@ampsec/platform-client 84.40.0 → 84.42.0

package/src/services/ContentTemplateService.ts

@@ -1,6 +1,6 @@
 import _ from 'lodash';
-import {DYNAMIC_VARIABLES} from './constants';
 import {FindingDto} from '../dto';
+
 const JSON_PATH_PATTERN = /(\$\.(?:(?:[a-zA-Z0-9_]+)(?:\.[a-zA-Z0-9_]+)*)?)/g;
 const DYNAMIC_PROPERTY_PATTERN = /\{\{([^}]+)\}\}/g;
 
@@ -21,6 +21,18 @@ export const fillJsonPathTemplate = (raw: string, meta: unknown) => {
   return result;
 };
 
+/**
+ * Resolves a value from meta at the given path. When the resolved value is an array,
+ * returns the first element (for backwards compatibility with paths like user.emails[0]).
+ */
+const getTemplateValue = (meta: unknown, path: string): unknown => {
+  const value: unknown = _.get(meta, path, undefined);
+  if (Array.isArray(value) && value.length > 0) {
+    return value[0];
+  }
+  return value;
+};
+
 /**
  * @param rawTemplateString Template string with placeholders in the format of {{path.to.value}}
  * @param meta object containing the values to replace the placeholders
@@ -33,10 +45,10 @@ export const fillDynamicPropertyTemplate = (rawTemplateString: string, meta: unk
   if (matches) {
     matches.forEach(placeholder => {
       const path = placeholder.slice(2, -2).trim();
-      const value = _.get(meta, path, undefined);
+      const value = getTemplateValue(meta, path);
       if (_.isString(value) || _.isNumber(value) || _.isBoolean(value)) {
         // primitive value type is replaced as is
-        result = result.replace(placeholder, value);
+        result = result.replace(placeholder, String(value));
       } else if (_.isObject(value) || _.isArray(value)) {
         // object and array values are stringified
         result = result.replace(placeholder, JSON.stringify(value, null, 2));
@@ -49,39 +61,50 @@ export const fillDynamicPropertyTemplate = (rawTemplateString: string, meta: unk
   return result;
 };
 
-const populateDynamicVariablesEntityData = (
-  entityProperties: Record<string, string>,
-  baseObject: Record<string, unknown> | undefined,
-  fallbackObject: Record<string, unknown> | undefined = undefined
-): Record<string, unknown> => {
-  const entityData: Record<string, unknown> = {};
-  for (const key in entityProperties) {
-    const findingKeyPath = entityProperties[key];
-    entityData[key] = _.get(baseObject, findingKeyPath) || (fallbackObject ? _.get(fallbackObject, findingKeyPath) : undefined);
-  }
-
-  return entityData;
-};
-
+/**
+ * Builds the context for dynamic template variables. Exposes the finding and its sub-entities
+ * (user, asset, provider, meta) so that any property can be referenced in templates, e.g.
+ * {{user.firstName}}, {{finding.displayValue}}, {{meta._vulnerability.cve}}.
+ *
+ * - Sub-entities can be used without the "finding." prefix (e.g. {{user.firstName}}).
+ * - Legacy aliases are preserved: user.email (from user.emails[0]), asset.serialNumber
+ *   (from meta._asset.sn), asset.macAddress (from meta._asset.macs[0]).
+ * - Arrays resolved in templates use the first element (see getTemplateValue).
+ */
 export const buildDynamicVariablesContext = (finding: FindingDto): Map<string, unknown> => {
-  const entityMap: Map<string, unknown> = new Map();
+  const entityMap = new Map<string, unknown>();
 
-  for (const entityName in DYNAMIC_VARIABLES.ALLOWED_ENTITIES) {
-    const entityKey = DYNAMIC_VARIABLES.ALLOWED_ENTITIES[entityName as keyof typeof DYNAMIC_VARIABLES.ALLOWED_ENTITIES];
-    const entityProperties = DYNAMIC_VARIABLES.ALLOWED_ENTITY_KEYS[entityKey as keyof typeof DYNAMIC_VARIABLES.ALLOWED_ENTITY_KEYS];
+  // Full finding at "finding" so {{finding.displayValue}}, {{finding.discoveredAt}}, etc. work
+  entityMap.set('finding', finding);
 
-    let entityData: Record<string, unknown> = {};
+  // User: full object + legacy alias "email" from user.emails[0]
+  const userEntity = finding.user
+    ? {
+        ...finding.user,
+        ...(Array.isArray((finding.user as {emails?: string[]}).emails) && {
+          email: (finding.user as {emails: string[]}).emails[0],
+        }),
+      }
+    : {};
+  entityMap.set('user', userEntity);
 
