Feat/sast dast correlation

fcli-core/fcli-aviator-common/src/main/java/com/fortify/cli/aviator/dast/DastIssue.java

@@ -0,0 +1,60 @@
+/*
+ * Copyright 2021-2026 Open Text.
+ *
+ * The only warranties for products and services of Open Text
+ * and its affiliates and licensors ("Open Text") are as may
+ * be set forth in the express warranty statements accompanying
+ * such products and services. Nothing herein should be construed
+ * as constituting an additional warranty. Open Text shall not be
+ * liable for technical or editorial errors or omissions contained
+ * herein. The information contained herein is subject to change
+ * without notice.
+ */
+package com.fortify.cli.aviator.dast;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import lombok.Data;
+
+/**
+ * Represents a DAST issue from WebInspect scan results.
+ */
+@Data
+public class DastIssue {
+    private String id;
+    private String checkTypeId;
+    private String engineType;
+    private String vulnerabilityId;
+    private int severity;
+    private String name;
+    private String category;        // From 7PK Category classification
+    private String cweId;           // From CWE classification
+    private String cweDescription;  // Full CWE description text
+    private String sessionUrl;      // URL of the session containing this issue
+    private List<String> reproStepUrls = new ArrayList<>();
+
+    // ReportSections for audit context
+    private String summary;         // Summary from ReportSection
+    private String implication;     // Implication from ReportSection
+    private String execution;       // Execution from ReportSection
+    private String fix;             // Fix recommendation from ReportSection
+    private String referenceInfo;   // Reference Info from ReportSection
+
+    // Additional classifications
+    private Map<String, String> classifications = new HashMap<>();  // kind -> value
+
+    // Audit status
+    private boolean suppressed = false;
+
+    /**
+     * SAST instance IDs that are already correlated to this DAST issue, as read
+     * from {@code <ExternalFindings>/<ExternalFinding>/<OriginFindingID>} in the
+     * webinspect.xml from a previous correlation run.
+     */
+    private Set<String> existingCorrelatedSastIds = new HashSet<>();
+}

fcli-core/fcli-aviator-common/src/main/java/com/fortify/cli/aviator/dast/DastSession.java

@@ -0,0 +1,53 @@
+/*
+ * Copyright 2021-2026 Open Text.
+ *
+ * The only warranties for products and services of Open Text
+ * and its affiliates and licensors ("Open Text") are as may
+ * be set forth in the express warranty statements accompanying
+ * such products and services. Nothing herein should be construed
+ * as constituting an additional warranty. Open Text shall not be
+ * liable for technical or editorial errors or omissions contained
+ * herein. The information contained herein is subject to change
+ * without notice.
+ */
+package com.fortify.cli.aviator.dast;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import lombok.Data;
+
+/**
+ * Represents a DAST session from WebInspect scan results.
+ * A session contains the HTTP request/response context and zero or more issues.
+ */
+@Data
+public class DastSession {
+    private String requestId;
+    private String url;
+    private String scheme;
+    private String host;
+    private int port;
+    private String attackParamDescriptor;
+
+    // Decoded raw HTTP request/response (Base64 decoded)
+    private String rawRequest;
+    private String rawResponse;
+
+    // Issues found in this session
+    private List<DastIssue> issues = new ArrayList<>();
+
+    /**
+     * Check if this session has any issues.
+     */
+    public boolean hasIssues() {
+        return issues != null && !issues.isEmpty();
+    }
+
+    /**
+     * Get the number of issues in this session.
+     */
+    public int getIssueCount() {
+        return issues != null ? issues.size() : 0;
+    }
+}