chore: update help messages, add FoD functional tests (#465)

* chore: update scan import description * chore: update help messages * update help messages * chore: update help messages
fortify · Oct 25, 2023 · 640acf3 · 640acf3
1 parent 7960fe2
commit 640acf3
Show file tree

Hide file tree

Showing 3 changed files with 147 additions and 17 deletions.
diff --git a/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/i18n/FoDMessages.properties b/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/i18n/FoDMessages.properties
@@ -34,7 +34,7 @@ fcli.fod.app.app-criticality = The business criticality of the application. Vali
 fcli.fod.release.sdlc-status = The SDLC lifecycle status of the release. Valid values: ${COMPLETION-CANDIDATES}
 fcli.fod.scan.time-period = Time period to retrieve results over. Valid values: ${COMPLETION-CANDIDATES}. Default value is Last30.
 fcli.fod.scan.entitlement-preference = The entitlement preference to use. Valid values: ${COMPLETION-CANDIDATES}. Default is SubscriptionFirstThenSingleScan.
-fcli.fod.scan.assessment-type = The assessment type to use. Use 'assessment-type list' to find valid values.
+fcli.fod.scan.assessment-type = The assessment type to use. Use 'release list-assessment-types' to find valid values.
 fcli.fod.scan.in-progress-action = The action to use if a scan is already in progress. Valid values: ${COMPLETION-CANDIDATES}.
 fcli.fod.scan.remediation-preference = The remediation preference to use. Valid values: ${COMPLETION-CANDIDATES}.
 fcli.fod.microservice.resolver.name = Microservice name in the format <application>:<microservice>.
@@ -338,8 +338,6 @@ fcli.fod.scan.wait-for.usage.description.2 = ${fcli.fod.scan.states:-See fcli he
 fcli.fod.scan.wait-for.until = Wait until either any or all scans match. If neither --until or --while are specified, default is to wait until all scans match.
 fcli.fod.scan.wait-for.while = Wait while either any or all scans match.
 fcli.fod.scan.wait-for.any-state = One or more scan states against which to match the given scans.
-fcli.fod.scan.import.usage.header = Import existing scan results.
-fcli.fod.scan.import.scan-file = File containing existing scan results to be imported.
 
