feat: fcli sc-sast scan start: Add option to select sensor pool for…

… the scan
fortify · Sep 25, 2024 · d071d25 · d071d25
1 parent 77fcc1c
commit d071d25
Show file tree

Hide file tree

Showing 5 changed files with 152 additions and 4 deletions.
diff --git a/.../src/main/java/com/fortify/cli/sc_sast/scan/cli/cmd/SCSastControllerScanStartCommand.java b/.../src/main/java/com/fortify/cli/sc_sast/scan/cli/cmd/SCSastControllerScanStartCommand.java
@@ -28,6 +28,7 @@
 import com.fortify.cli.sc_sast.scan.helper.SCSastControllerJobType;
 import com.fortify.cli.sc_sast.scan.helper.SCSastControllerScanJobHelper;
 import com.fortify.cli.sc_sast.scan.helper.SCSastControllerScanJobHelper.StatusEndpointVersion;
+import com.fortify.cli.sc_sast.sensor_pool.cli.mixin.SCSastSensorPoolResolverMixin.AbstractSCSastSensorPoolResolverMixin;
 import com.fortify.cli.ssc.access_control.helper.SSCTokenConverter;
 import com.fortify.cli.ssc.appversion.cli.mixin.SSCAppVersionResolverMixin.AbstractSSCAppVersionResolverMixin;
 
@@ -46,6 +47,7 @@ public final class SCSastControllerScanStartCommand extends AbstractSCSastContro
     @Getter @Mixin private OutputHelperMixins.Start outputHelper;
     private String userName = System.getProperty("user.name", "unknown"); // TODO Do we want to give an option to override this?
     @Option(names = "--notify") private String email; // TODO Add email address validation
+    @Mixin private SensorPoolResolverMixin sensorPoolResolver;
     @Mixin private PublishToAppVersionResolverMixin sscAppVersionResolver;
     @Option(names = "--ssc-ci-token") private String ciToken;
 
@@ -66,6 +68,7 @@ public final JsonNode getJsonNode(UnirestInstance unirest) {
         body = updateBody(body, "email", email);
         body = updateBody(body, "buildId", optionsProvider.getScanStartOptions().getBuildId());
         body = updateBody(body, "pvId", getAppVersionId());
+        body = updateBody(body, "poolUuid", getSensorPoolUuid());
         body = updateBody(body, "uploadToken", getUploadToken());
         body = updateBody(body, "dotNetRequired", String.valueOf(optionsProvider.getScanStartOptions().isDotNetRequired()));
         body = updateBody(body, "dotNetFrameworkRequiredVersion", optionsProvider.getScanStartOptions().getDotNetVersion());
@@ -86,11 +89,17 @@ public final String getActionCommandResult() {
     public final boolean isSingular() {
         return true;
     }
-    
+
     private String getAppVersionId() {
         return sscAppVersionResolver.hasValue()
-            ? sscAppVersionResolver.getAppVersionId(getSscUnirestInstance())
-            : null;
+                ? sscAppVersionResolver.getAppVersionId(getSscUnirestInstance())
+                : null;
+    }
+
+    private String getSensorPoolUuid() {
+        return sensorPoolResolver.hasValue()
+                ? sensorPoolResolver.getSensorPoolUuid(getUnirestInstance())
+                : null;
     }
 
