nexpose_ticketing 0.8.0 → 0.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8fcbb2154c8ceb5ebfab167803d4b8eb1e8bbd7e
-  data.tar.gz: 01b9c52553f5bfff7068e3b1f053019eee376f07
+  metadata.gz: 115064fd58b671883cce7cb3e2d248319fb49b77
+  data.tar.gz: 49eaabad5c7e5e5b8d8342c78971b2ee1bc421e5
 SHA512:
-  metadata.gz: e630c064eeafd32dce7ad4acee581db6d9d59782ecd56ce17f17260c9c01e5d849b6ce1c8f97f1157fc35e5fd554afdef10589787e27c6501b1de3f9d7ca3209
-  data.tar.gz: 97d83bf0c24fd43bbe9347c4a8e88cf8d33811a17361f2e65348ef619c8b46ac4615263bb64080e11533a4a08d8cac548cfa7f6b5c6fb362c47a33e2a3584f32
+  metadata.gz: e31de51ea6dd0dbd4917221c1b14c6c20667349adfa245873c0626b5a77f965af00f9194ce9f8fde699d0c2b0db870e81ccd35ffb450b0eec5c1ae08f01f8ad3
+  data.tar.gz: e13adabcfafaf8e403952289a379038cb5f27d5bee56db5bc888d85885a4db848634fb41d445ba28a2aa82fe8736f4009b797afb8e78d431536955816205ee2e

data/lib/nexpose_ticketing/config/jira.config

@@ -5,7 +5,13 @@
 # (M)) Helper class name.
 :helper_name: JiraHelper
 # Optional parameters, these are implementation specific.
-:jira_url: https://JIRA_URL/rest/api/2/issue/
-:username: admin
-:password: admin
-:project: KEY
+:jira_url: https://url/rest/api/2/issue/
+:username: jirausername
+:password: jirapassword
+:project: projectname
+# The workflow 'Step Name' and 'Step Name ID' for the 'closed' Status. This is used to close tickets automatically and can be any status
+# not just 'Closed'. The Jira helper uses these details to try and find a transition to set the ticket to this status (a transition to
+# this status should be available from every other status). Jira's default workflow details are used by default (shown below).
+# Note the 'close_step_name' configuration parameter is also used to query Jira for tickets. Any ticket in that status will be ignored.
+:close_step_id: 6
+:close_step_name: Closed

data/lib/nexpose_ticketing/config/servicenow.config

@@ -12,7 +12,7 @@
 # (M) Username for ServiceNow
 :username: admin
 # (M) Password for above username
-:password: nxadmin
+:password: admin
 # (M) If 'Y', SSL connections will output to stderr (default is 'N')
 :verbose_mode: N
 # (M) Amount of times the helper will follow 301/302 redirections

data/lib/nexpose_ticketing/config/ticket_service.config

@@ -34,8 +34,8 @@
 # Nexpose options.
 :nexpose_data:
   # (M) Nexpose console hostname.
-  :nxconsole: nexpose-console.host.com
+  :nxconsole: 127.0.0.1 
   # (M) Nexpose username.
-  :nxuser: admin
+  :nxuser: nxadmin
   # (M) Nexpose password.
-  :nxpasswd: admin
+  :nxpasswd: nxadmin

data/lib/nexpose_ticketing/helpers/jira_helper.rb

@@ -3,6 +3,7 @@ require 'net/http'
 require 'net/https'
 require 'uri'
 require 'csv'
+require 'nexpose_ticketing/nx_logger'
 
 # This class serves as the JIRA interface
 # that creates issues within JIRA from vulnerabilities
@@ -15,9 +16,10 @@ class JiraHelper
   def initialize(jira_data, options)
     @jira_data = jira_data
     @options = options
+    @log = NexposeTicketing::NXLogger.new
   end
 
-  # Generates the NXID. The NXID is a unique indentifier used to find and update and/or close tickets. 
+  # Generates the NXID. The NXID is a unique identifier used to find and update and/or close tickets.
   #
   # * *Args*    :
   #   - +site_id+ -  Site ID the tickets are being generated for. Required for all ticketing modes
@@ -60,40 +62,87 @@ class JiraHelper
     headers = { 'Content-Type' => 'application/json',
                 'Accept' => 'application/json' }
 
