diff --git a/src/main/java/io/mixeway/api/project/controller/OperateOnAssets.java b/src/main/java/io/mixeway/api/project/controller/OperateOnAssets.java index 64fafb80..02447a81 100644 --- a/src/main/java/io/mixeway/api/project/controller/OperateOnAssets.java +++ b/src/main/java/io/mixeway/api/project/controller/OperateOnAssets.java @@ -2,10 +2,7 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; -import io.mixeway.api.project.model.AssetDashboardModel; -import io.mixeway.api.project.model.EditProjectAssetModel; -import io.mixeway.api.project.model.NewVulnerabilityModel; -import io.mixeway.api.project.model.ProjectVulnTrendChart; +import io.mixeway.api.project.model.*; import io.mixeway.api.project.service.OperateOnAssetsService; import io.mixeway.api.protocol.cioperations.PrepareCIOperation; @@ -121,4 +118,10 @@ public ResponseEntity> getAssetVulnerabilities(@PathV return operateOnAssetsService.getAssetVulnerabilities(id, type, principal); } + @PreAuthorize("hasAuthority('ROLE_USER')") + @GetMapping("/{id}/{type}/cicd/config") + public ResponseEntity generateCondig(@PathVariable("id") Long id, @PathVariable("type") String type,Principal principal) throws IOException { + return operateOnAssetsService.generateCondig(id, type, principal); + } + } diff --git a/src/main/java/io/mixeway/api/project/model/MixewayYamlConfigDto.java b/src/main/java/io/mixeway/api/project/model/MixewayYamlConfigDto.java new file mode 100644 index 00000000..b19c36f6 --- /dev/null +++ b/src/main/java/io/mixeway/api/project/model/MixewayYamlConfigDto.java @@ -0,0 +1,63 @@ +package io.mixeway.api.project.model; + +import io.mixeway.db.entity.CodeProject; +import liquibase.pro.packaged.A; +import lombok.Data; +import lombok.extern.log4j.Log4j2; + +import java.util.ArrayList; +import java.util.List; + +@Data +@Log4j2 +public class MixewayYamlConfigDto { + Code code; + WA webapp; + + public MixewayYamlConfigDto buildCodeResponse(CodeProject codeProject, List childs) { + try { + this.code = new Code(); + this.code.id = codeProject.getParent()==null ? codeProject.getId() : codeProject.getParent().getId(); + this.code.name = codeProject.getParent()==null ? codeProject.getName() : codeProject.getParent().getName(); + List apps = new ArrayList<>(); + for (CodeProject cp : childs) { + App app = new App(); + app.setId(cp.getId()); + app.setName(cp.getName()); + app.setPath(cp.getPath()); + app.setSca_name(cp.getRemotename()); + apps.add(app); + } + this.code.apps = apps; + if (code.apps.isEmpty()){ + this.code.sca_name = codeProject.getRemotename(); + } + + } catch (NullPointerException e ){ + log.warn("generating mixeway.yaml for child"); + } + return this; + } + + @Data + public static class Code { + Long id; + String name; + String sca_name; + List apps; + } + @Data + public static class App { + Long id; + String name; + String path; + String sca_name; + } + @Data + public static class WA { + Long id; + String scanType; + String backendUrl; + String openApiFilePath; + } +} diff --git a/src/main/java/io/mixeway/api/project/model/ProjectAssetModel.java b/src/main/java/io/mixeway/api/project/model/ProjectAssetModel.java index 3ad7820b..757f41b4 100644 --- a/src/main/java/io/mixeway/api/project/model/ProjectAssetModel.java +++ b/src/main/java/io/mixeway/api/project/model/ProjectAssetModel.java @@ -21,6 +21,7 @@ public class ProjectAssetModel { String branch; String type; String path; + String parent; String[] scope; AssetVulns vulnerabilities; @@ -39,6 +40,7 @@ public ProjectAssetModel convertCodeProject(CodeProject codeProject, int crit, i sscope.add("sast"); } } + AssetVulns assetVulns = new