airbyte-faros-destination 0.9.36 → 0.9.38
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/common/types.d.ts +1 -1
- package/lib/converters/vanta/types.d.ts +98 -0
- package/lib/converters/vanta/types.js +5 -0
- package/lib/converters/vanta/types.js.map +1 -0
- package/lib/converters/vanta/vulnerabilities.d.ts +43 -0
- package/lib/converters/vanta/vulnerabilities.js +404 -0
- package/lib/converters/vanta/vulnerabilities.js.map +1 -0
- package/lib/destination.js +3 -1
- package/lib/destination.js.map +1 -1
- package/lib/record-redactor.d.ts +5 -5
- package/lib/record-redactor.js +8 -11
- package/lib/record-redactor.js.map +1 -1
- package/lib/tsconfig.tsbuildinfo +1 -1
- package/package.json +3 -3
- package/resources/cicdArtifactQueryByCommitSha.gql +12 -0
- package/resources/cicdArtifactQueryByRepoName.gql +16 -0
- package/resources/spec.json +4 -1
- package/resources/vcsRepositoryQuery.gql +9 -0
package/lib/common/types.d.ts
CHANGED
|
@@ -22,7 +22,7 @@ export interface DestinationConfig extends AirbyteConfig {
|
|
|
22
22
|
readonly exclude_fields_map?: string;
|
|
23
23
|
readonly redact_fields_map?: string;
|
|
24
24
|
readonly redact_custom_replace?: string;
|
|
25
|
-
readonly redact_custom_regex?: string
|
|
25
|
+
readonly redact_custom_regex?: ReadonlyArray<string>;
|
|
26
26
|
readonly source_specific_configs?: Dictionary<any>;
|
|
27
27
|
readonly keep_alive?: boolean;
|
|
28
28
|
readonly skip_source_success_check?: boolean;
|
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
type OptString = string | null | undefined;
|
|
2
|
+
export interface BaseVulnerabilityType {
|
|
3
|
+
uid: OptString;
|
|
4
|
+
displayName: OptString;
|
|
5
|
+
createdAt: OptString;
|
|
6
|
+
externalURL: OptString;
|
|
7
|
+
severity: OptString;
|
|
8
|
+
}
|
|
9
|
+
export type ExtendedVulnerabilityType = BaseVulnerabilityType & {
|
|
10
|
+
description?: OptString;
|
|
11
|
+
externalIds?: OptString[];
|
|
12
|
+
[key: string]: any;
|
|
13
|
+
};
|
|
14
|
+
export interface GithubSecurityAdvisory {
|
|
15
|
+
cveId: OptString;
|
|
16
|
+
description: OptString;
|
|
17
|
+
ghsaId: OptString;
|
|
18
|
+
}
|
|
19
|
+
export interface GithubVulnerabilityData {
|
|
20
|
+
createdAt: OptString;
|
|
21
|
+
displayName: OptString;
|
|
22
|
+
externalURL: OptString;
|
|
23
|
+
repositoryName: OptString;
|
|
24
|
+
severity: OptString;
|
|
25
|
+
slaDeadline: OptString;
|
|
26
|
+
uid: OptString;
|
|
27
|
+
vantaDescription: OptString;
|
|
28
|
+
securityAdvisory: GithubSecurityAdvisory;
|
|
29
|
+
}
|
|
30
|
+
export interface AWSFindings {
|
|
31
|
+
description: OptString;
|
|
32
|
+
providerSeverity: OptString;
|
|
33
|
+
name: OptString;
|
|
34
|
+
}
|
|
35
|
+
export interface AWSVulnerabilityData {
|
|
36
|
+
createdAt: OptString;
|
|
37
|
+
packageName: OptString;
|
|
38
|
+
packageVersion: OptString;
|
|
39
|
+
externalURL: OptString;
|
|
40
|
+
scanType: OptString;
|
|
41
|
+
severity: OptString;
|
|
42
|
+
slaDeadline: OptString;
|
|
43
|
+
uid: OptString;
|
|
44
|
+
repositoryName: OptString;
|
|
45
|
+
repositoryArn: OptString;
|
|
46
|
+
displayName: OptString;
|
|
47
|
+
findings: AWSFindings[];
|
|
48
|
+
}
|
|
49
|
+
export interface AWSV2Ignored {
|
|
50
|
+
ignoreReason: OptString;
|
|
51
|
+
ignoredUntil: OptString;
|
|
52
|
+
ignoredAt: OptString;
|
|
53
|
+
}
|
|
54
|
+
export interface AWSV2Asset {
|
|
55
|
+
displayName: OptString;
|
|
56
|
+
}
|
|
57
|
+
export interface AWSV2VulnerabilityData {
|
|
58
|
+
createdAt: OptString;
|
|
59
|
+
externalURL: OptString;
|
|
60
|
+
packageName: OptString;
|
|
61
|
+
packageIdentifier: OptString;
|
|
62
|
+
scanType: OptString;
|
|
63
|
+
scannerScore: OptString;
|
|
64
|
+
severity: OptString;
|
|
65
|
+
uid: OptString;
|
|
66
|
+
description: OptString;
|
|
67
|
+
displayName: OptString;
|
|
68
|
+
name: OptString;
|
|
69
|
+
isFixable: OptString;
|
|
70
|
+
remediation: OptString;
|
|
71
|
+
remediateBy: OptString;
|
|
72
|
+
asset: AWSV2Asset;
|
|
73
|
+
ignored: AWSV2Ignored;
|
|
74
|
+
imageTags: string[];
|
|
75
|
+
imageDigest: OptString;
|
|
76
|
+
}
|
|
77
|
+
export declare const vulnTypeOptions: string[];
|
|
78
|
+
export interface VcsOrgKey {
|
|
79
|
+
uid: string;
|
|
80
|
+
source: string;
|
|
81
|
+
}
|
|
82
|
+
export interface VcsRepoKey {
|
|
83
|
+
organization: VcsOrgKey;
|
|
84
|
+
name: string;
|
|
85
|
+
}
|
|
86
|
+
export interface CicdOrgKey {
|
|
87
|
+
uid: string;
|
|
88
|
+
source: string;
|
|
89
|
+
}
|
|
90
|
+
export interface CicdRepoKey {
|
|
91
|
+
organization: CicdOrgKey;
