code-secure-analyzer/api.go at main · califio/code-secure-analyzer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
package analyzer

import (
	"github.com/califio/code-secure-analyzer/logger"
	"github.com/go-resty/resty/v2"
	"strings"
)

type UploadFindingRequest struct {
	ScanId       string        `json:"scanId,omitempty"`
	Findings     []SastFinding `json:"findings,omitempty"`
	Strategy     ScanStrategy  `json:"strategy,omitempty"`
	ChangedFiles []ChangedFile `json:"changedFiles,omitempty"`
}

type UploadFindingResponse struct {
	FindingUrl        string        `json:"findingUrl,omitempty"`
	NewFindings       []SastFinding `json:"newFindings,omitempty"`
	ConfirmedFindings []SastFinding `json:"confirmedFindings,omitempty"`
	OpenFindings      []SastFinding `json:"openFindings,omitempty"`
	FixedFindings     []SastFinding `json:"fixedFindings,omitempty"`
	IsBlock           bool          `json:"isBlock,omitempty"`
}

type UploadDependencyRequest struct {
	ScanId              string              `json:"scanId,omitempty"`
	Packages            []Package           `json:"packages,omitempty"`
	PackageDependencies []PackageDependency `json:"packageDependencies,omitempty"`
	Vulnerabilities     []Vulnerability     `json:"vulnerabilities,omitempty"`
}

type UploadDependencyResponse struct {
	Packages []PackageInfo `json:"packages,omitempty"`
	IsBlock  bool          `json:"isBlock,omitempty"`
}

type CiScanRequest struct {
	Source         string      `json:"source"`
	RepoId         string      `json:"repoId"`
	RepoUrl        string      `json:"repoUrl"`
	RepoName       string      `json:"repoName"`
	GitAction      GitAction   `json:"gitAction"`
	ScanTitle      string      `json:"scanTitle"`
	CommitHash     string      `json:"commitHash"`
	CommitBranch   string      `json:"commitBranch"`
	TargetBranch   string      `json:"targetBranch"`
	MergeRequestId string      `json:"mergeRequestId"`
	Scanner        string      `json:"scanner"`
	Type           ScannerType `json:"type"`
	JobUrl         string      `json:"jobUrl"`
	IsDefault      *bool       `json:"isDefault"`
}

type UpdateCIScanRequest struct {
	Status      *ScanStatus `json:"status,omitempty"`
	Description *string     `json:"description,omitempty"`
}

type CiScanInfo struct {
	ScanId        string `json:"scanId"`
	ScanUrl       string `json:"scanUrl"`
	LastCommitSha string `json:"lastCommitSha"`
}

type Client struct {
	baseURL    string
	apiKey     string
	httpClient *resty.Client
	UserAgent  string
}

func NewClient(baseUrl string, apiKey string) *Client {
	client := &Client{
		apiKey:     apiKey,
		httpClient: resty.New(),
		baseURL:    strings.TrimSuffix(baseUrl, "/"),
	}
	return client
}

func (client *Client) TestConnection() bool {
	res, err := client.Request().Get(client.baseURL + "/api/ci/ping")
	if err != nil {
		logger.Error(err.Error())
		return false
	}
	if res.StatusCode() == 403 || res.StatusCode() == 401 {
		logger.Error("Token is invalid")
		return false
	}
	return res.StatusCode() == 200
}

func (client *Client) InitScan(request CiScanRequest) (*CiScanInfo, error) {
	var scanInfo CiScanInfo
	_, err := client.Request().
		SetBody(request).
		SetResult(&scanInfo).
		Post(client.baseURL + "/api/ci/scan")
	if err != nil {
		return nil, err
	}
	return &scanInfo, nil
}

func (client *Client) UploadFinding(request UploadFindingRequest) (*UploadFindingResponse, error) {
	var response UploadFindingResponse
	_, err := client.Request().
		SetBody(request).
		SetResult(&response).
		Post(client.baseURL + "/api/ci/finding")
	if err != nil {
		return nil, err
	}
	return &response, nil
}

func (client *Client) UploadDependency(request UploadDependencyRequest) (*UploadDependencyResponse, error) {
	var response UploadDependencyResponse
	_, err := client.Request().
		SetBody(request).
		SetResult(&response).
		Post(client.baseURL + "/api/ci/dependency")
	if err != nil {
		return nil, err
	}
	return &response, nil
}

func (client *Client) UpdateScan(scanId string, request UpdateCIScanRequest) error {
	_, err := client.Request().
		SetBody(request).
		Put(client.baseURL + "/api/ci/scan/" + scanId)
	return err
}

func (client *Client) Request() *resty.Request {
	return client.httpClient.R().SetHeader("CI-TOKEN", client.apiKey)
}