 ### For the "fod sast-scan" command ###
 fcli.fod.sast-scan.usage.header = Manage FoD SAST scans.
@@ -384,7 +382,7 @@ fcli.fod.sast-scan.setup.usage.description.0 = This command is not fully impleme
   any workflows in which this command is being used.
 fcli.fod.sast-scan.setup.usage.description.1 = To correctly setup a scan you will need to provide the name of the \
   assessment type using the '--assessment-type=xxx' option. Since assessment types can potentially be configured \
-  differently for each tenant, you can find the correct name using the 'fod assessment-type list' command.
+  differently for each tenant, you can find the correct name using the 'fod release list-assessment-types' command.
 fcli.fod.sast-scan.setup.usage.description.2 = If you know the Id of an entitlement that you want to use then you \
   can supply it to the '--entitlement-id=xxx' option. If not, you can supply both '--assessment-type' and \
   '--entitlement-frequency' options and the command will try to find an appropriate entitlement.
@@ -396,14 +394,15 @@ fcli.fod.sast-scan.setup.usage.description.3 = For the '--technology-stack' and
 fcli.fod.sast-scan.setup.entitlement-frequency = The Entitlement Frequency to use. Valid values: ${COMPLETION-CANDIDATES}.
 fcli.fod.sast-scan.setup.entitlement-id = Entitlement Id to use. If not specified Frequency and Assessment Type will be used to find one.
 fcli.fod.sast-scan.setup.validate-entitlement = Check if the entitlement assigned is still valid, e.g. it has not expired.
-fcli.fod.sast-scan.setup.assessment-type = The type of Static assessment to carry out. Use 'assessment-type list' to find valid values.
+fcli.fod.sast-scan.setup.assessment-type = The type of Static assessment to carry out. Use 'release list-assessment-types' to find valid values.
 fcli.fod.sast-scan.setup.technology-stack = The technology stack of the application.
 fcli.fod.sast-scan.setup.language-level = The language level of the technology stack (if needed).
 fcli.fod.sast-scan.setup.oss = Perform Open Source Analysis scan.
 fcli.fod.sast-scan.setup.audit-preference = Audit preference, e.g. Manual or Automated
 fcli.fod.sast-scan.setup.include-third-party-libs = Indicates if third party libraries should be included.
 fcli.fod.sast-scan.setup.use-source-control = Indicates if source control should be used.
 fcli.fod.sast-scan.import.usage.header = Import existing SAST scan results (from an FPR file).
+fcli.fod.sast-scan.import.usage.description = As FoD doesn't return a scan id for imported scans, the output of this command cannot be used with commands that expect a scan id, like the wait-for command.
 fcli.fod.sast-scan.import.file = FPR file containing existing SAST scan results to be imported.
 fcli.fod.sast-scan.download.usage.header = Download scan results.
 fcli.fod.sast-scan.download.file = File path and name where to save the FPR file.
@@ -447,20 +446,21 @@ fcli.fod.dast-scan.start-legacy.usage.description.1 = The scan will need to have
   'fod dast-scan setup' command.
 fcli.fod.dast-scan.start-legacy.usage.description.2 = To correctly start a scan you will need to provide the name of the \
   assessment type using the '--assessment-type=xxx' option. Since assessment types can potentially be configured \
-  differently for each tenant, you can find the correct name using the 'fod assessment-type list --scan-types=Dynamic' command.
+  differently for each tenant, you can find the correct name using the 'fod release list-assessment-types --scan-types=Dynamic' command.
 fcli.fod.dast-scan.start-legacy.usage.description.3 = The scan will need to have been previously setup using the FoD UI or the \
   'fod dast-scan setup' command.
 fcli.fod.dast-scan.start-legacy.usage.description.4 = If you know the Id of an entitlement that you want to use then you \
   can supply it to the '--entitlement-id=xxx' option. If not, you can supply both '--assessment-type' and \
   '--entitlement-frequency' options and the command will try to find an appropriate entitlement.
-fcli.fod.dast-scan.start-legacy.assessment-type = The type of Dynamic assessment to carry out. Use 'assessment-type list' to find valid values.
+fcli.fod.dast-scan.start-legacy.assessment-type = The type of Dynamic assessment to carry out. Use 'release list-assessment-types' to find valid values.
 fcli.fod.dast-scan.start-legacy.start-date = ${fcli.fod.sast-scan.start.start-date}
 fcli.fod.dast-scan.start-legacy.entitlement-id = ${fcli.fod.sast-scan.start.entitlement-id}
 fcli.fod.dast-scan.start-legacy.notes = ${fcli.fod.sast-scan.start.notes}
 fcli.fod.dast-scan.start-legacy.file = ${fcli.fod.sast-scan.start.file}
 fcli.fod.dast-scan.start-legacy.chunk-size = ${fcli.fod.sast-scan.start.chunk-size}
 fcli.fod.dast-scan.start-legacy.timezone = The timezone to use for starting the scan - default is UTC. Use 'fod rest lookup TimeZones' to see the values.