AssetVulns(); assetVulns.setCritical(crit); assetVulns.setMedium(medium); @@ -52,6 +54,9 @@ public ProjectAssetModel convertCodeProject(CodeProject codeProject, int crit, i projectAssetModel.setPath(codeProject.getPath()); projectAssetModel.setVulnerabilities(assetVulns); projectAssetModel.setScope(sscope.toArray(new String[0])); + if (codeProject.getParent() != null){ + projectAssetModel.setParent(codeProject.getParent().getName()); + } return projectAssetModel; } diff --git a/src/main/java/io/mixeway/api/project/service/OperateOnAssetsService.java b/src/main/java/io/mixeway/api/project/service/OperateOnAssetsService.java index 12b38f2e..5987a037 100644 --- a/src/main/java/io/mixeway/api/project/service/OperateOnAssetsService.java +++ b/src/main/java/io/mixeway/api/project/service/OperateOnAssetsService.java @@ -33,6 +33,7 @@ import java.time.format.DateTimeFormatter; import java.util.*; import java.util.stream.Collectors; +import java.util.stream.Stream; @Service @RequiredArgsConstructor @@ -148,31 +149,38 @@ public Interface createInterface(JsonNode rootNode, Project project, Principal p public List getAssetsForProject(Project project) { List projectAssetModels = new ArrayList<>(); - findCodeProjectService.findByProject(project).forEach(cp -> { - AssetHistory assetHistory = findAssetHistoryService.getAssetHistory(cp).stream() - .max(Comparator.comparing(AssetHistory::getInserted)).orElse(new AssetHistory()); - - projectAssetModels.add(new ProjectAssetModel().convertCodeProject(cp, assetHistory.getCrit() + assetHistory.getHigh(), - assetHistory.getMedium(), assetHistory.getLow())); - }); - - findWebAppService.findByProject(project).forEach(wa -> { - AssetHistory assetHistory = findAssetHistoryService.getAssetHistory(wa).stream() - .max(Comparator.comparing(AssetHistory::getInserted)).orElse(new AssetHistory()); - projectAssetModels.add(new ProjectAssetModel().convertWebApp(wa, - assetHistory.getCrit() + assetHistory.getHigh(), - assetHistory.getMedium(), assetHistory.getLow(), (assetHistory.getCrit() + assetHistory.getHigh() + assetHistory.getMedium() + assetHistory.getLow()) > 0)); - }); - - findInterfaceService.findByAssetIn(new ArrayList<>(project.getAssets())).forEach(intf -> { - AssetHistory assetHistory = findAssetHistoryService.getAssetHistory(intf).stream() - .max(Comparator.comparing(AssetHistory::getInserted)).orElse(new AssetHistory()); - projectAssetModels.add(new ProjectAssetModel().convertInterface(intf, assetHistory.getCrit() + assetHistory.getHigh(), - assetHistory.getMedium(), assetHistory.getLow(), (assetHistory.getCrit() + assetHistory.getHigh() + assetHistory.getMedium() + assetHistory.getLow()) > 0)); - }); + // Combine all find service calls into parallel streams to leverage concurrency + Stream.concat(Stream.concat( + findCodeProjectService.findByProject(project).parallelStream().map(cp -> { + AssetHistory assetHistory = findAssetHistoryService.getAssetHistory(cp).stream() + .max(Comparator.comparing(AssetHistory::getInserted)).orElse(new AssetHistory()); + + return new ProjectAssetModel().convertCodeProject(cp, assetHistory.getCrit() + assetHistory.getHigh(), + assetHistory.getMedium(), assetHistory.getLow()); + }), + findWebAppService.findByProject(project).parallelStream().map(wa -> { + AssetHistory assetHistory = findAssetHistoryService.getAssetHistory(wa).stream() + .max(Comparator.comparing(AssetHistory::getInserted)).orElse(new AssetHistory()); + + return new ProjectAssetModel().convertWebApp(wa, + assetHistory.getCrit() + assetHistory.getHigh(), + assetHistory.getMedium(), assetHistory.getLow(), + (assetHistory.getCrit() + assetHistory.getHigh() + assetHistory.getMedium() + assetHistory.getLow()) > 