     private String getUploadToken() {
@@ -154,10 +163,16 @@ private void addFile(ZipOutputStream zout, String fileName, File file) throws IO
             zout.closeEntry();
         }
     }
-    
+
     private static final class PublishToAppVersionResolverMixin extends AbstractSSCAppVersionResolverMixin {
         @Option(names = {"--publish-to"}, required = false)
         @Getter private String appVersionNameOrId;
         public final boolean hasValue() { return StringUtils.isNotBlank(appVersionNameOrId); }
     }
+
+    private static final class SensorPoolResolverMixin extends AbstractSCSastSensorPoolResolverMixin {
+        @Option(names = {"--sensor-pool"}, required = false, descriptionKey = "fcli.sc-sast.sensor-pool.resolver.nameOrUuid")
+        @Getter private String sensorPoolNameOrUuid;
+        public final boolean hasValue() { return StringUtils.isNotBlank(sensorPoolNameOrUuid); }
+    }
 }
diff --git a/.../main/java/com/fortify/cli/sc_sast/sensor_pool/cli/helper/SCSastSensorPoolDescriptor.java b/.../main/java/com/fortify/cli/sc_sast/sensor_pool/cli/helper/SCSastSensorPoolDescriptor.java
@@ -0,0 +1,32 @@
+/*******************************************************************************
+ * Copyright 2021, 2023 Open Text.
+ *
+ * The only warranties for products and services of Open Text 
+ * and its affiliates and licensors ("Open Text") are as may 
+ * be set forth in the express warranty statements accompanying 
+ * such products and services. Nothing herein should be construed 
+ * as constituting an additional warranty. Open Text shall not be 
+ * liable for technical or editorial errors or omissions contained 
+ * herein. The information contained herein is subject to change 
+ * without notice.
+ *******************************************************************************/
+package com.fortify.cli.sc_sast.sensor_pool.cli.helper;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.formkiq.graalvm.annotations.Reflectable;
+import com.fortify.cli.common.json.JsonNodeHolder;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.NoArgsConstructor;
+
+import java.util.Map;
+
+@Reflectable @NoArgsConstructor
+@Data @EqualsAndHashCode(callSuper=true)
+public class SCSastSensorPoolDescriptor extends JsonNodeHolder {
+    private String uuid;
+    private String path;
+    private String name;
+    private String lastChangedOn;
+}
diff --git a/.../src/main/java/com/fortify/cli/sc_sast/sensor_pool/cli/helper/SCSastSensorPoolHelper.java b/.../src/main/java/com/fortify/cli/sc_sast/sensor_pool/cli/helper/SCSastSensorPoolHelper.java
@@ -0,0 +1,55 @@
+/*******************************************************************************
+ * Copyright 2021, 2023 Open Text.
+ *
+ * The only warranties for products and services of Open Text 
+ * and its affiliates and licensors ("Open Text") are as may 
+ * be set forth in the express warranty statements accompanying 
+ * such products and services. Nothing herein should be construed 
+ * as constituting an additional warranty. Open Text shall not be 
+ * liable for technical or editorial errors or omissions contained 
+ * herein. The information contained herein is subject to change 
+ * without notice.
+ *******************************************************************************/
+package com.fortify.cli.sc_sast.sensor_pool.cli.helper;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.formkiq.graalvm.annotations.Reflectable;
+import com.fortify.cli.common.json.JsonHelper;
+import com.fortify.cli.common.output.transform.fields.RenameFieldsTransformer;
+import com.fortify.cli.ssc._common.rest.SSCUrls;
+import com.fortify.cli.ssc.appversion.helper.SSCAppAndVersionNameDescriptor;
+import com.fortify.cli.ssc.appversion.helper.SSCAppVersionDescriptor;
+import com.fortify.cli.ssc.system_state.helper.SSCJobDescriptor;
+import com.fortify.cli.ssc.system_state.helper.SSCJobHelper;
+import kong.unirest.GetRequest;
+import kong.unirest.UnirestInstance;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+public class SCSastSensorPoolHelper {
+    public static final SCSastSensorPoolDescriptor getRequiredSensorPool(UnirestInstance unirest, String sensorPoolNameOrUuid) {
