获取sonar扫描结果
Posted paisen
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了获取sonar扫描结果相关的知识,希望对你有一定的参考价值。
api通过抓包获取
java
1.get和post方法
package com.tools.httpUtil; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.UnsupportedEncodingException; import java.util.HashMap; import java.util.Iterator; import java.util.Map; import java.util.Map.Entry; import java.util.Set; import org.apache.commons.httpclient.*; import org.apache.commons.httpclient.cookie.CookiePolicy; import org.apache.commons.httpclient.methods.GetMethod; import org.apache.commons.httpclient.methods.PostMethod; import org.apache.commons.httpclient.params.HttpMethodParams; public class HttpRequest { public static String doGet(String url,String cookie) { // 输入流 InputStream is = null; BufferedReader br = null; String result = null; // 创建httpClient实例 HttpClient httpClient = new HttpClient(); // 设置http连接主机服务超时时间:15000毫秒 // 先获取连接管理器对象,再获取参数对象,再进行参数的赋值 httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(15000); // 创建一个Get方法实例对象 GetMethod getMethod = new GetMethod(url); getMethod.setRequestHeader("cookie",cookie); // 设置get请求超时为60000毫秒 getMethod.getParams().setParameter(HttpMethodParams.SO_TIMEOUT, 60000); // 设置请求重试机制,默认重试次数:3次,参数设置为true,重试机制可用,false相反 getMethod.getParams().setParameter(HttpMethodParams.RETRY_HANDLER, new DefaultHttpMethodRetryHandler(3, true)); try { // 执行Get方法 int statusCode = httpClient.executeMethod(getMethod); // 判断返回码 if (statusCode != HttpStatus.SC_OK) { // 如果状态码返回的不是ok,说明失败了,打印错误信息 System.err.println("Method faild: " + getMethod.getStatusLine()); } else { // 通过getMethod实例,获取远程的一个输入流 is = getMethod.getResponseBodyAsStream(); // 包装输入流 br = new BufferedReader(new InputStreamReader(is, "UTF-8")); StringBuffer sbf = new StringBuffer(); // 读取封装的输入流 String temp = null; while ((temp = br.readLine()) != null) { sbf.append(temp).append(" "); } result = sbf.toString(); } } catch (IOException e) { e.printStackTrace(); } finally { // 关闭资源 if (null != br) { try { br.close(); } catch (IOException e) { e.printStackTrace(); } } if (null != is) { try { is.close(); } catch (IOException e) { e.printStackTrace(); } } // 释放连接 getMethod.releaseConnection(); } return result; } public static StringBuffer doPost(String url, Map<String, Object> paramMap) { // 获取输入流 StringBuffer tmpcookies = new StringBuffer(); InputStream is = null; BufferedReader br = null; String result = null; // 创建httpClient实例对象 HttpClient httpClient = new HttpClient(); // 设置 HttpClient 接收 Cookie,用与浏览器一样的策略 httpClient.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY); // 设置httpClient连接主机服务器超时时间:15000毫秒 httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(15000); // 创建post请求方法实例对象 PostMethod postMethod = new PostMethod(url); // 设置post请求超时时间 // postMethod.getParams().setParameter(HttpMethodParams.SO_TIMEOUT, 60000); NameValuePair[] nvp = null; // 判断参数map集合paramMap是否为空 if (null != paramMap && paramMap.size() > 0) {// 不为空 // 创建键值参数对象数组,大小为参数的个数 nvp = new NameValuePair[paramMap.size()]; // 循环遍历参数集合map Set<Entry<String, Object>> entrySet = paramMap.entrySet(); // 获取迭代器 Iterator<Entry<String, Object>> iterator = entrySet.iterator(); int index = 0; while (iterator.hasNext()) { Entry<String, Object> mapEntry = iterator.next(); // 从mapEntry中获取key和value创建键值对象存放到数组中 try { nvp[index] = new NameValuePair(mapEntry.getKey(), new String(mapEntry.getValue().toString().getBytes("UTF-8"), "UTF-8")); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } index++; } } // 判断nvp数组是否为空 if (null != nvp && nvp.length > 0) { // 将参数存放到requestBody对象中 postMethod.setRequestBody(nvp); } // 执行POST方法 try { int statusCode = httpClient.executeMethod(postMethod); // 判断是否成功 if (statusCode != HttpStatus.SC_OK) { System.err.println("Method faild: " + postMethod.getStatusLine()); } Cookie[] cookies = httpClient.getState().getCookies(); for (Cookie c : cookies) { tmpcookies.append(c.toString() + ";"); System.out.println("cookies = "+c.toString()); } } catch (IOException e) { e.printStackTrace(); } finally { // 关闭资源 if (null != br) { try { br.close(); } catch (IOException e) { e.printStackTrace(); } } if (null != is) { try { is.close(); } catch (IOException e) { e.printStackTrace(); } } // 释放连接 postMethod.releaseConnection(); } return tmpcookies; } }
2.获取issues
package com.tools.httpUtil; import java.util.HashMap; import java.util.Map; public class SonarHttp { public String getIssues(String key,String type){ Map<String,Object> user=new HashMap<String, Object>(); user.put("login","**"); user.put("password","**$"); HttpRequest request=new HttpRequest(); StringBuffer cookie=request.doPost("http://sonar.*.com/api/authentication/login",user); String url="http://sonar.*.com/api/issues/search?componentKeys=%s&s=FILE_LINE&resolved=false&types=%s&ps=100&facets=severities,types&additionalFields=_all"; String str=request.doGet(url.format(key, type),cookie.toString()); return (str); } }
二、python
1、
#coding:utf-8 import cookielib import json import logging import urllib import urllib2 import time from security_platform.config import ldap_user, ldap_passwd, get_issues_url def login(): try: login_url="http://sonar.*.com/api/authentication/login" values={"login":ldap_user,"password":ldap_passwd} data = urllib.urlencode(values) user_agent = ‘Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0‘ headers = {‘User-Agent‘: user_agent, ‘Content-type‘: "application/x-www-form-urlencoded","Accept":"application/json", "Accept-Encoding":"gzip, deflate","Connection":"keep-alive","Content-Length":"33"} req = urllib2.Request(login_url, data=data, headers=headers) return req except Exception as e: logging.error(e) def do_get(url): logging.info("调用sonar接口开始》》》") start=time.time() cookieJar = cookielib.CookieJar() opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookieJar)) req=login() opener.open(req) result = opener.open(url) res = result.read() end=time.time() logging.info("调用sonar接口api/issues/search结束,用时:"+str(end-start)) return res
以上是关于获取sonar扫描结果的主要内容,如果未能解决你的问题,请参考以下文章
devops===》Jenkins(pipeline)+gitlab+sonar代码扫描漏洞扫描