-    url = URI.parse(("#{@jira_data[:jira_url]}".split("/")[0..-2].join("/") + '/search'))
-    url.query = [url.query, URI.escape(jql_query)].compact.join('&')
-    req = Net::HTTP::Get.new(url.to_s, headers)
+    uri = URI.parse(("#{@jira_data[:jira_url]}".split("/")[0..-2].join('/') + '/search'))
+    uri.query = [uri.query, URI.escape(jql_query)].compact.join('&')
+    req = Net::HTTP::Get.new(uri.to_s, headers)
     req.basic_auth @jira_data[:username], @jira_data[:password]
-    resp = Net::HTTP.new(url.host, url.port)
+    resp = Net::HTTP.new(uri.host, uri.port)
 
     # Enable this line for debugging the https call.
-    # resp.set_debug_output $stderr
+    # resp.set_debug_output(@log)
 
-    resp.use_ssl = true if @jira_data[:jira_url].to_s.start_with?('https')
+    resp.use_ssl = true if uri.scheme == 'https'
     resp.verify_mode = OpenSSL::SSL::VERIFY_NONE
     response = resp.request(req)
 
     issues = JSON.parse(response.body)['issues']
-    #TODO: fail(?) if more than one issue exits with a "unique" NXID
-    return nil if issues.nil? || !issues.any? || issues.size > 1
+   if issues.nil? || !issues.any? || issues.size > 1
+     # If Jira returns more than one key for a "unique" NXID query result then something has gone wrong...
+     # Safest response is to return no key and let logic elsewhere dictate the action to take.
+     @log.log_message("Jira returned no key or too many keys for query result! Response was <#{issues}>")
+     return nil
+   end
     return issues[0]['key']
   end
 
+  # Fetches the Jira ticket transition details for the given Jira ticket key. Tries to match the response to the
+  # the desired transition in the configuration file.
+  #
+  # * *Args*    :
+  #   - +Jira key+ -  Jira ticket key e.g. INT-1.
+  #   - +Step ID+ -  Jira transition step id (Jira number assigned to a status).
+  #
+  # * *Returns* :
+  #   - Jira transition details in JSON format if matched, nil otherwise.
+  #
+  def get_jira_transition_details(jira_key, step_id)
+    fail 'Jira ticket key and transition step ID required to find transition details.' if jira_key.nil? || step_id.nil?
+
+    headers = { 'Content-Type' => 'application/json',
+                'Accept' => 'application/json' }
+
+    uri = URI.parse(("#{@jira_data[:jira_url]}#{jira_key}/transitions?expand=transitions.fields."))
+    req = Net::HTTP::Get.new(uri.to_s, headers)
+    req.basic_auth @jira_data[:username], @jira_data[:password]
+    resp = Net::HTTP.new(uri.host, uri.port)
+
+    # Enable this line for debugging the https call.
+    # resp.set_debug_output(@log)
+
+    resp.use_ssl = true if uri.scheme == 'https'
+    resp.verify_mode = OpenSSL::SSL::VERIFY_NONE
+
+    response = resp.request(req)
+
+    transitions = JSON.parse(response.body)
+
+    if transitions.has_key? 'transitions'
+      transitions['transitions'].each do |transition|
+        if transition['to']['id'] == step_id.to_s
+          return transition
+        end
+      end
+    end
+    @log.log_message("Jira returned no valid transition to close the ticket! Response was <#{transitions}> and desired close Step ID was <#{@jira_data[:close_step_id]}>.")
+    return nil
+  end
+
   def create_tickets(tickets)
     fail 'Ticket(s) cannot be empty.' if tickets.empty? || tickets.nil?
     tickets.each do |ticket|
       headers = { 'Content-Type' => 'application/json',
                   'Accept' => 'application/json' }
-      url = URI.parse("#{@jira_data[:jira_url]}")
+
+      uri = URI.parse("#{@jira_data[:jira_url]}")
       req = Net::HTTP::Post.new(@jira_data[:jira_url], headers)
       req.basic_auth @jira_data[:username], @jira_data[:password]
       req.body = ticket
-      resp = Net::HTTP.new(url.host, url.port)
+      resp = Net::HTTP.new(uri.host, uri.port)
 
       # Enable this line for debugging the https call.
-      #resp.set_debug_output $stderr
+      #resp.set_debug_output(@log)
 