 fcli.fod.dast-scan.import.usage.header = Import existing DAST scan results (from an FPR file).
+fcli.fod.dast-scan.import.usage.description = As FoD doesn't return a scan id for imported scans, the output of this command cannot be used with commands that expect a scan id, like the wait-for command.
 fcli.fod.dast-scan.import.file = FPR file containing existing DAST scan results to be imported.
 fcli.fod.dast-scan.download.usage.header = Download scan results.
 fcli.fod.dast-scan.download.file = File path and name where to save the FPR file.
@@ -503,21 +503,22 @@ fcli.fod.mast-scan.start.usage.description.1 = The scan will need to have been p
   'fod mast-scan setup' command.
 fcli.fod.mast-scan.start.usage.description.2 = To correctly start a scan you will need to provide the name of the \
   assessment type using the '--assessment-type=xxx' option. Since assessment types can potentially be configured \
-  differently for each tenant, you can find the correct name using the 'fod assessment-type list --scan-types=Mobile' command.
+  differently for each tenant, you can find the correct name using the 'fod release list-assessment-types --scan-types=Mobile' command.
 fcli.fod.mast-scan.start.usage.description.3 = The scan will need to have been previously setup using the FoD UI or the \
   'fod dast-scan setup' command.
 fcli.fod.mast-scan.start.usage.description.4 = If you know the Id of an entitlement that you want to use then you \
   can supply it to the '--entitlement-id=xxx' option. If not, you can supply both '--assessment-type' and \
   '--entitlement-frequency' options and the command will try to find an appropriate entitlement.
 fcli.fod.mast-scan.start.start-date = ${fcli.fod.sast-scan.start.start-date}
-fcli.fod.mast-scan.start.assessment-type = The type of MAST assessment to carry out. Use 'assessment-type list' to find valid values.
+fcli.fod.mast-scan.start.assessment-type = The type of MAST assessment to carry out. Use 'release list-assessment-types' to find valid values.
 fcli.fod.mast-scan.start.entitlement-id = ${fcli.fod.sast-scan.start.entitlement-id}
 fcli.fod.mast-scan.start.entitlement-frequency = The Entitlement Frequency to use. Valid values: ${COMPLETION-CANDIDATES}.
 fcli.fod.mast-scan.start.notes = ${fcli.fod.sast-scan.start.notes}
 fcli.fod.mast-scan.start.file = ${fcli.fod.sast-scan.start.file}
 fcli.fod.mast-scan.start.framework = The Mobile Framework to use. Valid values: ${COMPLETION-CANDIDATES}.
 fcli.fod.mast-scan.start.timezone = The timezone to use for starting the scan - default is UTC. Use 'fod rest lookup TimeZones' to see the values.
 fcli.fod.mast-scan.import.usage.header = Import existing MAST scan results (from an FPR file).
+fcli.fod.mast-scan.import.usage.description = As FoD doesn't return a scan id for imported scans, the output of this command cannot be used with commands that expect a scan id, like the wait-for command.
 fcli.fod.mast-scan.import.file = FPR file containing existing MAST scan results to be imported.
 fcli.fod.mast-scan.download.usage.header = Download scan results.
 fcli.fod.mast-scan.download.file = File path and name where to save the FPR file.
@@ -538,6 +539,7 @@ fcli.fod.oss-scan.output.header.releaseName = Release
 fcli.fod.oss-scan.get.usage.header = Get OSS scan details.
 fcli.fod.oss-scan.list.usage.header = List OSS scans.
 fcli.fod.oss-scan.import.usage.header = Import existing OSS scan results (from an SBOM file).
+fcli.fod.oss-scan.import.usage.description = As FoD doesn't return a scan id for imported scans, the output of this command cannot be used with commands that expect a scan id, like the wait-for command.
 fcli.fod.oss-scan.import.file = FPR file containing existing OSS scan results to be imported.
 fcli.fod.oss-scan.import.type = Open Source scan results file type. Valid values: ${COMPLETION-CANDIDATES} (default value is CycloneDX).
 fcli.fod.oss-scan.start.usage.header = (PREVIEW) Start a new OSS scan.
@@ -590,5 +592,6 @@ fcli.fod.*-scan.output.table.options = scanId,analysisStatusType,applicationName
 fcli.fod.*-scan-import.output.table.options = importScanSessionId,applicationName,microserviceName,releaseName,scanType
 fcli.fod.*-scan-download.output.table.options = scanId,scanType,file
 fcli.fod.*-scan-config.output.table.options = applicationName,microserviceName,releaseName,entitlementId,status
+fcli.fod.*-scan-setup.output.table.options = applicationName,microserviceName,releaseName,entitlementId,scanType
 fcli.fod.session.output.table.options = name,type,url,created,expires,expired
 fcli.fod.rest.lookup.output.table.options = group,text,value
diff --git a/...e/fcli-license/src/main/resources/com/fortify/cli/license/i18n/LicenseMessages.properties b/...e/fcli-license/src/main/resources/com/fortify/cli/license/i18n/LicenseMessages.properties
@@ -5,7 +5,7 @@ usage.header =
 usage.description = 
 
