feat: Added command fcli ssc aviator audit to v3.x-develop #678
Conversation
| import ch.qos.logback.classic.encoder.PatternLayoutEncoder; | ||
| import ch.qos.logback.core.ConsoleAppender; | ||
|
|
||
| public class AviatorLoggingConfigure { |
There was a problem hiding this comment.
Fcli already provides logging configuration, so what's this used for exactly? Logging to console may cause issues when used in combination with fcli progress writers.
If this is used to output progress messages to the user, it might be better to use the fcli progress writer instead, for consistency with the remainder of fcli. I can understand that want to keep the aviator module independent of fcli classes, so potentially we could investigate the option of wrapping the progress writer in a logging appender, such that all info/warn messages are indirectly written using the progress writer. Alternatively, we could add an abstraction layer, with the aviator module providing a 'logger' interface, for which an implementation is passed from the fcli command to the AuditFPR class. This fcli-specific implementation could then delegate to the progress writer.
Alternatively, the fcli ssc aviator audit command should either not use any progress writer, or the progress writer should be closed before calling AuditFPR.auditFpr(fprFile, token, tenantName, url);, and, if needed, re-opened after that call.
There was a problem hiding this comment.
Thanks for the feedback! We've removed AviatorLoggingConfigure.java to eliminate console conflicts with fcli's ProgressWriter. To address the progress message output, I introduced the IAviatorLogger abstraction in fcli-aviator and implemented it as AviatorLoggerImpl, which uses SLF4J for both console and file logging. Please let me know if any further changes are required.
|
|
||
| try { | ||
| if (!FPRLoadingUtil.isValidFpr(file.getPath())) { | ||
| logger.error("Invalid FPR file: {}", file); |
There was a problem hiding this comment.
In fcli, we usually don't explicitly log an error when throwing an exception, as the error message is already included in the exception that will be logged (if logging is enabled) and shown to the user.
fcli-core/fcli-aviator/src/main/java/com/fortify/cli/aviator/core/AuditFPR.java
Outdated
Show resolved
Hide resolved
...-core/fcli-ssc/src/main/java/com/fortify/cli/ssc/aviator/cli/cmd/SSCAviatorAuditCommand.java
Outdated
Show resolved
Hide resolved
...-core/fcli-ssc/src/main/java/com/fortify/cli/ssc/aviator/cli/cmd/SSCAviatorAuditCommand.java
Outdated
Show resolved
Hide resolved
...-core/fcli-ssc/src/main/java/com/fortify/cli/ssc/aviator/cli/cmd/SSCAviatorAuditCommand.java
Outdated
Show resolved
Hide resolved
...-core/fcli-ssc/src/main/java/com/fortify/cli/ssc/aviator/cli/cmd/SSCAviatorAuditCommand.java
Outdated
Show resolved
Hide resolved
...-core/fcli-ssc/src/main/java/com/fortify/cli/ssc/aviator/cli/cmd/SSCAviatorAuditCommand.java
Outdated
Show resolved
Hide resolved
| @@ -625,6 +633,7 @@ fcli.ssc.appversion.copy-state.output.table.options = previousProjectVersionId,p | |||
| fcli.ssc.artifact.output.table.options = id,scanTypes,lastScanDate,uploadDate,status | |||
| fcli.ssc.attribute.output.table.options = id,category,guid,name,valueString | |||
| fcli.ssc.attribute.definition.output.table.options = id,category,guid,name,type,required | |||
| fcli.ssc.aviator.output.table.options = id,application.name,name,active,issueTemplateName,createdBy | |||
There was a problem hiding this comment.
Do we want to include artifactId? Maybe we don't need some of the other properties like active, issueTemplateName, createdBy, as these are not relevant for the audit operation. Also, plain id might be confusing as to whether this refers to the appversion id or the artifact id, so maybe we should have a column header that makes it more clear that this is the application version id (or just remove id here?)
There was a problem hiding this comment.
removed 'id' and other options and added 'artifactId'.
There was a problem hiding this comment.
I’ve added the id back in, moved artifactId to the end, and removed the active field.
|
Sorry ! my bad, I didn’t check your email before replying here 😅 I’m currently looking into solutions for the logging issue and will update the PR once it’s resolved. |
New
aviator auditCommand infcli-sscModuleThis PR adds the
fcli ssc aviator auditcommand to thefcli-sscmodule:Command:
fcli.jar ssc aviator audit --av <appVersionNameOrId> -f <optional_file_path> --at <aviator_token> --tn <tenant_name> --au <aviator_grpc_server_url>Key Features:
--av, processes it via the newfcli-aviatormodule, and updates the FPR using responses from the Aviator GRPC server before re-uploading to SSC.fcli-aviatorhandles FPR processing and GRPC communication.Workflow:
appVersionNameOrId.Additional Changes:
task zipResources_actionsas it was unnecessary..jarsize increased from 22 MB to 42 MB..exesize increased from 93 MB to 111 MB.SSCAviatorAuditCommand.javato maintain consistency with other commands.IActionCommandResultSupplierkey from the returnedJsonNodeobject as it was redundant inSSCAviatorAuditCommand.java.@DefaultVariablePropertyName("id")toSSCAviatorAuditCommand.javaso the artifact ID value can be stored and used in subsequent commands.