minor: Adding new flag: canAutoPR

RELEASE of (#187) Thi is to address #182 Co-authored-by: Troy Havelock <[email protected]> Co-authored-by: Troy Havelock <[email protected]>
snyk-tech-services · Dec 16, 2022 · c767029 · c767029
1 parent 247502c
commit c767029
Show file tree

Hide file tree

Showing 13 changed files with 375 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -170,6 +170,12 @@ Use `go install github.com/snyk-tech-services/jira-tickets-for-new-vulns@latest`
 
   *Example*: `--configFile=/directory-name`
 
+- `--ifAutoFixableOnly` *optional*
+
+  Only create tickets for `vuln` issues that are fixable (no effect when using `ifUpgradeAvailableOnly`).`--type` must be set to `all` or `vuln` for this to work.
+
+  *Example*: `--ifAutoFixableOnly=true`
+
 ## Restrictions
 The tool does not support IAC project. It will open issue only for code and open source projects and ignore all other project type.
 

diff --git a/fixtures/vulnForJiraAggregatedWithPathList.json b/fixtures/vulnForJiraAggregatedWithPathList.json
@@ -38,6 +38,7 @@
     "isIgnored": false,
     "fixInfo": {
       "isUpgradable": true,
+      "isFixable": true,
       "isPinnable": false,
       "isPatchable": false,
       "isPartiallyFixable": true,
@@ -88,6 +89,7 @@
     "isIgnored": false,
     "fixInfo": {
       "isUpgradable": false,
+      "isFixable": true,
       "isPinnable": false,
       "isPatchable": false,
       "isPartiallyFixable": true,

diff --git a/fixtures/vulnForJiraAggregatedWithPathList2.json b/fixtures/vulnForJiraAggregatedWithPathList2.json
@@ -0,0 +1,104 @@
+{ 
+  "SNYK-JS-MINIMIST-559764" : {
+    "id": "SNYK-JS-MINIMIST-559764",
+    "issueType": "vuln",
+    "pkgName": "pac-resolver",
+    "pkgVersions": ["3.0.0"],
+    "priorityScore": 798,
+    "priority": {
+      "score": 798,
+      "factors": [
+        {
+          "name": "exploitMaturity",
+          "description": "Proof of Concept exploit"
+        },
+        { "name": "isFresh", "description": "Recently disclosed" },
+        { "name": "isFixable", "description": "Has a fix available" },
+        { "name": "cvssScore", "description": "CVSS 8.1" }
+      ]
+    },
+    "issueData": {
+      "id": "SNYK-JS-MINIMIST-559764",
+      "title": "Remote Code Execution (RCE)",
+      "severity": "medium",
+      "url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764",
+      "identifiers": { "CVE": ["CVE-2021-23406"], "CWE": ["CWE-94"] },
+      "credit": ["Tim Perry"],
+      "exploitMaturity": "proof-of-concept",
+      "semver": { "vulnerable": ["<5.0.0"] },
+      "publicationTime": "2021-08-22T13:26:31.060241Z",
+      "disclosureTime": "2021-05-30T13:37:37Z",
+      "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
+      "cvssScore": 8.1,
+      "language": "js",
+      "patches": [],
+      "nearestFixedInVersion": ""
+    },
+    "isPatched": false,
+    "isIgnored": false,
+    "fixInfo": {
+      "isUpgradable": true,
+      "isFixable": true,
+      "isPinnable": false,
+      "isPatchable": false,
+      "isPartiallyFixable": true,
+      "nearestFixedInVersion": "",
+      "fixedIn": ["5.0.0"]
+    },
+    "links": {
+      "paths": "https://app.snyk.io/api/v1/org/f6999a85-c519-4ee7-ae55-3269b9bfa4b6/project/9d64b8a9-883e-42f9-abd3-66b274b66a4c/history/1c2130c4-82a5-4130-9632-fcbf204a8267/issue/SNYK-JS-MINIMIST-559764/paths"
+    },
+    "from" : [[{"name":"snyk","version":"1.228.3"},{"name":"proxy-agent","version":"3.1.0"},{"name":"pac-proxy-agent","version":"3.0.0"},{"name":"pac-resolver","version":"3.0.0"}]]
+  },
+  "SNYK-JS-MINIMIST-559765" : {
+    "id": "SNYK-JS-MINIMIST-559765",
+    "issueType": "vuln",
+    "pkgName": "acorn",
+    "pkgVersions": ["3.0.0"],
+    "priorityScore": 798,
+    "priority": {
+      "score": 798,
+      "factors": [
+        {
+          "name": "exploitMaturity",
+          "description": "Proof of Concept exploit"
+        },
+        { "name": "isFresh", "description": "Recently disclosed" },
+        { "name": "isFixable", "description": "Has a fix available" },
+        { "name": "cvssScore", "description": "CVSS 8.1" }
+      ]
+    },
+    "issueData": {
+      "id": "SNYK-JS-MINIMIST-559765",
+      "title": "Remote Code Execution (RCE)",
+      "severity": "medium",
+      "url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559765",
+      "identifiers": { "CVE": ["CVE-2021-23406"], "CWE": ["CWE-94"] },
+      "credit": ["Tim Perry"],
+      "exploitMaturity": "proof-of-concept",
+      "semver": { "vulnerable": ["<5.0.0"] },
+      "publicationTime": "2021-08-22T13:26:31.060241Z",
+      "disclosureTime": "2021-05-30T13:37:37Z",
+      "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
+      "cvssScore": 8.1,
+      "language": "js",
+      "patches": [],
+      "nearestFixedInVersion": ""
+    },
+    "isPatched": false,
+    "isIgnored": false,
+    "fixInfo": {
+      "isUpgradable": false,
+      "isPinnable": false,
+      "isPatchable": false,
+      "isPartiallyFixable": true,
+      "nearestFixedInVersion": "",
+      "fixedIn": ["5.0.0"]
+    },
+    "links": {
+      "paths": "https://app.snyk.io/api/v1/org/f6999a85-c519-4ee7-ae55-3269b9bfa4b6/project/9d64b8a9-883e-42f9-abd3-66b274b66a4c/history/1c2130c4-82a5-4130-9632-fcbf204a8267/issue/SNYK-JS-MINIMIST-559765/paths"
+    },
+    "from" : [[{"name":"snyk","version":"1.228.3"},{"name":"proxy-agent","version":"3.1.0"},{"name":"pac-proxy-agent","version":"3.0.0"},{"name":"pac-resolver","version":"3.0.0"}]]
+  }
+}
+
diff --git a/fixtures/yamlFileForMandatoryFieldTest/jira.yaml b/fixtures/yamlFileForMandatoryFieldTest/jira.yaml
@@ -6,6 +6,7 @@ snyk:
     type: vuln #what snyk issue types should we consider to ticket
     priorityScoreThreshold: 20
     ifUpgradeAvailableOnly: true
+    ifAutoFixableOnly: true
 jira:
     jiraTicketType: Task
     jiraProjectID: 15698

