS - 详细模式 + * */ + private String mode; + /** + * 报告类型: + * PROJECT - 项目报告 + * APPLICATION - 应用报告 + * */ + private String contacts; + /** + * 报告模式: + * SUMMARY - 概要模式 + * DETAILS - 详细模式 + * */ + private String reportType; + /** + * 文件格式: + * DOCX - docx + * XLSX - xlsx + * JSON - json + * PDF - pdf + * */ + private String format; + private String projectId; + private List applicationIds; + /** + * 缺陷等级集合 + * UN_KNOWN - 未知 + * DEADLY - 严重 + * SEVERITY - 高危 + * POOR_RISK - 中危 + * LOW_RISK - 低危 + * SAFE - 安全 + * */ + private List bugLevels; + /** + * WAITING - 待审计 + * IGNORE - 忽略 + * HIGH - 高风险 + * MEDIUM - 中风险 + * LOW - 低风险 + * NONE - 不受影响/误报 + * */ + private List audRiskLevels; + /** + * 应用范围: + * ALL - 全部 + * CUSTOMIZE - 自定义 + * */ + private String applicationScope; +} diff --git a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java index af669e15..aefc68fa 100644 --- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java +++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java @@ -2,7 +2,9 @@ package cd.casic.ci.process.process.service.sast; import cd.casic.ci.process.dto.req.sast.SastApplicationCreateReq; import cd.casic.ci.process.dto.req.sast.SastIdentifiedLanguageTaskReq; +import cd.casic.ci.process.dto.req.sast.SastReportCreateReq; import cd.casic.ci.process.dto.resp.sast.*; +import jakarta.servlet.http.HttpServletResponse; import java.io.File; import java.util.List; @@ -17,4 +19,6 @@ public interface SastService { SastDetectionConfigResp detectionConfig(String languageId); SastApplicationCreateResp applicationCreate(SastApplicationCreateReq req); SastApplicationEchoResp getApplicationEcho(String applicationId); + String reportIndex(SastReportCreateReq req); + public String reportDownload(String reportId); } diff --git a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java index aa5dc8ae..75a3a199 100644 --- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java +++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java @@ -2,6 +2,7 @@ package cd.casic.ci.process.process.service.sast.impl; import cd.casic.ci.process.dto.req.sast.SastApplicationCreateReq; import cd.casic.ci.process.dto.req.sast.SastIdentifiedLanguageTaskReq; +import cd.casic.ci.process.dto.req.sast.SastReportCreateReq; import cd.casic.ci.process.dto.resp.sast.*; import cd.casic.ci.process.process.service.sast.SastService; import cd.casic.ci.process.properties.SastProperties; @@ -10,6 +11,7 @@ import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.JSONObject; import jakarta.annotation.Resource; +import jakarta.servlet.http.HttpServletResponse; import kotlin.text.Charsets; import org.apache.commons.lang3.StringUtils; import org.luaj.vm2.ast.Str; @@ -22,6 +24,8 @@ import org.springframework.web.client.RestTemplate; import org.springframework.web.util.UriComponentsBuilder; import java.io.File; +import java.io.IOException; +import java.io.InputStream; import java.net.URLDecoder; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; @@ -46,7 +50,7 @@ public class SastServiceImpl implements SastService { private SastTokenResp getTokenRemote(){ HttpHeaders httpHeaders = new HttpHeaders(); HttpEntity httpEntity = new HttpEntity(sastProperties,httpHeaders); - ResponseEntity exchange = restTemplate.exchange(baseUrl+getToken, HttpMethod.POST, httpEntity, String.class, new HashMap<>()); + ResponseEntity exchange = restTemplate.exchange(sastProperties.getBaseUrl() +getToken, HttpMethod.POST, httpEntity, String.class, new HashMap<>()); String body = exchange.getBody(); JSONObject bodyObject = JSON.parseObject(body); SastTokenResp tokenResp = new SastTokenResp(); @@ -69,7 +73,7 @@ public class SastServiceImpl implements SastService { if (StringUtils.isEmpty(token)) { SastTokenResp