fod sast-scan start: add --in-progress-action and --entitlement-preference options, fix NPE

fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/_common/scan/helper/sast/FoDScanSastHelper.java

@@ -66,8 +66,10 @@ public static final FoDScanDescriptor startScanAdvanced(UnirestInstance unirest,
                 .queryString("purchaseEntitlement", Boolean.toString(req.getPurchaseEntitlement()))
                 .queryString("remdiationScanPreferenceType", (req.getRemdiationScanPreferenceType() != null ?
                         FoDEnums.RemediationScanPreferenceType.valueOf(req.getRemdiationScanPreferenceType()) : FoDEnums.RemediationScanPreferenceType.NonRemediationScanOnly))
+                // Raw string is passed (not valueOf) because the caller may supply "CancelInProgressScan",
+                // which differs from the enum name "CancelScanInProgress" used by DAST.
                 .queryString("inProgressScanActionType", (req.getInProgressScanActionType() != null ?
-                        FoDEnums.InProgressScanActionType.valueOf(req.getInProgressScanActionType()) : FoDEnums.InProgressScanActionType.DoNotStartScan))
+                        req.getInProgressScanActionType() : FoDEnums.InProgressScanActionType.DoNotStartScan.toString()))
                 .queryString("scanTool", req.getScanTool())
                 .queryString("scanToolVersion", req.getScanToolVersion())
                 .queryString("scanMethodType", req.getScanMethodType());

fcli-core/fcli-fod/src/main/java/com/fortify/cli/fod/sast_scan/cli/cmd/FoDSastScanStartCommand.java

@@ -41,35 +41,54 @@ public class FoDSastScanStartCommand extends AbstractFoDScanStartCommand {
 
     @Option(names = {"--notes"})
     private String notes;
+    @Option(names = {"--in-progress-action"}, descriptionKey = "fcli.fod.sast-scan.start.in-progress-action")
+    private FoDEnums.InProgressScanActionType inProgressScanActionType;
+    @Option(names = {"--entitlement-preference"}, descriptionKey = "fcli.fod.scan.entitlement-preference")
+    private FoDEnums.EntitlementPreferenceType entitlementPreferenceType;
     @Mixin private CommonOptionMixins.RequiredFile scanFileMixin;
 
     @Mixin private FoDRemediationScanPreferenceTypeMixins.OptionalOption remediationScanType;
     @Mixin private ProgressWriterFactoryMixin progressWriterFactory;
-    
+
     @Override
     protected FoDScanDescriptor startScan(UnirestInstance unirest, FoDReleaseDescriptor releaseDescriptor) {
         String relId = releaseDescriptor.getReleaseId();
-        Boolean isRemediation = false;
-
-        // if we have requested remediation scan use it to find appropriate assessment type
-        if (remediationScanType != null && remediationScanType.getRemediationScanPreferenceType() != null) {
-            if (remediationScanType.getRemediationScanPreferenceType().equals(FoDEnums.RemediationScanPreferenceType.RemediationScanIfAvailable) ||
-                    remediationScanType.getRemediationScanPreferenceType().equals(FoDEnums.RemediationScanPreferenceType.RemediationScanOnly)) {
-                isRemediation = true;
-            }
-        }
 
         validateScanSetup(unirest, relId);
 
-        FoDScanSastStartRequest startScanRequest = FoDScanSastStartRequest.builder()
-                .isRemediationScan(isRemediation)
+        // Guard remediationScanType against null; Picocli @Mixin fields may be null if not injected
+        FoDEnums.RemediationScanPreferenceType remediationPref = remediationScanType != null
+                ? remediationScanType.getRemediationScanPreferenceType() : null;
+
+        boolean useAdvanced = entitlementPreferenceType != null || inProgressScanActionType != null;
+
+        FoDScanSastStartRequest.FoDScanSastStartRequestBuilder requestBuilder = FoDScanSastStartRequest.builder()
                 .scanMethodType("Other")
                 .notes(notes != null && !notes.isEmpty() ? notes : "")
                 .scanTool(FcliBuildProperties.INSTANCE.getFcliProjectName())
-                .scanToolVersion(FcliBuildProperties.INSTANCE.getFcliVersion())
-                .build();
+                .scanToolVersion(FcliBuildProperties.INSTANCE.getFcliVersion());
 
