diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/_common/output/mixin/FoDOutputHelperMixins.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/_common/output/mixin/FoDOutputHelperMixins.java index 2e34c02528..0cbd043c31 100644 --- a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/_common/output/mixin/FoDOutputHelperMixins.java +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/_common/output/mixin/FoDOutputHelperMixins.java @@ -84,4 +84,11 @@ public static class DownloadResults extends OutputHelperMixins.TableNoQuery { public static class AssessmentType extends OutputHelperMixins.TableWithQuery { public static final String CMD_NAME = "assessment-type"; } + + public static class StartLegacy extends OutputHelperMixins.TableNoQuery { + public static final String CMD_NAME = "start-legacy"; + } + public static class GetConfigLegacy extends OutputHelperMixins.DetailsNoQuery { + public static final String CMD_NAME = "get-config-legacy"; + } } diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/_common/rest/FoDUrls.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/_common/rest/FoDUrls.java index bc3086cc67..39c33ef1da 100644 --- a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/_common/rest/FoDUrls.java +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/_common/rest/FoDUrls.java @@ -51,5 +51,7 @@ public class FoDUrls { public static final String MOBILE_SCANS_SETUP = MOBILE_SCANS + "/scan-setup"; public static final String MOBILE_SCANS_START = MOBILE_SCANS + "/start-scan"; public static final String ENTITLEMENTS = ApiBase + "/tenant-entitlements"; + public static final String OSS_SCANS = ApiBase + "/releases/{relId}/open-source-scans"; + public static final String OSS_SCANS_START = OSS_SCANS + "/start-scan"; } diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/app/cli/cmd/FoDAppCreateCommand.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/app/cli/cmd/FoDAppCreateCommand.java index 1ef4ace55c..b7052c6115 100644 --- a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/app/cli/cmd/FoDAppCreateCommand.java +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/app/cli/cmd/FoDAppCreateCommand.java @@ -53,7 +53,8 @@ public class FoDAppCreateCommand extends AbstractFoDJsonNodeOutputCommand implem @Spec CommandSpec spec; @EnvSuffix("NAME") @Parameters(index = "0", arity = "1", descriptionKey = "fcli.fod.app.app-name") - private String applicationName; + protected String applicationName; + @Option(names = {"--description", "-d"}) protected String description; @DisableTest(MULTI_OPT_PLURAL_NAME) @@ -85,7 +86,7 @@ public JsonNode getJsonNode(UnirestInstance unirest) { validateMicroserviceName(microserviceName); var ownerId = FoDUserHelper.getUserDescriptor(unirest, owner, true).getUserId(); - List microservices = StringUtils.isBlank(microserviceName) + List microservices = StringUtils.isBlank(microserviceName) ? Collections.emptyList() : new ArrayList<>(Arrays.asList(microserviceName)); FoDAppCreateRequest appCreateRequest = FoDAppCreateRequest.builder() .applicationName(applicationName) diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/dast_scan/cli/cmd/FoDDastScanCommands.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/dast_scan/cli/cmd/FoDDastScanCommands.java index 53e6a65a93..105475b9af 100644 --- a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/dast_scan/cli/cmd/FoDDastScanCommands.java +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/dast_scan/cli/cmd/FoDDastScanCommands.java @@ -21,9 +21,9 @@ subcommands = { FoDDastScanListCommand.class, FoDDastScanGetCommand.class, - FoDDastScanGetConfigCommand.class, + FoDDastScanGetConfigLegacyCommand.class, //FoDDastScanSetupCommand.class, - FoDDastScanStartCommand.class, + FoDDastScanStartLegacyCommand.class, FoDDastScanCancelCommand.class, FoDDastScanWaitForCommand.class, FoDDastScanImportCommand.class, diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/dast_scan/cli/cmd/FoDDastScanGetConfigCommand.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/dast_scan/cli/cmd/FoDDastScanGetConfigLegacyCommand.java similarity index 88% rename from fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/dast_scan/cli/cmd/FoDDastScanGetConfigCommand.java rename to fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/dast_scan/cli/cmd/FoDDastScanGetConfigLegacyCommand.java index ef2a3c9898..289255da97 100644 --- a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/dast_scan/cli/cmd/FoDDastScanGetConfigCommand.java +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/dast_scan/cli/cmd/FoDDastScanGetConfigLegacyCommand.java @@ -22,8 +22,8 @@ import picocli.CommandLine.Command; import picocli.CommandLine.Mixin; -@Command(name = FoDOutputHelperMixins.GetConfig.CMD_NAME, hidden = true) -public class FoDDastScanGetConfigCommand extends AbstractFoDScanConfigGetCommand { +@Command(name = FoDOutputHelperMixins.GetConfigLegacy.CMD_NAME, hidden = true) +public class FoDDastScanGetConfigLegacyCommand extends AbstractFoDScanConfigGetCommand { @Getter @Mixin private FoDOutputHelperMixins.GetConfig outputHelper; @Override diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/dast_scan/cli/cmd/FoDDastScanStartCommand.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/dast_scan/cli/cmd/FoDDastScanStartLegacyCommand.java similarity index 97% rename from fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/dast_scan/cli/cmd/FoDDastScanStartCommand.java rename to fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/dast_scan/cli/cmd/FoDDastScanStartLegacyCommand.java index b2ed667c28..8ed61aadd5 100644 --- a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/dast_scan/cli/cmd/FoDDastScanStartCommand.java +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/dast_scan/cli/cmd/FoDDastScanStartLegacyCommand.java @@ -49,8 +49,8 @@ import picocli.CommandLine.Mixin; import picocli.CommandLine.Option; -@Command(name = OutputHelperMixins.Start.CMD_NAME, hidden = true) -public class FoDDastScanStartCommand extends AbstractFoDJsonNodeOutputCommand implements IRecordTransformer, IActionCommandResultSupplier { +@Command(name = FoDOutputHelperMixins.StartLegacy.CMD_NAME, hidden = true) +public class FoDDastScanStartLegacyCommand extends AbstractFoDJsonNodeOutputCommand implements IRecordTransformer, IActionCommandResultSupplier { DateTimeFormatter dtf = DateTimeFormatter.ofPattern("MM/dd/yyyy HH:mm"); @Getter @Mixin private OutputHelperMixins.Start outputHelper; diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/microservice/cli/cmd/FoDMicroserviceCreateCommand.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/microservice/cli/cmd/FoDMicroserviceCreateCommand.java index c28239bcc2..d8bbead91c 100644 --- a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/microservice/cli/cmd/FoDMicroserviceCreateCommand.java +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/microservice/cli/cmd/FoDMicroserviceCreateCommand.java @@ -34,7 +34,7 @@ @Command(name = OutputHelperMixins.Create.CMD_NAME) public class FoDMicroserviceCreateCommand extends AbstractFoDJsonNodeOutputCommand implements IActionCommandResultSupplier { @Getter @Mixin private OutputHelperMixins.Create outputHelper; - + @Mixin private FoDDelimiterMixin delimiterMixin; // Is automatically injected in resolver mixins @Mixin private FoDMicroserviceByQualifiedNameResolverMixin.PositionalParameter qualifiedMicroserviceNameResolver; diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/oss_scan/cli/cmd/FoDOssScanCommands.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/oss_scan/cli/cmd/FoDOssScanCommands.java index 32df527b22..cd4fd1f8f3 100644 --- a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/oss_scan/cli/cmd/FoDOssScanCommands.java +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/oss_scan/cli/cmd/FoDOssScanCommands.java @@ -23,7 +23,7 @@ FoDOssScanGetCommand.class, //FoDOssScanGetConfigCommand.class, //FoDOssScanSetupCommand.class, - //FoDOssScanStartCommand.class, + FoDOssScanStartCommand.class, //FoDOssScanCancelCommand.class, //FoDOssScanWaitForCommand.class FoDOssScanImportCommand.class, diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/oss_scan/cli/cmd/FoDOssScanStartCommand.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/oss_scan/cli/cmd/FoDOssScanStartCommand.java new file mode 100644 index 0000000000..69b73cd174 --- /dev/null +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/oss_scan/cli/cmd/FoDOssScanStartCommand.java @@ -0,0 +1,77 @@ +/******************************************************************************* + * Copyright 2021, 2023 Open Text. + * + * The only warranties for products and services of Open Text + * and its affiliates and licensors ("Open Text") are as may + * be set forth in the express warranty statements accompanying + * such products and services. Nothing herein should be construed + * as constituting an additional warranty. Open Text shall not be + * liable for technical or editorial errors or omissions contained + * herein. The information contained herein is subject to change + * without notice. + *******************************************************************************/ + +package com.fortify.cli.fod.oss_scan.cli.cmd; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fortify.cli.common.output.cli.mixin.OutputHelperMixins; +import com.fortify.cli.common.output.transform.IActionCommandResultSupplier; +import com.fortify.cli.common.output.transform.IRecordTransformer; +import com.fortify.cli.common.util.FcliBuildPropertiesHelper; +import com.fortify.cli.common.util.StringUtils; +import com.fortify.cli.fod._common.cli.mixin.FoDDelimiterMixin; +import com.fortify.cli.fod._common.output.cli.AbstractFoDJsonNodeOutputCommand; +import com.fortify.cli.fod._common.util.FoDEnums; +import com.fortify.cli.fod.release.cli.mixin.FoDReleaseByQualifiedNameOrIdResolverMixin; +import com.fortify.cli.fod.sast_scan.helper.FoDScanConfigSastDescriptor; +import com.fortify.cli.fod.scan.cli.mixin.FoDRemediationScanPreferenceTypeMixins; +import com.fortify.cli.fod.scan.helper.FoDScanHelper; +import