tokenRemote = getTokenRemote(); String accessToken = tokenRemote.getAccessToken(); - redisTemplateUtils.set(REDIS_SAST_TOKEN_KEY,accessToken,tokenRemote.getExpiresIn()*1000); + redisTemplateUtils.set(REDIS_SAST_TOKEN_KEY,accessToken,tokenRemote.getExpiresIn()*10); token = accessToken; } } @@ -82,7 +86,7 @@ public class SastServiceImpl implements SastService { HttpHeaders headers = getHeaders(); HttpEntity entity = new HttpEntity<>(null,headers); Map httpParams = new HashMap<>(); - String uriString = UriComponentsBuilder.fromHttpUrl(baseUrl + applicationExist) + String uriString = UriComponentsBuilder.fromHttpUrl(sastProperties.getBaseUrl() + applicationExist) .queryParam("applicationName", applicationName) .queryParam("applicationId", "").toUriString(); ResponseEntity exchange = restTemplate.exchange(uriString, HttpMethod.GET, entity, Boolean.class, httpParams); @@ -97,7 +101,7 @@ public class SastServiceImpl implements SastService { FileSystemResource fileSystemResource = new FileSystemResource(multipartFile); entityMap.add("multipartFile",fileSystemResource); HttpEntity> httpEntity = new HttpEntity<>(entityMap,httpHeaders); - ResponseEntity exchange = restTemplate.exchange(baseUrl+fileUpload, HttpMethod.POST, httpEntity, String.class, new HashMap<>()); + ResponseEntity exchange = restTemplate.exchange(sastProperties.getBaseUrl() +fileUpload, HttpMethod.POST, httpEntity, String.class, new HashMap<>()); return JSON.parseObject(exchange.getBody(), SastFileUploadResp.class); } @@ -108,7 +112,7 @@ public class SastServiceImpl implements SastService { entityMap.put("fileIds",req.getFileIds()); HttpEntity>> entity = new HttpEntity<>(entityMap,httpHeaders); httpHeaders.setContentType(MediaType.APPLICATION_JSON); - ResponseEntity exchange = restTemplate.exchange(baseUrl+createIdentifiedLanguageTask, HttpMethod.POST,entity,SastIdentifiedLanguageTaskResp.class,new HashMap<>()); + ResponseEntity exchange = restTemplate.exchange(sastProperties.getBaseUrl() +createIdentifiedLanguageTask, HttpMethod.POST,entity,SastIdentifiedLanguageTaskResp.class,new HashMap<>()); return exchange.getBody(); } @Override @@ -119,7 +123,7 @@ public class SastServiceImpl implements SastService { // entityMap.put("taskId",taskId); HttpEntity> entity = new HttpEntity<>(entityMap,httpHeaders); // httpHeaders.setContentType(MediaType.APPLICATION_JSON); - String uriString = UriComponentsBuilder.fromHttpUrl(baseUrl + getIdentifiedLanguageTaskStatus).queryParam("taskId", taskId).toUriString(); + String uriString = UriComponentsBuilder.fromHttpUrl(sastProperties.getBaseUrl() + getIdentifiedLanguageTaskStatus).queryParam("taskId", taskId).toUriString(); System.out.println(uriString); ResponseEntity exchange = restTemplate.exchange(uriString, HttpMethod.GET,entity,SastIdentifiedLanguageTaskResp.class,new HashMap<>()); return exchange.getBody(); @@ -129,7 +133,7 @@ public class SastServiceImpl implements SastService { HttpHeaders httpHeaders = getHeaders(); Map entityMap = new HashMap<>(); HttpEntity> entity = new HttpEntity<>(entityMap,httpHeaders); - String uriString = UriComponentsBuilder.fromHttpUrl(baseUrl + engineConfig).queryParam("languageIds", StringUtils.joinWith(",", languageIdList.toArray())).toUriString(); + String uriString = UriComponentsBuilder.fromHttpUrl(sastProperties.getBaseUrl() + engineConfig).queryParam("languageIds", StringUtils.joinWith(",", languageIdList.toArray())).toUriString(); // 别问我为啥要解码。