feat: SSC: Add support for importing Debricked results

fortify · Jan 17, 2023 · e2a6f1e · e2a6f1e
1 parent f2e47b0
commit e2a6f1e
Show file tree

Hide file tree

Showing 10 changed files with 420 additions and 30 deletions.
diff --git a/...rtify/cli/ssc/appversion_artifact/cli/cmd/AbstractSSCAppVersionArtifactUploadCommand.java b/...rtify/cli/ssc/appversion_artifact/cli/cmd/AbstractSSCAppVersionArtifactUploadCommand.java
@@ -0,0 +1,77 @@
+/*******************************************************************************
+ * (c) Copyright 2021 Micro Focus or one of its affiliates
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a 
+ * copy of this software and associated documentation files (the 
+ * "Software"), to deal in the Software without restriction, including without 
+ * limitation the rights to use, copy, modify, merge, publish, distribute, 
+ * sublicense, and/or sell copies of the Software, and to permit persons to 
+ * whom the Software is furnished to do so, subject to the following 
+ * conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included 
+ * in all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY 
+ * KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE 
+ * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 
+ * PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 
+ * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF 
+ * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 
+ * IN THE SOFTWARE.
+ ******************************************************************************/
+package com.fortify.cli.ssc.appversion_artifact.cli.cmd;
+
+import java.io.File;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fortify.cli.common.json.JsonHelper;
+import com.fortify.cli.common.output.cli.cmd.unirest.IUnirestBaseRequestSupplier;
+import com.fortify.cli.common.util.StringUtils;
+import com.fortify.cli.ssc.appversion.cli.mixin.SSCAppVersionResolverMixin;
+import com.fortify.cli.ssc.appversion.helper.SSCAppVersionDescriptor;
+import com.fortify.cli.ssc.rest.SSCUrls;
+
+import io.micronaut.core.annotation.ReflectiveAccess;
+import kong.unirest.HttpRequest;
+import kong.unirest.HttpRequestWithBody;
+import kong.unirest.UnirestInstance;
+import picocli.CommandLine.Mixin;
+
+@ReflectiveAccess
+public abstract class AbstractSSCAppVersionArtifactUploadCommand extends AbstractSSCAppVersionArtifactOutputCommand implements IUnirestBaseRequestSupplier {
+    @Mixin private SSCAppVersionResolverMixin.RequiredOption parentResolver;
+
+    @Override
+    public final HttpRequest<?> getBaseRequest(UnirestInstance unirest) {
+    	String engineType = getEngineType();
+        SSCAppVersionDescriptor av = parentResolver.getAppVersionDescriptor(unirest);
+        HttpRequestWithBody request = unirest.post(SSCUrls.PROJECT_VERSION_ARTIFACTS(av.getVersionId()));
+        if ( StringUtils.isNotBlank(engineType) ) {
+        	// TODO Check parser plugin is enabled in SSC
+        	request = request.queryString("engineType", engineType);
+        }
+        File file = getFile();
+        preUpload(unirest, file);
+        JsonNode uploadResponse = request.multiPartContent()
+        		.field("file", file)
+        		.asObject(JsonNode.class).getBody();
+        postUpload(unirest, file);
+        String artifactId = JsonHelper.evaluateJsonPath(uploadResponse, "$.data.id", String.class);
+        // TODO Do we actually show any scan data from the embedded scans?
+        return unirest.get(SSCUrls.ARTIFACT(artifactId)).queryString("embed","scans");
+    }
+
+	@Override
+    public boolean isSingular() {
+        return true;
+    }
+
+    protected abstract String getEngineType();
+    protected abstract File getFile();
+
+    protected void preUpload(UnirestInstance unirest, File file) {}
+    protected void postUpload(UnirestInstance unirest, File file) {}
+}
diff --git a/...n/java/com/fortify/cli/ssc/appversion_artifact/cli/cmd/SSCAppVersionArtifactCommands.java b/...n/java/com/fortify/cli/ssc/appversion_artifact/cli/cmd/SSCAppVersionArtifactCommands.java
@@ -2,6 +2,7 @@
 
 import com.fortify.cli.common.cli.cmd.AbstractFortifyCLICommand;
 import com.fortify.cli.common.variable.PredefinedVariable;
+import com.fortify.cli.ssc.appversion_artifact.cli.cmd.imprt.SSCAppVersionArtifactImportFromCommands;
 import com.fortify.cli.ssc.appversion_artifact.cli.cmd.purge.SSCAppVersionArtifactPurgeCommands;
 
