fortify / ssc-restapi-client Goto Github PK
View Code? Open in Web Editor NEWCommunicate with Fortify Software Security Center through REST API in java, a swagger generated client
License: MIT License
ssc-restapi-client's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
vcheburthy05 qweraqq thezim ilatypov atcom1 vjohari marwanbakeer srinathrangaramanujam ceidion akaryakina ftroncosom samuelcguimaraes honkerlmf laststopchuck umlublinssc-restapi-client's Issues
Unnesessary dependency
Gradle plugin (openapi-generator-gradle-plugin:5.4.0) is connected as runtime dependency, so it and it;s transitive dependencies.
Effect of this is jenkins plugin build with this library is oversized from 3MB to over 20MB,
and causes conflict with gitlab-api plugin.
ConfigProperty#value always read as null
Problem
The value field of ConfigProperty instances returned from methods such as ConfigurationControllerApi#readConfiguration(String) and ConfigurationControllerApi#getConfiguration() is always null.
For example, executing this Groovy script:
new ConfigurationControllerApi(client)
.getData()
.getProperties()
.stream()
.forEach{ println("${it.name}:${it.value}") }will output:
auditassistant.enabled:null
auditassistant.auth.token:null
...
x509.enabled:null
x509.username.pattern:null
I have attached a full Groovy script which demonstrates this issue.
Proposed Solution
Looking at the generated code, it appears this issue is being caused by an erroneous enum in the ConfigProperty model of spec.json. The relevant JSON snippet being:
"ConfigProperty": {
"properties": {
"value": {
"type": "string",
"description": "Configuration property value.",
"enum": [
"Depends on property type. It can be number",
"string",
"URL",
"email or value from values list."
]
}
}
}The value field has an enum constraint which appears to contain a description rather than allowable values. Because of this, the value field of the ConfigProperty class is being generated as an enum rather than a String. Since value is an enum, the API client is parsing the value returned by SSC as null since it does not match any items in the enum.
Removing the enum constraint from the spec.json file should fix this; however, I'm assuming the spec file in this repo was generated by SSC so only fixing it here would mean this would continue to be a problem for anyone generating their own client from SSC. A fix probably needs to be made to SSC as well.
Timeouts
This library does not support specifying timeouts for HTTP requests. This causes issues with longer operations like and FPR upload operation. okhttp read timeout is 10s, that is far too small for large FPRs and network bandwidth variances.
Original issue: jenkinsci/fortify-plugin#11
Building Jar from source results in 'no main manifest attribute'
Pulling the latest version of both the source code and the jar file in the releases (https://github.com/fortify/ssc-restapi-client/releases/tag/v22.1) results in an error when attemting to run the application in a stand alone Jar format.
Previous versions of the JAR file allowed for the following command to be run without issue
java -jar ssc-restapi-client.jar.
Running the above command with the latest JAR version results in the error:
no main manifest attribute, in ssc-restapi-client.jar
This issue occurs on regardless of platform or java version used.
EntityStateIdentifier cannot be created
I need to create EntityStateIdentifier for unsuppressing issues by setting issue id and revision number, but these properties are read-only. How can I then create an entity of that kind from java?
Missing integration tests
The unit tests appear auto-generated templates for integration tests.
Integration tests could run in their own goal, leaving a room and a phase for smaller unit tests if needed.
Is there an api to delete application versions
We have observed issues for a certain application which now has 1120 versions, we would like to do version cleanup.
Im searching for an api for the same, but couldnt find in https://api.ams.fortify.com/swagger/ui/index#/
APIException with ApiResultListProjectVersionIssue
I am using ssc-restapi-client-2.0 to pull information about versions to read into a json format. Usually goes well but now as of recently I am getting APIExceptions that do not produce error messages.
Code likely throwing the error as logging I put prior to the below line post but logging after it does not.
ApiResultListProjectVersionIssue projectVersionIssuesListResult = issueOfProjectVersionControllerApi.listIssueOfProjectVersion(parentId, start, limit, q, qm, orderby, filterset, fields, showhidden, showremoved, showsuppressed, showshortfilenames, filter, groupid, groupingtype);
I cannot find any information on the web about ApiResultListProjectVersionIssue to begin tracking down the issue.
Exception ExtensionDelayedRunInterceptor of SSCExtensions
com.fortify.ssc.restclient.ApiException:
at com.fortify.ssc.restclient.ApiClient.handleResponse(ApiClient.java:929)
at com.fortify.ssc.restclient.ApiClient.execute(ApiClient.java:845)
at com.fortify.ssc.restclient.api.AttributeOfProjectVersionControllerApi.listAttributeOfProjectVersionWithHttpInfo(AttributeOfProjectVersionControllerApi.java:283)
at com.fortify.ssc.restclient.api.AttributeOfProjectVersionControllerApi.listAttributeOfProjectVersion(AttributeOfProjectVersionControllerApi.java:268)
at cat.ssc.api.Extension.getTrouxIdsListToMatchProjectVersionsList(Extension.java:205)
at cat.ssc.api.Extension.getVulnerabilitiesFromAppsWithTrouxIds(Extension.java:641)
at cat.ssc.api.ExtensionDelayedRunInterceptor.afterCompletion(ExtensionDelayedRunInterceptor.java:92)
at org.springframework.web.servlet.HandlerExecutionChain.triggerAfterCompletion(HandlerExecutionChain.java:174)
at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:1133)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1055)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:897)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:90)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:130)
at org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:66)
at org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:105)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:123)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:117)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:106)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)
Json syntax faults
Hi!
Currently, we use Fortify Software Security Center 20.2.2.0002 but some models fail when we try to parse from json to a model. Specific models which contains org.threeten.bp.OffsetDateTime class for creationDate fields in models as Project or ProjectVersion.
We've tried to add new maven dependency version
com.fortify
ssc-restapi-client
21.1
compile
but in maven repositories still haven't.
What should we do?
Please upload to maven
Please upload this artifact to maven: https://search.maven.org/search?q=g:com.fortify%20AND%20a:ssc-restapi-client
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.