sast接口，报告 生成与下载

modules/module-ci-process-api/src/main/java/cd/casic/ci/api/SastController.java

@@ -3,11 +3,13 @@ package cd.casic.ci.api;
 import cd.casic.ci.process.dto.req.sast.SastApplicationCreateReq;
 import cd.casic.ci.process.dto.req.sast.SastEngineConfigReq;
 import cd.casic.ci.process.dto.req.sast.SastIdentifiedLanguageTaskReq;
+import cd.casic.ci.process.dto.req.sast.SastReportCreateReq;
 import cd.casic.ci.process.dto.resp.sast.*;
 import cd.casic.ci.process.process.service.sast.SastService;
 import cd.casic.framework.commons.exception.enums.GlobalErrorCodeConstants;
 import cd.casic.framework.commons.pojo.CommonResult;
 import jakarta.annotation.Resource;
+import jakarta.servlet.http.HttpServletResponse;
 import jakarta.validation.constraints.Negative;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@@ -74,4 +76,13 @@ public class SastController {
         SastApplicationEchoResp applicationEcho = sastService.getApplicationEcho(applicationId);
         return CommonResult.success(applicationEcho);
     }
+    @PostMapping("/reportIndex")
+    public CommonResult<String> reportIndex(@RequestBody SastReportCreateReq req){
+        String reportId = sastService.reportIndex(req);
+        return CommonResult.success(reportId);
+    }
+    @GetMapping("/reportDownload")
+    public CommonResult<String> reportDownLoad(String reportId){
+        return CommonResult.success(sastService.reportDownload(reportId));
+    }
 }

modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/constant/SastUrlConstant.java

@@ -1,10 +1,6 @@
 package cd.casic.ci.process.constant;
 
 public class SastUrlConstant {
-    // 本地使用vpn调用内网ip
-    public static final String baseUrl="http://192.168.31.93";
-    // 远程服务调用 外网ip
-//    public static final String baseUrl="http://39.155.212.109:22880";
     // 获取token
     public static final String getToken="/api/login/noCaptcha";
     public static final String applicationExist = "/invoke/application/exists";
@@ -15,4 +11,6 @@ public class SastUrlConstant {
     public static final String detectionConfig = "/invoke/project/setting/getDetectionConfig";
     public static final String applicationCreate = "/invoke/application/create";
     public static final String getApplicationEcho = "/invoke/application/getApplicationEcho";
+    public static final String reportIndex = "/api/report/index";
+    public static final String reportDownload = "/api/report/index/download";
 }

modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/dto/req/sast/SastReportCreateReq.java

@@ -0,0 +1,62 @@
+package cd.casic.ci.process.dto.req.sast;
+
+import lombok.Data;
+
+import java.util.List;
+
+@Data
+public class SastReportCreateReq {
+    /**
+     * 报告模式：
+     * SUMMARY - 概要模式
+     * DETAILS - 详细模式
+     * */
+    private String mode;
+    /**
+     * 报告类型：
+     * PROJECT - 项目报告
+     * APPLICATION - 应用报告
+     * */
+    private String contacts;
+    /**
+     * 报告模式：
+     * SUMMARY - 概要模式
+     * DETAILS - 详细模式
+     * */
+    private String reportType;
+    /**
+     * 文件格式：
+     * DOCX - docx
+     * XLSX - xlsx
+     * JSON - json
+     * PDF - pdf
+     * */
+    private String format;
+    private String projectId;
+    private List<String> applicationIds;
+    /**
+     * 缺陷等级集合
+     * 	UN_KNOWN - 未知
+     * DEADLY - 严重
+     * SEVERITY - 高危
+     * POOR_RISK - 中危
+     * LOW_RISK - 低危
+     * SAFE - 安全
+     * */
+    private List<String> bugLevels;
+    /**
+     *  WAITING - 待审计
+     * IGNORE - 忽略
+     * HIGH - 高风险
+     * MEDIUM - 中风险
+     * LOW - 低风险
+     * NONE - 不受影响/误报
+     * */
+    private List<String> audRiskLevels;
+    /**
+     * 应用范围：
+     * ALL - 全部
+     * CUSTOMIZE - 自定义
+     * */
+    private String applicationScope;
+}

modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/SastService.java

@@ -2,7 +2,9 @@ package cd.casic.ci.process.process.service.sast;
 
 import cd.casic.ci.process.dto.req.sast.SastApplicationCreateReq;
 import cd.casic.ci.process.dto.req.sast.SastIdentifiedLanguageTaskReq;
+import cd.casic.ci.process.dto.req.sast.SastReportCreateReq;
 import cd.casic.ci.process.dto.resp.sast.*;
+import jakarta.servlet.http.HttpServletResponse;
 
 import java.io.File;
 import java.util.List;
@@ -17,4 +19,6 @@ public interface SastService {
     SastDetectionConfigResp detectionConfig(String languageId);
     SastApplicationCreateResp applicationCreate(SastApplicationCreateReq req);
     SastApplicationEchoResp getApplicationEcho(String applicationId);
+    String reportIndex(SastReportCreateReq req);
+    public String reportDownload(String reportId);
 }

modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/process/service/sast/impl/SastServiceImpl.java

@@ -2,6 +2,7 @@ package cd.casic.ci.process.process.service.sast.impl;
 
 import cd.casic.ci.process.dto.req.sast.SastApplicationCreateReq;
 import cd.casic.ci.process.dto.req.sast.SastIdentifiedLanguageTaskReq;
+import cd.casic.ci.process.dto.req.sast.SastReportCreateReq;
 import cd.casic.ci.process.dto.resp.sast.*;
 import cd.casic.ci.process.process.service.sast.SastService;
 import cd.casic.ci.process.properties.SastProperties;
@@ -10,6 +11,7 @@ import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
 import jakarta.annotation.Resource;
+import jakarta.servlet.http.HttpServletResponse;
 import kotlin.text.Charsets;
 import org.apache.commons.lang3.StringUtils;
 import org.luaj.vm2.ast.Str;
@@ -22,6 +24,8 @@ import org.springframework.web.client.RestTemplate;
 import org.springframework.web.util.UriComponentsBuilder;
 
 import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
 import java.net.URLDecoder;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
@@ -46,7 +50,7 @@ public class SastServiceImpl implements SastService {
     private SastTokenResp getTokenRemote(){
         HttpHeaders httpHeaders = new HttpHeaders();
         HttpEntity<SastProperties> httpEntity = new HttpEntity<SastProperties>(sastProperties,httpHeaders);
-        ResponseEntity<String> exchange = restTemplate.exchange(baseUrl+getToken, HttpMethod.POST, httpEntity, String.class, new HashMap<>());
+        ResponseEntity<String> exchange = restTemplate.exchange(sastProperties.getBaseUrl() +getToken, HttpMethod.POST, httpEntity, String.class, new HashMap<>());
         String body = exchange.getBody();
         JSONObject bodyObject = JSON.parseObject(body);
         SastTokenResp tokenResp = new SastTokenResp();
@@ -69,7 +73,7 @@ public class SastServiceImpl implements SastService {
                 if (StringUtils.isEmpty(token)) {
                     SastTokenResp tokenRemote = getTokenRemote();
                     String accessToken = tokenRemote.getAccessToken();
-                    redisTemplateUtils.set(REDIS_SAST_TOKEN_KEY,accessToken,tokenRemote.getExpiresIn()*1000);
+                    redisTemplateUtils.set(REDIS_SAST_TOKEN_KEY,accessToken,tokenRemote.getExpiresIn()*10);
                     token = accessToken;
                 }
             }
@@ -82,7 +86,7 @@ public class SastServiceImpl implements SastService {
         HttpHeaders headers = getHeaders();
         HttpEntity<Boolean> entity = new HttpEntity<>(null,headers);
         Map<String,Object> httpParams = new HashMap<>();
-        String uriString = UriComponentsBuilder.fromHttpUrl(baseUrl + applicationExist)
+        String uriString = UriComponentsBuilder.fromHttpUrl(sastProperties.getBaseUrl() + applicationExist)
                 .queryParam("applicationName", applicationName)
                 .queryParam("applicationId", "").toUriString();
         ResponseEntity<Boolean> exchange = restTemplate.exchange(uriString, HttpMethod.GET, entity, Boolean.class, httpParams);
@@ -97,7 +101,7 @@ public class SastServiceImpl implements SastService {
         FileSystemResource fileSystemResource = new FileSystemResource(multipartFile);
         entityMap.add("multipartFile",fileSystemResource);
         HttpEntity<MultiValueMap<String, Object>> httpEntity = new HttpEntity<>(entityMap,httpHeaders);
-        ResponseEntity<String> exchange = restTemplate.exchange(baseUrl+fileUpload, HttpMethod.POST, httpEntity, String.class, new HashMap<>());
+        ResponseEntity<String> exchange = restTemplate.exchange(sastProperties.getBaseUrl() +fileUpload, HttpMethod.POST, httpEntity, String.class, new HashMap<>());
         return JSON.parseObject(exchange.getBody(), SastFileUploadResp.class);
     }
 