com.fortify.cli.fod.scan.helper.oss.FoDScanOssHelper; +import com.fortify.cli.fod.scan.helper.oss.FoDScanOssStartRequest; +import com.fortify.cli.fod.scan.helper.sast.FoDScanSastHelper; +import com.fortify.cli.fod.scan.helper.sast.FoDScanSastStartRequest; +import kong.unirest.UnirestInstance; +import lombok.Getter; +import picocli.CommandLine.Command; +import picocli.CommandLine.Mixin; +import picocli.CommandLine.Option; + +import java.io.File; +import java.util.Properties; + +@Command(name = OutputHelperMixins.Start.CMD_NAME, hidden = false) +public class FoDOssScanStartCommand extends AbstractFoDJsonNodeOutputCommand implements IRecordTransformer, IActionCommandResultSupplier { + @Getter @Mixin private OutputHelperMixins.Start outputHelper; + + @Mixin private FoDDelimiterMixin delimiterMixin; // Is automatically injected in resolver mixins + @Mixin private FoDReleaseByQualifiedNameOrIdResolverMixin.RequiredOption releaseResolver; + + @Option(names = {"-f", "--file"}, required = true) + private File scanFile; + + @Override + public JsonNode getJsonNode(UnirestInstance unirest) { + var releaseDescriptor = releaseResolver.getReleaseDescriptor(unirest); + String relId = releaseDescriptor.getReleaseId(); + + FoDScanOssStartRequest startScanRequest = FoDScanOssStartRequest.builder().build(); + + return FoDScanOssHelper.startScanWithDefaults(unirest, releaseDescriptor, startScanRequest, scanFile).asJsonNode(); + } + + @Override + public JsonNode transformRecord(JsonNode record) { + return FoDScanHelper.renameFields(record); + } + + @Override + public String getActionCommandResult() { + return "STARTED"; + } + + @Override + public boolean isSingular() { + return true; + } + +} diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/oss_scan/helper/FoDScanConfigOssDescriptor.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/oss_scan/helper/FoDScanConfigOssDescriptor.java new file mode 100644 index 0000000000..a858320996 --- /dev/null +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/oss_scan/helper/FoDScanConfigOssDescriptor.java @@ -0,0 +1,26 @@ +/******************************************************************************* + * Copyright 2021, 2023 Open Text. + * + * The only warranties for products and services of Open Text + * and its affiliates and licensors ("Open Text") are as may + * be set forth in the express warranty statements accompanying + * such products and services. Nothing herein should be construed + * as constituting an additional warranty. Open Text shall not be + * liable for technical or editorial errors or omissions contained + * herein. The information contained herein is subject to change + * without notice. + *******************************************************************************/ + +package com.fortify.cli.fod.oss_scan.helper; + +import com.formkiq.graalvm.annotations.Reflectable; +import com.fortify.cli.common.json.JsonNodeHolder; +import lombok.Data; +import lombok.EqualsAndHashCode; +import lombok.NoArgsConstructor; + +@Reflectable @NoArgsConstructor +@Data @EqualsAndHashCode(callSuper=false) +public class FoDScanConfigOssDescriptor extends JsonNodeHolder { + private Integer releaseId; +} diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/release/cli/cmd/FoDReleaseCreateCommand.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/release/cli/cmd/FoDReleaseCreateCommand.java index d4ccbfe7bf..07d434f45f 100644 --- a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/release/cli/cmd/FoDReleaseCreateCommand.java +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/release/cli/cmd/FoDReleaseCreateCommand.java @@ -52,8 +52,8 @@ public class FoDReleaseCreateCommand extends AbstractFoDJsonNodeOutputCommand im public JsonNode getJsonNode(UnirestInstance unirest) { if (skipIfExists) { var descriptor = releaseNameResolver.getReleaseDescriptor(unirest, false); - if (descriptor != null) { - return descriptor.asObjectNode().put(IActionCommandResultSupplier.actionFieldName, "SKIPPED_EXISTING"); + if (descriptor != null) { + return descriptor.asObjectNode().put(IActionCommandResultSupplier.actionFieldName, "SKIPPED_EXISTING"); } } // Ensure app exists @@ -64,7 +64,7 @@ public JsonNode getJsonNode(UnirestInstance unirest) { if ( appDescriptor.isHasMicroservices() && microserviceDescriptor==null ) { throw new IllegalArgumentException("Microservice name must be specified for microservices application"); } - + String simpleReleaseName = releaseNameResolver.getSimpleReleaseName(); String copyReleaseId = copyFromReleaseResolver.getReleaseId(unirest); diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/cli/cmd/AbstractFoDScanImportCommand.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/cli/cmd/AbstractFoDScanImportCommand.java index 65487e9ef4..651fafaaff 100644 --- a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/cli/cmd/AbstractFoDScanImportCommand.java +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/cli/cmd/AbstractFoDScanImportCommand.java @@ -28,14 +28,16 @@ import kong.unirest.HttpRequest; import kong.unirest.UnirestInstance; import lombok.Getter; +import picocli.CommandLine; import picocli.CommandLine.Mixin; +import picocli.CommandLine.Option; import picocli.CommandLine.Parameters; public abstract class AbstractFoDScanImportCommand extends AbstractFoDJsonNodeOutputCommand implements IActionCommandResultSupplier { @Mixin private FoDDelimiterMixin delimiterMixin; // Is automatically injected in resolver mixins @Mixin private FoDReleaseByQualifiedNameOrIdResolverMixin.RequiredOption releaseResolver; - @EnvSuffix("FILE") @Parameters(index = "0", arity = "1", descriptionKey = "fcli.fod.scan.import.scan-file") + @EnvSuffix("FILE") @Option(names = {"-f", "--file"}, required = true, descriptionKey = "fcli.fod.scan.import.scan-file") private File scanFile; @Override diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/cli/mixin/FoDScanResolverMixin.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/cli/mixin/FoDScanResolverMixin.java index 2d43485362..e6ffdca5f5 100644 --- a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/cli/mixin/FoDScanResolverMixin.java +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/cli/mixin/FoDScanResolverMixin.java @@ -1,13 +1,13 @@ /******************************************************************************* * Copyright 2021, 2023 Open Text. * - * The only warranties for products and services of Open Text - * and its affiliates and licensors ("Open Text") are as may - * be set forth in the express warranty statements accompanying - * such products and services. Nothing herein should be construed - * as constituting an additional warranty. Open Text shall not be - * liable for technical or editorial errors or omissions contained - * herein. The information contained herein is subject to change + * The only warranties for products and services of Open Text + * and its affiliates and licensors ("Open Text") are as may + * be set forth in the express warranty statements accompanying + * such products and services. Nothing herein should be construed + * as constituting an additional warranty. Open Text shall not be + * liable for technical or editorial errors or omissions contained + * herein. The information contained herein is subject to change * without notice. *******************************************************************************/ package com.fortify.cli.fod.scan.cli.mixin; @@ -57,10 +57,15 @@ public String[] getScanIds(UnirestInstance unirest) { } public static class RequiredOption extends AbstractFoDScanResolverMixin { - @Option(names = {"--scan"}, required = true) + @EnvSuffix("SCAN") @Option(names = {"--scan"}, required = true) @Getter private String scanId; } + public static class RequiredOptionMulti extends AbstractFoDMultiScanResolverMixin { + @EnvSuffix("SCANS") @Option(names = {"--scans"}, required=true, split=",", descriptionKey = "fcli.fod.scan.scan-id") + @Getter private String[] scanIds; + } + public static class PositionalParameter extends AbstractFoDScanResolverMixin { @EnvSuffix("SCAN") @Parameters(index = "0", arity = "1", paramLabel="scan-id", descriptionKey = "fcli.fod.scan.scan-id") @Getter private String scanId; diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/helper/oss/FoDScanOssDescriptor.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/helper/oss/FoDScanOssDescriptor.java new file mode 100644 index 0000000000..fe1158bc4e --- /dev/null +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/helper/oss/FoDScanOssDescriptor.java @@ -0,0 +1,28 @@ +/******************************************************************************* + * Copyright 2021, 2023 Open Text. + * + * The only warranties for products and services of Open Text + * and its affiliates and licensors ("Open Text") are as may + * be set forth in the express warranty statements accompanying + * such products and services. Nothing herein should be construed + * as constituting an additional warranty. Open Text shall not be + * liable for technical or editorial errors or omissions contained + * herein. The information contained herein is subject to change + * without notice. + *******************************************************************************/ + +package com.fortify.cli.fod.scan.helper.oss; + +import com.formkiq.graalvm.annotations.Reflectable; +import com.fortify.cli.common.json.JsonNodeHolder; +import lombok.Data; +import lombok.EqualsAndHashCode; +import lombok.NoArgsConstructor; + +@Reflectable @NoArgsConstructor +@Data @EqualsAndHashCode(callSuper = true) +public class FoDScanOssDescriptor extends JsonNodeHolder { + private Integer scanId; + private String scanType; + +} diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/helper/oss/FoDScanOssHelper.