坑爹的不支持Uri encode识别 ResponseEntity exchange = restTemplate.exchange(uriString, HttpMethod.GET,entity, String.class,new HashMap<>()); return JSON.parseArray(exchange.getBody(), SastEngineConfigResp.class); @@ -140,7 +144,7 @@ public class SastServiceImpl implements SastService { Map entityMap = new HashMap<>(); // entityMap.put("taskId",taskId); HttpEntity> entity = new HttpEntity<>(entityMap,httpHeaders); - String uriString = UriComponentsBuilder.fromHttpUrl(baseUrl + detectionConfig).queryParam("languageId", languageId).toUriString(); + String uriString = UriComponentsBuilder.fromHttpUrl(sastProperties.getBaseUrl() + detectionConfig).queryParam("languageId", languageId).toUriString(); System.out.println(uriString); ResponseEntity exchange = restTemplate.exchange(uriString, HttpMethod.GET,entity,SastDetectionConfigResp.class,new HashMap<>()); return exchange.getBody(); @@ -151,7 +155,7 @@ public class SastServiceImpl implements SastService { HttpHeaders httpHeaders = getHeaders(); HttpEntity entity = new HttpEntity<>(req,httpHeaders); httpHeaders.setContentType(MediaType.APPLICATION_JSON); - ResponseEntity exchange = restTemplate.exchange(baseUrl+applicationCreate, HttpMethod.POST,entity,SastApplicationCreateResp.class,new HashMap<>()); + ResponseEntity exchange = restTemplate.exchange(sastProperties.getBaseUrl() +applicationCreate, HttpMethod.POST,entity,SastApplicationCreateResp.class,new HashMap<>()); SastApplicationCreateResp body = exchange.getBody(); return body; } @@ -160,7 +164,7 @@ public class SastServiceImpl implements SastService { HttpHeaders httpHeaders = getHeaders(); Map entityMap = new HashMap<>(); HttpEntity> entity = new HttpEntity<>(entityMap,httpHeaders); - String uriString = UriComponentsBuilder.fromHttpUrl(baseUrl + getApplicationEcho).queryParam("applicationId", applicationId).toUriString(); + String uriString = UriComponentsBuilder.fromHttpUrl(sastProperties.getBaseUrl() + getApplicationEcho).queryParam("applicationId", applicationId).toUriString(); System.out.println(uriString); ResponseEntity exchange = restTemplate.exchange(uriString, HttpMethod.GET,entity,SastApplicationEchoResp.class,new HashMap<>()); SastApplicationEchoResp body = exchange.getBody(); @@ -168,6 +172,26 @@ public class SastServiceImpl implements SastService { return body; } + @Override + public String reportIndex(SastReportCreateReq req) { + HttpHeaders httpHeaders = getHeaders(); + HttpEntity entity = new HttpEntity<>(req,httpHeaders); + httpHeaders.setContentType(MediaType.APPLICATION_JSON); + ResponseEntity exchange = restTemplate.exchange(sastProperties.getBaseUrl() +reportIndex, HttpMethod.POST,entity,JSONObject.class,new HashMap<>()); + JSONObject body = exchange.getBody(); + return body.getString("id"); + } + @Override + public String reportDownload(String reportId){ + HttpHeaders httpHeaders = getHeaders(); + Map entityMap = new HashMap<>(); + HttpEntity> entity = new HttpEntity<>(entityMap,httpHeaders); + String uriString = UriComponentsBuilder.fromHttpUrl(sastProperties.getBaseUrl() + reportDownload).queryParam("reportId", reportId).toUriString(); + System.out.println(uriString); + ResponseEntity exchange = restTemplate.exchange(uriString, HttpMethod.GET,entity, String.class,new HashMap<>()); + return exchange.getBody().replaceAll("\"",""); + } + private HttpHeaders getHeaders(){ HttpHeaders httpHeaders = new HttpHeaders(); httpHeaders.set(TOKEN_HEADER_KEY,TOKEN_PREFIX+getToken()); diff --git a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/properties/SastProperties.java b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/properties/SastProperties.java index dc2477db..e0b5aac7 100644 --- a/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/properties/SastProperties.java +++ b/modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/properties/SastProperties.java @@ -18,4 +18,6 @@ public class SastProperties { private String id; @Value("captcha") private String captcha; + @Value("baseUrl") + private String baseUrl; }