diff --git a/jira.go b/jira.go
@@ -224,7 +224,7 @@ func displayErrorForIssue(vulnForJira interface{}, reason string, error error, e
 	jsonVuln, _ := jsn.NewJson(vulnForJira)
 	vulnID := jsonVuln.K("id").String().Value
 	message := fmt.Sprintf("VulnID %s ticket not created : Request to %s failed with : %s", vulnID, endpointAPI, error)
-	if reason == "ifUpgradeAvailableOnly" {
+	if reason == "ifUpgradeAvailableOnly" || reason == "ifAutoFixableOnly" {
 		message = fmt.Sprintf("VulnID %s ticket not created : %s", vulnID, error)
 	}
 	log.Printf("*** ERROR *** " + message)
@@ -250,6 +250,13 @@ func openJiraTickets(flags flags, projectInfo jsn.Json, vulnsForJira map[string]
 				fullListNotCreatedIssue += displayErrorForIssue(vulnForJira, "ifUpgradeAvailableOnly", errors.New(message), "", customDebug)
 				continue
 			}
+		} else if flags.optionalFlags.ifAutoFixableOnly {
+			// skip ticket creating if the vuln is not fixable
+			if jsonVuln.K("fixInfo").K("isFixable").Bool().Value == false {
+				message := fmt.Sprintf("Skipping creating ticket for %s because no fix is available.", jsonVuln.K("issueData").K("title").String().Value)
+				fullListNotCreatedIssue += displayErrorForIssue(vulnForJira, "ifAutoFixableOnly", errors.New(message), "", customDebug)
+				continue
+			}
 		}
 
 		RequestFailed = false

diff --git a/jira_labels_test.go b/jira_labels_test.go
@@ -77,6 +77,7 @@ func TestOpenJiraTicketWithLabelsFunc(t *testing.T) {
 	Of.dryRun = false
 	Of.cveInTitle = false
 	Of.ifUpgradeAvailableOnly = false
+	Of.ifAutoFixableOnly = false
 
 	flags := flags{}
 	flags.mandatoryFlags = Mf
@@ -137,6 +138,7 @@ func TestOpenJiraTicketWithoutLabelsFunc(t *testing.T) {
 	Of.dryRun = false
 	Of.cveInTitle = false
 	Of.ifUpgradeAvailableOnly = false
+	Of.ifAutoFixableOnly = false
 