+        SCSastSensorPoolDescriptor descriptor = getOptionalSensorPool(unirest, sensorPoolNameOrUuid);
+        if ( descriptor==null ) {
+            throw new IllegalArgumentException("No sensor pool found for name or uuid: "+sensorPoolNameOrUuid);
+        }
+        return descriptor;
+    }
+
+    public static final SCSastSensorPoolDescriptor getOptionalSensorPool(UnirestInstance unirest, String sensorPoolNameOrUuid) {
+        JsonNode sensorPools = getBaseRequest(unirest).asObject(ObjectNode.class).getBody().get("beans");
+        JsonNode sensorPool = JsonHelper.evaluateSpelExpression(sensorPools,String.format("#this.?[#this.name=='%s' || #this.uuid=='%s' ]", sensorPoolNameOrUuid, sensorPoolNameOrUuid),ArrayNode.class);
+
+        if ( sensorPool.size()>1 ) {
+            throw new IllegalArgumentException("Multiple sensor pools found");
+        }
+
+        return sensorPool.size()==0 ? null : JsonHelper.treeToValue(sensorPool.get(0), SCSastSensorPoolDescriptor.class);
+    }
+
+    private static GetRequest getBaseRequest(UnirestInstance unirest) {
+        GetRequest request = unirest.get("/rest/v4/info/pools");
+        return request;
+    }
+}
diff --git a/...ain/java/com/fortify/cli/sc_sast/sensor_pool/cli/mixin/SCSastSensorPoolResolverMixin.java b/...ain/java/com/fortify/cli/sc_sast/sensor_pool/cli/mixin/SCSastSensorPoolResolverMixin.java
@@ -0,0 +1,45 @@
+/*******************************************************************************
+ * Copyright 2021, 2023 Open Text.
+ *
+ * The only warranties for products and services of Open Text 
+ * and its affiliates and licensors ("Open Text") are as may 
+ * be set forth in the express warranty statements accompanying 
+ * such products and services. Nothing herein should be construed 
+ * as constituting an additional warranty. Open Text shall not be 
+ * liable for technical or editorial errors or omissions contained 
+ * herein. The information contained herein is subject to change 
+ * without notice.
+ *******************************************************************************/
+package com.fortify.cli.sc_sast.sensor_pool.cli.mixin;
+
+import com.fortify.cli.common.cli.util.EnvSuffix;
+import com.fortify.cli.sc_sast.sensor_pool.cli.helper.SCSastSensorPoolDescriptor;
+import com.fortify.cli.sc_sast.sensor_pool.cli.helper.SCSastSensorPoolHelper;
+import kong.unirest.UnirestInstance;
+import lombok.Getter;
+import picocli.CommandLine.Option;
+import picocli.CommandLine.Parameters;
+
+public class SCSastSensorPoolResolverMixin {
+    public static abstract class AbstractSCSastSensorPoolResolverMixin {
+        public abstract String getSensorPoolNameOrUuid();
+
+        public SCSastSensorPoolDescriptor getSensorPoolDescriptor(UnirestInstance unirest){
+            return SCSastSensorPoolHelper.getRequiredSensorPool(unirest, getSensorPoolNameOrUuid());
+        }
+
+        public String getSensorPoolUuid(UnirestInstance unirest) {
+            return getSensorPoolDescriptor(unirest).getUuid();
+        }
+    }
+
+    public static class RequiredOption extends AbstractSCSastSensorPoolResolverMixin {
+        @Option(names = {"--sensor-pool"}, required = true, descriptionKey = "fcli.sc-sast.sensor-pool.resolver.nameOrUuid")
+        @Getter private String sensorPoolNameOrUuid;
+    }
+
+    public static class PositionalParameter extends AbstractSCSastSensorPoolResolverMixin {
+        @EnvSuffix("SENSORPOOL") @Parameters(index = "0", arity = "1", descriptionKey = "fcli.sc-sast.sensor-pool.resolver.nameOrUuid")
+        @Getter private String sensorPoolNameOrUuid;
+    }
+}
diff --git a/...re/fcli-sc-sast/src/main/resources/com/fortify/cli/sc_sast/i18n/SCSastMessages.properties b/...re/fcli-sc-sast/src/main/resources/com/fortify/cli/sc_sast/i18n/SCSastMessages.properties
@@ -150,6 +150,7 @@ fcli.sc-sast.sensor.list.usage.description = This command lists sensor informati
 
 # fcli sc-sast sensor-pool
 fcli.sc-sast.sensor-pool.usage.header = Manage ScanCentral SAST sensor pools
+fcli.sc-sast.sensor-pool.resolver.nameOrUuid = Sensor pool Uuid or Name
 fcli.sc-sast.sensor-pool.list.usage.header = List ScanCentral SAST sensor pools
 
 # fcli sc-sast rest