示例#1
0
        /// <summary>
        /// Lists all valid assessment types, with entitlement IDs, for Static submissions
        /// </summary>
        /// <param name="options"></param>
        /// <param name="zipPath"></param>
        private static void DisplayAccountInformation(Options options)
        {
            var api = new FoDapi(options, GetqueryParameters(new UriBuilder(options.UploadUrl)));

            if (!api.IsLoggedIn())
            {
                if (!api.Authorize())
                {
                    Trace.WriteLine("Error authenticating to Fortify on Demand, please check your settings.");
                    Environment.Exit(-1);
                }

                Trace.WriteLine("Successfully authenticated to Fortify on Demand.");
            }

            // Once logged in check and display entitlement information related to the release ID.

            api.ListAssessmentTypes();
        }
示例#2
0
        private static void Run(Options options)
        {
            var queryParameters = GetqueryParameters(new UriBuilder(options.UploadUrl));

            _technologyStack  = queryParameters.Get("ts");
            _languageLevel    = queryParameters.Get("ll");
            _tenantCode       = queryParameters.Get("tc");
            _assessmentTypeId = queryParameters.Get("astid");

            _includeAllFiles = options.IncludeAllPayload;

            if ((string.IsNullOrEmpty(options.ApiToken) || string.IsNullOrEmpty(options.ApiTokenSecret)))
            {
                if (string.IsNullOrEmpty(options.Username) || string.IsNullOrEmpty(options.Password))
                {
                    Trace.WriteLine("Error: You must specify either an API token and secret or a username and password to authenticate." + Environment.NewLine);
                    Trace.WriteLine(options.GetUsage());
                    Environment.Exit(-1);
                }

                _isTokenAuth = false;
            }

            // Workaround for trailing quote character in a folder bug in the CommandLine nuget library - will fix and submit a pull request on Github

            if (options.Source.EndsWith("\""))
            {
                options.Source = options.Source.Trim('"');
            }

            // Check specified source path

            CheckSource(options);

            PrintSelectedOptions(options);

            // If the user has selected to view entitlement information display it and exit

            if (options.DisplayAccountInformation)
            {
                DisplayAccountInformation(options);

                Trace.WriteLine("Note: You may specify an entitlement ID manually with --entitlementID <ID>, please run the utility without --displayEntitlement to proceed.");

                if (_isConsole)
                {
                    Trace.WriteLine("Press any key to quit...");
                    Console.ReadKey();
                    Environment.Exit(0);
                }
                Environment.Exit(0);
            }

            var zipPath = ZipFolder(options.Source);

            var api = new FoDapi(options, zipPath, GetqueryParameters(new UriBuilder(options.UploadUrl)));

            if (!api.IsLoggedIn())
            {
                if (!api.Authorize())
                {
                    Trace.WriteLine("Error authenticating to Fortify on Demand, please check your settings.");
                    Environment.Exit(-1);
                }

                Trace.WriteLine("Successfully authenticated to Fortify on Demand.");
            }

            var fi = new FileInfo(zipPath);

            double mbyteSize = (fi.Length / 1024f) / 1024f;
            double kbyteSize = (fi.Length / 1024f);

            Trace.WriteLine(fi.Length < (1024f * 1024f)
                ? $"Payload prepared size: {Math.Round(kbyteSize, 2)} kb"
                : $"Payload prepared size: {Math.Round(mbyteSize, 2)} Mb");

            if (mbyteSize > MaxUploadSizeInMb)
            {
                Trace.WriteLine($"Assessment payload size exceeds {MaxUploadSizeInMb} Mb, cannot continue.");
                Environment.Exit(-1);
            }


            CheckReleaseStatus(api);

            CheckAssessmentOptions(api, options);

            api.SendScanPost();

            // always retire the token

            api.RetireToken();

            // hold console open - ask around if this is something we want to do for interactive runs? Feedback has been conflicting regarding this behavior.

            if (_isConsole)
            {
                Console.WriteLine("Press any key to exit...");
                Console.ReadKey();
            }
        }