search

fortify / fcli

fcli is a command-line utility for interacting with various Fortify products
https://fortify.github.io/fcli/
Other
31 stars 17 forks source link

sc-sast GET request error #352

Closed xakrurychle closed 1 year ago

xakrurychle commented 1 year ago

Trying to run ./fcli sc-sast rest call -X GET <endpoint>/pools I received this response. If I run the appropriate request within swagger it works. One thing thats clearly different is the need for header authentication in swagger, I failed to find a solution to include that in fcli, might that be the reason? However, unauthenticated call in swagger returned 403, this error is 404 so it might be completely unrelated.

No data

com.fortify.cli.common.rest.unirest.UnexpectedHttpResponseException:
Request: GET <ctrl url>/<endpoint>/pools:
Response: 404
Response Body:
null
        at com.fortify.cli.common.rest.unirest.config.UnirestUnexpectedHttpResponseConfigurer$UnexpectedHttpResponseInterceptor.onResponse(UnirestUnexpectedHttpResponseConfigurer.java:36)
        at kong.unirest.CompoundInterceptor.lambda$onResponse$1(CompoundInterceptor.java:48)
        at java.base@17.0.7/java.util.ArrayList.forEach(ArrayList.java:1511)
        at kong.unirest.CompoundInterceptor.onResponse(CompoundInterceptor.java:48)
        at kong.unirest.apache.ApacheClient.request(ApacheClient.java:134)
        at kong.unirest.Client.request(Client.java:57)
        at kong.unirest.BaseRequest.request(BaseRequest.java:359)
        at kong.unirest.BaseRequest.asObject(BaseRequest.java:260)
        at com.fortify.cli.common.output.writer.output.standard.StandardOutputWriter.writeRecords(StandardOutputWriter.java:124)
        at com.fortify.cli.common.output.writer.output.standard.StandardOutputWriter.write(StandardOutputWriter.java:100)
        at com.fortify.cli.common.output.cli.mixin.AbstractOutputHelperMixin.write(AbstractOutputHelperMixin.java:68)
        at com.fortify.cli.common.output.cli.cmd.AbstractOutputCommand.run(AbstractOutputCommand.java:31)
        at picocli.CommandLine.executeUserObject(CommandLine.java:2104)
        at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2539)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2531)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2493)
        at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2351)
        at picocli.CommandLine$RunLast.execute(CommandLine.java:2495)
        at picocli.CommandLine.execute(CommandLine.java:2248)
        at com.fortify.cli.app.FortifyCLI.execute(FortifyCLI.java:74)
        at com.fortify.cli.app.FortifyCLI.main(FortifyCLI.java:56)
rsenden commented 1 year ago

@xakrurychle Just to be clear, the fcli sc-sast rest call command is supposed to call the Controller REST API, not SSC REST API. However, there seems to be a bug in the current dev_develop version that uses the incorrect base URL; see #353.

Can you please confirm whether you are trying to invoke an endpoint on the Controller, or on SSC? To my knowledge, there is no (public) Swagger interface for ScanCentral SAST Controller, and looking at the 23.1.0 CoreController source code, I don't see any pools endpoint.

Just as an example, the following seems to work fine with fcli 2.0.0-beta:

==> ~/Downloads/fcli-beta sc-sast rest call /rest/v2/ping
 Message
 Thu Jul 20 07:45:49 UTC 2023 I am still alive.
rsenden commented 1 year ago

As discussed with @xakrurychle, the UnexpectedHttpResponseException was probably caused by user error; later attempts showed no output, which was due to the default table output being unable to properly render the response. With #354 being fixed, this is no longer an issue.