feat: fcli sc-sast session login: Allow for overriding SC SAST Cont…

…roller URL (resolves #611)

Co-authored-by: Sangamesh Vijaykumar <[email protected]>

fcli-core/fcli-common/src/main/java/com/fortify/cli/common/rest/unirest/config/UrlConfig.java

@@ -35,15 +35,10 @@ public static final UrlConfig from(IUrlConfig other) {
     }
 
     public static final UrlConfigBuilder builderFrom(IUrlConfig other) {
-        UrlConfigBuilder builder = UrlConfig.builder();
-        if ( other!=null ) {
-            builder = builder
-                .url(other.getUrl())
-                .insecureModeEnabled(other.isInsecureModeEnabled())
-                .connectTimeoutInMillis(other.getConnectTimeoutInMillis())
-                .socketTimeoutInMillis(other.getSocketTimeoutInMillis());
+        if (null != other) {
+            return builderFrom(other).url(other.getUrl());
         }
-        return builder;
+        return builderFrom(other);
     }
 
     public static final UrlConfigBuilder builderFrom(IUrlConfig other, IUrlConfig overrides) {
@@ -57,6 +52,17 @@ public static final UrlConfigBuilder builderFrom(IUrlConfig other, IUrlConfig ov
         return builder;
     }
 
+    public static final UrlConfigBuilder builderFrom(IConnectionConfig other) {
+        UrlConfigBuilder builder = UrlConfig.builder();
+        if ( other!=null ) {
+            builder = builder
+                .insecureModeEnabled(other.isInsecureModeEnabled())
+                .connectTimeoutInMillis(other.getConnectTimeoutInMillis())
+                .socketTimeoutInMillis(other.getSocketTimeoutInMillis());
+        }
+        return builder;
+    }
+
     private static final void override(String value, Consumer<String> setter) {
         if ( StringUtils.isNotBlank(value) ) { setter.accept(value); }
     }

fcli-core/fcli-sc-sast/src/main/java/com/fortify/cli/sc_sast/_common/session/cli/cmd/SCSastSessionLoginCommand.java

@@ -15,10 +15,10 @@
 import com.fortify.cli.common.output.cli.mixin.OutputHelperMixins;
 import com.fortify.cli.common.rest.unirest.GenericUnirestFactory;
 import com.fortify.cli.common.rest.unirest.UnexpectedHttpResponseException;
-import com.fortify.cli.common.rest.unirest.config.IUrlConfig;
 import com.fortify.cli.common.session.cli.cmd.AbstractSessionLoginCommand;
 import com.fortify.cli.sc_sast._common.rest.helper.SCSastUnirestHelper;
 import com.fortify.cli.sc_sast._common.session.cli.mixin.SCSastSessionLoginOptions;
+import com.fortify.cli.sc_sast._common.session.helper.ISCSastAndSSCUrlConfig;
 import com.fortify.cli.sc_sast._common.session.helper.SCSastSessionDescriptor;
 import com.fortify.cli.sc_sast._common.session.helper.SCSastSessionHelper;
 import com.fortify.cli.ssc._common.session.helper.ISSCCredentialsConfig;
@@ -41,9 +41,9 @@ protected void logoutBeforeNewLogin(String sessionName, SCSastSessionDescriptor
 
     @Override
     protected SCSastSessionDescriptor login(String sessionName) {
-        IUrlConfig urlConfig = sessionLoginOptions.getUrlConfigOptions();
+        ISCSastAndSSCUrlConfig scSastAndSscUrlConfig = sessionLoginOptions.getScSastAndSscUrlConfigOptions();
         ISSCCredentialsConfig credentialsConfig = sessionLoginOptions.getCredentialOptions();
-        return new SCSastSessionDescriptor(urlConfig, credentialsConfig, sessionLoginOptions.getClientAuthToken());
+        return new SCSastSessionDescriptor(scSastAndSscUrlConfig, credentialsConfig, sessionLoginOptions.getClientAuthToken());
     }
 
