Skip to content

Commit

Permalink
ISOC-3805 Update vulnerability description for code scanning, secret …
Browse files Browse the repository at this point in the history
…scanning and dependabot alerts (#2418)

* initial checkin

* fixing typing issue

* fix unit test

* fixing linting error

* fixing linting error

* fixing linting error

---------

Co-authored-by: Harminder <hsingh5@atlassian.com>
  • Loading branch information
Harminder84 and Harminder84 authored Sep 15, 2023
1 parent 608370c commit b4eceab
Show file tree
Hide file tree
Showing 15 changed files with 294 additions and 101 deletions.
19 changes: 17 additions & 2 deletions src/github/client/github-client.types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -101,10 +101,17 @@ export type DependabotAlertResponseItem = {
summary: string,
description: string,
identifiers: { type: string, value: string }[],
references: { url: string }[]
references: { url: string }[],
severity: string,
cvss: {
score?: number
}
},
security_vulnerability: {
severity: string
severity: string,
first_patched_version: {
identifier: number
}
},
dependency: {
scope: string,
Expand Down Expand Up @@ -192,3 +199,11 @@ type CodeScanningAlertResponseItemMostRecentInstance = {
commit_sha: string;
html_url: string;
}

export type CodeScanningAlertInstanceResponseItem = {
ref: string;
environment: string;
category: string;
state: string;
commit_sha: string;
}
11 changes: 10 additions & 1 deletion src/github/client/github-installation-client.ts
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ import {
PaginatedAxiosResponse,
ReposGetContentsResponse,
SecretScanningAlertResponseItem,
CodeScanningAlertResponseItem
CodeScanningAlertResponseItem,
CodeScanningAlertInstanceResponseItem
} from "./github-client.types";
import { GITHUB_ACCEPT_HEADER } from "./github-client-constants";
import { GitHubClient, GitHubConfig, Metrics } from "./github-client";
Expand Down Expand Up @@ -106,6 +107,14 @@ export class GitHubInstallationClient extends GitHubClient {
});
}

public async getCodeScanningAlertInstances(owner: string, repo: string, alertNumber: number): Promise<AxiosResponse<CodeScanningAlertInstanceResponseItem[]>> {
return await this.get<CodeScanningAlertInstanceResponseItem[]>(`/repos/{owner}/{repo}/code-scanning/alerts/{alertNumber}/instances`, { }, {
owner,
repo,
alertNumber
});
}

/**
* Lists pull requests for the given repository.
*/
Expand Down
61 changes: 55 additions & 6 deletions src/github/dependabot-alert.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ describe("DependabotAlertWebhookHandler", () => {
beforeEach(() => {
jiraClient = {
baseURL: jiraHost,
security: { submitVulnerabilities: jest.fn(() =>({ status: 200 })) }
security: { submitVulnerabilities: jest.fn(() => ({ status: 200 })) }
} as unknown as JiraClient;
when(booleanFlag).calledWith(BooleanFlags.ENABLE_GITHUB_SECURITY_IN_JIRA, expect.anything()).mockResolvedValue(true);
});
Expand Down Expand Up @@ -109,14 +109,57 @@ describe("DependabotAlertWebhookHandler", () => {
security_advisory: {
summary: SAMPLE_SECURITY_ADVISORY_SUMMARY,
description: SAMPLE_SECURITY_ADVISORY_DESCRIPTION,
identifiers: [],
references: []
severity: HIGH,
cvss: {
score: "7.4"
},
identifiers: [{
value: "GHSA-jf85-cpcp-j695",
type: "GHSA"
}, {
value: "CVE-2019-10744",
type: "CVE"
}],
references: [{
url: "https://github.com/lodash/lodash/pull/4336"
},
{
url: "https://nvd.nist.gov/vuln/detail/CVE-2019-10744"
},
{
url: "https://snyk.io/vuln/SNYK-JS-LODASH-450202"
},
{
url: "https://www.npmjs.com/advisories/1065"
},
{
url: "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
url: "https://security.netapp.com/advisory/ntap-20191004-0005/"
},
{
url: "https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp;utm_medium=RSS"
},
{
url: "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
url: "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
url: "https://github.com/advisories/GHSA-jf85-cpcp-j695"
}
]
},
html_url: SAMPLE_SECURITY_URL,
created_at: SAMPLE_SECURITY_CREATED_DATE,
updated_at: SAMPLE_SECURITY_UPDATED_DATE,
security_vulnerability: {
severity: HIGH
severity: HIGH,
first_patched_version: {
identifier: "4.17.12"
}
},
dependency: {
manifest_path: PATH_TO_MANIFEST
Expand Down Expand Up @@ -157,15 +200,21 @@ describe("DependabotAlertWebhookHandler", () => {
updateSequenceNumber: Date.now(),
containerId: "456",
displayName: SAMPLE_SECURITY_ADVISORY_SUMMARY,
description: SAMPLE_SECURITY_ADVISORY_DESCRIPTION,
description: "**Vulnerability:** Sample security advisory summary\n\n**Impact:** Sample security advisory description\n\n**Severity:** High - 7.4\n\nGitHub uses [Common Vulnerability Scoring System (CVSS)](https://www.atlassian.com/trust/security/security-severity-levels) data to calculate security severity.\n\n**State:** Open\n\n**Patched version:** 4.17.12\n\n**Identifiers:**\n\n- [GHSA-jf85-cpcp-j695](https://github.com/advisories/GHSA-jf85-cpcp-j695)\n- [CVE-2019-10744](https://nvd.nist.gov/vuln/detail/CVE-2019-10744)\n\nVisit the vulnerability’s [dependabot alert page](https://github.com/user/repo/security/advisories/123) in GitHub to learn more about and see remediation options.",
url: SAMPLE_SECURITY_URL,
type: "sca",
introducedDate: SAMPLE_SECURITY_CREATED_DATE,
lastUpdated: SAMPLE_SECURITY_UPDATED_DATE,
severity: {
level: HIGH
},
identifiers: [],
identifiers: [{
"displayName": "GHSA-jf85-cpcp-j695",
"url": "https://github.com/advisories/GHSA-jf85-cpcp-j695"
}, {
"displayName": "CVE-2019-10744",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10744"
}],
status: JIRA_VULNERABILITY_STATUS_ENUM_OPEN,
additionalInfo: {
content: PATH_TO_MANIFEST
Expand Down
2 changes: 1 addition & 1 deletion src/github/secret-scanning-alert.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ describe("SecretScanningAlertWebhookHandler", () => {
updateSequenceNumber: Date.now(),
containerId: "456",
displayName: "GitHub Personal Access Token",
description: "Secret scanning alert",
description: "**Vulnerability:** Fix GitHub Personal Access Token\n\n**State:** Open\n\n**Secret type:** github_personal_access_token\n\nVisit the vulnerability’s [secret scanning alert page](https://github.com/user/repo/security/advisories/123) in GitHub to learn more about the potential active secret and remediation steps.",
url: SAMPLE_SECURITY_URL,
type: "sast",
introducedDate: SAMPLE_SECURITY_CREATED_DATE,
Expand Down
Loading

0 comments on commit b4eceab

Please sign in to comment.