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/helper/oss/FoDScanOssHelper.java new file mode 100644 index 0000000000..377cd13514 --- /dev/null +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/helper/oss/FoDScanOssHelper.java @@ -0,0 +1,80 @@ +/******************************************************************************* + * Copyright 2021, 2023 Open Text. + * + * The only warranties for products and services of Open Text + * and its affiliates and licensors ("Open Text") are as may + * be set forth in the express warranty statements accompanying + * such products and services. Nothing herein should be construed + * as constituting an additional warranty. Open Text shall not be + * liable for technical or editorial errors or omissions contained + * herein. The information contained herein is subject to change + * without notice. + *******************************************************************************/ + +package com.fortify.cli.fod.scan.helper.oss; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ObjectNode; +import com.fortify.cli.common.json.JsonHelper; +import com.fortify.cli.fod._common.rest.FoDUrls; +import com.fortify.cli.fod._common.rest.helper.FoDFileTransferHelper; +import com.fortify.cli.fod.oss_scan.helper.FoDScanConfigOssDescriptor; +import com.fortify.cli.fod.release.helper.FoDReleaseDescriptor; +import com.fortify.cli.fod.scan.helper.FoDScanDescriptor; +import com.fortify.cli.fod.scan.helper.FoDScanHelper; +import com.fortify.cli.fod.scan.helper.FoDScanType; +import com.fortify.cli.fod.scan.helper.FoDStartScanResponse; +import kong.unirest.GetRequest; +import kong.unirest.HttpRequest; +import kong.unirest.UnirestInstance; +import lombok.Getter; + +import java.io.File; + +public class FoDScanOssHelper extends FoDScanHelper { + @Getter + private static final ObjectMapper objectMapper = new ObjectMapper(); + + public static final FoDScanDescriptor startScanWithDefaults(UnirestInstance unirest, FoDReleaseDescriptor releaseDescriptor, + FoDScanOssStartRequest req, File scanFile) { + var relId = releaseDescriptor.getReleaseId(); + HttpRequest request = unirest.post(FoDUrls.OSS_SCANS_START).routeParam("relId", relId); + return startScan(unirest, releaseDescriptor, request, scanFile); + } + + private static FoDScanDescriptor startScan(UnirestInstance unirest, FoDReleaseDescriptor releaseDescriptor, HttpRequest request, File scanFile) { + JsonNode response = FoDFileTransferHelper.uploadChunked(unirest, request, scanFile); + FoDStartScanResponse startScanResponse = JsonHelper.treeToValue(response, FoDStartScanResponse.class); + if (startScanResponse == null || startScanResponse.getScanId() <= 0) { + throw new RuntimeException("Unable to retrieve scan id from response when starting OSS scan."); + } + JsonNode node = objectMapper.createObjectNode() + .put("scanId", startScanResponse.getScanId()) + .put("scanType", FoDScanType.OpenSource.name()) + .put("analysisStatusType", "Pending") + .put("applicationName", releaseDescriptor.getApplicationName()) + .put("releaseName", releaseDescriptor.getReleaseName()) + .put("microserviceName", releaseDescriptor.getMicroserviceName()); + return JsonHelper.treeToValue(node, FoDScanDescriptor.class); + } + + public static final FoDScanConfigOssDescriptor getSetupDescriptor(UnirestInstance unirest, String relId) { + GetRequest request = unirest.get(FoDUrls.OSS_SCANS + "/scan-setup") + .routeParam("relId", relId); + JsonNode setup = request.asObject(ObjectNode.class).getBody() + .put("applicationName", "test"); + return JsonHelper.treeToValue(setup, FoDScanConfigOssDescriptor.class); + } + + public static final FoDScanConfigOssDescriptor getSetupDescriptorWithAppRel(UnirestInstance unirest, FoDReleaseDescriptor releaseDescriptor) { + GetRequest request = unirest.get(FoDUrls.OSS_SCANS + "/scan-setup") + .routeParam("relId", releaseDescriptor.getReleaseId()); + JsonNode setup = request.asObject(ObjectNode.class).getBody() + .put("applicationName", releaseDescriptor.getApplicationName()) + .put("releaseName", releaseDescriptor.getReleaseName()) + .put("microserviceName", releaseDescriptor.getMicroserviceName()); + return JsonHelper.treeToValue(setup, FoDScanConfigOssDescriptor.class); + } + +} diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/helper/oss/FoDScanOssStartRequest.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/helper/oss/FoDScanOssStartRequest.java new file mode 100644 index 0000000000..b7ff9b2873 --- /dev/null +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan/helper/oss/FoDScanOssStartRequest.java @@ -0,0 +1,26 @@ +/******************************************************************************* + * Copyright 2021, 2023 Open Text. + * + * The only warranties for products and services of Open Text + * and its affiliates and licensors ("Open Text") are as may + * be set forth in the express warranty statements accompanying + * such products and services. Nothing herein should be construed + * as constituting an additional warranty. Open Text shall not be + * liable for technical or editorial errors or omissions contained + * herein. The information contained herein is subject to change + * without notice. + *******************************************************************************/ + +package com.fortify.cli.fod.scan.helper.oss; + +import com.formkiq.graalvm.annotations.Reflectable; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Reflectable @NoArgsConstructor @AllArgsConstructor +@Data @Builder +public class FoDScanOssStartRequest { + private String notes; +} diff --git a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan_config/cli/cmd/FoDScanConfigCommands.java b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan_config/cli/cmd/FoDScanConfigCommands.java index c19d67b414..db346997c1 100644 --- a/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan_config/cli/cmd/FoDScanConfigCommands.java +++ b/fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/scan_config/cli/cmd/FoDScanConfigCommands.java @@ -19,7 +19,7 @@ @Command(name = "scan-config", hidden = true, subcommands = { - //FoDDastScanGetConfigCommand.class, + //FoDDastScanGetConfigLegacyCommand.class, //FoDMastScanGetConfigCommand.class, //FoDSastScanGetConfigCommand.class, //FoDSastScanSetupCommand.class, diff --git a/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/i18n/FoDMessages.properties b/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/i18n/FoDMessages.properties index a83ccea490..2896703471 100644 --- a/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/i18n/FoDMessages.properties +++ b/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/i18n/FoDMessages.properties @@ -372,45 +372,45 @@ fcli.fod.dast-scan.output.header.scanMethodTypeName = Scan Method fcli.fod.dast-scan.output.header.applicationName = Application fcli.fod.dast-scan.output.header.microserviceName = Microservice fcli.fod.dast-scan.output.header.releaseName = Release -fcli.fod.dast-scan.cancel.usage.header = Cancel a DAST scan. -fcli.fod.dast-scan.get.usage.header = Get SAST scan details. -fcli.fod.dast-scan.get-config.usage.header = Get current DAST scan configuration (PREVIEW). -fcli.fod.dast-scan.get-config.usage.description = This command is intended for preview only. \ +fcli.fod.dast-scan.cancel.usage.header = Cancel a DAST scan (PREVIEW). +fcli.fod.dast-scan.get.usage.header = Get DAST scan details (PREVIEW). +fcli.fod.dast-scan.get-config-legacy.usage.header = Get current DAST scan configuration (LEGACY). +fcli.fod.dast-scan.get-config-legacy.usage.description = This command is intended for legacy DAST scanning (not DAST Automated). \ Command name, options and behavior may change at any time, even between patch or minor releases, potentially affecting \ any workflows in which this command is being used. fcli.fod.dast-scan.list.usage.header = List DAST scans. fcli.fod.dast-scan.list.status = ${fcli.fod.scan.list.status} fcli.fod.dast-scan.list.type = ${fcli.fod.scan.list.type} -fcli.fod.dast-scan.wait-for.usage.header = Wait for one or more DAST scans to reach or exit specified scan statuses. +fcli.fod.dast-scan.wait-for.usage.header = Wait for one or more DAST scans to reach or exit specified scan statuses (PREVIEW). fcli.fod.dast-scan.wait-for.usage.description.0 = ${fcli.fod.scan.wait-for.usage.description.0} fcli.fod.dast-scan.wait-for.usage.description.1 = ${fcli.fod.scan.wait-for.usage.description.1} fcli.fod.dast-scan.wait-for.usage.description.2 = ${fcli.fod.scan.wait-for.usage.description.2} fcli.fod.dast-scan.wait-for.until = ${fcli.fod.scan.wait-for.until} fcli.fod.dast-scan.wait-for.while = ${fcli.fod.scan.wait-for.while} fcli.fod.dast-scan.wait-for.any-state = ${fcli.fod.scan.wait-for.any-state} -fcli.fod.dast-scan.start.usage.header = Start a new DAST scan (PREVIEW). -fcli.fod.dast-scan.start.usage.description.0 = This command is not fully implemented and is intended for preview only. \ +fcli.fod.dast-scan.start-legacy.usage.header = Start a new DAST scan (LEGACY). +fcli.fod.dast-scan.start-legacy.usage.description.0 = This command is not fully implemented and is intended for legacy DAST scanning (not DAST Automated). \ It can only be used for starting a configured Dynamic scan and does not support file uploads (i.e. API definitions \ or workflows). \ Command name, options and behavior may change at any time, even between patch or minor releases, potentially affecting \ any workflows in which this command is being used. -fcli.fod.dast-scan.start.usage.description.1 = The scan will need to have been previously setup using the FoD UI or the \ +fcli.fod.dast-scan.start-legacy.usage.description.1 = The scan will need to have been previously setup using the FoD UI or the \ 'fod dast-scan setup' command. -fcli.fod.dast-scan.start.usage.description.2 = To correctly start a scan you will need to provide the name of the \ +fcli.fod.dast-scan.start-legacy.usage.description.2 = To correctly start a scan you will need to provide the name of the \ assessment type using the '--assessment-type=xxx' option. Since assessment types can potentially be configured \ differently for each tenant, you can find the correct name using the 'fod assessment-type list --scan-types=Dynamic' command. -fcli.fod.dast-scan.start.usage.description.3 = The scan will need to have been previously setup using the FoD UI or the \ +fcli.fod.dast-scan.start-legacy.usage.description.3 = The scan will need to have been previously setup using the FoD UI or the \ 'fod dast-scan setup' command. -fcli.fod.dast-scan.start.usage.description.4 = If you know the Id of an entitlement that you want to use then you \ +fcli.fod.dast-scan.start-legacy.usage.description.4 = If you know the Id of an entitlement that you want to use then you \ can supply it to the '--entitlement-id=xxx' option. If not, you can supply both '--assessment-type' and \ '--entitlement-frequency' options and the command will try to find an appropriate entitlement. -fcli.fod.dast-scan.start.assessment-type = The type of Dynamic assessment to carry out. Use 'assessment-type list' to find valid values. -fcli.fod.dast-scan.start.start-date = ${fcli.fod.sast-scan.start.start-date} -fcli.fod.dast-scan.start.entitlement-id = ${fcli.fod.sast-scan.start.entitlement-id} -fcli.fod.dast-scan.start.notes = ${fcli.fod.sast-scan.start.notes} -fcli.fod.dast-scan.start.file = ${fcli.fod.sast-scan.start.file} -fcli.fod.dast-scan.start.chunk-size = ${fcli.fod.sast-scan.start.chunk-size} -fcli.fod.dast-scan.start.timezone = The timezone to use for starting the scan - default is UTC. Use 'fod rest lookup TimeZones' to see the values. +fcli.fod.dast-scan.start-legacy.assessment-type = The type of Dynamic assessment to carry out. Use 'assessment-type list' to find valid values. +fcli.fod.dast-scan.start-legacy.start-date = ${fcli.fod.sast-scan.start.start-date} +fcli.fod.dast-scan.start-legacy.entitlement-id = ${fcli.fod.sast-scan.start.entitlement-id} +fcli.fod.dast-scan.start-legacy.notes = ${fcli.fod.sast-scan.start.notes} +fcli.fod.dast-scan.start-legacy.file = ${fcli.fod.sast-scan.start.file} +fcli.fod.dast-scan.start-legacy.chunk-size = ${fcli.fod.sast-scan.start.chunk-size} +fcli.fod.dast-scan.start-legacy.timezone = The timezone to use for starting the scan - default is UTC. Use 'fod rest lookup TimeZones' to see the values. fcli.fod.dast-scan.import.usage.header = Import existing DAST scan results (from an FPR file). fcli.fod.dast-scan.import.[0] = FPR file containing existing DAST scan results to be imported. fcli.fod.dast-scan.download.usage.header = Download previous scan results (as an FPR file). @@ -432,7 +432,8 @@ fcli.fod.mast-scan.get.usage.header = Get MAST scan details. fcli.fod.mast-scan.get-config.usage.header = Get current MAST scan configuration (PREVIEW). fcli.fod.mast-scan.get-config.usage.description = This command is intended for preview only. \ Command name, options and behavior may change at any time, even between patch or minor releases, potentially affecting \ - any workflows in which this command is being used. + any workflows in which this command is being used. \ + Please note: there is currently no API endpoint for this command and so it will fail with HTTP 405 error until this endpoint is available. fcli.fod.mast-scan.list.usage.header = List MAST scans. fcli.fod.mast-scan.list.status = ${fcli.fod.scan.list.status} fcli.fod.mast-scan.list.type = ${fcli.fod.scan.list.type} @@ -503,6 +504,12 @@ fcli.fod.oss-scan.import.[0] = FPR file containing existing OSS scan r fcli.fod.oss-scan.import.type = Open Source scan results file type. Valid values: ${COMPLETION-CANDIDATES} (default value is CycloneDX). fcli.fod.oss-scan.download.usage.header = Download previous scan results (as an SBOM file). fcli.fod.oss-scan.download.sbom = File path and name where to save the SBOM file. +fcli.fod.oss-scan.start.usage.header = Start a new OSS scan (PREVIEW). +fcli.fod.oss-scan.start.usage.description = This command is not fully implemented and is intended for preview only. \ + Command name, options and behavior may change at any time, even between patch or minor releases, potentially affecting \ + any workflows in which this command is being used. +fcli.fod.oss-scan.start.file = ${fcli.fod.sast-scan.start.file} +fcli.fod.oss-scan.start.chunk-size = ${fcli.fod.sast-scan.start.chunk-size} # various messages displayed during execution fcli.fod.validating-entitlement = Validating entitlement. diff --git a/fcli-other/fcli-doc/src/docs/asciidoc/versioned/index.adoc b/fcli-other/fcli-doc/src/docs/asciidoc/versioned/index.adoc index 87dbed24c3..9e784eabd6 100644 --- a/fcli-other/fcli-doc/src/docs/asciidoc/versioned/index.adoc +++ b/fcli-other/fcli-doc/src/docs/asciidoc/versioned/index.adoc @@ -5,35 +5,36 @@ The fcli utility can be used to interact with various Fortify products, like Fortify on Demand (FoD), Software Security Center (SSC), ScanCentral SAST and ScanCentral DAST. This document describes installation and general usage of fcli. For a full listing of fcli commands and corresponding command line options, please see the man-pages as listed in the link:#_manual_pages[Manual Pages] section. -Some of the fcli highlights: - -* Interact with many different Fortify products with just a single command-line utility -* link:#_installation[Both plain Java and native platform binaries for Windows, Linux and Mac available] -* link:#_command_structure[Modular command structure], making it easy to focus on particular tasks -* link:#_o_output[Rich output formats]; save command output in JSON, CSV, XML or plain-text formats -* link:#_session_management[Session-based]; no need to pass URL’s and credentials on every individual fcli invocation -* Support for configuring option values through link:#_environment_variables[environment variables] +Some of the fcli highlights: + +* Interact with many different Fortify products with just a single command-line utility +* link:#_installation[Both plain Java and native platform binaries for Windows, Linux and Mac available] +* link:#_command_structure[Modular command structure], making it easy to focus on particular tasks +* link:#_o_output[Rich output formats]; save command output in JSON, CSV, XML or plain-text formats +* link:#_session_management[Session-based]; no need to pass URL’s and credentials on every individual fcli invocation +* Support for configuring option values through link:#_environment_variables[environment variables] * Support for link:#_fcli_variables[fcli variables]; pass data between fcli commands -The following Fortify products are currently supported by fcli: - -* Software Security Center (SSC) -** Includes virtually all functionality provided by the legacy FortifyClient utility -** Includes virtually all functionality provided by the ssc-client sample shipped with SSC -** Adds a wide range of other functionalities not previously included in any Fortify client-side utilities -* ScanCentral SAST -** Support for starting and managing ScanCentral SAST scans -* ScanCentral DAST -** Support for starting and managing ScanCentral DAST scans -** Support for listing scan policies and settings -** Support for listing and managing sensors -* Fortify on Demand (FoD) +The following Fortify products are currently supported by fcli: + +* Software Security Center (SSC) +** Includes virtually all functionality provided by the legacy FortifyClient utility +** Includes virtually all functionality provided by the ssc-client sample shipped with SSC +** Adds a wide range of other functionalities not previously included in any Fortify client-side utilities +* ScanCentral SAST +** Support for starting and managing ScanCentral SAST scans +* ScanCentral DAST +** Support for starting and managing ScanCentral DAST scans +** Support for listing scan policies and settings +** Support for listing and managing sensors +* Fortify on Demand (FoD) ** Support for creating and managing applications, microservices and releases ** Support for starting and managing SAST & OSS scans +** Support for importing/downloading SAST/DAST/MAST & OSS results ** Partial/preview support for starting and managing DAST & MAST scans ** Partial/preview support for managing users, groups and their assignments -Some commands and options are either hidden or marked as `PREVIEW`; these may change at any time, even between minor fcli versions. Any fcli invocations using these commands or options may break when upgrading to a future fcli 2.x version, so if possible you should refrain from using these in pipelines for example. Most notably, this includes the following functionalities: +Some commands and options are either hidden or marked as `PREVIEW` or `LEGACY`; these may change at any time, even between minor fcli versions. Any fcli invocations using these commands or options may break when upgrading to a future fcli 2.x version, so if possible you should refrain from using these in pipelines for example. Most notably, this includes the following functionalities: * Commands for configuring and running FoD DAST & MAST scans will change significantly, based on upcoming FoD API changes & improvements * Commands and options for managing and assigning users and groups for both FoD and SSC will likely change; see https://github.com/fortify/fcli/issues/369 for details. @@ -44,24 +45,24 @@ Hidden commands are not listed in fcli help output and not included in the link: Download bundles for fcli are available on the https://github.com/fortify/fcli/releases[Releases] page, containing both development releases (named `+Development Release - branch+`) and final releases. In general, the use of a final release is recommended, unless you want to use any functionality that hasn’t made it into a final release yet. -Each release comes with a list of assets: +Each release comes with a list of assets: -* `+docs-html.zip+` & `+docs-manpage.zip+`: Manual pages in either HTML or manpage format -* `+fcli-linux.tgz+`, `+fcli-mac.tgz+` & `+fcli-windows.zip+`: Native binaries for each of the mentioned platforms -** Note that some browsers by default will disallow downloading of `+fcli-windows.zip+`; please bypass the warning -** Linux and Mac downloads include an `+auto-completion+` script that makes interactive fcli usage easier -* `+fcli.jar+`: Java version of fcli, which should be runnable on any platform that has Java 11+ installed +* `+docs-html.zip+` & `+docs-manpage.zip+`: Manual pages in either HTML or