Merge branch 'fortify:dev/v3.x' into develop

Author: SangameshV

.github/workflows/ci.yml

@@ -439,13 +439,6 @@ jobs:
           mkdir -p "${versionDir}"
           unzip tmp/docs-jekyll.zip -d "${versionDir}"
           
-          # Recreate version data files, which may be empty if no versions available
-          mkdir -p _data/versions
-          touch _data/versions/release.yml
-          touch _data/versions/dev.yml
-          ls -d v*.*.* | sort -rV | while read line; do echo "- '$line'"; done > _data/versions/release.yml
-          ls -d dev_* | sort | while read line; do echo "- '$line'"; done > _data/versions/dev.yml
-          
           # Update symlinks based on available versions, processing versions in ascending order
           # to replace previous links with a newer version if appropriate. For example, 'latest'
           # will first point to the oldest version, then replaced with second-oldest version, ...,
@@ -456,6 +449,18 @@ jobs:
             ln -sfT $line $(echo "$line" | cut -d. -f 1,2) # v<major>.<minor>
           done
           
+          # Same for dev_*, but only generating latest_dev symlink
+          ls -d dev_* | sort -V | while read line; do
+            ln -sfT $line latest_dev
+          done
+          
+          # Recreate version data files, which may be empty if no versions available
+          mkdir -p _data/versions
+          touch _data/versions/release.yml
+          touch _data/versions/dev.yml
+          ls -d v*.*.* | sort -rV | while read line; do echo "- '$line'"; done > _data/versions/release.yml
+          ls -d dev_* | sort | while read line; do echo "- '$line'"; done > _data/versions/dev.yml
+          
           git config user.name github-actions
           git config user.email github-actions@fortify.com
           git add .

fcli-core/fcli-action/src/main/resources/com/fortify/cli/generic_action/actions/build-time/ci-envvars.yaml

@@ -222,6 +222,22 @@ formatters:
           tasks. The `SAST_WAIT_EXTRA_OPTS` environment variable can be used to pass extra options to
           the `fcli sc-sast scan wait-for` command, for example to adjust the polling interval or timeout.
     postScan:
+      - names: AVIATOR_URL\nAVIATOR_TOKEN\nAVIATOR_LOGIN_EXTRA_OPTS
+        desc: >-
+          Aviator URL and JWT token to use for Aviator operations (see below). The `AVIATOR_TOKEN`
+          environment variable should hold the actual token contents; prefixes like `file:` or `string:`
+          (like the `--token` option on the `fcli aviator session login` command) are not supported. The
+          `AVIATOR_LOGIN_EXTRA_OPTS` environment variable can be used to pass additional options to the
+          `fcli aviator session login` command.
+      - names: DO_AVIATOR_AUDIT\nAVIATOR_APP\nAVIATOR_AUDIT_EXTRA_OPTS\nAVIATOR_WAIT_EXTRA_OPTS
+        desc: >-
+          If `DO_AVIATOR_AUDIT` is not set to `false`, and Aviator URL and token have been configured,
+          scan results will be sent to Aviator for AI-driven auditing. The Aviator application name
+          can optionally be configured through `AVIATOR_APP`, which defaults to the SSC application name.
+          The `AVIATOR_AUDIT_EXTRA_OPTS` environment variable can be used to pass extra options to the
+          `fcli aviator ssc audit` command, for example to adjust tag mappings. The `AVIATOR_WAIT_EXTRA_OPTS`
+          environment variable can be used to pass extra options to the `fcli ssc artifact wait-for` command,
+          which will be run to wait for SSC to process the audited results.
       - names: DO_APPVERSION_SUMMARY\nAPPVERSION_SUMMARY_ACTION\nAPPVERSION_SUMMARY_EXTRA_OPTS
         desc: >-
           If `DO_APPVERSION_SUMMARY` is not set to `false`, an application version summary will be generated using the

fcli-core/fcli-action/src/main/resources/com/fortify/cli/generic_action/actions/zip/ci.yaml

