Skip to content

Commit

Permalink
minor: Added Identifiers to JIRA Ticket Body
Browse files Browse the repository at this point in the history 
Iterating through the list of issue identifiers (CVE, CWE, etc) and
add them to the Jira Ticket body
  • Loading branch information
@vallieres @lili2311
vallieres authored and lili2311 committed Nov 5, 2022
1 parent 4cb0e5e commit 62f1ed3
Show file tree
Hide file tree
Showing 7 changed files with 22 additions and 6 deletions.
2 changes: 1 addition & 1 deletion fixtures/results/jiraTicketWithCustomPriorityMapping.json
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"},"priority":{"name":"not too bad"}}}
{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n identifiers: CVE\\-2021\\-23406, CWE\\-94\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"},"priority":{"name":"not too bad"}}}
2 changes: 1 addition & 1 deletion fixtures/results/jiraTicketWithLabels.json
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"},"labels":["Label1","Label2"]}}
{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n identifiers: CVE\\-2021\\-23406, CWE\\-94\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"},"labels":["Label1","Label2"]}}
2 changes: 1 addition & 1 deletion fixtures/results/jiraTicketWithPriorityMapping.json
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"},"priority":{"name":"Medium"}}}
{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n identifiers: CVE\\-2021\\-23406, CWE\\-94\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"},"priority":{"name":"Medium"}}}
2 changes: 1 addition & 1 deletion fixtures/results/jiraTicketWithoutLabels.json
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"}}}
{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n identifiers: CVE\\-2021\\-23406, CWE\\-94\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"}}}
2 changes: 1 addition & 1 deletion fixtures/results/jiraTicketWithoutLabelsWithAssigneeID.json
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"},"assignee":{"accountId":"12345"}}}
{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n identifiers: CVE\\-2021\\-23406, CWE\\-94\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"},"assignee":{"accountId":"12345"}}}
16 changes: 16 additions & 0 deletions jira_utils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"encoding/json"
"errors"
"fmt"
"sort"
"strings"

bfconfluence "github.com/kentaro-m/blackfriday-confluence"
Expand Down Expand Up @@ -107,8 +108,23 @@ func formatJiraTicket(jsonVuln jsn.Json, projectInfo jsn.Json) *JiraIssue {
Refer to the Reporting tab for possible instructions from your legal team.`
}

var identifiers []string
issueData.K("identifiers").IterMap(
func(k string, v jsn.Json) bool {
for _, value := range v.Array().Elements() {
identifiers = append(identifiers, value.String().Value)
}
return true // false to break
})

if len(identifiers) == 0 {
identifiers = append(identifiers, "N/A")
} else {
sort.Strings(identifiers)
}
issueDetails := []string{"\r\n** Issue details: **\n\r",
"\n cvssScore: ", fmt.Sprintf("%.2f", issueData.K("cvssScore").Float64().Value),
"\n identifiers: ", strings.Join(identifiers, ", "),
"\n exploitMaturity: ", issueData.K("exploitMaturity").String().Value,
"\n severity: ", issueData.K("severity").String().Value,
pkgVersions,
Expand Down
2 changes: 1 addition & 1 deletion main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ func main() {
filenameNotCreated := CreateLogFile(customDebug, "ErrorsFile_")

// Get the project ids associated with org
// If project Id is not specified => get all the projects
// If project ID is not specified => get all the projects
projectIDs, er := getProjectsIds(options, customDebug, filenameNotCreated)
if er != nil {
log.Fatal(er)
Expand Down

0 comments on commit 62f1ed3

Please sign in to comment.