Merge pull request #39 from IDEAS-AI-Vulns/feature/KAN-30-uzupełnienie-constraint-z-wykorzystaniem-LLM-Gemini

Feature/kan 30 uzupełnienie constraint z wykorzystaniem llm gemini

Author: siewer

backend/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.3.2-SNAPSHOT</version>
+        <version>3.3.2</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
     <groupId>io.mixeway</groupId>
@@ -60,6 +60,8 @@
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
             <optional>true</optional>
+            <version>1.18.38</version>
+            <scope>provided</scope>
         </dependency>
         <!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt-api -->
         <dependency>
@@ -162,6 +164,11 @@
             <artifactId>zap-clientapi</artifactId>
             <version>1.16.0</version>
         </dependency>
+        <dependency>
+            <groupId>com.google.genai</groupId>
+            <artifactId>google-genai</artifactId>
+            <version>1.0.0</version>
+        </dependency>
     </dependencies>
 
     <build>
@@ -178,6 +185,19 @@
                     </excludes>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <annotationProcessorPaths>
+                        <path>
+                            <groupId>org.projectlombok</groupId>
+                            <artifactId>lombok</artifactId>
+                            <version>1.18.38</version>
+                        </path>
+                    </annotationProcessorPaths>
+                </configuration>
+            </plugin>
         </plugins>
     </build>
     <repositories>

backend/src/main/java/io/mixeway/mixewayflowapi/MixewayFlowApiApplication.java

@@ -3,10 +3,12 @@
 import lombok.extern.log4j.Log4j2;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.scheduling.annotation.EnableAsync;
 import org.springframework.scheduling.annotation.EnableScheduling;
 
 @SpringBootApplication
 @EnableScheduling
+@EnableAsync
 @Log4j2
 public class MixewayFlowApiApplication {
 

backend/src/main/java/io/mixeway/mixewayflowapi/api/admin/controller/AdminController.java

@@ -1,9 +1,6 @@
 package io.mixeway.mixewayflowapi.api.admin.controller;
 
-import io.mixeway.mixewayflowapi.api.admin.dto.AdditionalScannerConfigDto;
-import io.mixeway.mixewayflowapi.api.admin.dto.ConfigScaRequestDto;
-import io.mixeway.mixewayflowapi.api.admin.dto.ConfigSmtpRequestDto;
-import io.mixeway.mixewayflowapi.api.admin.dto.ConfigWizRequestDto;
+import io.mixeway.mixewayflowapi.api.admin.dto.*;
 import io.mixeway.mixewayflowapi.api.admin.service.AdminApiService;
 import io.mixeway.mixewayflowapi.db.entity.Settings;
 import io.mixeway.mixewayflowapi.utils.StatusDTO;
@@ -73,6 +70,17 @@ public ResponseEntity<StatusDTO> changeWizConfig(@Valid @RequestBody ConfigWizRe
             return new ResponseEntity<>(new StatusDTO("Not ok"), HttpStatus.BAD_REQUEST);
         }
     }
+    @PreAuthorize("hasAuthority('ADMIN')")
+    @PostMapping(value = "/api/v1/admin/settings/other")
+    public ResponseEntity<StatusDTO> changeOtherConfig(@Valid @RequestBody OtherConfigRequestDto otherConfigRequestDto) {
+        try {
+            adminApiService.otherConfig(otherConfigRequestDto);
+            return new ResponseEntity<>(new StatusDTO("ok"), HttpStatus.OK);
+        } catch (Exception e) {
+            log.error("[AdminSettings] Error changing config {}", e.getLocalizedMessage());
+            return new ResponseEntity<>(new StatusDTO("Not ok"), HttpStatus.BAD_REQUEST);
+        }
+    }
 
     @PreAuthorize("hasAuthority('TEAM_MANAGER')")
     @GetMapping(value = "/api/v1/admin/settings/additionalscannerconfig")

backend/src/main/java/io/mixeway/mixewayflowapi/api/admin/dto/OtherConfigRequestDto.java

