From 2fb746abaead4e45b19b67a7986a48ebb4d50878 Mon Sep 17 00:00:00 2001 From: Jonathan Christison Date: Thu, 6 Jul 2023 15:37:34 +0100 Subject: [PATCH] Add scanchain endpoint Copied the PSSaaS approach, did try inheritance on the `git` class for `scanChainGit` but caused problems with deserialization not matching `Component` so hack was to duplicate it, will need to sort out the structures at some point see #11 --- .../com/redhat/pctsec/model/ScanRequests.java | 5 ++- .../pctsec/model/api/request/scanChain.java | 31 +++++++++++++++++ .../model/api/request/scanChainGit.java | 34 +++++++++++++++++++ .../pctsec/rest/v1alpha1/ScanResource.java | 28 +++++++++++++++ 4 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 src/main/java/com/redhat/pctsec/model/api/request/scanChainGit.java diff --git a/src/main/java/com/redhat/pctsec/model/ScanRequests.java b/src/main/java/com/redhat/pctsec/model/ScanRequests.java index cf7095a..cc510e2 100644 --- a/src/main/java/com/redhat/pctsec/model/ScanRequests.java +++ b/src/main/java/com/redhat/pctsec/model/ScanRequests.java @@ -44,8 +44,11 @@ public class ScanRequests { pssaas.componentList.stream().filter(c -> c.getType().equals("pnc")).forEach(g -> this.addPNCBuild(g.getBuildId())); } - public ScanRequests(scanChain scanchain){ + + public ScanRequests(scanChain scanChain){ + this(); + scanChain.urls.stream().forEach(g -> this.addGit(g.getRepo().toString(), g.getRef())); } //public ScanRequests(String repo, String rev){ diff --git a/src/main/java/com/redhat/pctsec/model/api/request/scanChain.java b/src/main/java/com/redhat/pctsec/model/api/request/scanChain.java index 1040148..118467d 100644 --- a/src/main/java/com/redhat/pctsec/model/api/request/scanChain.java +++ b/src/main/java/com/redhat/pctsec/model/api/request/scanChain.java @@ -1,4 +1,35 @@ package com.redhat.pctsec.model.api.request; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonPropertyDescription; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import jakarta.validation.Valid; +import jakarta.validation.constraints.NotNull; +import jakarta.validation.constraints.Size; + +import java.util.List; +import java.util.Set; + + public class scanChain { + + @JsonProperty("product_name") + @JsonPropertyDescription("The product name associated with the scan.") + @NotNull + public String productName; + + @JsonProperty("urls") + @JsonDeserialize(as = java.util.LinkedHashSet.class) + @JsonPropertyDescription("List of source urls to be scanned") + @Size(min = 1) + @Valid + @NotNull + public Set urls; + + @JsonProperty("requestor") + @JsonPropertyDescription("The requesting user") + @NotNull + public String requestor; } + diff --git a/src/main/java/com/redhat/pctsec/model/api/request/scanChainGit.java b/src/main/java/com/redhat/pctsec/model/api/request/scanChainGit.java new file mode 100644 index 0000000..22c9821 --- /dev/null +++ b/src/main/java/com/redhat/pctsec/model/api/request/scanChainGit.java @@ -0,0 +1,34 @@ +package com.redhat.pctsec.model.api.request; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonProperty; +import jakarta.validation.constraints.NotNull; + +import java.net.URI; + + +public class scanChainGit { + + + private URI repo; + private String ref; + public scanChainGit(@NotNull URI repo, @NotNull String ref) { + this.repo = repo; + this.ref = ref; + } + + + @NotNull + @JsonProperty("url") + public URI getRepo() { + return this.repo; + } + + @NotNull + @JsonProperty("branch") + public String getRef() { + + return this.ref; + } + +} diff --git a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java index 80ade42..610c328 100644 --- a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java +++ b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java @@ -2,6 +2,7 @@ package com.redhat.pctsec.rest.v1alpha1; import com.redhat.pctsec.model.*; import com.redhat.pctsec.model.api.request.pssaas; +import com.redhat.pctsec.model.api.request.scanChain; import com.redhat.pctsec.model.jpa.ScanRepository; import io.quarkus.security.Authenticated; import io.vertx.mutiny.core.eventbus.EventBus; @@ -12,6 +13,7 @@ import jakarta.validation.Valid; import jakarta.ws.rs.*; import org.jboss.resteasy.reactive.RestQuery; + import java.util.HashMap; import java.util.List; import java.util.Set; @@ -37,6 +39,7 @@ public class ScanResource { ScanRequests scanRequests = new ScanRequests(scanRequest); Scan s = new Scan(); s.setRequestor("cpaas"); + s.setProductName(scanRequest.productId); s.setScanRequests(scanRequests); sr.persist(s); return s; @@ -52,6 +55,31 @@ public class ScanResource { return s.scanRequests.execute(bus); } + @POST + @Path("ScanChain") + @Consumes({ "application/json" }) + @Transactional + @Authenticated + public Scan createScanChain(@Valid scanChain scanRequest) + { + ScanRequests scanRequests = new ScanRequests(scanRequest); + Scan s = new Scan(); + s.setRequestor(scanRequest.requestor); + s.setProductName(scanRequest.productName); + s.setScanRequests(scanRequests); + sr.persist(s); + return s; + } + @POST + @Path("ScanChain/run") + @Consumes({ "application/json" }) + @Transactional + @Authenticated + public List createRunScanChain(@Valid scanChain scanRequest) + { + Scan s = this.createScanChain(scanRequest); + return s.scanRequests.execute(bus); + } @GET @Path("All") @Produces({"application/json"})