Open ewh0005 opened 4 years ago
ewh0005
commented
4 years ago It looks to me like the FortifyStaticAssessment step is not encrypting the string and then trying to decrypt the string (which has not been encrypted), which returns a null value. Then the null pointer comes from null.getPlainText()
yeulih
commented
4 years ago Can you confirm whether v5.0.0 resolves this issue?
broxgit
commented
4 years ago @ewh0005 I had the same exact issue you had with FoD in my Jenkins pipeline. I have a solution if you're still having the problem, however, I'm not sure if you need me to type it all out if you've already solved it yourself.
jnorthcott
commented
4 years ago I am having the same issue in 5.0.0 If I do not pass the a PAT Token (because I am using API authentication)
def fortifyBsiToken = 'XXXXXXXXXXXXXXX'
fodStaticAssessment([
bsiToken: fortifyBsiToken,
entitlementPreference: 'SubscriptionOnly',
inProgressScanActionType: 'DoNotStartScan',
overrideGlobalConfig: true,
remediationScanPreferenceType: 'NonRemediationScanOnly',
srcLocation: 'fortify'
])I get the Null Pointer
[Pipeline] fodStaticAssessment
Running fodStaticAssessment step
Fortify on Demand Upload Running...
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
java.lang.NullPointerException
at com.cloudbees.plugins.credentials.matchers.IdMatcher.<init>(IdMatcher.java:56)
at com.cloudbees.plugins.credentials.CredentialsMatchers.withId(CredentialsMatchers.java:132)
at org.jenkinsci.plugins.fodupload.Utils.isCredential(Utils.java:156)
at org.jenkinsci.plugins.fodupload.SharedUploadBuildStep.perform(SharedUploadBuildStep.java:182)
at org.jenkinsci.plugins.fodupload.steps.FortifyStaticAssessment.perform(FortifyStaticAssessment.java:180)
at org.jenkinsci.plugins.fodupload.steps.FortifyStaticAssessment$Execution.run(FortifyStaticAssessment.java:253)
at org.jenkinsci.plugins.fodupload.steps.FortifyStaticAssessment$Execution.run(FortifyStaticAssessment.java:241)
at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Finished: FAILUREWhen I place the secret in the pipeline
def fortifyBsiToken = 'XXXXXXXXXXXXXXX'
fodStaticAssessment([
bsiToken: fortifyBsiToken,
personalAccessToken: 'fortify_api_secret', // the credential name of the api secret
entitlementPreference: 'SubscriptionOnly',
inProgressScanActionType: 'DoNotStartScan',
overrideGlobalConfig: true,
remediationScanPreferenceType: 'NonRemediationScanOnly',
srcLocation: 'fortify'
])I get an unauthorized error.
Do I need both an api key and a pat token? The documentation says that the PAT token is optional.
yeulih
commented
4 years ago @jnorthcott
The script you posted has the paramter overrideGlobalConfig: true. If this is removed and the global authentication creds have been set (make sure to provide it again after updating to latest version of the plugin), the global authentication creds should be used.
The following code works in my pipeline script:
fodStaticAssessment bsiToken: '
I have recently updated from plugin version 4.0.0 to 4.0.1, and I am now getting a null pointer exception in my Jenkins declarative pipeline using the new version of the plugin.
Here is the exception:
It seems to indicate that there is no username in line 171 of this file: https://github.com/jenkinsci/fortify-on-demand-uploader-plugin/blob/master/src/main/java/org/jenkinsci/plugins/fodupload/steps/FortifyStaticAssessment.java
However, I am passing a username (and personal access token) pulled from the Jenkins credential store:
This code worked in 4.0.0, but now gives the NPE in 4.0.1.