-    if (entityName === 'finding') {
-      entityData = populateDynamicVariablesEntityData(entityProperties, finding);
-    } else if (entityName === 'user') {
-      entityData = populateDynamicVariablesEntityData(entityProperties, finding.user, finding);
-    } else if (entityName === 'asset') {
-      entityData = populateDynamicVariablesEntityData(entityProperties, finding.asset, finding);
-    }
+  // Asset: full object + legacy keys from meta (serialNumber, macAddress)
+  const assetEntity = finding.asset
+    ? {
+        ...finding.asset,
+        ...(_.get(finding, 'meta._asset.sn') !== undefined && {
+          serialNumber: _.get(finding, 'meta._asset.sn'),
+        }),
+        ...(_.get(finding, 'meta._asset.macs[0]') !== undefined && {
+          macAddress: _.get(finding, 'meta._asset.macs[0]'),
+        }),
+      }
+    : {};
+  entityMap.set('asset', assetEntity);
 
-    entityMap.set(entityName, entityData);
-  }
+  // Provider and meta: pass through when present
+  entityMap.set('provider', finding.provider ?? {});
+  entityMap.set('meta', finding.meta ?? {});
 
   return entityMap;
 };

package/src/services/constants.ts

@@ -39,6 +39,7 @@ export const KIND = {
   PROVIDERS: 'providers',
   REPORT_RESULTS: 'report_results',
   RISK_CONTRIBUTORS: 'risk_contributors',
+  RULES: 'rules',
   SAAS_ASSETS: 'saas_assets',
   SAAS_COMPONENTS: 'saas_components',
   SAAS_USERS: 'saas_users',

package/src/services/index.ts

@@ -19,3 +19,4 @@ export * from './contentful.service';
 export * from './prediction.service';
 export * from './customActionsService';
 export * from './userExtension.service';
+export * from './rules.service';

package/src/services/rules.service.ts

@@ -0,0 +1,59 @@
+import {CreateRuleDtoSchema, RuleUpsertDtoSchema} from '../dto/rules.dto';
+import {TargetApi} from './constants';
+import {RestClient, RestResponse} from './rest';
+
+export class RulesService {
+  protected readonly rest: RestClient;
+  protected readonly targetApi: string;
+  protected readonly kind: string;
+
+  constructor(rest: RestClient, kind: string, targetApi: TargetApi) {
+    this.rest = rest;
+    this.kind = kind;
+    this.targetApi = targetApi;
+  }
+
+  createRuleSet = async (rulesDto: CreateRuleDtoSchema): Promise<RestResponse> => {
+    return await this.rest.call({
+      url: `/${this.targetApi}/v1/${this.kind}`,
+      method: 'POST',
+      data: rulesDto,
+    });
+  };
+
+  updateRuleSet = async (id: string, rulesDto: RuleUpsertDtoSchema): Promise<RestResponse> => {
+    return await this.rest.call({
+      url: `/${this.targetApi}/v1/${this.kind}/${id}`,
+      method: 'PUT',
+      data: rulesDto,
+    });
+  };
+
+  getRulesByTenant = async (tid: string, cid?: string): Promise<RestResponse> => {
+    const params: Record<string, any> = {tid, limit: 200};
+    if (cid) {
+      params.cid = cid;
+    }
+
+    return await this.rest.call({
+      url: `/${this.targetApi}/v1/${this.kind}`,
+      method: 'GET',
+      params,
+    });
+  };
+
+  getRuleSet = async (cid: string, forceRefresh = false): Promise<RestResponse> => {
+    return await this.rest.call({
+      url: `/${this.targetApi}/v1/${this.kind}/ruleset`,
+      method: 'GET',
+      params: {cid, forceRefresh},
+    });
+  };
+
+  deleteRuleSet = async (id: string): Promise<RestResponse> => {
+    return await this.rest.call({
+      url: `/${this.targetApi}/v1/${this.kind}/${id}`,
+      method: 'DELETE',
+    });
+  };
+}

package/src/settings.ts

@@ -125,6 +125,8 @@ const TENANT_SETTINGS = {
 
   BROWSER_COACHING_AI_SERVICES_CONFIG: AmpSettingsMap.asKey<BrowserCoachingAiServicesConfig>('browsercoaching.ai.services.config', {services: []}),
 
+  BROWSER_AI_SERVICE_SIGNALS_ENABLED: AmpSettingsMap.asKey<boolean>('browser.ai.service.signals.enabled', false),
+
   /** Compliance Training Feature Flag */
   COMPLIANCE_TRAINING_ENABLED: AmpSettingsMap.asKey<boolean>('compliance.training.enabled', false),