At least the fcli fod sast-scan setup but possibly also some of the setup commands for other scan types don't have proper default table output columns configured, resulting in all JSON properties as returned by FoD being outputted. This results in hardly readable (default table) output due to the many table columns and long BSI token being included in the output. For SAST setup, this issue seems to have existed since fcli 2.0.0 already.
FoDMessages.properties lists an fcli.fod.*-scan-setup.output.table.options property (with literal *) which presumably should be used for all setup commands, but it currently isn't being used for at least sast-scan setup. Also, this property lists some columns as defined by AbstractFoDScanSetupCommand, but this class only seems to be used as a superclass for FoDDastAutomatedScanSetup* classes, not for SAST or other scan types. As such, the SAST & other non-DAST setup commands likely don't return all properties listed in fcli.fod.*-scan-setup.output.table.options.
There are some other fcli.fod.*-scan (with literal *) properties, so potentially other non-setup FoD commands may be affected by the same issue; we should check whether all commands have proper default table output columns applied.
From a maintenance perspective, having a generic AbstractFoDScanSetupCommand class may lead developers to believe that this is being used for setup commands for all scan types, but as described above, this isn't the case. The base class as it is now should be renamed to AbstractFoDDastAutomatedScanSetupCommand or something similar, and moved from _common to the dast_scan package. If there's any setup-related functionality that applies to all scan types (like handling --skip-if-exists, we could potentially introduce a new AbstractFoDScanSetupCommand in the _common package.
Expected Behavior
Proper default table output that doesn't exceed reasonable screen width.
kadraman
commented
1 week ago
Current Behavior
At least the
fcli fod sast-scan setupbut possibly also some of thesetupcommands for other scan types don't have proper default table output columns configured, resulting in all JSON properties as returned by FoD being outputted. This results in hardly readable (default table) output due to the many table columns and long BSI token being included in the output. For SAST setup, this issue seems to have existed since fcli 2.0.0 already.FoDMessages.propertieslists anfcli.fod.*-scan-setup.output.table.optionsproperty (with literal*) which presumably should be used for all setup commands, but it currently isn't being used for at leastsast-scan setup. Also, this property lists some columns as defined byAbstractFoDScanSetupCommand, but this class only seems to be used as a superclass forFoDDastAutomatedScanSetup*classes, not for SAST or other scan types. As such, the SAST & other non-DAST setup commands likely don't return all properties listed infcli.fod.*-scan-setup.output.table.options.There are some other
fcli.fod.*-scan(with literal*) properties, so potentially other non-setup FoD commands may be affected by the same issue; we should check whether all commands have proper default table output columns applied.From a maintenance perspective, having a generic
AbstractFoDScanSetupCommandclass may lead developers to believe that this is being used for setup commands for all scan types, but as described above, this isn't the case. The base class as it is now should be renamed toAbstractFoDDastAutomatedScanSetupCommandor something similar, and moved from_commonto thedast_scanpackage. If there's any setup-related functionality that applies to all scan types (like handling--skip-if-exists, we could potentially introduce a newAbstractFoDScanSetupCommandin the_commonpackage.Expected Behavior
Proper default table output that doesn't exceed reasonable screen width.
Steps To Reproduce
No response
Environment
No response
Anything else?
No response