@@ -108,7 +112,7 @@ public class SastServiceImpl implements SastService {
         entityMap.put("fileIds",req.getFileIds());
         HttpEntity<Map<String, List<String>>> entity = new HttpEntity<>(entityMap,httpHeaders);
         httpHeaders.setContentType(MediaType.APPLICATION_JSON);
-        ResponseEntity<SastIdentifiedLanguageTaskResp> exchange = restTemplate.exchange(baseUrl+createIdentifiedLanguageTask, HttpMethod.POST,entity,SastIdentifiedLanguageTaskResp.class,new HashMap<>());
+        ResponseEntity<SastIdentifiedLanguageTaskResp> exchange = restTemplate.exchange(sastProperties.getBaseUrl() +createIdentifiedLanguageTask, HttpMethod.POST,entity,SastIdentifiedLanguageTaskResp.class,new HashMap<>());
         return exchange.getBody();
     }
     @Override
@@ -119,7 +123,7 @@ public class SastServiceImpl implements SastService {
 //        entityMap.put("taskId",taskId);
         HttpEntity<Map<String, String>> entity = new HttpEntity<>(entityMap,httpHeaders);
 //        httpHeaders.setContentType(MediaType.APPLICATION_JSON);
-        String uriString = UriComponentsBuilder.fromHttpUrl(baseUrl + getIdentifiedLanguageTaskStatus).queryParam("taskId", taskId).toUriString();
+        String uriString = UriComponentsBuilder.fromHttpUrl(sastProperties.getBaseUrl()  + getIdentifiedLanguageTaskStatus).queryParam("taskId", taskId).toUriString();
         System.out.println(uriString);
         ResponseEntity<SastIdentifiedLanguageTaskResp> exchange = restTemplate.exchange(uriString, HttpMethod.GET,entity,SastIdentifiedLanguageTaskResp.class,new HashMap<>());
         return exchange.getBody();
@@ -129,7 +133,7 @@ public class SastServiceImpl implements SastService {
         HttpHeaders httpHeaders = getHeaders();
         Map<String, String> entityMap = new HashMap<>();
         HttpEntity<Map<String, String>> entity = new HttpEntity<>(entityMap,httpHeaders);
-        String uriString = UriComponentsBuilder.fromHttpUrl(baseUrl + engineConfig).queryParam("languageIds", StringUtils.joinWith(",", languageIdList.toArray())).toUriString();
+        String uriString = UriComponentsBuilder.fromHttpUrl(sastProperties.getBaseUrl()  + engineConfig).queryParam("languageIds", StringUtils.joinWith(",", languageIdList.toArray())).toUriString();
         // 别问我为啥要解码。坑爹的不支持Uri encode识别
         ResponseEntity<String> exchange = restTemplate.exchange(uriString, HttpMethod.GET,entity, String.class,new HashMap<>());
         return JSON.parseArray(exchange.getBody(), SastEngineConfigResp.class);
@@ -140,7 +144,7 @@ public class SastServiceImpl implements SastService {
         Map<String, String> entityMap = new HashMap<>();
 //        entityMap.put("taskId",taskId);
         HttpEntity<Map<String, String>> entity = new HttpEntity<>(entityMap,httpHeaders);
-        String uriString = UriComponentsBuilder.fromHttpUrl(baseUrl + detectionConfig).queryParam("languageId", languageId).toUriString();
+        String uriString = UriComponentsBuilder.fromHttpUrl(sastProperties.getBaseUrl()  + detectionConfig).queryParam("languageId", languageId).toUriString();
         System.out.println(uriString);
         ResponseEntity<SastDetectionConfigResp> exchange = restTemplate.exchange(uriString, HttpMethod.GET,entity,SastDetectionConfigResp.class,new HashMap<>());
         return exchange.getBody();
@@ -151,7 +155,7 @@ public class SastServiceImpl implements SastService {
         HttpHeaders httpHeaders = getHeaders();
         HttpEntity<SastApplicationCreateReq> entity = new HttpEntity<>(req,httpHeaders);
         httpHeaders.setContentType(MediaType.APPLICATION_JSON);
-        ResponseEntity<SastApplicationCreateResp> exchange = restTemplate.exchange(baseUrl+applicationCreate, HttpMethod.POST,entity,SastApplicationCreateResp.class,new HashMap<>());
+        ResponseEntity<SastApplicationCreateResp> exchange = restTemplate.exchange(sastProperties.getBaseUrl() +applicationCreate, HttpMethod.POST,entity,SastApplicationCreateResp.class,new HashMap<>());
         SastApplicationCreateResp body = exchange.getBody();
         return body;
     }
@@ -160,7 +164,7 @@ public class SastServiceImpl implements SastService {
         HttpHeaders httpHeaders = getHeaders();
         Map<String, String> entityMap = new HashMap<>();
         HttpEntity<Map<String, String>> entity = new HttpEntity<>(entityMap,httpHeaders);
-        String uriString = UriComponentsBuilder.fromHttpUrl(baseUrl + getApplicationEcho).queryParam("applicationId", applicationId).toUriString();
+        String uriString = UriComponentsBuilder.fromHttpUrl(sastProperties.getBaseUrl()  + getApplicationEcho).queryParam("applicationId", applicationId).toUriString();
         System.out.println(uriString);
         ResponseEntity<SastApplicationEchoResp> exchange = restTemplate.exchange(uriString, HttpMethod.GET,entity,SastApplicationEchoResp.class,new HashMap<>());
         SastApplicationEchoResp body = exchange.getBody();
@@ -168,6 +172,26 @@ public class SastServiceImpl implements SastService {
         return body;
     }
 
