欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

sonarqube8.4报告系列-安全热点统计

程序员文章站 2022-07-05 21:20:07
sonarqube我还没有研究透彻,技术太菜了,还无法深入原理去分析源代码,只是从外面知道sonar-scanner扫描会先经过ES,再传结果给sonarqube界面显示。我的问题是:我要获取安全热点中高中低等级的所有问题及数据,统计出结果给上面看。需求分析 数据库中直接查询 issues表中数据的severity与实际问题等级不相符 ES结果分析自己对ES处理逻辑知之甚少,现学恐怕是来不及了 selenium爬界面数据做了哪些工作静默后台形式运行chromeDriver ....

sonarqube我还没有研究透彻,技术太菜了,还无法深入原理去分析源代码,只是从外面知道sonar-scanner扫描会先经过ES,再传结果给sonarqube界面显示。

我的问题是:我要获取安全热点中高中低等级的所有问题及数据,统计出结果给上面看。

需求分析

  • 数据库中直接查询 issues表中数据的severity与实际问题等级不相符
  • ES结果分析自己对ES处理逻辑知之甚少,现学恐怕是来不及了
  • selenium爬界面数据

做了哪些工作

  • 静默后台形式运行chromeDriver

    public static WebDriver get(String url)  {
        System.setProperty("webdriver.chrome.driver", "drivers/chromedriver.exe");
        ChromeOptions options = new ChromeOptions();
        options.addArguments("--headless");
        options.addArguments("--disable-gpu");
        WebDriver driver=new ChromeDriver(options);
        /*System.setProperty("phantomjs.binary.path","drivers/phantomjs.exe");
        WebDriver driver = new PhantomJSDriver();*/
        try {
            driver.get(url);
            Thread.sleep(3000);
            String title = driver.getTitle();
            if(title!=null) {
                System.out.println("打开页面成功");
            }
        }catch (InterruptedException e){
            e.printStackTrace();
        }
        return driver;
    }
    /*检查元素是否存在
    @author liujuan
    * */
    public static void closedriver(WebDriver driver) {
        driver.quit();
    }
    public static Boolean check(WebElement element,By seletor) {
        try {
            element.findElement(seletor);
            return true;
        } catch (Exception e) {
            // TODO: handle exception
            return false;
        }
    }
  • 拿到想要的数据,入库写表,在sonarqube库中新建专门的report表,这里我是建个report表的实体
    读取report表,按数量排序组装拼HTML格式的Email-Content
    因为要读库,我用的JPA,所以springboot的学院派写法,例如dao、service\seriviceImpl都是按规范写的

实体

@Entity
@Data
public class SecurityReport {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Integer id;
    private String name;
    private String level;
    private String bugtype;
    private String buginfo;
    private Date createtime;
    private String pcxx;
    private String cname;
    private String url;
}

jpa-dao\service\serviceImpl

public interface SecurityReportDao extends JpaRepository<SecurityReport,Integer>{
    List<SecurityReport> findAll();
    SecurityReport saveAndFlush(SecurityReport securityReport);
}
------------------
public interface SecurityReportService {
    List<SecurityReport> findAll();
    SecurityReport saveAndFlush(SecurityReport securityReport);
}
------------------
@Service
public class SecurityReportServiceImpl implements SecurityReportService {
    @Autowired
    SecurityReportDao securityReportDao;
    @Override
    public List<SecurityReport> findAll() {
        return securityReportDao.findAll();
    }

    @Override
    public SecurityReport saveAndFlush(SecurityReport securityReport) {
        return securityReportDao.saveAndFlush(securityReport);
    }
}

