diff --git a/fixtures/results/jiraTicketWithCustomPriorityMapping.json b/fixtures/results/jiraTicketWithCustomPriorityMapping.json index 6023c1b..684bb14 100644 --- a/fixtures/results/jiraTicketWithCustomPriorityMapping.json +++ b/fixtures/results/jiraTicketWithCustomPriorityMapping.json @@ -1 +1 @@ -{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"},"priority":{"name":"not too bad"}}} \ No newline at end of file +{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n identifiers: CVE\\-2021\\-23406, CWE\\-94\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"},"priority":{"name":"not too bad"}}} \ No newline at end of file diff --git a/fixtures/results/jiraTicketWithLabels.json b/fixtures/results/jiraTicketWithLabels.json index 5d4114c..c25ff8c 100644 --- a/fixtures/results/jiraTicketWithLabels.json +++ b/fixtures/results/jiraTicketWithLabels.json @@ -1 +1 @@ -{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"},"labels":["Label1","Label2"]}} \ No newline at end of file +{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n identifiers: CVE\\-2021\\-23406, CWE\\-94\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"},"labels":["Label1","Label2"]}} \ No newline at end of file diff --git a/fixtures/results/jiraTicketWithPriorityMapping.json b/fixtures/results/jiraTicketWithPriorityMapping.json index 1011fe9..1a21ea6 100644 --- a/fixtures/results/jiraTicketWithPriorityMapping.json +++ b/fixtures/results/jiraTicketWithPriorityMapping.json @@ -1 +1 @@ -{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"},"priority":{"name":"Medium"}}} \ No newline at end of file +{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n identifiers: CVE\\-2021\\-23406, CWE\\-94\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"},"priority":{"name":"Medium"}}} \ No newline at end of file diff --git a/fixtures/results/jiraTicketWithoutLabels.json b/fixtures/results/jiraTicketWithoutLabels.json index 6c4b814..c4d98d5 100644 --- a/fixtures/results/jiraTicketWithoutLabels.json +++ b/fixtures/results/jiraTicketWithoutLabels.json @@ -1 +1 @@ -{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"}}} \ No newline at end of file +{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n identifiers: CVE\\-2021\\-23406, CWE\\-94\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"}}} \ No newline at end of file diff --git a/fixtures/results/jiraTicketWithoutLabelsWithAssigneeID.json b/fixtures/results/jiraTicketWithoutLabelsWithAssigneeID.json index 6d73bf6..0c82f67 100644 --- a/fixtures/results/jiraTicketWithoutLabelsWithAssigneeID.json +++ b/fixtures/results/jiraTicketWithoutLabelsWithAssigneeID.json @@ -1 +1 @@ -{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"},"assignee":{"accountId":"12345"}}} \ No newline at end of file +{"fields":{"project":{"id":"123"},"summary":"snyk-playground/typescript:package.json - Remote Code Execution (RCE)","description":"\r\n\\*\\* Issue details: \\*\\*\n\r\n cvssScore: 8.10\n identifiers: CVE\\-2021\\-23406, CWE\\-94\n exploitMaturity: proof\\-of\\-concept\n severity: medium\n pkgVersions: \\[3.0.0\\]\n\r\n*Impacted Paths:*\n\\- \"snyk\"@\"1.228.3\" =\u003e \"proxy\\-agent\"@\"3.1.0\" =\u003e \"pac\\-proxy\\-agent\"@\"3.0.0\" =\u003e \"pac\\-resolver\"@\"3.0.0\"\n\r\n\n[See this issue on Snyk|https://app.snyk.io/org/playground/project/12345678-1234-1234-1234-123456789012]\n\n[More About this issue|https://snyk.io/vuln/SNYK-JS-MINIMIST-559764]\n\n","issuetype":{"name":"Bug"},"assignee":{"accountId":"12345"}}} \ No newline at end of file diff --git a/jira_utils.go b/jira_utils.go index 227b0cf..a950719 100644 --- a/jira_utils.go +++ b/jira_utils.go @@ -4,6 +4,7 @@ import ( "encoding/json" "errors" "fmt" + "sort" "strings" bfconfluence "github.com/kentaro-m/blackfriday-confluence" @@ -107,8 +108,23 @@ func formatJiraTicket(jsonVuln jsn.Json, projectInfo jsn.Json) *JiraIssue { Refer to the Reporting tab for possible instructions from your legal team.` } + var identifiers []string + issueData.K("identifiers").IterMap( + func(k string, v jsn.Json) bool { + for _, value := range v.Array().Elements() { + identifiers = append(identifiers, value.String().Value) + } + return true // false to break + }) + + if len(identifiers) == 0 { + identifiers = append(identifiers, "N/A") + } else { + sort.Strings(identifiers) + } issueDetails := []string{"\r\n** Issue details: **\n\r", "\n cvssScore: ", fmt.Sprintf("%.2f", issueData.K("cvssScore").Float64().Value), + "\n identifiers: ", strings.Join(identifiers, ", "), "\n exploitMaturity: ", issueData.K("exploitMaturity").String().Value, "\n severity: ", issueData.K("severity").String().Value, pkgVersions, diff --git a/main.go b/main.go index b7a03b6..6448224 100644 --- a/main.go +++ b/main.go @@ -23,7 +23,7 @@ func main() { filenameNotCreated := CreateLogFile(customDebug, "ErrorsFile_") // Get the project ids associated with org - // If project Id is not specified => get all the projects + // If project ID is not specified => get all the projects projectIDs, er := getProjectsIds(options, customDebug, filenameNotCreated) if er != nil { log.Fatal(er)