-      resp.use_ssl = true if @jira_data[:jira_url].to_s.start_with?('https')
+      resp.use_ssl = true if uri.scheme == 'https'
       resp.verify_mode = OpenSSL::SSL::VERIFY_NONE
       resp.start { |http| http.request(req) }
     end
@@ -111,12 +160,13 @@ class JiraHelper
     when 'I'
       prepare_tickets_by_ip(vulnerability_list, site_id)
     else
-        fail 'No ticketing mode selected.'
+        fail 'Unsupported ticketing mode selected.'
     end
   end
 
   # Prepares and creates tickets in default mode.
   def prepare_tickets_default(vulnerability_list, site_id)
+    @log.log_message('Preparing tickets for default mode.')
     tickets = []
     CSV.parse(vulnerability_list.chomp, headers: :first_row) do |row|
       # JiraHelper doesn't like new line characters in their summaries.
@@ -143,9 +193,10 @@ class JiraHelper
   #   - +site_id+ -  Site ID the vulnerability list was generate from.
   #
   # * *Returns* :
-  #   - List of JSON-formated tickets for updating within Jira.
+  #   - List of JSON-formatted tickets for updating within Jira.
   #
   def prepare_tickets_by_ip(vulnerability_list, site_id)
+    @log.log_message('Preparing tickets for IP mode.')
     tickets = []
     current_ip = -1
     CSV.parse(vulnerability_list.chomp, headers: :first_row) do |row|
@@ -162,7 +213,7 @@ class JiraHelper
             }
         }
       end
-      # TODO: Better formating this.
+      # TODO: Better formatting this.
       if current_ip == row['ip_address']
         @ticket['fields']['description'] +=
         "\n ==============================\n\n
@@ -197,26 +248,48 @@ class JiraHelper
   #
   def close_tickets(tickets)
     if tickets.nil? || tickets.empty?
-      #@log.log_message("No tickets to close.")
-      #TODO: Log error
+      @log.log_message('No tickets to close.')
     else
       headers = { 'Content-Type' => 'application/json',
                   'Accept' => 'application/json' }
 
       tickets.each { |ticket|
-        url = URI.parse(("#{@jira_data[:jira_url]}#{ticket}/transitions"))
-        req = Net::HTTP::Post.new(url.to_s, headers)
+        uri = URI.parse(("#{@jira_data[:jira_url]}#{ticket}/transitions"))
+        req = Net::HTTP::Post.new(uri.to_s, headers)
         req.basic_auth @jira_data[:username], @jira_data[:password]
 
-        #TODO: May need to make this customisable as Jira does not allow for some transitions depending on workflow.
-        req.body = {"transition" => {"id" => "2"}, "fields" => {"resolution" => {"name" => "Fixed"}}}.to_json
+        transition = get_jira_transition_details(ticket, @jira_data[:close_step_id])
+        if transition.nil?
+          #Valid transition could not be found. Ignore ticket since we do not know what to do with it.
+          @log.log_message("No valid transition found for ticket <#{ticket}>. Skipping closure.")
+          next
+        end
+
+        #We need to find any required fields to send with the transition request
+        required_fields = []
+        transition['fields'].each do |field|
+          if field[1]['required'] == true
+            # Currently only required fields with 'allowedValues' in the JSON response are supported.
+            if not field[1].has_key? 'allowedValues'
+              @log.log_message("Closing ticket <#{ticket}> requires a field I know nothing about! Transition details are <#{transition}>. Ignoring this field.")
+              next
+            else
+              if field[1]['schema']['type'] == 'array'
+                required_fields << "\"#{field[0]}\" : [{\"id\" : \"#{field[1]['allowedValues'][0]['id']}\"}]"
+              else
+                required_fields << "\"#{field[0]}\" : {\"id\" : \"#{field[1]['allowedValues'][0]['id']}\"}"
+              end
+            end
+          end
+        end
 
-        resp = Net::HTTP.new(url.host, url.port)
+        req.body = "{\"transition\" : {\"id\" : #{transition['id']}}, \"fields\" : { #{required_fields.join(",")}}}"
+        resp = Net::HTTP.new(uri.host, uri.port)
 
         # Enable this line for debugging the https call.
-        #resp.set_debug_output $stderr
+        #resp.set_debug_output(@log)
 