manpage format +* `+fcli-linux.tgz+`, `+fcli-mac.tgz+` & `+fcli-windows.zip+`: Native binaries for each of the mentioned platforms +** Note that some browsers by default will disallow downloading of `+fcli-windows.zip+`; please bypass the warning +** Linux and Mac downloads include an `+auto-completion+` script that makes interactive fcli usage easier +* `+fcli.jar+`: Java version of fcli, which should be runnable on any platform that has Java 11+ installed ** Note that in general, the native binaries are easier to invoke, offer better performance, and have the benefit of auto-completion capabilities on Linux & Mac ** If you experience any unexpected behavior with native binaries, like commands or command line options not being listed or recognized, or technical error messages about methods, constructors or serializers not being -found, please try with the Java version as it may be an issue specific to the native binaries. See the link:#_troubleshooting[Troubleshooting] section for details. -* `+fcli-thirdparty.zip+`: Third-party licenses and sources for license purposes; usually no need to download +found, please try with the Java version as it may be an issue specific to the native binaries. See the link:#_troubleshooting[Troubleshooting] section for details. +* `+fcli-thirdparty.zip+`: Third-party licenses and sources for license purposes; usually no need to download * `+LICENSE.TXT+` & `+README.md+`: Some generic information and license for fcli Please note that when publishing a new release, it may take up to 30-60 minutes before release assets are posted. If the latest release doesn’t show any of the assets listed above, please check again in 30-60 minutes. If you encounter a release without these assets after waiting for 60 minutes, please consider submitting an issue on the https://github.com/fortify/fcli/issues[fcli issue tracker]. -To install one of the binary distributions of fcli: +To install one of the binary distributions of fcli: -* Download the appropriate binary archive for your platform +* Download the appropriate binary archive for your platform * Extract the archive contents to a directory of your choosing * For ease of use, add this directory to your operating system or shell PATH environment variable, or move the `+fcli+`/`+fcli.exe+` binary to a directory that is already on the PATH * Linux/Mac only: Run the following command to install fcli auto command completion, allowing for use of the `++` to get suggestions for fcli command and option names. You may want to add this to your shell startup script, such that fcli auto-completion is readily available in every shell. + @@ -115,14 +116,14 @@ version, please refer to the help output or link:#_manual_pages[Manual Pages]. Most output formats allow for specifying the JSON properties to be included in the output, for example `+-o csv=id,name+`. If no JSON properties are specified, most output formats will output all available JSON properties, except for table output, which usually outputs a predefined set of JSON properties. -There are two output formats that are somewhat special: +There are two output formats that are somewhat special: * `+-o 'expr=Text with {expression1} or {expression2}\n'+` + - Formats the output data based on the given template expression, which is a combination of (optional) plain text and SpEL expressions; see link:#_option_expressions[Option Expressions] for details. In most cases, expressions will be simple property references, i.e., `+{property.subProperty}+`. This can be used for a variety of purposes, for example generating output in a human-readable format, or for generating a list of commands to be run at a later stage. Note that by default, no newline character will be inserted after evaluating the given expression. If necessary, the expression should explicitly include `+\n+` to output a newline character. Also note that depending on your shell, the `+expr+` option must be properly quoted. For most shells, the `+expr=...+` value should be enclosed in single or double quotes. To demonstrate the power of this output format, following are two examples of how `+-o expr+` can be used to generate a script that purges all application versions matching certain criteria: + Formats the output data based on the given template expression, which is a combination of (optional) plain text and SpEL expressions; see link:#_option_expressions[Option Expressions] for details. In most cases, expressions will be simple property references, i.e., `+{property.subProperty}+`. This can be used for a variety of purposes, for example generating output in a human-readable format, or for generating a list of commands to be run at a later stage. Note that by default, no newline character will be inserted after evaluating the given expression. If necessary, the expression should explicitly include `+\n+` to output a newline character. Also note that depending on your shell, the `+expr+` option must be properly quoted. For most shells, the `+expr=...+` value should be enclosed in single or double quotes. To demonstrate the power of this output format, following are two examples of how `+-o expr+` can be used to generate a script that purges all application versions matching certain criteria: ** `+fcli ssc appversion list -q 'createdBy=="admin"' -o 'expr=fcli ssc appversion purge-artifacts --older-than 30d {id}\n'+` -** `+for id in $(fcli ssc appversion list -q 'createdBy=="admin"' -o 'expr={id} '); do echo "fcli ssc appversion purge-artifacts –older-than 30d ${id}'"; done+` +** `+for id in $(fcli ssc appversion list -q 'createdBy=="admin"' -o 'expr={id} '); do echo "fcli ssc appversion purge-artifacts –older-than 30d ${id}'"; done+` * `+-o json-properties+` + - List all JSON properties returned by the current command, which can be used on options that take JSON properties as input, like output expressions (`+-o expr={prop}+`), properties to include in the output (`+-o table=prop1,prop2+`), queries (`+-q 'prop1=="value1"'+`), and fcli variables (`+--store var:prop1,prop2+` & `+::var::prop1}+`). Two important notes about this output format: + List all JSON properties returned by the current command, which can be used on options that take JSON properties as input, like output expressions (`+-o expr={prop}+`), properties to include in the output (`+-o table=prop1,prop2+`), queries (`+-q 'prop1=="value1"'+`), and fcli variables (`+--store var:prop1,prop2+` & `+::var::prop1}+`). Two important notes about this output format: ** The command will be executed as specified, so be careful when using this output option on any command that changes state (delete/update/create/…). In most cases, the `+get+` or `+list+` operations will return a similar set of properties, so you can use those commands to view available properties. ** On some commands, the list of available JSON properties may vary depending on command line options. For example, when a query returns no records, then `+-o json-properties+` will not output any properties. Likewise, a command may provide options for including additional data for each record; the corresponding JSON properties will only be shown if `+-o json-properties+` is used in combination with these options that load additional data. @@ -170,11 +171,11 @@ Following are some examples using bash syntax, assuming the record contains `p1` * `+fcli ssc artifact list --appversion MyApp:main -q '_embed.scans.![buildLabel].contains("myLabel")'+` + Only output artifacts for which any of the scans included in the artifact has a `buildLabel` that equals `myLabel` * `+fcli ssc artifact list --appversion MyApp:main -q '#now("-90d") < #date(uploadDate)'+` + - Only output artifacts that were uploaded less than 90 days ago. + Only output artifacts that were uploaded less than 90 days ago. ==== Server-side queries -In general, queries specified using the `-q` / `--query` option are evaluated on the client. Some commands will analyze the given query and generate corresponding server-side query parameters to minimize the amount of data that needs to be transferred from server to client. Generated queries can be viewed in the log file if `--log-level` is set to `DEBUG` level. +In general, queries specified using the `-q` / `--query` option are evaluated on the client. Some commands will analyze the given query and generate corresponding server-side query parameters to minimize the amount of data that needs to be transferred from server to client. Generated queries can be viewed in the log file if `--log-level` is set to `DEBUG` level. All commands that automatically generate server-side queries also provide a dedicated option for overriding the automatically generated server-side query, for example to further optimize the query or in case the automatically generated query is causing any issues. Following bullet points provide details on server-side queries for the various product modules: @@ -188,10 +189,10 @@ All commands that automatically generate server-side queries also provide a dedi * ScanCentral SAST: + No server-side queries are automatically being generated. - + * ScanCentral DAST: + No server-side queries are automatically being generated. Some commands provide the `--server-query` option to explicitly pass query parameters to the server. - + * SSC: + All commands that automatically generate server-side queries provide the `--q-param` option to override the automatically generated query. Server-side queries are automatically generated for the following SpEL expressions: ** `prop1=='value'` (simple equals expressions) @@ -229,7 +230,7 @@ Such errors can be avoided using one of the following approaches: Fcli provides some utility functions that may be used in expressions. Note that these functions calls are preceded by a `+#+` character. -* `+#date(string)+`: Convert the given date/time in string format to a proper date/time representation, allowing for date/time-based comparison operations. This can be used on property references or literal strings. +* `+#date(string)+`: Convert the given date/time in string format to a proper date/time representation, allowing for date/time-based comparison operations. This can be used on property references or literal strings. * `+#now()+`: Get the current date/time, allowing for date/time-based comparison operations. * `+#now(period)+`: Get the current date/time plus or minus the given period. The given period must start with either a `+` or `-`, followed by a number and the time unit. Some examples: `-90d` (now minus 90 days), `+15m` (now plus 15 minutes) and `-90s` (now minus 90 seconds). * `+#var(name)+`: Get fcli variable contents; variable properties can be accessed as usual, i.e. `+#var("myVar")?.rootProp?.subProp+`. @@ -259,11 +260,11 @@ fcli ssc appversion list fcli ssc session logout --user --password ---- -For interactive use, you can choose to keep the session open until it expires (expiration period depends on target system and login method). For pipeline use or other automation scenarios, it is highly recommended to issue a `+session logout+` command when no further interaction with the target system is required, to allow for any client-side and server-side cleanup to be performed. +For interactive use, you can choose to keep the session open until it expires (expiration period depends on target system and login method). For pipeline use or other automation scenarios, it is highly recommended to issue a `+session logout+` command when no further interaction with the target system is required, to allow for any client-side and server-side cleanup to be performed. For example, upon logging in to SSC with user credentials, fcli will generate a `+UnifiedLoginToken+`, which will be invalidated when the `+ssc session logout+` is being run. If you have many (frequently executed) pipelines that interact with SSC, and you don’t run the `+ssc session logout+` command when the pipeline finishes, you risk exhausting SSC’s limit on active tokens. In addition, the `+logout+` commands will perform client-side cleanup, like removing session details like URL and authentication tokens from the client system. -For product modules that support it, like SSC or ScanCentral DAST, it is also highly recommended to use token-based authentication rather than username/password-based authentication when incorporating fcli into pipelines or other automation tasks. This will avoid creation of a temporary token as described above, but also allows for better access control based on token permissions. Similarly, for systems that support Personal Access tokens, like FoD, it is highly recommended to utilize a Personal Access Token rather than user password. +For product modules that support it, like SSC or ScanCentral DAST, it is also highly recommended to use token-based authentication rather than username/password-based authentication when incorporating fcli into pipelines or other automation tasks. This will avoid creation of a temporary token as described above, but also allows for better access control based on token permissions. Similarly, for systems that support Personal Access tokens, like FoD, it is highly recommended to utilize a Personal Access Token rather than user password. Note however that depending on (personal access) token permissions, not all fcli functionality may be available. In particular, even the least restrictive SSC `+CIToken+` may not provide access to all endpoints covered by fcli. If you need access to functionality not covered by `+CIToken+`, you may need to define a custom token definition, but this can only be done on self-hosted SSC environments, not on Fortify Hosted. If all else fails, you may need to revert to username/password-based authentication to utilize the short-lived `+UnifiedLoginToken+`. @@ -272,7 +273,7 @@ Note however that depending on (personal access) token permissions, not all fcli Fcli supports named sessions, allowing you to have multiple open sessions for a single product. When issuing a `+session login+` command, you can optionally provide a session name as in `+fcli ssc session login mySession ...+`, and then use that session in other commands using the `+--session mySession+` command line option. If no session name is specified, a session named `+default+` will be created/used. Named sessions allow for a variety of use cases, for example: * Run fcli commands against multiple instances of the same product, like DEV and PROD instances or an on-premise instance and a Fortify Hosted instance, without having to continuously login and logout from one instance to switch to another instance -* Run fcli commands against a single instance of a product, but with alternating credentials, for example with one session providing admin rights and another session providing limited user rights +* Run fcli commands against a single instance of a product, but with alternating credentials, for example with one session providing admin rights and another session providing limited user rights * Run one session with username/password credentials to allow access to all fcli functionality (based on user permissions), and another session with token-based authentication with access to only a subset of fcli functionality * Run multiple pipelines or automation scripts simultaneously, each with their own session name, to reduce chances of these pipelines and scripts affecting each other (see link:#_fcli_data_folder[Fcli Data Folder] though for a potentially better solution for this scenario) @@ -294,7 +295,7 @@ The locations of these files can be controlled through the following environment Default: `+/fcli+` * `+FORTIFY_DATA_DIR+`: Default base directory for the directories listed above. + Default: `+/.fortify+` - + If none of these environment variables have been set, then state data will be stored in `+/.fortify/fcli/state+`, and configuration data will be stored in `+/.fortify/fcli/config+`. Note: earlier versions of fcli used different environment variable names, but this was causing issues (see link:https://github.com/fortify/fcli/issues/248[Issue 248]). If you are using an older fcli version, please refer to the corresponding documentation. When upgrading fcli from an older version, you may need to adjust the environment variable names. @@ -311,27 +312,27 @@ Note that some files stored in the fcli data directory may contain sensitive dat Apart from the special-purpose environment variables described in other sections, like the link:#_fcli_data_folder[Fcli Data Folder] section, fcli allows for specifying default option and parameter values through environment variables. This is particularly useful for specifying product URL’s and credentials through pipeline secrets, but also allows for preventing having to manually supply command line options if you frequently invoke a particular command with the same option value(s). For example, you could define a default value for `+--issue-template+` option of the `+fcli ssc appversion create` option, to avoid having to remember the issue template name every time you invoke this command. -Fcli walks the command tree to find an environment variable that matches a particular option, starting with the most detailed command prefix first. For the issue-template example above, fcli would look for the following environment variable names, in this order: +Fcli walks the command tree to find an environment variable that matches a particular option, starting with the most detailed command prefix first. For the issue-template example above, fcli would look for the following environment variable names, in this order: -* `+FCLI_DEFAULT_SSC_APPVERSION_CREATE_ISSUE_TEMPLATE+` -* `+FCLI_DEFAULT_SSC_APPVERSION_ISSUE_TEMPLATE+` -* `+FCLI_DEFAULT_SSC_ISSUE_TEMPLATE+` +* `+FCLI_DEFAULT_SSC_APPVERSION_CREATE_ISSUE_TEMPLATE+` +* `+FCLI_DEFAULT_SSC_APPVERSION_ISSUE_TEMPLATE+` +* `+FCLI_DEFAULT_SSC_ISSUE_TEMPLATE+` * `+FCLI_DEFAULT_ISSUE_TEMPLATE+` -Environment variable lookups are based on the following rules: +Environment variable lookups are based on the following rules: -* Command aliases are not taken into account when looking for environment variables; suppose we have a `+delete+` command with alias `+rm+`, you will need to use `+FCLI_DEFAULT_..._DELETE_...+` and not `+FCLI_DEFAULT_..._RM_...+` -* For options, fcli will use the longest option name when looking for environment variables; suppose we have an option with names `+-a+`, `+--ab+` and `+--abc+`, you will need to use `+FCLI_DEFAULT_..._ABC+` and not `+FCLI_DEFAULT_..._AB+` or `+FCLI_DEFAULT_..._A+` +* Command aliases are not taken into account when looking for environment variables; suppose we have a `+delete+` command with alias `+rm+`, you will need to use `+FCLI_DEFAULT_..._DELETE_...+` and not `+FCLI_DEFAULT_..._RM_...