入库


    public static List<SecurityReport> getSonarResultByOneToDb1() throws InterruptedException {
        List<SecurityReport> reslutlist=new ArrayList<SecurityReport>();
        /*获取project-key*/
        ApplicationContext context = SpringContextUtil.getApplicationContext();
        ProjectsServices services = context.getBean(ProjectsServices.class);// 注意是Service,不是ServiceImpl
        //SecurityReportService reportservices =context.getBean(SecurityReportService.class);
        List<Projects> keelist=services.findProjects();
        WebDriver driver=null;
        for (Projects pro:keelist){
            driver= get("http://sonar.pc.com.cn/security_hotspots?id="+pro.getKee()+"&sinceLeakPeriod=false");
            System.out.println("projectKey=="+pro.getKee());
            driver.manage().window().maximize();//最大化窗口
            Thread.sleep(3000);
            WebElement hugeele = driver.findElement(By.className("huge-spacer-bottom"));
            List<WebElement> typenumlist = hugeele.findElement(By.tagName("ul")).findElements(By.className("big-spacer-bottom"));//3个等级li
            for (WebElement type : typenumlist) {
                WebElement little = type.findElement(By.cssSelector("[class='hotspot-risk-header little-spacer-left']"));
                WebElement level = little.findElement(By.tagName("div"));
                List<WebElement> hotspotcategorylist = type.findElement(By.tagName("ul")).findElements(By.className("spacer-bottom"));
                for (WebElement hotspotcategory : hotspotcategorylist) {

                    WebElement hotspotcate = hotspotcategory.findElement(By.className("flex-1"));
                    String number = hotspotcategory.findElement(By.className("counter-badge")).getText();
                    System.out.println(pro.getName()+","+level.getText()+","+hotspotcate.getText()+","+number);
                    By ul = new By.ByTagName("ul");
                    boolean flag = check(hotspotcategory, ul);
                    if (flag) {//进入页面后,默认第一个打开
                        List<WebElement> errorinfolist = hotspotcategory.findElements(By.className("little-spacer-left"));
                        for (WebElement error : errorinfolist) {
                            /*System.out.println("==="+error);*/
                            SecurityReport sr=new SecurityReport();
                            Thread.sleep(3);
                            sr.setName(pro.getName());
                            sr.setLevel(level.getText());
                            sr.setBugtype(hotspotcate.getText());
                            sr.setBuginfo(error.getText());
                            sr.setCreatetime(new Date());
                            sr.setPcxx(pro.getKee());
                            sr.setUrl("https://sonar.pc.com.cn/security_hotspots?id="+pro.getKee());
                            /*reslutlist.add(kee+","+level.getText()+","+hotspotcate.getText()+","+error.getText());*/
                            //reportservices.saveAndFlush(sr);
                            reslutlist.add(sr);
                        }
                        hotspotcategory.click();
                    } else {
                        /*System.out.println(hotspotcategory.getText());*/
                        hotspotcategory.click();
                        List<WebElement> errorinfolist = hotspotcategory.findElements(By.className("little-spacer-left"));
                        /*System.out.println(level.getText() + "===" + hotspotcate.getText() + "没有ul,一共有:" + errorinfolist.size() + "个问题!");*/
                        for (WebElement error : errorinfolist) {
                            SecurityReport sr=new SecurityReport();
                            /*System.out.println(error.getText());*/
                            sr.setName(pro.getName());
                            sr.setLevel(level.getText());
                            sr.setBugtype(hotspotcate.getText());
                            sr.setBuginfo(error.getText());
                            sr.setCreatetime(new Date());
                            sr.setPcxx(pro.getKee());
                            sr.setUrl("https://sonar.pc.com.cn/security_hotspots?id="+pro.getKee());
                            reslutlist.add(sr);
                            //reportservices.saveAndFlush(sr);                           /*reslutlist.add(kee+","+level.getText()+","+hotspotcate.getText()+","+error.getText());*/
                        }
                    }
                }
            }
            closedriver(driver);
        }
        return reslutlist;
    }

存入库中的数据

sonarqube8.4报告系列-安全热点统计
进库以后,就直接用sql查询出想要的分组数据即可,再整理成想要的报告就简单的多。这些字段都是根据需要在实体中定义的。

  • 总结

说真的,看别人的代码是痛苦的,所以我列这里,主要是想给大家指个路子,当你领导需要报告的时候,你能有个思路,既然能做质量平台,也不是那种点点点的测试人员嘛,多少你凑凑开发技能实现功能还是应该可以的。

本文地址:https://blog.csdn.net/sincool1003/article/details/109641217

相关标签: sonarqube