     @Override

fcli-core/fcli-sc-sast/src/main/java/com/fortify/cli/sc_sast/_common/session/cli/mixin/SCSastUrlConfigOptions.java → fcli-core/fcli-sc-sast/src/main/java/com/fortify/cli/sc_sast/_common/session/cli/mixin/SCSastAndSSCUrlConfigOptions.java

@@ -13,16 +13,15 @@
 package com.fortify.cli.sc_sast._common.session.cli.mixin;
 
 import com.fortify.cli.common.rest.cli.mixin.ConnectionConfigOptions;
-import com.fortify.cli.common.rest.unirest.config.IUrlConfig;
+import com.fortify.cli.sc_sast._common.session.helper.ISCSastAndSSCUrlConfig;
 
 import lombok.Getter;
 import picocli.CommandLine.Option;
 
-public class SCSastUrlConfigOptions extends ConnectionConfigOptions implements IUrlConfig {
+public class SCSastAndSSCUrlConfigOptions extends ConnectionConfigOptions implements ISCSastAndSSCUrlConfig {
     @Option(names = {"--ssc-url"}, required = true, order=1)
-    @Getter private String url;
+    @Getter private String sscUrl;
 
-    public boolean hasUrlConfig() {
-        return url!=null;
-    }
+    @Option(names = {"--ctrl-url", "-curl"}, required = false, order=1)
+    @Getter private String controllerUrl;
 }

fcli-core/fcli-sc-sast/src/main/java/com/fortify/cli/sc_sast/_common/session/cli/mixin/SCSastSessionLoginOptions.java

@@ -21,7 +21,7 @@
 
 public class SCSastSessionLoginOptions {
     @ArgGroup(exclusive = false, multiplicity = "1", order = 1)
-    @Getter private SCSastUrlConfigOptions urlConfigOptions = new SCSastUrlConfigOptions();
+    @Getter private SCSastAndSSCUrlConfigOptions scSastAndSscUrlConfigOptions = new SCSastAndSSCUrlConfigOptions();
 
     @Option(names = {"--client-auth-token", "-c"}, required = true, interactive = true, arity = "0..1", echo = false) 
     @Getter private char[] clientAuthToken;

fcli-core/fcli-sc-sast/src/main/java/com/fortify/cli/sc_sast/_common/session/helper/ISCSastAndSSCUrlConfig.java

@@ -0,0 +1,14 @@
+/**
+ * 
+ */
+package com.fortify.cli.sc_sast._common.session.helper;
+
+import com.fortify.cli.common.rest.unirest.config.IConnectionConfig;
+
+/**
+ * Interface for the functions to get the SSC URL and the Controller URL
+ */
+public interface ISCSastAndSSCUrlConfig extends IConnectionConfig {
+    String getSscUrl();
+    String getControllerUrl();
+}

fcli-core/fcli-sc-sast/src/main/java/com/fortify/cli/sc_sast/_common/session/helper/SCSastSessionDescriptor.java

@@ -34,8 +34,8 @@
 import com.fortify.cli.ssc._common.session.helper.ISSCUserCredentialsConfig;
 import com.fortify.cli.ssc.access_control.helper.SSCTokenCreateRequest;
 import com.fortify.cli.ssc.access_control.helper.SSCTokenGetOrCreateResponse;
-import com.fortify.cli.ssc.access_control.helper.SSCTokenHelper;
 import com.fortify.cli.ssc.access_control.helper.SSCTokenGetOrCreateResponse.SSCTokenData;
+import com.fortify.cli.ssc.access_control.helper.SSCTokenHelper;
 
 import kong.unirest.UnirestInstance;
 import lombok.Data;
@@ -53,17 +53,14 @@ public class SCSastSessionDescriptor extends AbstractSessionDescriptor {
     private char[] predefinedSscToken;
     private SSCTokenGetOrCreateResponse cachedSscTokenResponse;
 