@@ -0,0 +1,14 @@
+package io.mixeway.mixewayflowapi.api.admin.dto;
+
+import jakarta.validation.constraints.NotNull;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+@Getter
+@Setter
+@NoArgsConstructor
+public class OtherConfigRequestDto {
+    @NotNull
+    private String geminiApiKey;
+}

backend/src/main/java/io/mixeway/mixewayflowapi/api/admin/service/AdminApiService.java

@@ -1,13 +1,11 @@
 package io.mixeway.mixewayflowapi.api.admin.service;
 
-import io.mixeway.mixewayflowapi.api.admin.dto.AdditionalScannerConfigDto;
-import io.mixeway.mixewayflowapi.api.admin.dto.ConfigScaRequestDto;
-import io.mixeway.mixewayflowapi.api.admin.dto.ConfigSmtpRequestDto;
-import io.mixeway.mixewayflowapi.api.admin.dto.ConfigWizRequestDto;
+import io.mixeway.mixewayflowapi.api.admin.dto.*;
 import io.mixeway.mixewayflowapi.db.entity.Settings;
 import io.mixeway.mixewayflowapi.domain.settings.FindSettingsService;
 import io.mixeway.mixewayflowapi.domain.settings.UpdateSettingsService;
 import io.mixeway.mixewayflowapi.exceptions.SettingsException;
+import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 
@@ -42,4 +40,7 @@ public boolean isWizEnabled() {
         return settings.isEnableWiz();
     }
 
+    public void otherConfig(OtherConfigRequestDto otherConfigRequestDto) throws SettingsException {
+        updateSettingsService.changeSettingsOther(otherConfigRequestDto);
+    }
 }

backend/src/main/java/io/mixeway/mixewayflowapi/api/constraint/controller/ConstraintController.java

@@ -0,0 +1,34 @@
+package io.mixeway.mixewayflowapi.api.constraint.controller;
+
+import io.mixeway.mixewayflowapi.api.constraint.dto.ConstraintDto;
+import io.mixeway.mixewayflowapi.api.constraint.service.ConstraintService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.log4j.Log4j2;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
+
+import java.util.List;
+
+@RestController
+@Validated
+@RequiredArgsConstructor
+@Log4j2
+public class ConstraintController {
+
+    private final ConstraintService constraintService;
+
+    @PreAuthorize("hasAuthority('ADMIN')")
+    @GetMapping(value = "/api/v1/constraints")
+    public ResponseEntity<List<ConstraintDto>> getConstraints() {
+        try {
+            return new ResponseEntity<List<ConstraintDto>>(constraintService.getAllConstraints(), HttpStatus.OK);
+        } catch (Exception e) {
+            log.error("Failed to retrieve constraints", e);
+            return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
+        }
+    }
+}

backend/src/main/java/io/mixeway/mixewayflowapi/api/constraint/dto/ConstraintDto.java

@@ -0,0 +1,12 @@
+package io.mixeway.mixewayflowapi.api.constraint.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+@Data
+@AllArgsConstructor
+public class ConstraintDto {
+    Long id;
+    String text;
+    Long vulnerabilityId;
+}

backend/src/main/java/io/mixeway/mixewayflowapi/api/constraint/service/ConstraintService.java