 	flags := flags{}
 	flags.mandatoryFlags = Mf

diff --git a/jira_prioritymapping_test.go b/jira_prioritymapping_test.go
@@ -48,6 +48,7 @@ func TestOpenJiraTicketWithPriorityMappingFunc(t *testing.T) {
 	Of.dryRun = false
 	Of.cveInTitle = false
 	Of.ifUpgradeAvailableOnly = false
+	Of.ifAutoFixableOnly = false
 
 	flags := flags{}
 	flags.mandatoryFlags = Mf
@@ -108,6 +109,7 @@ func TestOpenJiraTicketWithoutPriorityMappingFunc(t *testing.T) {
 	Of.dryRun = false
 	Of.cveInTitle = false
 	Of.ifUpgradeAvailableOnly = false
+	Of.ifAutoFixableOnly = false
 
 	flags := flags{}
 	flags.mandatoryFlags = Mf
@@ -170,6 +172,7 @@ func TestOpenJiraTicketWithCustomPriorityMappingFunc(t *testing.T) {
 	Of.maturityFilterString = ""
 	Of.dryRun = false
 	Of.ifUpgradeAvailableOnly = false
+	Of.ifAutoFixableOnly = false
 
 	flags := flags{}
 	flags.mandatoryFlags = Mf

diff --git a/jira_snyk_code_test.go b/jira_snyk_code_test.go
@@ -39,6 +39,7 @@ func TestFormatCodeTicketFunc(t *testing.T) {
 	Of.maturityFilterString = ""
 	Of.dryRun = false
 	Of.ifUpgradeAvailableOnly = false
+	Of.ifAutoFixableOnly = false
 
 	flags := flags{}
 	flags.mandatoryFlags = Mf
@@ -106,6 +107,7 @@ func TestOpenJiraTicketCodeOnly(t *testing.T) {
 	Of.maturityFilterString = ""
 	Of.dryRun = false
 	Of.ifUpgradeAvailableOnly = false
+	Of.ifAutoFixableOnly = false
 
 	flags := flags{}
 	flags.mandatoryFlags = Mf
@@ -165,6 +167,7 @@ func TestOpenJiraTicketCodeOnlyWithLabel(t *testing.T) {
 	Of.maturityFilterString = ""
 	Of.dryRun = false
 	Of.ifUpgradeAvailableOnly = false
+	Of.ifAutoFixableOnly = false
 
 	flags := flags{}
 	flags.mandatoryFlags = Mf
@@ -229,6 +232,7 @@ func TestOpenJiraTicketCodeOnlyWithSeverity(t *testing.T) {
 	Of.maturityFilterString = ""
 	Of.dryRun = false
 	Of.ifUpgradeAvailableOnly = false
+	Of.ifAutoFixableOnly = false
 
 	flags := flags{}
 	flags.mandatoryFlags = Mf
@@ -294,6 +298,7 @@ func TestOpenJiraTicketCodeOnlyWithAssigneeId(t *testing.T) {
 	Of.dryRun = false
 	Of.cveInTitle = true
 	Of.ifUpgradeAvailableOnly = false
+	Of.ifAutoFixableOnly = false
 
 	flags := flags{}
 	flags.mandatoryFlags = Mf
@@ -353,6 +358,7 @@ func TestGetSnykCodeIssueWithoutTickets(t *testing.T) {
 	Of.projectID = ""
 	Of.maturityFilterString = ""
 	Of.ifUpgradeAvailableOnly = false
+	Of.ifAutoFixableOnly = false
 
 	flags := flags{}
 	flags.mandatoryFlags = Mf
@@ -410,6 +416,7 @@ func TestGetSnykCodeIssueWithoutTicketsWithIgnored(t *testing.T) {
 	Of.projectID = ""
 	Of.maturityFilterString = ""
 	Of.ifUpgradeAvailableOnly = false
+	Of.ifAutoFixableOnly = false
 
 	flags := flags{}
 	flags.mandatoryFlags = Mf
@@ -467,6 +474,7 @@ func TestGetSnykCodeIssueWithoutTicketsWithSeverityFilter(t *testing.T) {
 	Of.projectID = ""
 	Of.maturityFilterString = ""
 	Of.ifUpgradeAvailableOnly = false
+	Of.ifAutoFixableOnly = false
 
 	flags := flags{}
 	flags.mandatoryFlags = Mf
@@ -522,6 +530,7 @@ func TestGetSnykCodeIssueWithoutTicketsWithPagination(t *testing.T) {
 	Of.projectID = "xxx99a85-c519-xxxx-ae55-xxx9b9bfaxxx"
 	Of.maturityFilterString = ""
 	Of.ifUpgradeAvailableOnly = false
+	Of.ifAutoFixableOnly = false
 
 	flags := flags{}
 	flags.mandatoryFlags = Mf