-    public SCSastSessionDescriptor(IUrlConfig sscUrlConfig, ISSCCredentialsConfig credentialsConfig, char[] scSastClientAuthToken) {
-        this(sscUrlConfig, null, credentialsConfig, scSastClientAuthToken);
-    }
 
-    public SCSastSessionDescriptor(IUrlConfig sscUrlConfig, IUrlConfig scSastUrlConfig, ISSCCredentialsConfig credentialsConfig, char[] scSastClientAuthToken) {
-        this.sscUrlConfig = sscUrlConfig;
+    public SCSastSessionDescriptor(ISCSastAndSSCUrlConfig scSastAndSscUrlConfig, ISSCCredentialsConfig credentialsConfig, char[] scSastClientAuthToken) {
+        this.sscUrlConfig = UrlConfig.builderFrom(scSastAndSscUrlConfig).url(scSastAndSscUrlConfig.getSscUrl()).build();
         this.predefinedSscToken = credentialsConfig.getPredefinedToken();
         this.scSastClientAuthToken = scSastClientAuthToken;
         this.cachedSscTokenResponse = getOrGenerateToken(sscUrlConfig, credentialsConfig);
         char[] activeToken = getActiveSSCToken();
-        this.scSastUrlConfig = activeToken==null ? null : buildScSastUrlConfig(sscUrlConfig, scSastUrlConfig, activeToken);
+        this.scSastUrlConfig = activeToken==null ? null : buildScSastUrlConfig(sscUrlConfig, scSastAndSscUrlConfig, activeToken);
     }
 
     @JsonIgnore
@@ -164,13 +161,12 @@ private SSCTokenData getCachedSscTokenResponseData() {
                 : cachedSscTokenResponse.getData();
     }
 
-    private static final IUrlConfig buildScSastUrlConfig(IUrlConfig sscUrlConfig, IUrlConfig scSastUrlConfig, char[] activeToken) {
-        String scSastUrl = scSastUrlConfig!=null && StringUtils.isNotBlank(scSastUrlConfig.getUrl())
-                ? scSastUrlConfig.getUrl()
-                : getScSastUrl(sscUrlConfig, activeToken);
-        UrlConfig.UrlConfigBuilder builder = UrlConfig.builderFrom(sscUrlConfig, scSastUrlConfig);
-        builder.url(scSastUrl);
-        return builder.build();
+    private static final IUrlConfig buildScSastUrlConfig(IUrlConfig sscUrlConfig, ISCSastAndSSCUrlConfig scSastAndSscUrlConfig, char[] activeToken) {
+        String controllerUrl = scSastAndSscUrlConfig.getControllerUrl();
+        if (null == controllerUrl || StringUtils.isBlank(controllerUrl)) {
+            controllerUrl = getScSastUrl(sscUrlConfig, activeToken);
+        }
+        return UrlConfig.builderFrom(scSastAndSscUrlConfig).url(controllerUrl).build();
     }
 
     private static String getScSastUrl(IUrlConfig sscUrlConfig, char[] activeToken) {

fcli-core/fcli-sc-sast/src/main/resources/com/fortify/cli/sc_sast/i18n/SCSastMessages.properties

@@ -74,6 +74,7 @@ fcli.sc-sast.session.login.ssc-url.0 = SSC URL.
 fcli.sc-sast.session.login.ssc-url.1 = Environment variables:%n \
   ${fcli.env.default.prefix}_SSC_URL: Shared with SSC/SC DAST%n \
   ${fcli.env.default.prefix}_SC_SAST_SSC_URL: Only SC SAST commands
+fcli.sc-sast.session.login.ctrl-url = Override ScanCentral SAST Controller URL. If not specified, the controller URL as configured in SSC will be used.
 
 # fcli sc-sast session logout
 fcli.sc-sast.session.logout.usage.header = Terminate ScanCentral SAST session.