|
|
92
|
+
uid: string;
|
|
93
|
+
}
|
|
94
|
+
export interface CicdArtifactKey {
|
|
95
|
+
uid: string;
|
|
96
|
+
repository: CicdRepoKey;
|
|
97
|
+
}
|
|
98
|
+
export {};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/converters/vanta/types.ts"],"names":[],"mappings":";;;AAsFa,QAAA,eAAe,GAAa,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC"}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
import { AirbyteRecord } from 'faros-airbyte-cdk';
|
|
2
|
+
import { Converter, DestinationModel, DestinationRecord, StreamContext } from '../converter';
|
|
3
|
+
import { AWSV2VulnerabilityData, AWSVulnerabilityData, CicdArtifactKey, ExtendedVulnerabilityType, GithubVulnerabilityData, VcsRepoKey } from './types';
|
|
4
|
+
export declare function looksLikeGithubCommitSha(sha: string): boolean;
|
|
5
|
+
export declare abstract class Vulnerabilities extends Converter {
|
|
6
|
+
source: string;
|
|
7
|
+
readonly destinationModels: ReadonlyArray<DestinationModel>;
|
|
8
|
+
git_vulns: GithubVulnerabilityData[];
|
|
9
|
+
aws_vulns: AWSVulnerabilityData[];
|
|
10
|
+
awsv2_vulns: AWSV2VulnerabilityData[];
|
|
11
|
+
vulnsMissingIds: ExtendedVulnerabilityType[];
|
|
12
|
+
severityMap: {
|
|
13
|
+
[key: string]: number;
|
|
14
|
+
};
|
|
15
|
+
repositoryNamesToUids: Record<string, string[]>;
|
|
16
|
+
awsV2ContainerNamesToUids: Record<string, string[]>;
|
|
17
|
+
gitUidsToVulns: Record<string, GithubVulnerabilityData>;
|
|
18
|
+
awsUidsToVulns: Record<string, AWSVulnerabilityData>;
|
|
19
|
+
duplicateAwsUids: Set<string>;
|
|
20
|
+
vcsRepositoryQuery: string;
|
|
21
|
+
cicdArtifactQueryByCommitSha: string;
|
|
22
|
+
cicdArtifactQueryByRepoName: string;
|
|
23
|
+
/** All Vanta records should have id property */
|
|
24
|
+
id(record: AirbyteRecord): any;
|
|
25
|
+
addUIDToMapping(name: string, uid: string, mapping: Record<string, string[]>): void;
|
|
26
|
+
getVulnRecordsFromGit(data: GithubVulnerabilityData[]): DestinationRecord[];
|
|
27
|
+
getVulnRecordsFromAws(data: AWSVulnerabilityData[]): DestinationRecord[];
|
|
28
|
+
getVCSRepositoryFromName(vcsRepoName: string, ctx: StreamContext): Promise<VcsRepoKey | null>;
|
|
29
|
+
getCICDArtifactFromCommitSha(commitSha: string, ctx: StreamContext): Promise<CicdArtifactKey | null>;
|
|
30
|
+
getAWSCicdArtifactFromName(repoName: string, ctx: StreamContext): Promise<CicdArtifactKey | null>;
|
|
31
|
+
getVCSMappingsFromGit(gitRepoNamesToUIDs: Record<string, string[]>, ctx: StreamContext): Promise<DestinationRecord[]>;
|
|
32
|
+
getAWSV2VulnStatusDetail(vuln: AWSV2VulnerabilityData): string;
|
|
33
|
+
getAWSV2VulnStatusCategory(vuln: AWSV2VulnerabilityData): string;
|
|
34
|
+
getCICDMappingsFromAWS(ctx: StreamContext): Promise<DestinationRecord[]>;
|
|
35
|
+
getCICDMappingsFromAWSV2(aws_vulns: AWSV2VulnerabilityData[], ctx: StreamContext): Promise<DestinationRecord[]>;
|
|
36
|
+
getUidFromAWSV2Vuln(vuln: AWSV2VulnerabilityData): string;
|
|
37
|
+
getVulnRecordsFromAwsV2(data: AWSV2VulnerabilityData[]): DestinationRecord[];
|
|
38
|
+
combineAwsVulns(aws_v1_vulns: DestinationRecord[], aws_v2_vulns: DestinationRecord[], ctx: StreamContext): DestinationRecord[];
|
|
39
|
+
getSecVulnerabilityRecordFromData(data: ExtendedVulnerabilityType): DestinationRecord;
|
|
40
|
+
convert(record: AirbyteRecord): Promise<ReadonlyArray<DestinationRecord>>;
|
|
41
|
+
printReport(ctx: StreamContext): void;
|
|
42
|
+
onProcessingComplete(ctx: StreamContext): Promise<ReadonlyArray<DestinationRecord>>;
|
|
43
|
+
}
|
|
@@ -0,0 +1,404 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.Vulnerabilities = exports.looksLikeGithubCommitSha = void 0;
|
|
7
|
+
const fs_1 = __importDefault(require("fs"));
|
|
8
|
+
const converter_1 = require("../converter");
|
|
9
|
+
function looksLikeGithubCommitSha(sha) {
|
|
10
|
+
return /^[a-f0-9]{40}$/i.test(sha);
|
|
11
|
+
}
|
|
12
|
+
exports.looksLikeGithubCommitSha = looksLikeGithubCommitSha;
|
|
13
|
+
class Vulnerabilities extends converter_1.Converter {
|
|
14
|
+
constructor() {
|
|
15
|
+
super(...arguments);
|
|
16
|
+
this.source = 'vanta';
|
|
17
|
+
this.destinationModels = [
|
|
18
|
+
'sec_Vulnerability',
|
|
19
|
+
'vcs_RepositoryVulnerability',
|
|
20
|
+
'cicd_ArtifactVulnerability',
|
|
21
|
+
];
|
|
22
|
+
this.git_vulns = [];
|
|
23
|
+
this.aws_vulns = [];
|
|
24
|
+
this.awsv2_vulns = [];
|
|
25
|
+
this.vulnsMissingIds = [];
|
|
26
|
+
this.severityMap = {
|
|
27
|
+
LOW: 3.0,
|
|
28
|
+
MEDIUM: 6.0,
|
|
29
|
+
HIGH: 9.0,
|
|
30
|
+
CRITICAL: 10.0,