+    @Override
+    public String reportIndex(SastReportCreateReq req) {
+        HttpHeaders httpHeaders = getHeaders();
+        HttpEntity<SastReportCreateReq> entity = new HttpEntity<>(req,httpHeaders);
+        httpHeaders.setContentType(MediaType.APPLICATION_JSON);
+        ResponseEntity<JSONObject> exchange = restTemplate.exchange(sastProperties.getBaseUrl() +reportIndex, HttpMethod.POST,entity,JSONObject.class,new HashMap<>());
+        JSONObject body = exchange.getBody();
+        return body.getString("id");
+    }
+    @Override
+    public String reportDownload(String reportId){
+        HttpHeaders httpHeaders = getHeaders();
+        Map<String, String> entityMap = new HashMap<>();
+        HttpEntity<Map<String, String>> entity = new HttpEntity<>(entityMap,httpHeaders);
+        String uriString = UriComponentsBuilder.fromHttpUrl(sastProperties.getBaseUrl()  + reportDownload).queryParam("reportId", reportId).toUriString();
+        System.out.println(uriString);
+        ResponseEntity<String> exchange = restTemplate.exchange(uriString, HttpMethod.GET,entity, String.class,new HashMap<>());
+        return exchange.getBody().replaceAll("\"","");
+    }
+
     private HttpHeaders getHeaders(){
         HttpHeaders httpHeaders = new HttpHeaders();
         httpHeaders.set(TOKEN_HEADER_KEY,TOKEN_PREFIX+getToken());

modules/module-ci-process-biz/src/main/java/cd/casic/ci/process/properties/SastProperties.java

@@ -18,4 +18,6 @@ public class SastProperties {
     private String id;
     @Value("captcha")
     private String captcha;
+    @Value("baseUrl")
+    private String baseUrl;
 }