@@ -79,7 +79,7 @@ steps:
       logoutOpts: -u=SSC_USER -p=SSC_PASSWORD
   # Define some common variables, based on the above
   - var.set:
-      sessionName: ci-${#uuid()}
+      global.sessionName: ci-${#uuid()}
       loginCmd: fcli ${module} session login
       logoutCmd: fcli ${module} session logout
       moduleUpperCase: ${module.toUpperCase()}
@@ -90,10 +90,10 @@ steps:
   # new, module-specific session.
   - with:
       sessions:
-        - login: ${#fcliCmd(loginEnvPrefix, loginCmd)} --${module}-session ${sessionName} ${#optsFromEnv(loginOpts)}
-          logout: ${#fcliCmd(logoutEnvPrefix, logoutCmd)} --${module}-session ${sessionName} ${#optsFromEnv(logoutOpts)}
+        - login: ${#fcliCmd(loginEnvPrefix, loginCmd)} --${module}-session ${global.sessionName} ${#optsFromEnv(loginOpts)}
+          logout: ${#fcliCmd(logoutEnvPrefix, logoutCmd)} --${module}-session ${global.sessionName} ${#optsFromEnv(logoutOpts)}
       do:
         - run.fcli: 
-            ci: ${#actionCmd(ciEnvPrefix, module, 'ci')} --${module}-session=${sessionName}
+            ci: ${#actionCmd(ciEnvPrefix, module, 'ci')} --${module}-session=${global.sessionName}
 
 

fcli-core/fcli-app/src/main/java/com/fortify/cli/app/FortifyCLIVersionProvider.java

@@ -12,13 +12,13 @@
  *******************************************************************************/
 package com.fortify.cli.app;
 
-import com.fortify.cli.common.util.FcliBuildPropertiesHelper;
+import com.fortify.cli.common.util.FcliBuildProperties;
 
 import picocli.CommandLine.IVersionProvider;
 
 public class FortifyCLIVersionProvider implements IVersionProvider {
     @Override
     public final String[] getVersion() throws Exception {
-        return new String[] {FcliBuildPropertiesHelper.getFcliBuildInfo()};
+        return new String[] {FcliBuildProperties.INSTANCE.getFcliBuildInfo()};
     }
 }

fcli-core/fcli-app/src/main/java/com/fortify/cli/app/runner/util/FortifyCLIResourceBundlePropertiesHelper.java

@@ -0,0 +1,81 @@
+/**
+ * Copyright 2023 Open Text.
+ *
+ * The only warranties for products and services of Open Text 
+ * and its affiliates and licensors ("Open Text") are as may 
+ * be set forth in the express warranty statements accompanying 
+ * such products and services. Nothing herein should be construed 
+ * as constituting an additional warranty. Open Text shall not be 
+ * liable for technical or editorial errors or omissions contained 
+ * herein. The information contained herein is subject to change 
+ * without notice.
+ */
+package com.fortify.cli.app.runner.util;
+
+import java.util.Properties;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+import com.fortify.cli.common.action.helper.ActionSchemaVersionHelper;
+import com.fortify.cli.common.util.FcliBuildProperties;
+import com.fortify.cli.fod._common.scan.helper.FoDScanStatus;
+import com.fortify.cli.sc_dast.scan.helper.SCDastScanStatus;
+import com.fortify.cli.sc_sast.scan.helper.SCSastScanJobArtifactState;
+import com.fortify.cli.sc_sast.scan.helper.SCSastScanJobState;
+import com.fortify.cli.ssc.artifact.helper.SSCArtifactStatus;
+
+/**
+ *
+ * @author Ruud Senden
+ */
+public class FortifyCLIResourceBundlePropertiesHelper {
+    protected static final Properties getResourceBundleProperties() {
+        var props = new Properties();
+        initializeFoDProperties(props);
+        initializeSCDastProperties(props);
+        initializeSCSastProperties(props);
+        initializeSSCProperties(props);
+        initializeVersionRelatedProperties(props);
+        return props;
+    }
+
+    private static final void initializeFoDProperties(Properties props) {
+        props.setProperty("fcli.fod.scan.states", getValueNamesString(FoDScanStatus.values()));
+        props.setProperty("fcli.fod.scan.states.complete", getValueNamesString(FoDScanStatus.getDefaultCompleteStates()));
+    }
+    
+    private static final void initializeSCDastProperties(Properties props) {
+        props.setProperty("fcli.sc-dast.scan.states", getValueNamesString(SCDastScanStatus.values()));
+        props.setProperty("fcli.sc-dast.scan.states.complete", getValueNamesString(SCDastScanStatus.getDefaultCompleteStates()));
+    }
+    
+    private static final void initializeSCSastProperties(Properties props) {
+        props.setProperty("fcli.sc-sast.scan.jobStates", getValueNamesString(SCSastScanJobState.values()));
+        props.setProperty("fcli.sc-sast.scan.jobStates.complete", getValueNamesString(SCSastScanJobState.getDefaultCompleteStates()));
+        props.setProperty("fcli.sc-sast.scan.jobArtifactStates", getValueNamesString(SCSastScanJobArtifactState.values()));
+        props.setProperty("fcli.sc-sast.scan.jobArtifactStates.complete", getValueNamesString(SCSastScanJobArtifactState.getDefaultCompleteStates()));
+    }
+    
+    private static final void initializeSSCProperties(Properties props) {
+        props.setProperty("fcli.ssc.artifact.states", getValueNamesString(SSCArtifactStatus.values()));
+        props.setProperty("fcli.ssc.artifact.states.complete", getValueNamesString(SSCArtifactStatus.getDefaultCompleteStates()));
+    }
+    
+    private static final void initializeVersionRelatedProperties(Properties props) {
+        props.setProperty("fcli.action.supportedSchemaVersions", ActionSchemaVersionHelper.getSupportedSchemaVersionsString());
+        props.setProperty("fcli.docBaseUrl", FcliBuildProperties.INSTANCE.getFcliDocBaseUrl());
+    }
+    
+    private static final String getValueNamesString(Enum<?>[] values) {
+        return getValuesString(values, Enum::name);
+    }
+    
+    private static final String getValuesString(Enum<?>[] values, Function<Enum<?>, String> f) {
+        return Stream.of(values).map(f).collect(Collectors.joining(", "));
+    }
+    
+    public static final void main(String[] args) {
+        getResourceBundleProperties().forEach((p,v)->System.out.println(p+":"+v));
+    }
+}

fcli-core/fcli-app/src/main/java/com/fortify/cli/app/runner/util/FortifyCLIStaticInitializer.java

@@ -16,23 +16,14 @@
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.Locale;
-import java.util.function.Function;
-import java.util.stream.Collectors;
-import java.util.stream.Stream;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import com.fortify.cli.common.action.helper.ActionSchemaHelper;
 import com.fortify.cli.common.http.ssl.truststore.helper.TrustStoreConfigDescriptor;
 import com.fortify.cli.common.http.ssl.truststore.helper.TrustStoreConfigHelper;
 import com.fortify.cli.common.i18n.helper.LanguageHelper;
 import com.fortify.cli.common.util.StringUtils;
-import com.fortify.cli.fod._common.scan.helper.FoDScanStatus;
-import com.fortify.cli.sc_dast.scan.helper.SCDastScanStatus;
-import com.fortify.cli.sc_sast.scan.helper.SCSastScanJobArtifactState;
-import com.fortify.cli.sc_sast.scan.helper.SCSastScanJobState;
-import com.fortify.cli.ssc.artifact.helper.SSCArtifactStatus;
 import com.fortify.cli.tool._common.helper.ToolUninstaller;
 
