fortify / ssc-restapi-client Goto Github PK
View Code? Open in Web Editor NEWCommunicate with Fortify Software Security Center through REST API in java, a swagger generated client
License: MIT License
Communicate with Fortify Software Security Center through REST API in java, a swagger generated client
License: MIT License
Gradle plugin (openapi-generator-gradle-plugin:5.4.0) is connected as runtime dependency, so it and it;s transitive dependencies.
Effect of this is jenkins plugin build with this library is oversized from 3MB to over 20MB,
and causes conflict with gitlab-api plugin.
The value
field of ConfigProperty
instances returned from methods such as ConfigurationControllerApi#readConfiguration(String)
and ConfigurationControllerApi#getConfiguration()
is always null.
For example, executing this Groovy script:
new ConfigurationControllerApi(client)
.getData()
.getProperties()
.stream()
.forEach{ println("${it.name}:${it.value}") }
will output:
auditassistant.enabled:null
auditassistant.auth.token:null
...
x509.enabled:null
x509.username.pattern:null
I have attached a full Groovy script which demonstrates this issue.
Looking at the generated code, it appears this issue is being caused by an erroneous enum in the ConfigProperty model of spec.json. The relevant JSON snippet being:
"ConfigProperty": {
"properties": {
"value": {
"type": "string",
"description": "Configuration property value.",
"enum": [
"Depends on property type. It can be number",
"string",
"URL",
"email or value from values list."
]
}
}
}
The value
field has an enum constraint which appears to contain a description rather than allowable values. Because of this, the value field of the ConfigProperty class is being generated as an enum rather than a String. Since value
is an enum, the API client is parsing the value returned by SSC as null since it does not match any items in the enum.
Removing the enum constraint from the spec.json file should fix this; however, I'm assuming the spec file in this repo was generated by SSC so only fixing it here would mean this would continue to be a problem for anyone generating their own client from SSC. A fix probably needs to be made to SSC as well.
This library does not support specifying timeouts for HTTP requests. This causes issues with longer operations like and FPR upload operation. okhttp
read timeout is 10s, that is far too small for large FPRs and network bandwidth variances.
Original issue: jenkinsci/fortify-plugin#11
Pulling the latest version of both the source code and the jar file in the releases (https://github.com/fortify/ssc-restapi-client/releases/tag/v22.1) results in an error when attemting to run the application in a stand alone Jar format.
Previous versions of the JAR file allowed for the following command to be run without issue
java -jar ssc-restapi-client.jar
.
Running the above command with the latest JAR version results in the error:
no main manifest attribute, in ssc-restapi-client.jar
This issue occurs on regardless of platform or java version used.
I need to create EntityStateIdentifier for unsuppressing issues by setting issue id and revision number, but these properties are read-only. How can I then create an entity of that kind from java?
The unit tests appear auto-generated templates for integration tests.
Integration tests could run in their own goal, leaving a room and a phase for smaller unit tests if needed.
We have observed issues for a certain application which now has 1120 versions, we would like to do version cleanup.
Im searching for an api for the same, but couldnt find in https://api.ams.fortify.com/swagger/ui/index#/
I am using ssc-restapi-client-2.0 to pull information about versions to read into a json format. Usually goes well but now as of recently I am getting APIExceptions that do not produce error messages.
Code likely throwing the error as logging I put prior to the below line post but logging after it does not.
ApiResultListProjectVersionIssue projectVersionIssuesListResult = issueOfProjectVersionControllerApi.listIssueOfProjectVersion(parentId, start, limit, q, qm, orderby, filterset, fields, showhidden, showremoved, showsuppressed, showshortfilenames, filter, groupid, groupingtype);
I cannot find any information on the web about ApiResultListProjectVersionIssue to begin tracking down the issue.
Exception ExtensionDelayedRunInterceptor of SSCExtensions
com.fortify.ssc.restclient.ApiException:
at com.fortify.ssc.restclient.ApiClient.handleResponse(ApiClient.java:929)
at com.fortify.ssc.restclient.ApiClient.execute(ApiClient.java:845)
at com.fortify.ssc.restclient.api.AttributeOfProjectVersionControllerApi.listAttributeOfProjectVersionWithHttpInfo(AttributeOfProjectVersionControllerApi.java:283)
at com.fortify.ssc.restclient.api.AttributeOfProjectVersionControllerApi.listAttributeOfProjectVersion(AttributeOfProjectVersionControllerApi.java:268)
at cat.ssc.api.Extension.getTrouxIdsListToMatchProjectVersionsList(Extension.java:205)
at cat.ssc.api.Extension.getVulnerabilitiesFromAppsWithTrouxIds(Extension.java:641)
at cat.ssc.api.ExtensionDelayedRunInterceptor.afterCompletion(ExtensionDelayedRunInterceptor.java:92)
at org.springframework.web.servlet.HandlerExecutionChain.triggerAfterCompletion(HandlerExecutionChain.java:174)
at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:1133)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1055)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:897)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:90)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:130)
at org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:66)
at org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:105)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:123)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:117)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:106)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)
Hi!
Currently, we use Fortify Software Security Center 20.2.2.0002 but some models fail when we try to parse from json to a model. Specific models which contains org.threeten.bp.OffsetDateTime class for creationDate fields in models as Project or ProjectVersion.
We've tried to add new maven dependency version
com.fortify
ssc-restapi-client
21.1
compile
but in maven repositories still haven't.
What should we do?
Please upload this artifact to maven: https://search.maven.org/search?q=g:com.fortify%20AND%20a:ssc-restapi-client
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.