def fortify_list(config, fortify_user, fortify_password, application):
fortify_config = FortifyConfig()
try:
if not fortify_user or not fortify_password:
Logger.console.info("No Fortify username or password provided. Checking fortify.ini for secret")
if fortify_config.secret:
Logger.console.info("Fortify secret found in fortify.ini")
fortify_client = FortifyClient(fortify_url=fortify_config.ssc_url, token=fortify_config.secret)
else:
Logger.console.info("Fortify secret not found in fortify.ini")
fortify_user = click.prompt('Fortify user')
fortify_password = click.prompt('Fortify password', hide_input=True)
fortify_client = FortifyClient(fortify_url=fortify_config.ssc_url, fortify_username=fortify_user,
fortify_password=fortify_password)
fortify_config.write_secret(fortify_client.token)
Logger.console.info("Fortify secret written to fortify.ini")
if application:
reauth = fortify_client.list_application_versions(application)
if reauth == -1 and fortify_config.secret:
Logger.console.info("Fortify secret invalid...reauthorizing")
fortify_user = click.prompt('Fortify user')
fortify_password = click.prompt('Fortify password', hide_input=True)
fortify_client = FortifyClient(fortify_url=fortify_config.ssc_url, fortify_username=fortify_user,
fortify_password=fortify_password)
fortify_config.write_secret(fortify_client.token)
Logger.console.info("Fortify secret written to fortify.ini")
Logger.console.info("Attempting to rerun 'fortify list --application'")
fortify_client.list_application_versions(application)
else:
reauth = fortify_client.list_versions()
if reauth == -1 and fortify_config.secret:
Logger.console.info("Fortify secret invalid...reauthorizing")
fortify_user = click.prompt('Fortify user')
fortify_password = click.prompt('Fortify password', hide_input=True)
fortify_client = FortifyClient(fortify_url=fortify_config.ssc_url, fortify_username=fortify_user,
fortify_password=fortify_password)
fortify_config.write_secret(fortify_client.token)
Logger.console.info("Fortify secret written to fortify.ini")
Logger.console.info("Attempting to rerun 'fortify list'")
fortify_client.list_versions()
else:
fortify_client = FortifyClient(fortify_url=fortify_config.ssc_url, fortify_username=fortify_user,
fortify_password=fortify_password)
fortify_config.write_secret(fortify_client.token)
Logger.console.info("Fortify secret written to fortify.ini")
if application:
fortify_client.list_application_versions(application)
else:
fortify_client.list_versions()
except:
Logger.console.critical("Unable to complete command 'fortify list'")
def upload(config, fortify_user, fortify_password, application, version,
scan_name):
fortify_config = FortifyConfig()
# Fortify only accepts fpr scan files
x = 'fpr'
if application:
fortify_config.application_name = application
if not scan_name:
scan_name = version
try:
if not fortify_user or not fortify_password:
Logger.console.info(
"No Fortify username or password provided. Checking fortify.ini for secret"
)
if fortify_config.secret:
Logger.console.info("Fortify secret found in fortify.ini")
fortify_client = FortifyClient(
fortify_url=fortify_config.ssc_url,
project_template=fortify_config.project_template,
application_name=fortify_config.application_name,
token=fortify_config.secret,
scan_name=version,
extension=x)
else:
Logger.console.info("Fortify secret not found in fortify.ini")
fortify_user = click.prompt('Fortify user')
fortify_password = click.prompt('Fortify password',
hide_input=True)
fortify_client = FortifyClient(
fortify_url=fortify_config.ssc_url,
project_template=fortify_config.project_template,
application_name=fortify_config.application_name,
fortify_username=fortify_user,
fortify_password=fortify_password,
scan_name=version,
extension=x)
fortify_config.write_secret(fortify_client.token)
Logger.console.info("Fortify secret written to fortify.ini")
else:
fortify_client = FortifyClient(
fortify_url=fortify_config.ssc_url,
project_template=fortify_config.project_template,
application_name=fortify_config.application_name,
fortify_username=fortify_user,
fortify_password=fortify_password,
scan_name=version,
extension=x)
fortify_config.write_secret(fortify_client.token)
Logger.console.info("Fortify secret written to fortify.ini")
reauth = fortify_client.upload_scan(file_name=scan_name)
if reauth == -2:
# The given application doesn't exist
Logger.console.critical(
"Fortify Application {} does not exist. Unable to upload scan."
.format(application))
if reauth == -1 and fortify_config.secret:
Logger.console.info("Fortify secret invalid...reauthorizing")
fortify_user = click.prompt('Fortify user')
fortify_password = click.prompt('Fortify password',
hide_input=True)
fortify_client = FortifyClient(
fortify_url=fortify_config.ssc_url,
project_template=fortify_config.project_template,
application_name=fortify_config.application_name,
fortify_username=fortify_user,
fortify_password=fortify_password,
scan_name=version,
extension=x)
fortify_config.write_secret(fortify_client.token)
Logger.console.info("Fortify secret written to fortify.ini")
Logger.console.info("Attempting to re-run 'fortify upload'")
app_error = fortify_client.upload_scan(file_name=scan_name)
if app_error == -2:
# The given application doesn't exist
Logger.console.critical(
"Fortify Application {} does not exist. Unable to upload scan."
.format(application))
except:
Logger.console.critical("Unable to complete command 'fortify upload'")