fortify · gendry-gh · Nov 22, 2023 · Nov 22, 2023 · Nov 22, 2023 · Nov 22, 2023
diff --git a/.../src/main/java/com/fortify/cli/sc_sast/scan/cli/cmd/SCSastControllerScanStartCommand.java b/.../src/main/java/com/fortify/cli/sc_sast/scan/cli/cmd/SCSastControllerScanStartCommand.java
@@ -48,7 +48,9 @@ public final class SCSastControllerScanStartCommand extends AbstractSCSastContro
     @Option(names = "--notify") private String email; // TODO Add email address validation
     @Mixin private PublishToAppVersionResolverMixin sscAppVersionResolver;
     @Option(names = "--ssc-ci-token") private String ciToken;
-
+    @Getter @Option(names = {"--sargs","--scan-args"})
+    private String scaRuntimeArgs = "";
+
     // TODO Add options for specifying (custom) rules file(s), filter file(s) and project template
     // TODO Add options for pool selection
 
@@ -61,7 +63,7 @@ public final JsonNode getJsonNode(UnirestInstance unirest) {
             .field("username", userName, "text/plain")
             .field("scaVersion", sensorVersion, "text/plain")
             .field("clientVersion", sensorVersion, "text/plain")
-            .field("scaRuntimeArgs", optionsProvider.getScanStartOptions().getScaRuntimeArgs(), "text/plain")
+            .field("scaRuntimeArgs", scaRuntimeArgs, "text/plain")
             .field("jobType", optionsProvider.getScanStartOptions().getJobType().name(), "text/plain");
         body = updateBody(body, "email", email);
         body = updateBody(body, "buildId", optionsProvider.getScanStartOptions().getBuildId());

diff --git a/...sc-sast/src/main/java/com/fortify/cli/sc_sast/scan/cli/mixin/ISCSastScanStartOptions.java b/...sc-sast/src/main/java/com/fortify/cli/sc_sast/scan/cli/mixin/ISCSastScanStartOptions.java
@@ -18,7 +18,6 @@
 
 public interface ISCSastScanStartOptions {
     String getBuildId();
-    String getScaRuntimeArgs();
     boolean isDotNetRequired();
     String getDotNetVersion();
     File getPayloadFile();

diff --git a/...-sast/src/main/java/com/fortify/cli/sc_sast/scan/cli/mixin/SCSastScanStartMbsOptions.java b/...-sast/src/main/java/com/fortify/cli/sc_sast/scan/cli/mixin/SCSastScanStartMbsOptions.java
@@ -32,7 +32,6 @@ public class SCSastScanStartMbsOptions implements ISCSastScanStartOptions {
     @Getter private String buildId;
     @Getter private final boolean dotNetRequired = false;
     @Getter private final String dotNetVersion = null;
-    @Getter private final String scaRuntimeArgs = ""; // TODO Provide options
     @Getter private SCSastControllerJobType jobType = SCSastControllerJobType.SCAN_JOB;
 
     @Option(names = {"-m", "--mbs-file"}, required= true)

diff --git a/.../src/main/java/com/fortify/cli/sc_sast/scan/cli/mixin/SCSastScanStartOptionsArgGroup.java b/.../src/main/java/com/fortify/cli/sc_sast/scan/cli/mixin/SCSastScanStartOptionsArgGroup.java
@@ -12,6 +12,8 @@
  *******************************************************************************/
 package com.fortify.cli.sc_sast.scan.cli.mixin;
 
+import lombok.Getter;
+import picocli.CommandLine.Option;
 import picocli.CommandLine.ArgGroup;
 
 public class SCSastScanStartOptionsArgGroup {

diff --git a/...t/src/main/java/com/fortify/cli/sc_sast/scan/cli/mixin/SCSastScanStartPackageOptions.java b/...t/src/main/java/com/fortify/cli/sc_sast/scan/cli/mixin/SCSastScanStartPackageOptions.java
@@ -33,7 +33,6 @@ public class SCSastScanStartPackageOptions implements ISCSastScanStartOptions {
     @Getter private final String buildId = null; // TODO ScanCentral Client doesn't allow for specifying build id; should we provide a CLI option for this?
     @Getter private boolean dotNetRequired;
     @Getter private String dotNetVersion;
-    @Getter private final String scaRuntimeArgs = "";
     @Getter private SCSastControllerJobType jobType = SCSastControllerJobType.TRANSLATION_AND_SCAN_JOB;
 