|
|
31
|
+
};
|
|
32
|
+
this.repositoryNamesToUids = {};
|
|
33
|
+
this.awsV2ContainerNamesToUids = {};
|
|
34
|
+
this.gitUidsToVulns = {};
|
|
35
|
+
this.awsUidsToVulns = {};
|
|
36
|
+
this.duplicateAwsUids = new Set();
|
|
37
|
+
// We read from file synchronously to get query from file
|
|
38
|
+
this.vcsRepositoryQuery = fs_1.default.readFileSync('resources/vcsRepositoryQuery.gql', 'utf8');
|
|
39
|
+
this.cicdArtifactQueryByCommitSha = fs_1.default.readFileSync('resources/cicdArtifactQueryByCommitSha.gql', 'utf8');
|
|
40
|
+
this.cicdArtifactQueryByRepoName = fs_1.default.readFileSync('resources/cicdArtifactQueryByRepoName.gql', 'utf8');
|
|
41
|
+
}
|
|
42
|
+
/** All Vanta records should have id property */
|
|
43
|
+
id(record) {
|
|
44
|
+
var _a, _b, _c;
|
|
45
|
+
return (_c = (_b = (_a = record === null || record === void 0 ? void 0 : record.record) === null || _a === void 0 ? void 0 : _a.data) === null || _b === void 0 ? void 0 : _b.vuln_data) === null || _c === void 0 ? void 0 : _c.id;
|
|
46
|
+
}
|
|
47
|
+
addUIDToMapping(name, uid, mapping) {
|
|
48
|
+
if (name in mapping) {
|
|
49
|
+
mapping[name].push(uid);
|
|
50
|
+
}
|
|
51
|
+
else {
|
|
52
|
+
mapping[name] = [uid];
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
getVulnRecordsFromGit(data) {
|
|
56
|
+
const vuln_data = [];
|
|
57
|
+
for (const vuln of data) {
|
|
58
|
+
if (!vuln.uid) {
|
|
59
|
+
this.vulnsMissingIds.push(vuln);
|
|
60
|
+
continue;
|
|
61
|
+
}
|
|
62
|
+
vuln['description'] = vuln.vantaDescription;
|
|
63
|
+
this.addUIDToMapping(vuln.repositoryName, vuln.uid, this.repositoryNamesToUids);
|
|
64
|
+
vuln_data.push(this.getSecVulnerabilityRecordFromData(vuln));
|
|
65
|
+
this.gitUidsToVulns[vuln.uid] = vuln;
|
|
66
|
+
}
|
|
67
|
+
return vuln_data;
|
|
68
|
+
}
|
|
69
|
+
getVulnRecordsFromAws(data) {
|
|
70
|
+
const vuln_data = [];
|
|
71
|
+
for (const vuln of data) {
|
|
72
|
+
if (!vuln.uid) {
|
|
73
|
+
this.vulnsMissingIds.push(vuln);
|
|
74
|
+
continue;
|
|
75
|
+
}
|
|
76
|
+
for (const finding of vuln.findings) {
|
|
77
|
+
// We copy vuln data and add the finding data to it
|
|
78
|
+
const new_vuln = { ...vuln };
|
|
79
|
+
const cve_str = finding['name'];
|
|
80
|
+
const uid_addition = '|' + cve_str.split(' ')[0];
|
|
81
|
+
new_vuln.uid += uid_addition;
|
|
82
|
+
new_vuln['description'] = finding['description'];
|
|
83
|
+
vuln_data.push(this.getSecVulnerabilityRecordFromData(new_vuln));
|
|
84
|
+
this.awsUidsToVulns[new_vuln.uid] = new_vuln;
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
return vuln_data;
|
|
88
|
+
}
|
|
89
|
+
async getVCSRepositoryFromName(vcsRepoName, ctx) {
|
|
90
|
+
if (ctx.farosClient) {
|
|
91
|
+
const resp = await ctx.farosClient.gql(ctx.graph, this.vcsRepositoryQuery, { repoName: vcsRepoName });
|
|
92
|
+
if (!resp) {
|
|
93
|
+
ctx.logger.warn(`Did not get any results for vcsRepository query with name "${vcsRepoName}"`);
|
|
94
|
+
return null;
|
|
95
|
+
}
|
|
96
|
+
const results = resp === null || resp === void 0 ? void 0 : resp.vcs_Repository;
|
|
97
|
+
let result = null;
|
|
98
|
+
if (results.length > 0) {
|
|
99
|
+
result = results[0];
|
|
100
|
+
}
|
|
101
|
+
else {
|
|
102
|
+
ctx.logger.warn(`Did not get any results for vcsRepository query with name "${vcsRepoName}"`);
|
|
103
|
+
}
|
|
104
|
+
return result;
|
|
105
|
+
}
|
|
106
|
+
return null;
|
|
107
|
+
}
|
|
108
|
+
async getCICDArtifactFromCommitSha(commitSha, ctx) {
|
|
109
|
+
if (ctx.farosClient) {
|
|
110
|
+
const resp = await ctx.farosClient.gql(ctx.graph, this.cicdArtifactQueryByCommitSha, { commitSha });
|
|
111
|
+
if (!resp) {
|
|
112
|
+
ctx.logger.warn(`Did not get any results for cicdArtifact query with commit sha "${commitSha}"`);
|
|
113
|
+
return null;
|
|
114
|
+
}
|
|
115
|
+
const results = resp === null || resp === void 0 ? void 0 : resp.cicd_Artifact;
|
|
116
|
+
let result = null;
|
|
117
|
+
if (results.length > 0) {
|
|
118
|
+
result = results[0];
|
|
119
|
+
}
|
|
120
|
+
else {
|
|
121
|
+
ctx.logger.warn(`Did not get any results for cicdArtifact query with commit sha "${commitSha}"`);
|
|
122
|
+
}
|
|
123
|
+
return result;
|
|
124
|
+
}
|
|
125
|
+
return null;
|
|
126
|
+
}
|
|
127
|
+
async getAWSCicdArtifactFromName(repoName, ctx) {
|
|
128
|
+
// Because we don't have the actual commit sha, we can't query the cicd_Artifact table
|
|
129
|
+
// using the uid. Instead, we'll need to query the cicd_Artifact table using the repository name
|
|
130
|
+
// and choosing the most recent artifact.