+` +* For options, fcli will use the longest option name when looking for environment variables; suppose we have an option with names `+-a+`, `+--ab+` and `+--abc+`, you will need to use `+FCLI_DEFAULT_..._ABC+` and not `+FCLI_DEFAULT_..._AB+` or `+FCLI_DEFAULT_..._A+` * For positional parameters, the environment variable name will be based on the parameter label, converted to `SNAKE_CASE` with all special characters replaced by an underscore. For example, `` will become `ATTRIBUTE_DEFINITION_ID`, and `HOST:PORT` will become `HOST_PORT`. -Although powerful, these environment variables for providing default option and parameter values should be used with some care to avoid unexpected results: +Although powerful, these environment variables for providing default option and parameter values should be used with some care to avoid unexpected results: -1. Obviously command option requirements should be respected; supplying default values for exclusive options may result in errors or unexpected behavior -2. Preferably, you should use the most specific environment variable name, like `+FCLI_DEFAULT_SSC_APPVERSION_CREATE_ISSUE_TEMPLATE+` from the example above, to avoid accidentally supplying default values to a similarly named option on other commands +1. Obviously command option requirements should be respected; supplying default values for exclusive options may result in errors or unexpected behavior +2. Preferably, you should use the most specific environment variable name, like `+FCLI_DEFAULT_SSC_APPVERSION_CREATE_ISSUE_TEMPLATE+` from the example above, to avoid accidentally supplying default values to a similarly named option on other commands -Despite #2 above, in some cases it may be useful to use less specific environment names, in particular if the same default values should be applied to multiple commands. As an example, consider an environment variable named `+FCLI_DEFAULT_SSC_URL+`: +Despite #2 above, in some cases it may be useful to use less specific environment names, in particular if the same default values should be applied to multiple commands. As an example, consider an environment variable named `+FCLI_DEFAULT_SSC_URL+`: -* This variable value will be used as a default value for all `+--url+` options in the SSC module +* This variable value will be used as a default value for all `+--url+` options in the SSC module * This variable value will be used as a default value for all `+--ssc-url+` options in other product modules This means that defining a single `+FCLI_DEFAULT_SSC_URL+` environment variable, together with for example `+FCLI_DEFAULT_SSC_USER+` and `+FCLI_DEFAULT_SSC_PASSWORD+` environment variables, allows for applying these default values to all of the `+fcli ssc session login+`, `+fcli sc-sast session login+`, `+fcli sc-dast session login+`, and corresponding `+logout+` commands. @@ -344,7 +345,7 @@ Fcli allows for storing fcli output data in fcli variables for use by subsequent Variables can be stored using the `+--store myVarName[:prop1,prop2]+` option on data output commands. If property names are specified, then only these property names will be stored. If no property names are provided, all available JSON properties will be stored. -Variables can be referenced in subsequent fcli commands using the `::myVarName::prop` syntax anywhere on the command line; such occurrences will be substituted with the value of the given property name. +Variables can be referenced in subsequent fcli commands using the `::myVarName::prop` syntax anywhere on the command line; such occurrences will be substituted with the value of the given property name. Many (but not all) fcli commands will also store an entity-specific default property name when using the `+--store+` option. Whether a default property name has been stored can be seen in the output of the `+fcli util variable list+` command. If a default property name was stored, the `::myVarName::` syntax can be used to reference the value of the default property name, thereby avoiding the need to manually specify the appropriate property name. @@ -365,7 +366,7 @@ fcli sc-sast scan start -p package.zip -v 22.2 --appversion test:1.0 --store x fcli sc-sast scan wait-for ::x::jobToken ---- -Fcli provides the regular `get`, `list` and `delete` operations on the `+fcli util variable` command tree, and actual variable contents can be retrieved using the `+fcli util variable contents+` command. Please see help output or manual pages for more information on these commands. +Fcli provides the regular `get`, `list` and `delete` operations on the `+fcli util variable` command tree, and actual variable contents can be retrieved using the `+fcli util variable contents+` command. Please see help output or manual pages for more information on these commands. The `+fcli util variable contents+` command supports the regular fcli output options and query capabilities. This allows for advanced us cases, like retrieving server data once and then outputting it in multiple formats, potentially even applying separate filters. As an example: @@ -381,11 +382,11 @@ Note: variable-related syntax and behavior was changed in fcli version 2.0.0. If == Manual Pages -Manual pages are automatically generated and contain the same information as fcli help output. Manual pages in HTML and Linux man-page formats can be downloaded for offline use from the fcli releases page at https://github.com/fortify/fcli/releases, or can be viewed online at https://fortify.github.io/fcli. +Manual pages are automatically generated and contain the same information as fcli help output. Manual pages in HTML and Linux man-page formats can be downloaded for offline use from the fcli releases page at https://github.com/fortify/fcli/releases, or can be viewed online at https://fortify.github.io/fcli. Please select the proper fcli version from the links above to access the corresponding manual pages. When using the offline HTML documentation bundle, please make sure to extract the full documentation archive to allow for hyperlinks to work correctly. -The manual pages for the currently selected fcli release can be found here: link:manpage/fcli.html[fcli (1)]. +The manual pages for the currently selected fcli release can be found here: link:manpage/fcli.html[fcli (1)]. == Troubleshooting @@ -404,14 +405,14 @@ If you encounter any of these issues, please submit a bug report as described in After confirming that an issue cannot be resolved based on the information above, and is not caused by user error, please consider submitting a bug report on the https://github.com/fortify/fcli/issues[fcli issue tracker]. Before doing so, please verify that there is not already a bug report open for the issue that you are experiencing; in that case, feel free to leave a comment on the existing bug report to confirm the issue and/or provide additional details. -When opening a bug report, please include the following information: +When opening a bug report, please include the following information: -* Fcli version, as shown by the `+fcli --version+` command -* Which fcli variant you are using; one of the native binaries or the `+.jar+` variant invoked using `+java -jar fcli.jar+` -* If you are experiencing an issue with the native binaries, please confirm whether the `+.jar+` version of fcli exhibits the same behavior -* Operating system and any other relevant environment details, for example: -** Interactive or pipeline/automation use -** If pipeline use, what CI/CD system are you running fcli on (Jenkins, GitHub, GitLab, …) -** What FCLI environment variables have been set -* Steps to reproduce +* Fcli version, as shown by the `+fcli --version+` command +* Which fcli variant you are using; one of the native binaries or the `+.jar+` variant invoked using `+java -jar fcli.jar+` +* If you are experiencing an issue with the native binaries, please confirm whether the `+.jar+` version of fcli exhibits the same behavior +* Operating system and any other relevant environment details, for example: +** Interactive or pipeline/automation use +** If pipeline use, what CI/CD system are you running fcli on (Jenkins, GitHub, GitLab, …) +** What FCLI environment variables have been set +* Steps to reproduce * Any other information that may be relevant diff --git a/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDMicroserviceSpec.groovy b/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDMicroserviceSpec.groovy index 5ab1b295b4..ae1d7e4e7b 100644 --- a/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDMicroserviceSpec.groovy +++ b/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDMicroserviceSpec.groovy @@ -15,10 +15,10 @@ import spock.lang.Stepwise @Prefix("fod.microservice") @FcliSession(FOD) @Stepwise class FoDMicroserviceSpec extends FcliBaseSpec { @Shared @AutoCleanup FoDMicroservicesAppSupplier app = new FoDMicroservicesAppSupplier() - - @Shared + + @Shared boolean appsExist = false; - + def "list"() { def args = "fod microservice list --app=${app.get().appName}" when: @@ -30,7 +30,7 @@ class FoDMicroserviceSpec extends FcliBaseSpec { it[1].contains(app.get().appName) } } - + def "create"() { def args = "fod microservice create ${app.get().appName}:testservice" when: @@ -39,7 +39,7 @@ class FoDMicroserviceSpec extends FcliBaseSpec { verifyAll(result.stdout) { } } - + def "verifyCreated"() { def args = "fod microservice list --app=${app.get().appName}" when: @@ -49,7 +49,7 @@ class FoDMicroserviceSpec extends FcliBaseSpec { it.any { it.contains("testservice") } } } - + def "update"() { def args = "fod microservice update ${app.get().appName}:testservice --name=updatedtestservice" when: @@ -59,7 +59,7 @@ class FoDMicroserviceSpec extends FcliBaseSpec { size()==2 } } - + def "verifyUpdated"() { def args = "fod microservice list --app=${app.get().appName}" when: @@ -69,7 +69,7 @@ class FoDMicroserviceSpec extends FcliBaseSpec { it.any { it.contains(app.get().appName) && it.contains("updatedtestservice") } } } - + def "delete"() { def args = "fod microservice delete ${app.get().appName}:updatedtestservice" when: @@ -79,7 +79,7 @@ class FoDMicroserviceSpec extends FcliBaseSpec { size()==2 } } - + def "verifyDeleted"() { def args = "fod microservice list --app=${app.get().appName}" when: @@ -89,6 +89,6 @@ class FoDMicroserviceSpec extends FcliBaseSpec { !it.any { it.contains("updatedtestservice") } } } - + } diff --git a/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDReleaseSpec.groovy b/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDReleaseSpec.groovy index e7410c442b..622a6c8f30 100644 --- a/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDReleaseSpec.groovy +++ b/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDReleaseSpec.groovy @@ -15,7 +15,7 @@ import spock.lang.Stepwise @Prefix("fod.release") @FcliSession(FOD) @Stepwise class FoDReleaseSpec extends FcliBaseSpec { @Shared @AutoCleanup FoDMicroservicesAppSupplier app = new FoDMicroservicesAppSupplier() - + def "list"() { def args = "fod release list" when: @@ -26,7 +26,7 @@ class FoDReleaseSpec extends FcliBaseSpec { it[0].replace(' ', '').equals("IdNameMicroserviceApplicationSDLCStatus") } } - + def "create"() { def args = "fod release create ${app.get().qualifiedMicroserviceName}:testrel --sdlc-status=Development --store testrel" when: @@ -35,7 +35,7 @@ class FoDReleaseSpec extends FcliBaseSpec { verifyAll(result.stdout) { } } - + def "verifyCreated"() { def