@@ -0,0 +1,42 @@
+package io.mixeway.mixewayflowapi.api.constraint.service;
+
+import io.mixeway.mixewayflowapi.api.constraint.dto.ConstraintDto;
+import io.mixeway.mixewayflowapi.db.entity.Constraint;
+import io.mixeway.mixewayflowapi.db.entity.Vulnerability;
+import io.mixeway.mixewayflowapi.db.repository.ConstraintRepository;
+import io.mixeway.mixewayflowapi.db.repository.VulnerabilityRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+
+@Service
+@RequiredArgsConstructor
+public class ConstraintService {
+
+    private final ConstraintRepository constraintRepository;
+    private final VulnerabilityRepository vulnerabilityRepository;
+
+
+    public List<ConstraintDto> getAllConstraints() {
+        return constraintRepository.findAll()
+                .stream()
+                .map(c -> new ConstraintDto(c.getId(), c.getText(), c.getVulnerability().getId()))
+                .toList();
+    }
+
+    public ConstraintDto createConstraint(Long vulnerabilityId, String text) {
+        Vulnerability vulnerability = vulnerabilityRepository.findById(vulnerabilityId)
+                .orElseThrow(() -> new IllegalArgumentException("Vulnerability not found with id: " + vulnerabilityId));
+        Constraint constraint = new Constraint(text);
+        constraint.setVulnerability(vulnerability);
+
+        Constraint saved = constraintRepository.save(constraint);
+        return new ConstraintDto(saved.getId(), saved.getText(), saved.getVulnerability().getId());
+    }
+
+    public void deleteConstraint(Long id) {
+        constraintRepository.deleteById(id);
+    }
+
+}

backend/src/main/java/io/mixeway/mixewayflowapi/api/vulnerabilities/controller/VulnerabilityController.java

@@ -1,10 +1,11 @@
 package io.mixeway.mixewayflowapi.api.vulnerabilities.controller;
 
-import io.mixeway.mixewayflowapi.api.components.dto.GetComponentsResponseDto;
 import io.mixeway.mixewayflowapi.api.vulnerabilities.dto.EditVulnerabilityRequestDto;
 import io.mixeway.mixewayflowapi.api.vulnerabilities.dto.GetVulnerabilitiesResponseDto;
 import io.mixeway.mixewayflowapi.api.vulnerabilities.dto.VulnerabilityDto;
 import io.mixeway.mixewayflowapi.api.vulnerabilities.service.VulnerabilityService;
+import io.mixeway.mixewayflowapi.db.entity.Vulnerability;
+import io.mixeway.mixewayflowapi.domain.vulnerability.UpdateVulnerabilityService;
 import io.mixeway.mixewayflowapi.utils.StatusDTO;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.log4j.Log4j2;
@@ -17,7 +18,6 @@
 import java.security.Principal;
 import java.util.List;
 
-
 /**
  * REST controller responsible for handling API requests related to vulnerabilities.
  */
@@ -27,6 +27,7 @@
 @Log4j2
 public class VulnerabilityController {
     private final VulnerabilityService vulnerabilityService;
+    private final UpdateVulnerabilityService updateVulnerabilityService;
 
     /**
      * Retrieves a list of vulnerabilities along with the repositories affected by each vulnerability.
@@ -83,5 +84,4 @@ public ResponseEntity<StatusDTO> editVuln(@RequestBody EditVulnerabilityRequestD
             return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
         }
     }
-
 }

backend/src/main/java/io/mixeway/mixewayflowapi/api/vulnerabilities/service/VulnerabilityService.java

@@ -11,6 +11,7 @@
 import io.mixeway.mixewayflowapi.domain.vulnerability.FindVulnerabilityService;
 import io.mixeway.mixewayflowapi.domain.vulnerability.UpdateVulnerabilityService;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.log4j.Log4j2;
 import org.springframework.stereotype.Service;
 
 import java.security.Principal;
@@ -19,13 +20,13 @@
 
 @Service
 @RequiredArgsConstructor
+@Log4j2
 public class VulnerabilityService {
     private final FindVulnerabilityService findVulnerabilityService;
     private final FindFindingService findFindingService;
     private final FindCodeRepoService findCodeRepoService;
     private final UpdateVulnerabilityService updateVulnerabilityService;
 
-
     /**
      * Retrieves all vulnerabilities along with the repositories where they were detected.
      * The repositories included in the response are filtered based on the user's access rights.