 import picocli.CommandLine.Command;
@@ -13,6 +14,7 @@
             SSCAppVersionArtifactDeleteCommand.class,
             SSCAppVersionArtifactDownloadCommand.class,
             SSCAppVersionArtifactGetCommand.class,
+            SSCAppVersionArtifactImportFromCommands.class,
             SSCAppVersionArtifactListCommand.class,
             SSCAppVersionArtifactPurgeCommands.class,
             SSCAppVersionArtifactUploadCommand.class,

diff --git a/...com/fortify/cli/ssc/appversion_artifact/cli/cmd/SSCAppVersionArtifactDownloadCommand.java b/...com/fortify/cli/ssc/appversion_artifact/cli/cmd/SSCAppVersionArtifactDownloadCommand.java
@@ -41,7 +41,6 @@
 import kong.unirest.UnirestInstance;
 import lombok.Getter;
 import picocli.CommandLine;
-import picocli.CommandLine.ArgGroup;
 import picocli.CommandLine.Command;
 import picocli.CommandLine.Mixin;
 import picocli.CommandLine.Option;

diff --git a/...a/com/fortify/cli/ssc/appversion_artifact/cli/cmd/SSCAppVersionArtifactUploadCommand.java b/...a/com/fortify/cli/ssc/appversion_artifact/cli/cmd/SSCAppVersionArtifactUploadCommand.java
@@ -26,19 +26,9 @@
 
 import java.io.File;
 
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fortify.cli.common.json.JsonHelper;
-import com.fortify.cli.common.output.cli.cmd.unirest.IUnirestBaseRequestSupplier;
-import com.fortify.cli.common.util.StringUtils;
-import com.fortify.cli.ssc.appversion.cli.mixin.SSCAppVersionResolverMixin;
-import com.fortify.cli.ssc.appversion.helper.SSCAppVersionDescriptor;
 import com.fortify.cli.ssc.output.cli.mixin.SSCOutputHelperMixins;
-import com.fortify.cli.ssc.rest.SSCUrls;
 
 import io.micronaut.core.annotation.ReflectiveAccess;
-import kong.unirest.HttpRequest;
-import kong.unirest.HttpRequestWithBody;
-import kong.unirest.UnirestInstance;
 import lombok.Getter;
 import picocli.CommandLine.Command;
 import picocli.CommandLine.Mixin;
@@ -47,28 +37,12 @@
 
 @ReflectiveAccess
 @Command(name = SSCOutputHelperMixins.Upload.CMD_NAME)
-public class SSCAppVersionArtifactUploadCommand extends AbstractSSCAppVersionArtifactOutputCommand implements IUnirestBaseRequestSupplier {
+public class SSCAppVersionArtifactUploadCommand extends AbstractSSCAppVersionArtifactUploadCommand {
     @Getter @Mixin private SSCOutputHelperMixins.Upload outputHelper; 
-    @Mixin private SSCAppVersionResolverMixin.RequiredOption parentResolver;
-    @Parameters(arity="1") private String filePath;
+    @Getter @Parameters(arity="1") private File file;
 
     @Option(names = {"-e", "--engine-type"})
-    private String engineType;
-
-    @Override
-    public HttpRequest<?> getBaseRequest(UnirestInstance unirest) {
-        SSCAppVersionDescriptor av = parentResolver.getAppVersionDescriptor(unirest);
-        HttpRequestWithBody request = unirest.post(SSCUrls.PROJECT_VERSION_ARTIFACTS(av.getVersionId()));
-        if ( StringUtils.isNotBlank(engineType) ) {
-            request.queryString("engineType", engineType);
-        }
-        JsonNode uploadResponse = request.multiPartContent()
-                .field("file", new File(filePath))
-                .asObject(JsonNode.class).getBody();
-        String artifactId = JsonHelper.evaluateJsonPath(uploadResponse, "$.data.id", String.class);
-        // TODO Do we actually show any scan data from the embedded scans?
-        return unirest.get(SSCUrls.ARTIFACT(artifactId)).queryString("embed","scans");
-    }
+    @Getter private String engineType;
 