|
|
131
|
+
if (ctx.farosClient) {
|
|
132
|
+
const resp = await ctx.farosClient.gql(ctx.graph, this.cicdArtifactQueryByRepoName, { repoName });
|
|
133
|
+
if (!resp) {
|
|
134
|
+
ctx.logger.warn(`Did not get any results for cicdArtifact query with repository name "${repoName}"`);
|
|
135
|
+
return null;
|
|
136
|
+
}
|
|
137
|
+
const results = resp === null || resp === void 0 ? void 0 : resp.cicd_Artifact;
|
|
138
|
+
let result = null;
|
|
139
|
+
if (results.length > 0) {
|
|
140
|
+
result = results[0];
|
|
141
|
+
}
|
|
142
|
+
else {
|
|
143
|
+
ctx.logger.warn(`Did not get any results for cicdArtifact query with repository name "${repoName}"`);
|
|
144
|
+
}
|
|
145
|
+
return result;
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
async getVCSMappingsFromGit(gitRepoNamesToUIDs, ctx) {
|
|
149
|
+
const vuln_data = [];
|
|
150
|
+
for (const [repoName, uids] of Object.entries(gitRepoNamesToUIDs)) {
|
|
151
|
+
const repoKey = await this.getVCSRepositoryFromName(repoName, ctx);
|
|
152
|
+
if (repoKey) {
|
|
153
|
+
for (const uid of uids) {
|
|
154
|
+
const vulnKey = {
|
|
155
|
+
uid: uid,
|
|
156
|
+
source: this.source,
|
|
157
|
+
};
|
|
158
|
+
const vuln = this.gitUidsToVulns[uid];
|
|
159
|
+
vuln_data.push({
|
|
160
|
+
model: 'vcs_RepositoryVulnerability',
|
|
161
|
+
record: {
|
|
162
|
+
repository: repoKey,
|
|
163
|
+
vulnerability: vulnKey,
|
|
164
|
+
url: vuln.externalURL,
|
|
165
|
+
dueAt: vuln.slaDeadline,
|
|
166
|
+
},
|
|
167
|
+
});
|
|
168
|
+
}
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
return vuln_data;
|
|
172
|
+
}
|
|
173
|
+
getAWSV2VulnStatusDetail(vuln) {
|
|
174
|
+
var _a;
|
|
175
|
+
if ((_a = vuln.ignored) === null || _a === void 0 ? void 0 : _a.ignoreReason) {
|
|
176
|
+
return vuln.ignored.ignoreReason;
|
|
177
|
+
}
|
|
178
|
+
else {
|
|
179
|
+
return '';
|
|
180
|
+
}
|
|
181
|
+
}
|
|
182
|
+
getAWSV2VulnStatusCategory(vuln) {
|
|
183
|
+
var _a, _b;
|
|
184
|
+
if ((_a = vuln.ignored) === null || _a === void 0 ? void 0 : _a.ignoreReason) {
|
|
185
|
+
return 'Ignored';
|
|
186
|
+
}
|
|
187
|
+
else if ((_b = vuln.ignored) === null || _b === void 0 ? void 0 : _b.ignoredUntil) {
|
|
188
|
+
return 'Ignored';
|
|
189
|
+
}
|
|
190
|
+
else {
|
|
191
|
+
return 'Open';
|
|
192
|
+
}
|
|
193
|
+
}
|
|
194
|
+
async getCICDMappingsFromAWS(ctx) {
|
|
195
|
+
// We iterate through the key-value pairs of awsUidsToVulns
|
|
196
|
+
// We get the repository name from the vuln, and we take the most
|
|
197
|
+
// recent cicd_Artifact, rather than getting the cicd_Artifact by commit sha
|
|
198
|
+
const res = [];
|
|
199
|
+
for (const [uid, vuln] of Object.entries(this.awsUidsToVulns)) {
|
|
200
|
+
let repoName = vuln.repositoryName;
|
|
201
|
+
if (!repoName) {
|
|
202
|
+
ctx.logger.warn(`Could not find repository name for vulnerability with uid "${uid}"`);
|
|
203
|
+
continue;
|
|
204
|
+
}
|
|
205
|
+
// If repoName has '/' in it, we split by backslash and take the last piece:
|
|
206
|
+
if (repoName.includes('/')) {
|
|
207
|
+
const split = repoName.split('/');
|
|
208
|
+
repoName = split[split.length - 1];
|
|
209
|
+
}
|
|
210
|
+
const repoKey = await this.getAWSCicdArtifactFromName(repoName, ctx);
|
|
211
|
+
if (!repoKey) {
|
|
212
|
+
ctx.logger.warn(`Could not find cicd_Artifact for vulnerability with uid "${uid}"`);
|
|
213
|
+
continue;
|
|
214
|
+
}
|
|
215
|
+
res.push({
|
|
216
|
+
model: 'cicd_ArtifactVulnerability',
|
|
217
|
+
record: {
|
|
218
|
+
artifact: repoKey,
|
|
219
|
+
vulnerability: {
|
|
220
|
+
uid: uid,
|
|
221
|
+
source: this.source,
|
|
222
|
+
},
|
|
223
|
+
url: vuln.externalURL,
|
|
224
|
+
dueAt: vuln.slaDeadline,
|
|
225
|
+
createdAt: vuln.createdAt,
|
|
226
|
+
acknowledgedAt: vuln.createdAt,
|
|
227
|
+
},
|
|
228
|
+
});
|
|
229
|
+
}
|
|
230
|
+
return res;
|
|
231
|
+
}
|
|
232
|
+
async getCICDMappingsFromAWSV2(aws_vulns, ctx) {
|
|
233
|
+
const res = [];
|
|
234
|
+
const seenUids = new Set();
|
|
235
|
+
for (const vuln of aws_vulns) {
|
|
236
|
+
// First we check for dup uids
|
|
237
|
+
const uid = this.getUidFromAWSV2Vuln(vuln);
|
|
238
|
+
if (seenUids.has(uid)) {
|
|
239
|
+
ctx.logger.debug('Found duplicate vuln id: ' + uid);
|
|
240
|
+
this.duplicateAwsUids.add(uid);
|
|
241
|
+
continue;
|
|
242
|
+
}
|
|
243
|
+
seenUids.add(uid);
|
|
244
|
+
// We need to do the following for each vuln:
|
|
245
|
+
// Get the image tags. For each image tag, check if it is a github commit sha
|
|
246
|
+
// If you get the github commit sha, query the cicd_Artifact table by commit sha