         try (IProgressWriter progressWriter = progressWriterFactory.create()) {
+            if (useAdvanced) {
+                FoDEnums.InProgressScanActionType inProgressAction = inProgressScanActionType != null
+                        ? inProgressScanActionType : FoDEnums.InProgressScanActionType.Queue;
+                // FoD's start-scan-advanced expects 'CancelInProgressScan' rather than the enum's 'CancelScanInProgress'
+                String inProgressApiValue = inProgressAction == FoDEnums.InProgressScanActionType.CancelScanInProgress
+                        ? "CancelInProgressScan" : inProgressAction.name();
+                FoDScanSastStartRequest startScanRequest = requestBuilder
+                        .entitlementPreferenceType(entitlementPreferenceType != null ? entitlementPreferenceType.name() : null)
+                        .purchaseEntitlement(false)
+                        .remdiationScanPreferenceType(remediationPref != null ? remediationPref.name() : null)
+                        .inProgressScanActionType(inProgressApiValue)
+                        .build();
+                return FoDScanSastHelper.startScanAdvanced(unirest, releaseDescriptor, startScanRequest, scanFileMixin.getFile(), progressWriter);
+            }
+            boolean isRemediation = remediationPref != null
+                    && (remediationPref.equals(FoDEnums.RemediationScanPreferenceType.RemediationScanIfAvailable)
+                            || remediationPref.equals(FoDEnums.RemediationScanPreferenceType.RemediationScanOnly));
+            FoDScanSastStartRequest startScanRequest = requestBuilder
+                    .isRemediationScan(isRemediation)
+                    .build();
             return FoDScanSastHelper.startScanWithDefaults(unirest, releaseDescriptor, startScanRequest, scanFileMixin.getFile(), progressWriter);
         }
     }

fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/i18n/FoDMessages.properties

@@ -554,6 +554,7 @@ fcli.fod.sast-scan.start.remediation = Identify this scan as a remediation scan.
 fcli.fod.sast-scan.start.skip-if-running = Check to see if static scan is already running before starting.
 fcli.fod.sast-scan.start.entitlement-id = The Id of the entitlement to use for the scan.
 fcli.fod.sast-scan.start.purchase-entitlement = Purchase an entitlement if one is not currently allocated or available.
+fcli.fod.sast-scan.start.in-progress-action = The action to use if a scan is already in progress. Valid values: ${COMPLETION-CANDIDATES}. Defaults to 'Queue' when this or '--entitlement-preference' is specified; otherwise the FoD-side default applies.
 fcli.fod.sast-scan.start.notes = Scan notes.
 fcli.fod.sast-scan.start.file = Absolute path of the ScanCentral package (.Zip) file to upload.
 fcli.fod.sast-scan.start.validate-entitlement = Validate if an entitlement has been set and is still valid.

fcli-other/fcli-functional-test/src/ftest/groovy/com/fortify/cli/ftest/fod/FoDScanSpec.groovy

@@ -337,6 +337,28 @@ class FoDScanSpec extends FcliBaseSpec {
             }
     }
 
+    def "start.sast-scan-advanced-queue"() {
+        def args = "fod sast-scan start --release=fcli-1698140484524:v2 --file=$sastPackage --in-progress-action=Queue --store sastScanAdvQueue"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()>=2
+                it.last().contains("STARTED")
+            }
+    }
+
+    def "start.sast-scan-advanced-entitlement-preference"() {
+        def args = "fod sast-scan start --release=fcli-1698140484524:v2 --file=$sastPackage --entitlement-preference=SubscriptionOnly --store sastScanAdvEntPref"
+        when:
+            def result = Fcli.run(args)
+        then:
+            verifyAll(result.stdout) {
+                size()>=2
+                it.last().contains("STARTED")
+            }
+    }
+
     def "wait-for-sast"() {
         def args = "fod sast-scan wait-for ::sastScan:: -i 2s --until=all-match --any-state=Completed,In_Progress,Queued"
         when: