sonarqube8.4报告系列-安全热点统计
程序员文章站
2022-07-05 21:20:07
sonarqube我还没有研究透彻,技术太菜了,还无法深入原理去分析源代码,只是从外面知道sonar-scanner扫描会先经过ES,再传结果给sonarqube界面显示。我的问题是:我要获取安全热点中高中低等级的所有问题及数据,统计出结果给上面看。需求分析 数据库中直接查询 issues表中数据的severity与实际问题等级不相符 ES结果分析自己对ES处理逻辑知之甚少,现学恐怕是来不及了 selenium爬界面数据做了哪些工作静默后台形式运行chromeDriver ....
sonarqube我还没有研究透彻,技术太菜了,还无法深入原理去分析源代码,只是从外面知道sonar-scanner扫描会先经过ES,再传结果给sonarqube界面显示。
我的问题是:我要获取
安全热点
中高中低等级的所有问题及数据,统计出结果给上面看。
需求分析
-
数据库中直接查询issues表中数据的severity与实际问题等级不相符 -
ES结果分析自己对ES处理逻辑知之甚少,现学恐怕是来不及了 - selenium爬界面数据
做了哪些工作
- 静默后台形式运行chromeDriver
public static WebDriver get(String url) {
System.setProperty("webdriver.chrome.driver", "drivers/chromedriver.exe");
ChromeOptions options = new ChromeOptions();
options.addArguments("--headless");
options.addArguments("--disable-gpu");
WebDriver driver=new ChromeDriver(options);
/*System.setProperty("phantomjs.binary.path","drivers/phantomjs.exe");
WebDriver driver = new PhantomJSDriver();*/
try {
driver.get(url);
Thread.sleep(3000);
String title = driver.getTitle();
if(title!=null) {
System.out.println("打开页面成功");
}
}catch (InterruptedException e){
e.printStackTrace();
}
return driver;
}
/*检查元素是否存在
@author liujuan
* */
public static void closedriver(WebDriver driver) {
driver.quit();
}
public static Boolean check(WebElement element,By seletor) {
try {
element.findElement(seletor);
return true;
} catch (Exception e) {
// TODO: handle exception
return false;
}
}
- 拿到想要的数据,入库写表,在sonarqube库中新建专门的report表,这里我是建个report表的实体
读取report表,按数量排序组装拼HTML格式的Email-Content因为要读库,我用的JPA,所以springboot的学院派写法,例如dao、service\seriviceImpl都是按规范写的
实体
@Entity
@Data
public class SecurityReport {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Integer id;
private String name;
private String level;
private String bugtype;
private String buginfo;
private Date createtime;
private String pcxx;
private String cname;
private String url;
}
jpa-dao\service\serviceImpl
public interface SecurityReportDao extends JpaRepository<SecurityReport,Integer>{
List<SecurityReport> findAll();
SecurityReport saveAndFlush(SecurityReport securityReport);
}
------------------
public interface SecurityReportService {
List<SecurityReport> findAll();
SecurityReport saveAndFlush(SecurityReport securityReport);
}
------------------
@Service
public class SecurityReportServiceImpl implements SecurityReportService {
@Autowired
SecurityReportDao securityReportDao;
@Override
public List<SecurityReport> findAll() {
return securityReportDao.findAll();
}
@Override
public SecurityReport saveAndFlush(SecurityReport securityReport) {
return securityReportDao.saveAndFlush(securityReport);
}
}
入库
public static List<SecurityReport> getSonarResultByOneToDb1() throws InterruptedException {
List<SecurityReport> reslutlist=new ArrayList<SecurityReport>();
/*获取project-key*/
ApplicationContext context = SpringContextUtil.getApplicationContext();
ProjectsServices services = context.getBean(ProjectsServices.class);// 注意是Service,不是ServiceImpl
//SecurityReportService reportservices =context.getBean(SecurityReportService.class);
List<Projects> keelist=services.findProjects();
WebDriver driver=null;
for (Projects pro:keelist){
driver= get("http://sonar.pc.com.cn/security_hotspots?id="+pro.getKee()+"&sinceLeakPeriod=false");
System.out.println("projectKey=="+pro.getKee());
driver.manage().window().maximize();//最大化窗口
Thread.sleep(3000);
WebElement hugeele = driver.findElement(By.className("huge-spacer-bottom"));
List<WebElement> typenumlist = hugeele.findElement(By.tagName("ul")).findElements(By.className("big-spacer-bottom"));//3个等级li
for (WebElement type : typenumlist) {
WebElement little = type.findElement(By.cssSelector("[class='hotspot-risk-header little-spacer-left']"));
WebElement level = little.findElement(By.tagName("div"));
List<WebElement> hotspotcategorylist = type.findElement(By.tagName("ul")).findElements(By.className("spacer-bottom"));
for (WebElement hotspotcategory : hotspotcategorylist) {
WebElement hotspotcate = hotspotcategory.findElement(By.className("flex-1"));
String number = hotspotcategory.findElement(By.className("counter-badge")).getText();
System.out.println(pro.getName()+","+level.getText()+","+hotspotcate.getText()+","+number);
By ul = new By.ByTagName("ul");
boolean flag = check(hotspotcategory, ul);
if (flag) {//进入页面后,默认第一个打开
List<WebElement> errorinfolist = hotspotcategory.findElements(By.className("little-spacer-left"));
for (WebElement error : errorinfolist) {
/*System.out.println("==="+error);*/
SecurityReport sr=new SecurityReport();
Thread.sleep(3);
sr.setName(pro.getName());
sr.setLevel(level.getText());
sr.setBugtype(hotspotcate.getText());
sr.setBuginfo(error.getText());
sr.setCreatetime(new Date());
sr.setPcxx(pro.getKee());
sr.setUrl("https://sonar.pc.com.cn/security_hotspots?id="+pro.getKee());
/*reslutlist.add(kee+","+level.getText()+","+hotspotcate.getText()+","+error.getText());*/
//reportservices.saveAndFlush(sr);
reslutlist.add(sr);
}
hotspotcategory.click();
} else {
/*System.out.println(hotspotcategory.getText());*/
hotspotcategory.click();
List<WebElement> errorinfolist = hotspotcategory.findElements(By.className("little-spacer-left"));
/*System.out.println(level.getText() + "===" + hotspotcate.getText() + "没有ul,一共有:" + errorinfolist.size() + "个问题!");*/
for (WebElement error : errorinfolist) {
SecurityReport sr=new SecurityReport();
/*System.out.println(error.getText());*/
sr.setName(pro.getName());
sr.setLevel(level.getText());
sr.setBugtype(hotspotcate.getText());
sr.setBuginfo(error.getText());
sr.setCreatetime(new Date());
sr.setPcxx(pro.getKee());
sr.setUrl("https://sonar.pc.com.cn/security_hotspots?id="+pro.getKee());
reslutlist.add(sr);
//reportservices.saveAndFlush(sr); /*reslutlist.add(kee+","+level.getText()+","+hotspotcate.getText()+","+error.getText());*/
}
}
}
}
closedriver(driver);
}
return reslutlist;
}
存入库中的数据
进库以后,就直接用sql查询出想要的分组数据即可,再整理成想要的报告就简单的多。这些字段都是根据需要在实体中定义的。
- 总结
说真的,看别人的代码是痛苦的,所以我列这里,主要是想给大家指个路子,当你领导需要报告的时候,你能有个思路,既然能做质量平台,也不是那种点点点的测试人员嘛,多少你凑凑开发技能实现功能还是应该可以的。
本文地址:https://blog.csdn.net/sincool1003/article/details/109641217