search

fortify / fcli

fcli is a command-line utility for interacting with various Fortify products
https://fortify.github.io/fcli/
Other
31 stars 17 forks source link

issue when running -q '{"v1","v2"}.contains(p1)' #344

Closed xakrurychle closed 1 year ago

xakrurychle commented 1 year ago

trying to run this query ./fcli ssc role ls -o json -q '{true,false}.contains(allApplicationRole)' results in

java.lang.IllegalStateException: Error evaluating query expression:
        Message: EL1029E: A problem occurred when trying to execute method 'contains' on object of type 'java.util.Collections$UnmodifiableRandomAccessList': 'Problem invoking method: public boolean java.util.Collections$UnmodifiableCollection.contains(java.lang.Object)'
        Expression: {true,false}.contains(allApplicationRole)
        Record: {
                  "id" : "admin",
                  "name" : "Administrator",
                  "description" : "Users in the Administrator role have permission to perform all actions in the system, and automatically have access to all application versions. This role is to be used for system administrators.",
                  "builtIn" : true,
                  "allApplicationRole" : true,
                  "deletable" : false,
                  "assignedToNonUsers" : true,
                  "publishVersion" : 4,
                  "objectVersion" : 1,
                  "permissionIds" : [ "projectversion_scan_approve", "edast_restrictions_manage", "report_manage", "issue_audit_settings_view", "projectversion_doc_modify", "osgi_plugin_manage", "projectversion_edit", "projectversion_delete", "metadef_manage", "projectversion_ssa_comment", "role_manage", "customtag_view", "projectversion_submit_auditassistant", "edast_scans_manage", "projectversion_scan_upload", "scheduled_alert_manage", "system_setting_view", "metricdef_view", "processtemplate_view", "issuesdelta_export_manage_own", "user_manage", "projectversion_issue_suppress", "dynamic_scan_execute", "report_view", "edast_manage", "edast_artifacts_download", "jobs_view", "user_view", "projectversion_issue_comment", "cloudscan_manage", "rulepack_manage", "bugfieldtemplategroup_view", "jobs_manage", "persona_view", "edast_view", "system_setting_manage", "projectversion_submit_bug", "metricdef_manage", "report_delete", "customtag_manage", "eventlog_view", "projectversion_alertdef_propagate", "issue_view_template_manage", "projectversion_link", "cloudscan_view_ext", "wie_create_guided_scan", "dynamic_scan_submit", "persona_manage", "role_view", "cloudscan_manage_ext", "projectversion_alertdef_mod_others", "webhook_manage_any_event", "projectversion_user_manage", "bugfieldtemplategroup_manage", "dataexport_use", "projectversion_add", "default", "projectversion_scan_delete", "seed_bundles_manage", "projectversion_ssa_signoff", "wie_manage", "webhook_view", "report_generate", "saml_manage", "wie_create_scan", "rulepack_view", "processtemplate_manage", "projectversion_download_source", "auditassistant_manage", "edast_scans_run", "cloudscan_view", "issue_audit_settings_manage", "projectversion_view", "projectversion_issue_audit_restricted", "projectversion_unlink", "only_projectversion_edit", "cloudscan_download", "projectversion_issue_audit", "metadef_view", "edast_globals_manage", "webhook_manage", "only_projectversion_add" ],
                  "default" : false,
                  "_href" : "https://qa-st-c7-kho01.prgqa.hpecorp.net:8443/ssc/api/v1/roles/admin"
                }
        at com.fortify.cli.common.output.query.QueryExpression.matches(QueryExpression.java:32)
        at com.fortify.cli.common.output.writer.output.query.OutputWriterWithQuery.applyRecordOutputFilters(OutputWriterWithQuery.java:46)
        at com.fortify.cli.common.output.writer.output.standard.StandardOutputWriter.writeRecord(StandardOutputWriter.java:189)
        at com.fortify.cli.common.output.writer.output.standard.StandardOutputWriter.lambda$writeRecords$2(StandardOutputWriter.java:167)
        at java.base@17.0.7/java.util.ArrayList$Itr.forEachRemaining(ArrayList.java:1003)
        at com.fortify.cli.common.output.writer.output.standard.StandardOutputWriter.writeRecords(StandardOutputWriter.java:167)
        at com.fortify.cli.common.output.writer.output.standard.StandardOutputWriter.writeRecords(StandardOutputWriter.java:150)
        at com.fortify.cli.common.output.writer.output.standard.StandardOutputWriter.lambda$writeRecords$1(StandardOutputWriter.java:139)
        at java.base@17.0.7/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
        at java.base@17.0.7/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)
        at java.base@17.0.7/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
        at java.base@17.0.7/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
        at java.base@17.0.7/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
        at java.base@17.0.7/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
        at java.base@17.0.7/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
        at java.base@17.0.7/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
        at java.base@17.0.7/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596)
        at kong.unirest.PagedList.ifSuccess(PagedList.java:52)
        at com.fortify.cli.common.output.writer.output.standard.StandardOutputWriter.writeRecords(StandardOutputWriter.java:139)
        at com.fortify.cli.common.output.writer.output.standard.StandardOutputWriter.write(StandardOutputWriter.java:102)
        at com.fortify.cli.common.output.cli.mixin.AbstractOutputHelperMixin.write(AbstractOutputHelperMixin.java:68)
        at com.fortify.cli.common.output.cli.cmd.AbstractOutputCommand.run(AbstractOutputCommand.java:31)
        at picocli.CommandLine.executeUserObject(CommandLine.java:2104)
        at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2539)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2531)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2493)
        at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2351)
        at picocli.CommandLine$RunLast.execute(CommandLine.java:2495)
        at picocli.CommandLine.execute(CommandLine.java:2248)
        at com.fortify.cli.app.FortifyCLI.execute(FortifyCLI.java:74)
        at com.fortify.cli.app.FortifyCLI.main(FortifyCLI.java:56)

as described by documentation the latter query should be identical to the first one. While the first one works for me just fine, the -q '{"v1","v2"}.contains(p1)' does not.

-q 'p1=="v1" || p1=="v2"'
Only output records if the value of property p1 equals either v1 or v2

-q '{"v1","v2"}.contains(p1)'
Same as previous, but more concise if matching against many different values

Apart from that, this query should also work in similar fashion. -q 'name matches "val1|val2"' but I failed to run it succesfully. ./fcli ssc role ls -o json -q 'id "viewonly|admin"' Would that be syntactically correct? If not, can you please let me know how to run it?

fcli version 0.20230629.082654-dev_develop, built on 2023-06-29 08:27:42

rsenden commented 1 year ago

@xakrurychle Thanks for reporting. Apparently .contains() is currently broken in native binaries; your example does work in the .jar version:

image image

As for your other question, looks like you may have forgotten the matches operator? image

rsenden commented 1 year ago

Fixed by https://github.com/fortify/fcli/commit/c9568e6dc144a54f0b1ec0b04124e1080ae9ccec