0); + })), + findInterfaceService.findByAssetIn(new ArrayList<>(project.getAssets())).parallelStream().map(intf -> { + AssetHistory assetHistory = findAssetHistoryService.getAssetHistory(intf).stream() + .max(Comparator.comparing(AssetHistory::getInserted)).orElse(new AssetHistory()); + + return new ProjectAssetModel().convertInterface(intf, assetHistory.getCrit() + assetHistory.getHigh(), + assetHistory.getMedium(), assetHistory.getLow(), + (assetHistory.getCrit() + assetHistory.getHigh() + assetHistory.getMedium() + assetHistory.getLow()) > 0); + }) + ).forEach(projectAssetModels::add); + return projectAssetModels; } + public ResponseEntity editCodeProject(EditProjectAssetModel editProjectAssetModel, Optional codeProject, Principal principal) { if (codeProject.isPresent()) { if (permissionFactory.canUserAccessProject(principal, codeProject.get().getProject())) { @@ -442,4 +450,35 @@ public ResponseEntity> getAssetVulnerabilities(Long i pv -> !pv.getStatus().getName().equals(vulnTemplate.STATUS_REMOVED.getName())).collect(Collectors.toList()), HttpStatus.OK); } + + public ResponseEntity generateCondig(Long id, String type,Principal principal) { + MixewayYamlConfigDto mixewayYamlConfigDto = new MixewayYamlConfigDto(); + switch (type) { + case "codeProject": + Optional codeProject = findCodeProjectService.findById(id); + if (codeProject.isPresent() && permissionFactory.canUserAccessProject(principal, codeProject.get().getProject())) { + mixewayYamlConfigDto = mixewayYamlConfigDto.buildCodeResponse(codeProject.get(), findCodeProjectService.getProjectChilds(codeProject.get())); + } else { + return new ResponseEntity<>(HttpStatus.NOT_FOUND); + } + break; + case "webApp": + Optional webApp = findWebAppService.findById(id); + if (webApp.isPresent() && permissionFactory.canUserAccessProject(principal, webApp.get().getProject())) { + MixewayYamlConfigDto.WA wa = new MixewayYamlConfigDto.WA(); + wa.setId(webApp.get().getId()); + wa.setBackendUrl(webApp.get().getUrl()); + mixewayYamlConfigDto.setWebapp(wa); + + } else { + return new ResponseEntity<>(HttpStatus.NOT_FOUND); + } + break; + default: + return new ResponseEntity<>(HttpStatus.BAD_REQUEST); + } + return new ResponseEntity<>(mixewayYamlConfigDto, HttpStatus.OK); + } + + } \ No newline at end of file diff --git a/src/main/java/io/mixeway/db/repository/CodeProjectRepository.java b/src/main/java/io/mixeway/db/repository/CodeProjectRepository.java index b87abe7c..9730d4e8 100755 --- a/src/main/java/io/mixeway/db/repository/CodeProjectRepository.java +++ b/src/main/java/io/mixeway/db/repository/CodeProjectRepository.java @@ -61,4 +61,6 @@ public interface CodeProjectRepository extends JpaRepository void updateCodeProjectBranch(@Param("id") Long id, @Param("branch") String branch); List findByProjectIn(List enabledVulnManageProjects); + + List findByParent(CodeProject codeProject); } diff --git a/src/main/java/io/mixeway/domain/service/scanmanager/code/FindCodeProjectService.java b/src/main/java/io/mixeway/domain/service/scanmanager/code/FindCodeProjectService.java index 86382dd8..d137c347 100644 --- a/src/main/java/io/mixeway/domain/service/scanmanager/code/FindCodeProjectService.java +++ b/src/main/java/io/mixeway/domain/service/scanmanager/code/FindCodeProjectService.java @@ -67,4 +67,8 @@ public List getCodeProjectsInListOfProjects(List enabledVu public List findAll() { return codeProjectRepository.findAll(); } + + public List getProjectChilds(CodeProject codeProject) { + return codeProjectRepository.findByParent(codeProject); + } }