 import lombok.AccessLevel;
@@ -55,37 +46,7 @@ public void initialize() {
         ToolUninstaller.deleteAllPending();
         initializeTrustStore();
         initializeLocale();
-        initializeFoDProperties();
-        initializeSCDastProperties();
-        initializeSCSastProperties();
-        initializeSSCProperties();
-        initializeActionProperties();
-    }
-    
-    private void initializeFoDProperties() {
-        System.setProperty("fcli.fod.scan.states", getValueNamesString(FoDScanStatus.values()));
-        System.setProperty("fcli.fod.scan.states.complete", getValueNamesString(FoDScanStatus.getDefaultCompleteStates()));
-    }
-    
-    private void initializeSCDastProperties() {
-        System.setProperty("fcli.sc-dast.scan.states", getValueNamesString(SCDastScanStatus.values()));
-        System.setProperty("fcli.sc-dast.scan.states.complete", getValueNamesString(SCDastScanStatus.getDefaultCompleteStates()));
-    }
-    
-    private void initializeSCSastProperties() {
-        System.setProperty("fcli.sc-sast.scan.jobStates", getValueNamesString(SCSastScanJobState.values()));
-        System.setProperty("fcli.sc-sast.scan.jobStates.complete", getValueNamesString(SCSastScanJobState.getDefaultCompleteStates()));
-        System.setProperty("fcli.sc-sast.scan.jobArtifactStates", getValueNamesString(SCSastScanJobArtifactState.values()));
-        System.setProperty("fcli.sc-sast.scan.jobArtifactStates.complete", getValueNamesString(SCSastScanJobArtifactState.getDefaultCompleteStates()));
-    }
-    
-    private void initializeSSCProperties() {
-        System.setProperty("fcli.ssc.artifact.states", getValueNamesString(SSCArtifactStatus.values()));
-        System.setProperty("fcli.ssc.artifact.states.complete", getValueNamesString(SSCArtifactStatus.getDefaultCompleteStates()));
-    }
-    
-    private void initializeActionProperties() {
-        System.setProperty("fcli.action.supportedSchemaVersions", ActionSchemaHelper.getSupportedSchemaVersionsString());
+        System.getProperties().putAll(FortifyCLIResourceBundlePropertiesHelper.getResourceBundleProperties());
     }
 
     private void initializeTrustStore() {
@@ -153,12 +114,4 @@ private void initializeTrustStoreFromConfig(TrustStoreConfigDescriptor descripto
     private void initializeLocale() {
         Locale.setDefault(LanguageHelper.getConfiguredLanguageDescriptor().getLocale());
     }
-    
-    private String getValueNamesString(Enum<?>[] values) {
-        return getValuesString(values, Enum::name);
-    }
-    
-    private String getValuesString(Enum<?>[] values, Function<Enum<?>, String> f) {
-        return Stream.of(values).map(f).collect(Collectors.joining(", "));
-    }
 }

fcli-core/fcli-common/src/main/java/com/fortify/cli/common/action/cli/cmd/AbstractActionAsciidocCommand.java

@@ -35,7 +35,7 @@
 import com.fortify.cli.common.cli.mixin.CommonOptionMixins;
 import com.fortify.cli.common.cli.util.SimpleOptionsParser.IOptionDescriptor;
 import com.fortify.cli.common.exception.FcliBugException;
-import com.fortify.cli.common.util.FcliBuildPropertiesHelper;
+import com.fortify.cli.common.util.FcliBuildProperties;
 import com.fortify.cli.common.util.StringUtils;
 
 import lombok.SneakyThrows;
@@ -70,7 +70,7 @@ public final Integer call() {
     }
 
     private final String replaceVariables(String s) {
-        return s.replace("${version}", FcliBuildPropertiesHelper.getFcliBuildInfo().replace(':', ' '))
+        return s.replace("${version}", FcliBuildProperties.INSTANCE.getFcliBuildInfo().replace(':', ' '))
                 .replace("${type}", getType())
                 .replace("${actionCmd}", getActionCmd());
     }

fcli-core/fcli-common/src/main/java/com/fortify/cli/common/action/cli/cmd/AbstractActionSignCommand.java

@@ -33,7 +33,7 @@
 import com.fortify.cli.common.output.cli.cmd.IJsonNodeSupplier;
 import com.fortify.cli.common.output.cli.mixin.OutputHelperMixins;
 import com.fortify.cli.common.output.transform.IActionCommandResultSupplier;
-import com.fortify.cli.common.util.FcliBuildPropertiesHelper;
+import com.fortify.cli.common.util.FcliBuildProperties;
 
 import lombok.Getter;
 import lombok.SneakyThrows;
@@ -91,7 +91,7 @@ private final SignatureMetadata createMetadata() {
         var signer = getSigner(extraInfo);
         return SignatureMetadata.builder()
                 .extraInfo(extraInfo)
-                .fcliVersion(FcliBuildPropertiesHelper.getFcliVersion())
+                .fcliVersion(FcliBuildProperties.INSTANCE.getFcliVersion())
                 .signer(signer)
                 .build();
     }

fcli-core/fcli-common/src/main/java/com/fortify/cli/common/action/helper/ActionLoaderHelper.java