|
|
247
|
+
// If you get a cicd_Artifact, add the mapping to the cicd_ArtifactVulnerability table
|
|
248
|
+
const imageTags = vuln.imageTags;
|
|
249
|
+
if (!imageTags || imageTags.length === 0) {
|
|
250
|
+
continue;
|
|
251
|
+
}
|
|
252
|
+
let commitSha = null;
|
|
253
|
+
for (const tag of imageTags) {
|
|
254
|
+
if (looksLikeGithubCommitSha(tag)) {
|
|
255
|
+
commitSha = tag;
|
|
256
|
+
break;
|
|
257
|
+
}
|
|
258
|
+
}
|
|
259
|
+
if (!commitSha) {
|
|
260
|
+
ctx.logger.info(`Skipped getting commit Sha from below imageTags due to not finding git commit sha:`);
|
|
261
|
+
ctx.logger.debug(JSON.stringify(imageTags));
|
|
262
|
+
continue;
|
|
263
|
+
}
|
|
264
|
+
const CicdArtifactKey = await this.getCICDArtifactFromCommitSha(commitSha, ctx);
|
|
265
|
+
if (CicdArtifactKey) {
|
|
266
|
+
res.push({
|
|
267
|
+
model: 'cicd_ArtifactVulnerability',
|
|
268
|
+
record: {
|
|
269
|
+
artifact: CicdArtifactKey,
|
|
270
|
+
vulnerability: {
|
|
271
|
+
uid: this.getUidFromAWSV2Vuln(vuln),
|
|
272
|
+
source: this.source,
|
|
273
|
+
},
|
|
274
|
+
url: vuln.externalURL,
|
|
275
|
+
dueAt: vuln.remediateBy,
|
|
276
|
+
createdAt: vuln.createdAt,
|
|
277
|
+
acknowledgedAt: vuln.createdAt,
|
|
278
|
+
status: {
|
|
279
|
+
category: this.getAWSV2VulnStatusCategory(vuln),
|
|
280
|
+
detail: this.getAWSV2VulnStatusDetail(vuln),
|
|
281
|
+
},
|
|
282
|
+
},
|
|
283
|
+
});
|
|
284
|
+
}
|
|
285
|
+
}
|
|
286
|
+
return res;
|
|
287
|
+
}
|
|
288
|
+
getUidFromAWSV2Vuln(vuln) {
|
|
289
|
+
return vuln.uid;
|
|
290
|
+
}
|
|
291
|
+
getVulnRecordsFromAwsV2(data) {
|
|
292
|
+
const vuln_data = [];
|
|
293
|
+
for (const vuln of data) {
|
|
294
|
+
if (!vuln.uid) {
|
|
295
|
+
this.vulnsMissingIds.push(vuln);
|
|
296
|
+
continue;
|
|
297
|
+
}
|
|
298
|
+
const sev = this.severityMap[vuln.severity];
|
|
299
|
+
let sevString;
|
|
300
|
+
if (!sev) {
|
|
301
|
+
sevString = 'UNKNOWN';
|
|
302
|
+
}
|
|
303
|
+
else {
|
|
304
|
+
sevString = sev.toString();
|
|
305
|
+
}
|
|
306
|
+
const uid = this.getUidFromAWSV2Vuln(vuln);
|
|
307
|
+
const vuln_copy = {
|
|
308
|
+
uid,
|
|
309
|
+
createdAt: vuln.createdAt,
|
|
310
|
+
externalURL: vuln.externalURL,
|
|
311
|
+
severity: sevString,
|
|
312
|
+
description: vuln.description,
|
|
313
|
+
displayName: vuln.asset.displayName,
|
|
314
|
+
};
|
|
315
|
+
vuln_data.push(this.getSecVulnerabilityRecordFromData(vuln_copy));
|
|
316
|
+
}
|
|
317
|
+
return vuln_data;
|
|
318
|
+
}
|
|
319
|
+
combineAwsVulns(aws_v1_vulns, aws_v2_vulns, ctx) {
|
|
320
|
+
const seenUids = new Set();
|
|
321
|
+
const combined = [];
|
|
322
|
+
for (const vuln_list of [aws_v2_vulns, aws_v1_vulns]) {
|
|
323
|
+
for (const vuln of vuln_list) {
|
|
324
|
+
if (!seenUids.has(vuln.record.uid)) {
|
|
325
|
+
combined.push(vuln);
|
|
326
|
+
seenUids.add(vuln.record.uid);
|
|
327
|
+
}
|
|
328
|
+
else {
|
|
329
|
+
ctx.logger.info('Found duplicate vuln id: ' + vuln.record.uid);
|
|
330
|
+
this.duplicateAwsUids.add(vuln.record.uid);
|
|
331
|
+
}
|
|
332
|
+
}
|
|
333
|
+
}
|
|
334
|
+
return combined;
|
|
335
|
+
}
|
|
336
|
+
getSecVulnerabilityRecordFromData(data) {
|
|
337
|
+
return {
|
|
338
|
+
model: 'sec_Vulnerability',
|
|
339
|
+
record: {
|
|
340
|
+
uid: data.uid,
|
|
341
|
+
source: this.source,
|
|
342
|
+
title: data.displayName,
|
|
343
|
+
description: data.description,
|
|
344
|
+
severity: data.severity,
|
|
345
|
+
url: data.externalURL,
|
|
346
|
+
discoveredAt: data.createdAt,
|
|
347
|
+
vulnerabilityIds: data.externalIds,
|
|
348
|
+
},
|
|
349
|
+
};
|
|
350
|
+
}
|
|
351
|
+
async convert(record) {
|
|
352
|
+
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m;
|
|
353
|
+
if (((_b = (_a = record === null || record === void 0 ? void 0 : record.record) === null || _a === void 0 ? void 0 : _a.data) === null || _b === void 0 ? void 0 : _b.vuln_type) === 'git') {
|
|
354
|
+
this.git_vulns.push((_d = (_c = record === null || record === void 0 ? void 0 : record.record) === null || _c === void 0 ? void 0 : _c.data) === null || _d === void 0 ? void 0 : _d.vuln_data);
|
|
355
|
+
}
|
|
356
|
+
else if (((_f = (_e = record === null || record === void 0 ? void 0 : record.record) === null || _e === void 0 ? void 0 : _e.data) === null || _f === void 0 ? void 0 : _f.vuln_type) === 'aws') {
|
|
357
|
+
this.aws_vulns.push((_h = (_g = record === null || record === void 0 ? void 0 : record.record) === null || _g === void 0 ? void 0 : _g.data) === null || _h === void 0 ? void 0 : _h.vuln_data);
|
|
358
|
+
}
|
|
359
|
+