     @Option(names = {"-p", "--package-file"}, required = true)

diff --git a/...re/fcli-sc-sast/src/main/resources/com/fortify/cli/sc_sast/i18n/SCSastMessages.properties b/...re/fcli-sc-sast/src/main/resources/com/fortify/cli/sc_sast/i18n/SCSastMessages.properties
@@ -112,6 +112,7 @@ fcli.sc-sast.scan.start.package-file = Package file to scan.
 fcli.sc-sast.scan.start.notify = Email address to which to send a scan completion notification.
 fcli.sc-sast.scan.start.sensor-version = Version of the sensor on which the package should be scanned. Officially, you should select the same sensor version as the version of the ScanCentral Client used to create the package.
 fcli.sc-sast.scan.start.publish-to = Publish scan results to the given SSC application version once the scan has completed.
+fcli.sc-sast.scan.start.sargs = Fortify SCA scan arguments.
 fcli.sc-sast.scan.status.usage.header = Get status for a previously submitted scan request.
 fcli.sc-sast.scan.wait-for.usage.header = Wait for one or more scans to reach or exit specified scan statuses.
 fcli.sc-sast.scan.wait-for.usage.description.0 = Although this command offers a lot of options to cover many \

diff --git a/...unctional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDAccessControlRoleSpec.groovy b/...unctional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDAccessControlRoleSpec.groovy
@@ -0,0 +1,59 @@
+package com.fortify.cli.ftest.fod;
+
+import static com.fortify.cli.ftest._common.spec.FcliSessionType.FOD
+
+import com.fortify.cli.ftest._common.Fcli
+import com.fortify.cli.ftest._common.spec.FcliBaseSpec
+import com.fortify.cli.ftest._common.spec.FcliSession
+import com.fortify.cli.ftest._common.spec.Prefix
+import com.fortify.cli.ftest.fod._common.FoDWebAppSupplier
+import com.fortify.cli.ftest.fod._common.FoDUserSupplier
+import com.fortify.cli.ftest.fod._common.FoDUserGroupSupplier
+
+import spock.lang.AutoCleanup
+import spock.lang.Shared
+import spock.lang.Stepwise
+import spock.lang.Unroll
+
+@Prefix("fod.role") @FcliSession(FOD) @Stepwise
+class FoDAccessControlRoleSpec extends FcliBaseSpec {
+    @Shared @AutoCleanup FoDUserSupplier user = new FoDUserSupplier()
+    @Shared @AutoCleanup FoDUserGroupSupplier group = new FoDUserGroupSupplier()
+    @Shared @AutoCleanup FoDWebAppSupplier app = new FoDWebAppSupplier()
+
+    def "list"() {
+        def args = "fod ac list-roles --store roles"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()>=2
+                it[0].replace(' ', '').equals("IdName")
+            }
+    }
+
+    def "updateUserRole"() {
+        def args = "fod ac update-user ${user.get().userName} --lastname updatedLastname --firstname updatedFirstname --phone 5678 --role=Developer"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()==2
+            }
+    }
+
+    def "verifyUpdated"() {
+
+        def args = "fod ac get-user ${user.get().userName}"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()>2
+                it[9].equals("roleName: \"Developer\"")
+            }
+    }
+
+
+}
+
diff --git a/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDAppSpec.groovy b/fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDAppSpec.groovy
@@ -15,13 +15,14 @@ import spock.lang.Stepwise
 
 @Prefix("fod.app") @FcliSession(FOD) @Stepwise
 class FoDAppSpec extends FcliBaseSpec {
-    /*
-    @Shared FoDWebAppSupplier webAppSupplier = null;
-    @Shared FoDMobileAppSupplier mobileAppSupplier = null;
-    @Shared FoDMicroservicesAppSupplier microservicesAppSupplier = null;
+
+    @Shared FoDWebAppSupplier webApp = new FoDWebAppSupplier();
+    @Shared FoDMobileAppSupplier mobileApp = new FoDMobileAppSupplier();
+    @Shared FoDMicroservicesAppSupplier microservicesApp = new FoDMicroservicesAppSupplier();
+    @Shared FoDWebApp
 
     def "list"() {
-        def args = "fod app list"
+        def args = "fod app list --store=apps"
         when:
             def result = Fcli.run(args)
         then:
@@ -35,96 +36,111 @@ class FoDAppSpec extends FcliBaseSpec {
             }
     }
 
+    def "list-scans"() {
+        def args = "fod app list-scans --app=::apps::get(0).applicationId"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()>=0
+                if(size()>1) {
+                    it[0].replace(' ', '').equals("IdTypeAnalysisStatusNameMicroserviceReleaseStartedCompletedScanMethod")
+                } else {
+                it[0].equals("No data")
+                }
+            }
+    }
+
     def "createWebApp"() {
         when:
-            webApp = new FoDWebAppSupplier().createWebApp();
+            webApp.get();
         then:
             noExceptionThrown()
     }
 
     def "createMicroserviceApp"() {
         when:
-            microservicesApp = new FoDWebAppSupplier().createMicroservicesApp();
+            microservicesApp.get();
         then:
             noExceptionThrown()
     }
 
     def "createMobileApp"() {
         when:
-            mobileApp = new FoDWebAppSupplier().createMobileApp();
+            mobileApp.get();
         then:
             noExceptionThrown()
     }
 
     def "get.byIdWebApp"() {
-        def args = "fod app get " + webApp.get("applicationId")
+        def args = "fod app get " + webApp.get().get("applicationId")
         when:
             def result = Fcli.run(args)
         then:
             verifyAll(result.stdout) {
                 size()>2
-                it[2].equals("applicationName: \"" + webApp.appName + ":" + webApp.versionName +"\"")
+                it[2].equals("applicationName: \"" + webApp.get().appName + "\"")
             }
     }
 
