SSCToArcher not reading contextProperties

[T1mey]

Hello,

I used the SSCToArcher.xml and added

<util:map id="contextProperties">
    <!-- TODO Add all possible properties -->
    <entry key="SSCBaseUrl" value="https://sample.url"/>
    <!-- entry key="SSCAuthToken" value="XXX" -->
    <entry key="SSCUserName" value="XXX"/>
    <entry key="SSCPassword" value="XXX"/>

    <entry key="ArcherBaseUrl" value="https://archer.url/" />
    <entry key="ArcherApplicationName" value="XXX"/>
    <entry key="ArcherInstanceName" value="XXX"/>
    <entry key="ArcherUserName" value="XXX"/>
    <entry key="ArcherUserDomain" value="XXX"/>
    <entry key="ArcherPassword" value="XXX"/>
</util:map>

Running java -jar FortifyBugTrackerUtility-3.1.jar --configFile SSCToArcher.xml

is asking for the values again.

[rsenden]

This is a known issue in current versions of FortifyBugTrackerUtility that affects all integrations; the contextProperties map is currently being ignored. This will be fixed in an upcoming version.

[T1mey]

Could it be that this influences the call to Archer ? I have an exception in submitVulnerabilities.

[main] [Process] Error during process run for submitVulnerabilities: null java.lang.NullPointerException: null at com.fortify.processrunner.archer.connection.ArcherAuthenticatingRestConnection.submitIssue(ArcherAuthenticatingRestConnection.java:152) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.archer.processor.ProcessorArcherSubmitIssueForVulnerabilities.submitIssue(ProcessorArcherSubmitIssueForVulnerabilities.java:50) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.common.processor.AbstractProcessorSubmitIssueForVulnerabilities.processMap(AbstractProcessorSubmitIssueForVulnerabilities.java:93) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.processor.AbstractProcessorBuildObjectMapFromGroupedObjects.processGroup(AbstractProcessorBuildObjectMapFromGroupedObjects.java:70) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.processor.AbstractProcessorGroupByExpressions.process(AbstractProcessorGroupByExpressions.java:137) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.processor.AbstractProcessor._process(AbstractProcessor.java:100) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.processor.AbstractProcessor.process(AbstractProcessor.java:81) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.processor.AbstractCompositeProcessor.processForAll(AbstractCompositeProcessor.java:113) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.processor.AbstractCompositeProcessor.process(AbstractCompositeProcessor.java:86) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.processor.AbstractProcessor._process(AbstractProcessor.java:100) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.processor.AbstractProcessor.process(AbstractProcessor.java:81) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.ssc.processor.retrieve.SSCProcessorRetrieveVulnerabilities.process(SSCProcessorRetrieveVulnerabilities.java:123) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.processor.AbstractProcessor._process(AbstractProcessor.java:100) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.processor.AbstractProcessor.process(AbstractProcessor.java:81) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.processor.AbstractCompositeProcessor.processForAll(AbstractCompositeProcessor.java:113) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.processor.AbstractCompositeProcessor.process(AbstractCompositeProcessor.java:86) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.processor.AbstractProcessor._process(AbstractProcessor.java:100) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.processor.AbstractProcessor.process(AbstractProcessor.java:81) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.ProcessRunner.process(ProcessRunner.java:89) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.ProcessRunner.run(ProcessRunner.java:73) ~[FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.RunProcessRunnerFromSpringConfig.run(RunProcessRunnerFromSpringConfig.java:86) [FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.RunProcessRunnerFromCLI.runProcessRunner(RunProcessRunnerFromCLI.java:111) [FortifyBugTrackerUtility-3.1.jar:?] at com.fortify.processrunner.RunProcessRunnerFromCLI.main(RunProcessRunnerFromCLI.java:323) [FortifyBugTrackerUtility-3.1.jar:?]

[rsenden]

Although error handling needs to be improved, it looks like you may have defined a field in the SSCToArcher.xml configuration file that does not exist in Archer, or the Archer field type is currently not supported by the utility. Can you please verify that all fields defined in the configuration file (in the BugTrackerFieldConfiguration bean) have a corresponding field in Archer? Note that fields are matched on either Archer field name or alias.

[T1mey]

If I skip all entries and leaving just the id in ...

I get the same error. (Version 3.,1)

[rsenden]

Added fix in the master branch for context properties not being read from the configuration file; closing this issue. For Archer-related issues, please create a new issue or add information to issue #27