else if (((_k = (_j = record === null || record === void 0 ? void 0 : record.record) === null || _j === void 0 ? void 0 : _j.data) === null || _k === void 0 ? void 0 : _k.vuln_type) === 'awsv2') {
|
|
360
|
+
this.awsv2_vulns.push((_m = (_l = record === null || record === void 0 ? void 0 : record.record) === null || _l === void 0 ? void 0 : _l.data) === null || _m === void 0 ? void 0 : _m.vuln_data);
|
|
361
|
+
}
|
|
362
|
+
return [];
|
|
363
|
+
}
|
|
364
|
+
printReport(ctx) {
|
|
365
|
+
const report_obj = {
|
|
366
|
+
nVulnsMissingIds: this.vulnsMissingIds.length,
|
|
367
|
+
nDuplicateAwsUids: this.duplicateAwsUids.size,
|
|
368
|
+
};
|
|
369
|
+
ctx.logger.info('Vulnerabilities converter report: \n' +
|
|
370
|
+
JSON.stringify(report_obj, null, 2));
|
|
371
|
+
if (this.vulnsMissingIds.length > 0) {
|
|
372
|
+
ctx.logger.debug('Vulnerabilities missing ids: \n' +
|
|
373
|
+
JSON.stringify(this.vulnsMissingIds, null, 2));
|
|
374
|
+
}
|
|
375
|
+
if (this.duplicateAwsUids.size > 0) {
|
|
376
|
+
ctx.logger.debug('Duplicate AWS vuln uids: \n' +
|
|
377
|
+
JSON.stringify(this.duplicateAwsUids, null, 2));
|
|
378
|
+
}
|
|
379
|
+
}
|
|
380
|
+
async onProcessingComplete(ctx) {
|
|
381
|
+
// We'll need to grab vcs and cicd data from the graph to match the vulns
|
|
382
|
+
// to the correct parts
|
|
383
|
+
ctx.logger.debug('Running onProcessing complete');
|
|
384
|
+
const res = [];
|
|
385
|
+
// Getting sec_Vulnerability records
|
|
386
|
+
res.push(...this.getVulnRecordsFromGit(this.git_vulns));
|
|
387
|
+
const aws_v1_vulns = this.getVulnRecordsFromAws(this.aws_vulns);
|
|
388
|
+
const aws_v2_vulns = this.getVulnRecordsFromAwsV2(this.awsv2_vulns);
|
|
389
|
+
const combined_aws_vulns = this.combineAwsVulns(aws_v1_vulns, aws_v2_vulns, ctx);
|
|
390
|
+
res.push(...combined_aws_vulns);
|
|
391
|
+
// Getting vcs_RepositoryVulnerability records
|
|
392
|
+
const vcsMappings = await this.getVCSMappingsFromGit(this.repositoryNamesToUids, ctx);
|
|
393
|
+
res.push(...vcsMappings);
|
|
394
|
+
// Getting cicd_ArtifactVulnerability records
|
|
395
|
+
const cicdArtifactMappingsAWSV2 = await this.getCICDMappingsFromAWSV2(this.awsv2_vulns, ctx);
|
|
396
|
+
res.push(...cicdArtifactMappingsAWSV2);
|
|
397
|
+
const cicdArtifactMappingsAWS = await this.getCICDMappingsFromAWS(ctx);
|
|
398
|
+
res.push(...cicdArtifactMappingsAWS);
|
|
399
|
+
this.printReport(ctx);
|
|
400
|
+
return res;
|
|
401
|
+
}
|
|
402
|
+
}
|
|
403
|
+
exports.Vulnerabilities = Vulnerabilities;
|
|
404
|
+
//# sourceMappingURL=vulnerabilities.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"vulnerabilities.js","sourceRoot":"","sources":["../../../src/converters/vanta/vulnerabilities.ts"],"names":[],"mappings":";;;;;;AACA,4CAAoB;AAEpB,4CAKsB;AAUtB,SAAgB,wBAAwB,CAAC,GAAW;IAClD,OAAO,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACrC,CAAC;AAFD,4DAEC;AAED,MAAsB,eAAgB,SAAQ,qBAAS;IAAvD;;QACE,WAAM,GAAG,OAAO,CAAC;QACR,sBAAiB,GAAoC;YAC5D,mBAAmB;YACnB,6BAA6B;YAC7B,4BAA4B;SAC7B,CAAC;QACF,cAAS,GAA8B,EAAE,CAAC;QAC1C,cAAS,GAA2B,EAAE,CAAC;QACvC,gBAAW,GAA6B,EAAE,CAAC;QAC3C,oBAAe,GAAgC,EAAE,CAAC;QAClD,gBAAW,GAA4B;YACrC,GAAG,EAAE,GAAG;YACR,MAAM,EAAE,GAAG;YACX,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,0BAAqB,GAA6B,EAAE,CAAC;QACrD,8BAAyB,GAA6B,EAAE,CAAC;QACzD,mBAAc,GAA4C,EAAE,CAAC;QAC7D,mBAAc,GAAyC,EAAE,CAAC;QAC1D,qBAAgB,GAAgB,IAAI,GAAG,EAAE,CAAC;QAC1C,yDAAyD;QACzD,uBAAkB,GAAG,YAAE,CAAC,YAAY,CAClC,kCAAkC,EAClC,MAAM,CACP,CAAC;QACF,iCAA4B,GAAG,YAAE,CAAC,YAAY,CAC5C,4CAA4C,EAC5C,MAAM,CACP,CAAC;QACF,gCAA2B,GAAG,YAAE,CAAC,YAAY,CAC3C,2CAA2C,EAC3C,MAAM,CACP,CAAC;IAudJ,CAAC;IArdC,gDAAgD;IAChD,EAAE,CAAC,MAAqB;;QACtB,OAAO,MAAA,MAAA,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,MAAM,0CAAE,IAAI,0CAAE,SAAS,0CAAE,EAAE,CAAC;IAC7C,CAAC;IAED,eAAe,CACb,IAAY,EACZ,GAAW,EACX,OAAiC;QAEjC,IAAI,IAAI,IAAI,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,qBAAqB,CAAC,IAA+B;QACnD,MAAM,SAAS,GAAG,EAAE,CAAC;QACrB,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;gBACd,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAChC,SAAS;YACX,CAAC;YACD,IAAI,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,gBAAgB,CAAC;YAC5C,IAAI,CAAC,eAAe,CAClB,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,GAAG,EACR,IAAI,CAAC,qBAAqB,CAC3B,CAAC;YACF,SAAS,CAAC,IAAI,CACZ,IAAI,CAAC,iCAAiC,CACpC,IAAiC,CAClC,CACF,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;QACvC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,qBAAqB,CAAC,IAA4B;QAChD,MAAM,SAAS,GAAG,EAAE,CAAC;QACrB,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;gBACd,