     def "get.byIdMobileApp"() {
-        def args = "fod app get " + mobileApp.get("applicationId")
+        def args = "fod app get " + mobileApp.get().get("applicationId")
         when:
             def result = Fcli.run(args)
         then:
             verifyAll(result.stdout) {
                 size()>2
-                it[2].equals("applicationName: \"" + mobileApp.appName + ":" + mobileApp.versionName +"\"")
+                it[2].equals("applicationName: \"" + mobileApp.get().appName + "\"")
             }
     }
 
     def "get.byIdMicroservicesApp"() {
-        def args = "fod app get " + microservicesApp.get("applicationId")
+        def args = "fod app get " + microservicesApp.get().get("applicationId")
         when:
             def result = Fcli.run(args)
         then:
             verifyAll(result.stdout) {
                 size()>2
-                it[2].equals("applicationName: \"" + microservicesApp.appName + ":" + microservicesApp.versionName +"\"")
+                it[2].equals("applicationName: \"" + microservicesApp.get().appName + "\"")
             }
     }
 
     def "get.byNameWebApp"() {
-        def args = "fod app get " + webApp.appName
+        def args = "fod app get " + webApp.get().appName
         when:
             def result = Fcli.run(args)
         then:
             verifyAll(result.stdout) {
                 size()>2
-                it[1].startsWith("applicationId: " + webApp.get("applicationId"))
+                it[1].startsWith("applicationId: " + webApp.get().get("applicationId"))
             }
     }
 
     def "get.byNameMobileApp"() {
-        def args = "fod app get " + mobileApp.appName
+        def args = "fod app get " + mobileApp.get().appName
         when:
             def result = Fcli.run(args)
         then:
             verifyAll(result.stdout) {
                 size()>2
-                it[1].startsWith("applicationId: " + mobileApp.get("applicationId"))
+                it[1].startsWith("applicationId: " + mobileApp.get().get("applicationId"))
             }
     }
 
     def "get.byNameMicroservicesApp"() {
-        def args = "fod app get " + microservicesApp.appName
+        def args = "fod app get " + microservicesApp.get().appName
         when:
             def result = Fcli.run(args)
         then:
             verifyAll(result.stdout) {
                 size()>2
-                it[1].startsWith("applicationId: " + microservicesApp.get("applicationId"))
+                it[1].startsWith("applicationId: " + microservicesApp.get().get("applicationId"))
             }
     }
 
 
     def "update"() {
-        def args = "fod app update " + webApp.appName + " --business-criticality High"
+        def args = "fod app update " + webApp.get().appName + " --business-criticality High"
         when:
             def result = Fcli.run(args)
         then:
@@ -134,7 +150,7 @@ class FoDAppSpec extends FcliBaseSpec {
     }
 
     def "verifyUpdated"() {
-        def args = "fod app get " + webApp.get("applicationId")
+        def args = "fod app get " + webApp.get().get("applicationId")
         when:
             def result = Fcli.run(args)
         then:
@@ -170,12 +186,12 @@ class FoDAppSpec extends FcliBaseSpec {
             def result = Fcli.run(args)
         then:
             verifyAll(result.stdout) {
-                !it.any { it.contains(webApp.appName) }
-                !it.any { it.contains(microservicesApp.appName) }
-                !it.any { it.contains(mobileApp.appName) }
+                !it.any { it.contains(webApp.get().appName) }
+                !it.any { it.contains(microservicesApp.get().appName) }
+                !it.any { it.contains(mobileApp.get().appName) }
             }
     }
-    */
+
 
 }
 
diff --git a/...her/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDReleaseSpec.groovy b/...her/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDReleaseSpec.groovy
@@ -17,7 +17,7 @@ class FoDReleaseSpec extends FcliBaseSpec {
     @Shared @AutoCleanup FoDMicroservicesAppSupplier app = new FoDMicroservicesAppSupplier()
 
     def "list"() {
-        def args = "fod release list"
+        def args = "fod release list --store=releases"
         when:
             def result = Fcli.run(args)
         then:
@@ -26,6 +26,36 @@ class FoDReleaseSpec extends FcliBaseSpec {
                 it[0].replace(' ', '').equals("IdNameMicroserviceApplicationSDLCStatus")
             }
     }
+
+    def "list-scans"() {
+        def args = "fod release list-scans --rel=::releases::get(0).releaseId"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()>=0
+                if(size()>1) {
+                    it[0].replace(' ', '').equals("IdTypeAnalysisStatusApplicationMicroserviceNameStartedCompletedScanMethod")
+                } else {
+                it[0].equals("No data")
+                }
+            }
+    }
+
+    def "list-assessment-types"() {
+        def args = "fod release lsat --rel=::releases::get(0).releaseId"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()>=0
+                if(size()>1) {
+                    it[0].replace(' ', '').equals("IdNameScantypeFrequencytypeUnitsEntitlementidEntitlementdescription")
+                } else {
+                it[0].equals("No data")
+                }
+            }
+    }
 
     def "create"() {
         def args = "fod release create ${app.get().qualifiedMicroserviceName}:testrel --sdlc-status=Development --store testrel"