@@ -57,7 +57,7 @@
 import com.fortify.cli.common.exception.FcliSimpleException;
 import com.fortify.cli.common.spring.expression.wrapper.TemplateExpressionKeyDeserializer;
 import com.fortify.cli.common.util.Break;
-import com.fortify.cli.common.util.FcliBuildPropertiesHelper;
+import com.fortify.cli.common.util.FcliBuildProperties;
 import com.fortify.cli.common.util.FcliDataHelper;
 import com.fortify.cli.common.util.FileUtils;
 import com.fortify.cli.common.util.ZipHelper;
@@ -279,7 +279,7 @@ private static SignatureDescriptor getSignatureDescriptor(boolean custom, Signed
                     .signature("N/A")
                     .publicKeyFingerprint(SignatureHelper.fortifySignatureVerifier().publicKeyFingerPrint())
                     .metadata(SignatureMetadata.builder()
-                            .fcliVersion(FcliBuildPropertiesHelper.getFcliVersion())
+                            .fcliVersion(FcliBuildProperties.INSTANCE.getFcliVersion())
                             .signer("Fortify").build()).build();
         }
 
@@ -306,8 +306,8 @@ private static final ObjectMapper createYamlObjectMapper() {
 
         private final void checkSchema() {
             var schemaUri = getSchemaUri();
-            var schemaVersion = ActionSchemaHelper.getSchemaVersion(schemaUri);
-            if ( !ActionSchemaHelper.isSupportedSchemaVersion(schemaVersion) ) {
+            var schemaVersion = ActionSchemaVersionHelper.getSchemaVersion(schemaUri);
+            if ( !ActionSchemaVersionHelper.isSupportedSchemaVersion(schemaVersion) ) {
                 actionValidationHandler.onUnsupportedSchemaVersion(metadata, schemaVersion);
             }
         }

…on/action/helper/ActionSchemaHelper.java …on/helper/ActionSchemaVersionHelper.javafcli-core/fcli-common/src/main/java/com/fortify/cli/common/action/helper/ActionSchemaHelper.java renamed to fcli-core/fcli-common/src/main/java/com/fortify/cli/common/action/helper/ActionSchemaVersionHelper.java fcli-core/fcli-common/src/main/java/com/fortify/cli/common/action/helper/ActionSchemaHelper.java renamed to fcli-core/fcli-common/src/main/java/com/fortify/cli/common/action/helper/ActionSchemaVersionHelper.java

@@ -16,13 +16,13 @@
 import java.text.ParseException;
 
 import com.formkiq.graalvm.annotations.Reflectable;
-import com.fortify.cli.common.util.FcliBuildPropertiesHelper;
+import com.fortify.cli.common.util.FcliBuildProperties;
 import com.fortify.cli.common.util.SemVer;
 
-@Reflectable public final class ActionSchemaHelper {
+@Reflectable public final class ActionSchemaVersionHelper {
     private static final MessageFormat URI_FORMAT = new MessageFormat("https://fortify.github.io/fcli/schemas/action/fcli-action-schema-{0}.json");
-    private static final boolean IS_FCLI_DEV_RELEASE = FcliBuildPropertiesHelper.isDevelopmentRelease();
-    private static final SemVer CURRENT_SCHEMA_VERSION = new SemVer(FcliBuildPropertiesHelper.getFcliActionSchemaVersion());
+    private static final boolean IS_FCLI_DEV_RELEASE = FcliBuildProperties.INSTANCE.isDevelopmentRelease();
+    private static final SemVer CURRENT_SCHEMA_VERSION = new SemVer(FcliBuildProperties.INSTANCE.getFcliActionSchemaVersion());
 
     /** Get the schema URI for the current enum entry by formatting schema version as URI */
     public static final String toURI(String version) {