-        resp.use_ssl = true
+        resp.use_ssl = true if uri.scheme == 'https'
         resp.verify_mode = OpenSSL::SSL::VERIFY_NONE
         resp.start { |http| http.request(req) }
       }
@@ -232,14 +305,15 @@ class JiraHelper
   #   - List of Jira ticket Keys to be closed.
   #
   def prepare_close_tickets(vulnerability_list, site_id)
+    @log.log_message('Preparing tickets to close.')
     @nxid = nil
     tickets = []
     CSV.parse(vulnerability_list.chomp, headers: :first_row)  do |row|
       @nxid = generate_nxid(site_id, nil, row['ip_address'])
       # Query Jira for the ticket by unique id (generated NXID)
-      queried_key = get_jira_key("jql=project=#{@jira_data[:project]} AND description ~ \"NXID: #{@nxid}\" AND (status != Closed AND status != Resolved)&fields=key")
+      queried_key = get_jira_key("jql=project=#{@jira_data[:project]} AND description ~ \"NXID: #{@nxid}\" AND (status != #{@jira_data[:close_step_name]})&fields=key")
       if queried_key.nil? || queried_key.empty?
-        #TODO: Log error
+        @log.log_message("Error when closing tickets - query for NXID <#{@nxid}> should have returned a Jira key!!")
       else
         #Jira uses a post call to the ticket key path to close the ticket. The "prepared batch of tickets" in this case is just a collection Jira ticket key's to close.
         tickets.push(queried_key)
@@ -256,8 +330,7 @@ class JiraHelper
   #
   def update_tickets(tickets)
     if (tickets.nil? || tickets.empty?) then
-      #@log.log_message('No tickets to update.')
-	  #TODO: Log error
+      @log.log_message('No tickets to update.')
     else
       tickets.each do |ticket_details|
         headers = {'Content-Type' => 'application/json',
@@ -279,9 +352,9 @@ class JiraHelper
         resp = Net::HTTP.new(uri.host, uri.port)
 
         # Enable this line for debugging the https call.
-        #resp.set_debug_output $stderr
+        #resp.set_debug_output(@log)
 
-        resp.use_ssl = true if uri.to_s.start_with?('https')
+        resp.use_ssl = true if uri.scheme == 'https'
         resp.verify_mode = OpenSSL::SSL::VERIFY_NONE
         resp.start { |http| http.request(req) }
       end
@@ -299,6 +372,7 @@ class JiraHelper
   #
   def prepare_update_tickets(vulnerability_list, site_id)
     fail 'Ticket updates are only supported in IP-address mode.' if @options[:ticket_mode] != 'I'
+    @log.log_message('Preparing tickets to update.')
     #Jira uses the ticket key to push updates. Since new IPs won't have a Jira key, generate new tickets for all of the IPs found.
     updated_tickets = prepare_tickets_by_ip(vulnerability_list, site_id)
     tickets_to_send = []
@@ -307,11 +381,11 @@ class JiraHelper
     updated_tickets.each do |ticket|
       nxid = JSON.parse(ticket)['fields']['description'].squeeze("\n").lines.to_a.last
       if (nxid.slice! "NXID:").nil?
-        #TODO - log error.
         #Could not get NXID from the last line in the description. Do not push the invalid description.
+        @log.log_message("Failed to parse the NXID from a generated ticket update! Ignoring ticket <#{nxid}>")
         next
       end
-      queried_key = get_jira_key("jql=project=#{@jira_data[:project]} AND description ~ \"NXID: #{nxid.strip}\" AND (status != Closed AND status != Resolved)&fields=key")
+      queried_key = get_jira_key("jql=project=#{@jira_data[:project]} AND description ~ \"NXID: #{nxid.strip}\" AND (status != #{@jira_data[:close_step_name]})&fields=key")
       ticket_key_pair = []
       ticket_key_pair << queried_key
       ticket_key_pair << ticket

data/lib/nexpose_ticketing/nx_logger.rb

@@ -31,5 +31,11 @@ module NexposeTicketing
     def log_message(message)
       @log.info(message) if @options[:logging_enabled]
     end
+
+    # Logs a message if logging is enabled.
+    def << (message)
+      @log.info(message) if @options[:logging_enabled]
+    end
+
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nexpose_ticketing
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.8.1
 platform: ruby
 authors:
 - Damian Finol