     @Override
     public boolean isSingular() {

diff --git a/...fy/cli/ssc/appversion_artifact/cli/cmd/imprt/SSCAppVersionArtifactImportFromCommands.java b/...fy/cli/ssc/appversion_artifact/cli/cmd/imprt/SSCAppVersionArtifactImportFromCommands.java
@@ -0,0 +1,15 @@
+package com.fortify.cli.ssc.appversion_artifact.cli.cmd.imprt;
+
+import com.fortify.cli.common.cli.cmd.AbstractFortifyCLICommand;
+import com.fortify.cli.ssc.appversion_artifact.cli.cmd.imprt.debricked.SSCAppVersionArtifactImportFromDebrickedCommand;
+
+import picocli.CommandLine.Command;
+
+@Command(
+        name = "import",
+        subcommands = {
+            SSCAppVersionArtifactImportFromDebrickedCommand.class
+        }
+)
+public class SSCAppVersionArtifactImportFromCommands extends AbstractFortifyCLICommand {
+}
diff --git a/...om/fortify/cli/ssc/appversion_artifact/cli/cmd/imprt/debricked/DebrickedLoginOptions.java b/...om/fortify/cli/ssc/appversion_artifact/cli/cmd/imprt/debricked/DebrickedLoginOptions.java
@@ -0,0 +1,40 @@
+package com.fortify.cli.ssc.appversion_artifact.cli.cmd.imprt.debricked;
+
+import com.fortify.cli.common.rest.runner.config.IUserCredentialsConfig;
+
+import io.micronaut.core.annotation.ReflectiveAccess;
+import lombok.Getter;
+import picocli.CommandLine.ArgGroup;
+import picocli.CommandLine.Option;
+
+@ReflectiveAccess
+public class DebrickedLoginOptions {
+    @ArgGroup(exclusive = false, multiplicity = "1", order = 1)
+    @Getter private DebrickedUrlConfigOptions urlConfigOptions = new DebrickedUrlConfigOptions();
+
+    @ArgGroup(exclusive = true, multiplicity = "1", order = 2)
+    @Getter private DebrickedAuthOptions authOptions = new DebrickedAuthOptions();
+
+    @ReflectiveAccess
+    public static class DebrickedAuthOptions {
+        @ArgGroup(exclusive = false, multiplicity = "1", order = 1) 
+        @Getter private DebrickedUserCredentialOptions userCredentialsOptions;
+        @ArgGroup(exclusive = false, multiplicity = "1", order = 2) 
+        @Getter private DebrickedAccessTokenCredentialOptions tokenOptions;
+    }
+
+    @ReflectiveAccess
+    public static class DebrickedUserCredentialOptions implements IUserCredentialsConfig {
+    	@Option(names = {"--debricked-user", "-u"}, required = true)
+        @Getter private String user;
+
+        @Option(names = {"--debricked-password", "-p"}, interactive = true, echo = false, arity = "0..1", required = true)
+        @Getter private char[] password;
+    }
+
+    @ReflectiveAccess
+    public static class DebrickedAccessTokenCredentialOptions {
+        @Option(names = {"--debricked-access-token", "-t"}, interactive = true, echo = false, arity = "0..1", required = true)
+        @Getter private char[] accessToken;
+    }
+}
diff --git a/...ortify/cli/ssc/appversion_artifact/cli/cmd/imprt/debricked/DebrickedUrlConfigOptions.java b/...ortify/cli/ssc/appversion_artifact/cli/cmd/imprt/debricked/DebrickedUrlConfigOptions.java
@@ -0,0 +1,45 @@
+/*******************************************************************************
+ * (c) Copyright 2021 Micro Focus or one of its affiliates
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a 
+ * copy of this software and associated documentation files (the 
+ * "Software"), to deal in the Software without restriction, including without 
+ * limitation the rights to use, copy, modify, merge, publish, distribute, 
+ * sublicense, and/or sell copies of the Software, and to permit persons to 
+ * whom the Software is furnished to do so, subject to the following 
+ * conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included 
+ * in all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY 
+ * KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE 
+ * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 
+ * PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 
+ * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF 
+ * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 
+ * IN THE SOFTWARE.
+ ******************************************************************************/
+package com.fortify.cli.ssc.appversion_artifact.cli.cmd.imprt.debricked;
+
+import com.fortify.cli.common.rest.runner.config.IUrlConfig;
+
+import io.micronaut.core.annotation.ReflectiveAccess;
+import lombok.Getter;
+import picocli.CommandLine.Option;
+
+@ReflectiveAccess
+public class DebrickedUrlConfigOptions implements IUrlConfig {
+	// For now, this option is hidden as there is only the single debricked.com SaaS instance
+    @Option(names = {"--debricked-url"}, required = true, order=1, defaultValue = "https://debricked.com", hidden = true)
+    @Getter private String url;
+
+    @Option(names = {"--insecure", "-k"}, required = false, description = "Disable SSL checks", defaultValue = "false", order=6)
+    @Getter private Boolean insecureModeEnabled;
+
+    public boolean hasUrlConfig() {
+        return url!=null;
+    }
+}