 # fcli license
-fcli.license.usage.header = License-related commands, like license reporting
+fcli.license.usage.header = Commands for generating MSP & NCD license reports
 fcli.license.usage.description = This module provides various commands related to Fortify licensing & license reporting. 
 
 # fcli util msp-report

diff --git a/...-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDScanSpec.groovy b/...-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDScanSpec.groovy
@@ -9,6 +9,7 @@ import com.fortify.cli.ftest._common.spec.Prefix
 import com.fortify.cli.ftest._common.spec.TestResource
 import com.fortify.cli.ftest.fod._common.FoDWebAppSupplier
 import com.fortify.cli.ftest.fod._common.FoDUserSupplier
+import com.fortify.cli.ftest.fod._common.FoDMobileAppSupplier
 import com.fortify.cli.ftest.fod._common.FoDUserGroupSupplier
 
 import spock.lang.AutoCleanup
@@ -18,23 +19,149 @@ import spock.lang.Unroll
 
 @Prefix("fod.scan") @FcliSession(FOD) @Stepwise
 class FoDScanSpec extends FcliBaseSpec {
+    /*
     @Shared @TestResource("runtime/shared/EightBall-22.1.0.fpr") String sastResults
-    //@Shared @TestResource("runtime/shared/iwa_net_scandata.fpr") String dastResults
-    //@Shared @TestResource("runtime/shared/iwa_net_cyclonedx.json") String ossResults
-    @Shared @AutoCleanup FoDWebAppSupplier app = new FoDWebAppSupplier()
+    @Shared @TestResource("runtime/shared/iwa_net_scandata.fpr") String dastResults
+    @Shared @TestResource("runtime/shared/iwa_net_cyclonedx.json") String ossResults
+    @Shared @TestResource("runtime/shared/iwa_mobile.fpr") String mobileResults
+    @Shared @TestResource("runtime/shared/EightBall-package.zip") String sastpackage
+    @Shared @AutoCleanup FoDWebAppSupplier webApp = new FoDWebAppSupplier()
+    @Shared @AutoCleanup FoDMobileAppSupplier mobileApp = new FoDMobileAppSupplier()
 
-    /*
-    def "get.byId"() {
-        def args = "fod sast-scan get ::scans::get(0).scanId"
+    
+    
+    def "import-sast"() {
+        def args = "fod sast-scan import --release=${webApp.get().qualifiedRelease} --file=$sastResults --store uploadsast"
         when:
             def result = Fcli.run(args)
         then:
             verifyAll(result.stdout) {
                 size()>2
-                it[1].startsWith("startedByUserId: ")
+                it.last().contains("IMPORT_REQUESTED")
+            }
+    }
+    
+    def "import-mobile"() {
+        def args = "fod mast-scan import --release=${mobileApp.get().qualifiedRelease} --file=$mobileResults --store uploadmast"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()>2
+                it.last().contains("IMPORT_REQUESTED")
+            }
+    }
+
+    def "import-dast"() {
+        def args = "fod dast-scan import --release=${webApp.get().qualifiedRelease} --file=$dastResults --store uploaddast"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()>2
+                it.last().contains("IMPORT_REQUESTED")
+            }
+    }
+
+    def "import-oss"() {
+        def args = "fod oss-scan import --release=${webApp.get().qualifiedRelease} --file=$ossResults --store uploadoss"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()>2
+                it.last().contains("IMPORT_REQUESTED")
             }
     }
     
+    
+    def "waitForScans"() {
+        when:
+            def relScanurl = Fcli.run("fod release get ${webApp.get().qualifiedRelease} -o expr=/api/v3/releases/{releaseId}/scans --store relId").stdout[0]
+            def timeoutMs = 60000
+            def start = System.currentTimeMillis()
+            def success = true;
+            while(true){
+                def result = Fcli.run("fod rest call ${relScanurl}")
+                if(result.stdout.findAll{element -> element.contains("analysisStatusType: \"Completed\"")}.size()==3) {
+                    success=true;
+                    break;
+                } else if(System.currentTimeMillis()-start > timeoutMs) {
+                    break;
+                }
+                sleep(3000)
+            }
+        then:
+            success
+    }
+
+    
+    def "list.sast-scans"() {
+        def args = "fod sast-scan list --release=fcli-1698140484524:v1698140484524 --store sastscans"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()>=2
+                it[1].contains("FPRImport")
+            }
+    }
+    
+    def "get.sast-scan"() {
+        def args = "fod sast-scan get ::sastscans::get(0).scanId"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()>=2
+                //it.any {it.contains("applicationName: \"${webApp.get().appName}\"")}
+            }
+    }
+    
+    def "get-config.sast-scan"() {
+        def args = "fod sast-scan get-config --release=fcli-1698140484524:v1698140484524"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()>=2
+                it.last().contains("state: \"Not configured\"")
+            }
+    }
+    
+    def "download.sast-scan-byId"() {
+        def args = "fod sast-scan download ::sastscans::get(0).scanId -f=byId.fpr"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()>=2
+                it[1].contains("SCAN_DOWNLOADED")
+            }
+    }
+    
+    def "download-latest.sast-scan"() {
+        def args = "fod sast-scan download-latest --release=fcli-1698140484524:v1698140484524 -f=latest.fpr"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()>=2
+                it[1].contains("SCAN_DOWNLOADED")
+            }
+    }
+    
+    def "start.sast-scan"() {
+        def args = "fod sast-scan download-latest --release=fcli-1698140484524:v1698140484524 -f=latest.fpr"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()>=2
+                it[1].contains("SCAN_DOWNLOADED")
+            }
+    }
+    /*
     def "import-sast"() {
         //get release id
         def appRelId = Fcli.run("fod release get " + app.appName + ":" + app.versionName + " --store release")