args = "fod release list --store releases" when: @@ -47,7 +47,7 @@ class FoDReleaseSpec extends FcliBaseSpec { && it.contains("testrel") } } } - + def "get.byId"() { def args = "fod release get ::testrel::releaseId" when: @@ -59,7 +59,7 @@ class FoDReleaseSpec extends FcliBaseSpec { it.any { it.contains("applicationName: \"${app.get().appName}\"") } } } - + def "get.byName"() { def args = "fod release get ${app.get().qualifiedMicroserviceName}:testrel" when: @@ -71,8 +71,8 @@ class FoDReleaseSpec extends FcliBaseSpec { it.any { it.contains("applicationName: \"${app.get().appName}\"") } } } - - + + def "update"() { def args = "fod release update ${app.get().qualifiedMicroserviceName}:testrel --sdlc-status QA" when: @@ -82,7 +82,7 @@ class FoDReleaseSpec extends FcliBaseSpec { size()==2 } } - + def "verifyUpdated"() { def args = "fod release get ::testrel::releaseId" when: @@ -92,7 +92,7 @@ class FoDReleaseSpec extends FcliBaseSpec { it.any {it.equals("sdlcStatusType: \"QA\"") } } } - + def "delete"() { def args = "fod release delete ${app.get().qualifiedMicroserviceName}:testrel" when: @@ -102,7 +102,7 @@ class FoDReleaseSpec extends FcliBaseSpec { size()==2 } } - + def "verifyDeleted"() { def args = "fod release list --app ${app.get().appName}" when: @@ -112,6 +112,6 @@ class FoDReleaseSpec extends FcliBaseSpec { !it.any { it.contains("testrel") } } } - + } diff --git a/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDScanImportSpec.groovy b/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDScanImportSpec.groovy index de25483b38..c153281c83 100644 --- a/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDScanImportSpec.groovy +++ b/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDScanImportSpec.groovy @@ -24,7 +24,7 @@ class FoDScanImportSpec extends FcliBaseSpec { def "import-mobile"() { - def args = "fod mast-scan import --release ${mobileApp.get().qualifiedRelease} $mobileResults --store upload" + def args = "fod mast-scan import --release=${mobileApp.get().qualifiedRelease} --file=$mobileResults --store upload" when: def result = Fcli.run(args) then: @@ -35,7 +35,7 @@ class FoDScanImportSpec extends FcliBaseSpec { } def "import-sast"() { - def args = "fod sast-scan import --release ${webApp.get().qualifiedRelease} $sastResults --store upload" + def args = "fod sast-scan import --release=${webApp.get().qualifiedRelease} --file=$sastResults --store upload" when: def result = Fcli.run(args) then: @@ -46,7 +46,7 @@ class FoDScanImportSpec extends FcliBaseSpec { } def "import-dast"() { - def args = "fod dast-scan import --release ${webApp.get().qualifiedRelease} $dastResults --store upload" + def args = "fod dast-scan import --release=${webApp.get().qualifiedRelease} --file=$dastResults --store upload" when: def result = Fcli.run(args) then: @@ -57,7 +57,7 @@ class FoDScanImportSpec extends FcliBaseSpec { } def "import-oss"() { - def args = "fod oss-scan import --release ${webApp.get().qualifiedRelease} $ossResults --store upload" + def args = "fod oss-scan import --release=${webApp.get().qualifiedRelease} --file=$ossResults --store upload" when: def result = Fcli.run(args) then: diff --git a/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDScanSpec.groovy b/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDScanSpec.groovy index 88909f625a..c975d0574f 100644 --- a/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDScanSpec.groovy +++ b/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDScanSpec.groovy @@ -24,7 +24,7 @@ class FoDScanSpec extends FcliBaseSpec { @Shared @AutoCleanup FoDWebAppSupplier app = new FoDWebAppSupplier() def "list"() { - def args = "fod sast-scan list --store scans" + def args = "fod scan list --store scans" when: def result = Fcli.run(args) then: diff --git a/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/_common/AbstractFoDAppSupplier.groovy b/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/_common/AbstractFoDAppSupplier.groovy index 8ed28c57e0..439a8d362f 100644 --- a/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/_common/AbstractFoDAppSupplier.groovy +++ b/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/_common/AbstractFoDAppSupplier.groovy @@ -1,13 +1,13 @@ /** * Copyright 2023 Open Text. * - * The only warranties for products and services of Open Text - * and its affiliates and licensors ("Open Text") are as may - * be set forth in the express warranty statements accompanying - * such products and services. Nothing herein should be construed - * as constituting an additional warranty. Open Text shall not be - * liable for technical or editorial errors or omissions contained - * herein. The information contained herein is subject to change + * The only warranties for products and services of Open Text + * and its affiliates and licensors ("Open Text") are as may + * be set forth in the express warranty statements accompanying + * such products and services. Nothing herein should be construed + * as constituting an additional warranty. Open Text shall not be + * liable for technical or editorial errors or omissions contained + * herein. The information contained herein is subject to change * without notice. */ package com.fortify.cli.ftest.fod._common @@ -16,7 +16,7 @@ import com.fortify.cli.ftest._common.AbstractCloseableEntitySupplier import com.fortify.cli.ftest._common.Fcli public abstract class AbstractFoDAppSupplier extends AbstractCloseableEntitySupplier { - + public static final class FoDApp implements Closeable { private final String random = System.currentTimeMillis() final String variableName = "fod_apprel_"+random @@ -28,11 +28,11 @@ public abstract class AbstractFoDAppSupplier extends AbstractCloseableEntitySupp final String qualifiedMicroserviceName = appName+":"+microserviceName final String qualifiedMicroserviceRelease = qualifiedMicroserviceName+":"+releaseName final String owner = "fcli-functional-test"; - + public FoDApp createWebApp() { - Fcli.run("fod app create $appName "+ + Fcli.run("fod app create $appName "+ "--description Auto\\ created\\ by\\ test " + - "--sdlc-status=Development " + + "--sdlc-status=Development " + "--release=$releaseName "+ "--owner=$owner " + "--app-type=Web " + @@ -42,7 +42,7 @@ public abstract class AbstractFoDAppSupplier extends AbstractCloseableEntitySupp {it.expectSuccess(true, "Unable to create web application")}) return this } - + public FoDApp createMobileApp() { Fcli.run("fod app create $appName "+ "--description Auto\\ created\\ by\\ test " + @@ -56,7 +56,7 @@ public abstract class AbstractFoDAppSupplier extends AbstractCloseableEntitySupp {it.expectSuccess(true, "Unable to create mobile application")}) return this } - + public FoDApp createMicroservicesApp() { Fcli.run("fod app create $appName "+ "--description Auto\\ created\\ by\\ test " + @@ -70,16 +70,16 @@ public abstract class AbstractFoDAppSupplier extends AbstractCloseableEntitySupp {it.expectSuccess(true, "Unable to create microservices application")}) return this } - + public String get(String propertyPath) { Fcli.run("util var contents $variableName -o expr={$propertyPath}", {it.expectSuccess(true, "Error getting application release property "+propertyPath)}) - .stdout[0] + .stdout[0] } - + public void close() { Fcli.run("fod app delete $applicationName", - {it.expectSuccess(true, "Unable to delete application release")}) + {it.expectSuccess(true, "Unable to delete application release")}) } } } diff --git a/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/_common/FoDUserGroupSupplier.groovy b/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/_common/FoDUserGroupSupplier.groovy index 05b1cb0b34..53c1063e7d 100644 --- a/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/_common/FoDUserGroupSupplier.groovy +++ b/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/_common/FoDUserGroupSupplier.groovy @@ -1,13 +1,13 @@ /** * Copyright 2023 Open Text. * - * The only warranties for products and services of Open Text - * and its affiliates and licensors ("Open Text") are as may - * be set forth in the express warranty statements accompanying - * such products and services. Nothing herein should be construed - * as constituting an additional warranty. Open Text shall not be - * liable for technical or editorial errors or omissions contained - * herein. The information contained herein is subject to change + * The only warranties for products and services of Open Text + * and its affiliates and licensors ("Open Text") are as may + * be set forth in the express warranty statements accompanying + * such products and services. Nothing herein should be construed + * as constituting an additional warranty. Open Text shall not be + * liable for technical or editorial errors or omissions contained + * herein. The information contained herein is subject to change * without notice. */ package com.fortify.cli.ftest.fod._common @@ -20,29 +20,29 @@ public class FoDUserGroupSupplier extends AbstractCloseableEntitySupplier { protected FoDUser createInstance() { new FoDUser().create() } - + public static final class FoDUser implements Closeable { private final String random = System.currentTimeMillis() final String variableName = "fod_user_"+random final String variableRef = "::"+variableName+"::" final String userName = "fcli-"+random - + public FoDUser create() { Fcli.run("fod rest lookup Roles --store roles") Fcli.run("fod user create $userName --email=test@test.test --firstname=test --lastname=user --phone=1234 --role=::roles::get(0).value " + @@ -34,16 +34,16 @@ public class FoDUserSupplier extends AbstractCloseableEntitySupplier { {it.expectSuccess(true, "Unable to create user")}) return this } - + public String get(String propertyPath) { Fcli.run("util var contents $variableName -o expr={$propertyPath}", {it.expectSuccess(true, "Error getting application release property "+propertyPath)}) - .stdout[0] + .stdout[0] } - + public void close() { Fcli.run("fod user delete $userName", - {it.expectSuccess(true, "Unable to delete user")}) + {it.expectSuccess(true, "Unable to delete user")}) } } }