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAChC,SAAS;YACX,CAAC;YACD,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACpC,mDAAmD;gBACnD,MAAM,QAAQ,GAAG,EAAC,GAAG,IAAI,EAAC,CAAC;gBAC3B,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;gBAChC,MAAM,YAAY,GAAG,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjD,QAAQ,CAAC,GAAG,IAAI,YAAY,CAAC;gBAC7B,QAAQ,CAAC,aAAa,CAAC,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;gBACjD,SAAS,CAAC,IAAI,CACZ,IAAI,CAAC,iCAAiC,CACpC,QAAqC,CACtC,CACF,CAAC;gBACF,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC;YAC/C,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC5B,WAAmB,EACnB,GAAkB;QAElB,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACpB,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,WAAW,CAAC,GAAG,CACpC,GAAG,CAAC,KAAK,EACT,IAAI,CAAC,kBAAkB,EACvB,EAAC,QAAQ,EAAE,WAAW,EAAC,CACxB,CAAC;YACF,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,8DAA8D,WAAW,GAAG,CAC7E,CAAC;gBACF,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,cAAc,CAAC;YACrC,IAAI,MAAM,GAAG,IAAI,CAAC;YAClB,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,8DAA8D,WAAW,GAAG,CAC7E,CAAC;YACJ,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,4BAA4B,CAChC,SAAiB,EACjB,GAAkB;QAElB,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACpB,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,WAAW,CAAC,GAAG,CACpC,GAAG,CAAC,KAAK,EACT,IAAI,CAAC,4BAA4B,EACjC,EAAC,SAAS,EAAC,CACZ,CAAC;YACF,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,mEAAmE,SAAS,GAAG,CAChF,CAAC;gBACF,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,CAAC;YACpC,IAAI,MAAM,GAAG,IAAI,CAAC;YAClB,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,mEAAmE,SAAS,GAAG,CAChF,CAAC;YACJ,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,0BAA0B,CAC9B,QAAgB,EAChB,GAAkB;QAElB,sFAAsF;QACtF,gGAAgG;QAChG,yCAAyC;QAEzC,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACpB,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,WAAW,CAAC,GAAG,CACpC,GAAG,CAAC,KAAK,EACT,IAAI,CAAC,2BAA2B,EAChC,EAAC,QAAQ,EAAC,CACX,CAAC;YACF,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,wEAAwE,QAAQ,GAAG,CACpF,CAAC;gBACF,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,CAAC;YACpC,IAAI,MAAM,GAAG,IAAI,CAAC;YAClB,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,wEAAwE,QAAQ,GAAG,CACpF,CAAC;YACJ,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,kBAA4C,EAC5C,GAAkB;QAElB,MAAM,SAAS,GAAwB,EAAE,CAAC;QAC1C,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAClE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YACnE,IAAI,OAAO,EAAE,CAAC;gBACZ,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,MAAM,OAAO,GAAG;wBACd,GAAG,EAAE,GAAG;wBACR,MAAM,EAAE,IAAI,CAAC,MAAM;qBACpB,CAAC;oBACF,MAAM,IAAI,GAA4B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;oBAC/D,SAAS,CAAC,IAAI,CAAC;wBACb,KAAK,EAAE,6BAA6B;wBACpC,MAAM,EAAE;4BACN,UAAU,EAAE,OAAO;4BACnB,aAAa,EAAE,OAAO;4BACtB,GAAG,EAAE,IAAI,CAAC,WAAW;4BACrB,KAAK,EAAE,IAAI,CAAC,WAAW;yBACxB;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,wBAAwB,CAAC,IAA4B;;QACnD,IAAI,MAAA,IAAI,CAAC,OAAO,0CAAE,YAAY,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC;QACnC,CAAC;aAAM,CAAC;YACN,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,0BAA0B,CAAC,IAA4B;;QACrD,IAAI,MAAA,IAAI,CAAC,OAAO,0CAAE,YAAY,EAAE,CAAC;YAC/B,OAAO,SAAS,CAAC;QACnB,CAAC;aAAM,IAAI,MAAA,IAAI,CAAC,OAAO,0CAAE,YAAY,EAAE,CAAC;YACtC,OAAO,SAAS,CAAC;QACnB,CAAC;aAAM,CAAC;YACN,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,sBAAsB,CAC1B,GAAkB;QAElB,2DAA2D;QAC3D,iEAAiE;QACjE,4EAA4E;QAC5E,MAAM,GAAG,GAAwB,EAAE,CAAC;QACpC,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YAC9D,IAAI,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC;YACnC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,8DAA8D,GAAG,GAAG,CACrE,CAAC;gBACF,SAAS;YACX,CAAC;YACD,4EAA4E;YAC5E,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC3B,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAClC,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACrC,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,0BAA0B,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YACrE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,4DAA4D,GAAG,GAAG,CACnE,CAAC;gBACF,SAAS;YACX,CAAC;YACD,GAAG,CAAC,IAAI,CAAC;gBACP,KAAK,EAAE,4BAA4B;gBACnC,MAAM,EAAE;oBACN,QAAQ,EAAE,OAAO;oBACjB,aAAa,EAAE;wBACb,GAAG,EAAE,GAAG;wBACR,MAAM,EAAE,IAAI,CAAC,MAAM;qBACpB;oBACD,GAAG,EAAE,IAAI,CAAC,WAAW;oBACrB,KAAK,EAAE,IAAI,CAAC,WAAW;oBACvB,SAAS,EAAE,IAAI,CAAC,SAAS;oBACzB,cAAc,EAAE,IAAI,CAAC,SAAS;iBAC/B;aACF,CAAC,CAAC;QACL,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC5B,SAAmC,EACnC,GAAkB;QAElB,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,QAAQ,GAAgB,IAAI,GAAG,EAAE,CAAC;QACxC,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,8BAA8B;YAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;YAC3C,IAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtB,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,GAAG,GAAG,CAAC,CAAC;gBACpD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC/B,SAAS;YACX,CAAC;YACD,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAElB,6CAA6C;YAC7C,6EAA6E;YAC7E,gFAAgF;YAChF,sFAAsF;YACtF,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;YACjC,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzC,SAAS;YACX,CAAC;YACD,IAAI,SAAS,GAAG,IAAI,CAAC;YACrB,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;gBAC5B,IAAI,wBAAwB,CAAC,GAAG,CAAC,EAAE,CAAC;oBAClC,SAAS,GAAG,GAAG,CAAC;oBAChB,MAAM;gBACR,CAAC;YACH,CAAC;YACD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,oFAAoF,CACrF,CAAC;gBACF,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,4BAA4B,CAC7D,SAAS,EACT,GAAG,CACJ,CAAC;YACF,IAAI,eAAe,EAAE,CAAC;gBACpB,GAAG,CAAC,IAAI,CAAC;oBACP,KAAK,EAAE,4BAA4B;oBACnC,MAAM,EAAE;wBACN,QAAQ,EAAE,eAAe;wBACzB,aAAa,EAAE;4BACb,GAAG,EAAE,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;4BACnC,MAAM,EAAE,IAAI,CAAC,MAAM;yBACpB;wBACD,GAAG,EAAE,IAAI,CAAC,WAAW;wBACrB,KAAK,EAAE,IAAI,CAAC,WAAW;wBACvB,SAAS,EAAE,IAAI,CAAC,SAAS;wBACzB,cAAc,EAAE,IAAI,CAAC,SAAS;wBAC9B,MAAM,EAAE;4BACN,QAAQ,EAAE,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC;4BAC/C,MAAM,EAAE,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC;yBAC5C;qBACF;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,mBAAmB,CAAC,IAA4B;QAC9C,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAED,uBAAuB,CAAC,IAA8B;QACpD,MAAM,SAAS,GAAG,EAAE,CAAC;QACrB,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;gBACd,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAChC,SAAS;YACX,CAAC;YACD,MAAM,GAAG,GAAW,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACpD,IAAI,SAAiB,CAAC;YACtB,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,SAAS,GAAG,SAAS,CAAC;YACxB,CAAC;iBAAM,CAAC;gBACN,SAAS,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC7B,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;YAC3C,MAAM,SAAS,GAA8B;gBAC3C,GAAG;gBACH,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,QAAQ,EAAE,SAAS;gBACnB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,WAAW;aACpC,CAAC;YAEF,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,iCAAiC,CAAC,SAAS,CAAC,CAAC,CAAC;QACpE,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,eAAe,CACb,YAAiC,EACjC,YAAiC,EACjC,GAAkB;QAElB,MAAM,QAAQ,GAAgB,IAAI,GAAG,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,EAAE,CAAC;QAEpB,KAAK,MAAM,SAAS,IAAI,CAAC,YAAY,EAAE,YAAY,CAAC,EAAE,CAAC;YACrD,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;gBAC7B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;oBACnC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACpB,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChC,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,2BAA2B,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBAC/D,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC7C,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,iCAAiC,CAC/B,IAA+B;QAE/B,OAAO;YACL,KAAK,EAAE,mBAAmB;YAC1B,MAAM,EAAE;gBACN,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,KAAK,EAAE,IAAI,CAAC,WAAW;gBACvB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,GAAG,EAAE,IAAI,CAAC,WAAW;gBACrB,YAAY,EAAE,IAAI,CAAC,SAAS;gBAC5B,gBAAgB,EAAE,IAAI,CAAC,WAAW;aACnC;SACF,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO,CACX,MAAqB;;QAErB,IAAI,CAAA,MAAA,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,MAAM,0CAAE,IAAI,0CAAE,SAAS,MAAK,KAAK,EAAE,CAAC;YAC9C,IAAI,CAAC,SAAS,CAAC,IAAI,CACjB,MAAA,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,MAAM,0CAAE,IAAI,0CAAE,SAAoC,CAC3D,CAAC;QACJ,CAAC;aAAM,IAAI,CAAA,MAAA,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,MAAM,0CAAE,IAAI,0CAAE,SAAS,MAAK,KAAK,EAAE,CAAC;YACrD,IAAI,CAAC,SAAS,CAAC,IAAI,CACjB,MAAA,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,MAAM,0CAAE,IAAI,0CAAE,SAAiC,CACxD,CAAC;QACJ,CAAC;aAAM,IAAI,CAAA,MAAA,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,MAAM,0CAAE,IAAI,0CAAE,SAAS,MAAK,OAAO,EAAE,CAAC;YACvD,IAAI,CAAC,WAAW,CAAC,IAAI,CACnB,MAAA,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,MAAM,0CAAE,IAAI,0CAAE,SAAmC,CAC1D,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,WAAW,CAAC,GAAkB;QAC5B,MAAM,UAAU,GAAG;YACjB,gBAAgB,EAAE,IAAI,CAAC,eAAe,CAAC,MAAM;YAC7C,iBAAiB,EAAE,IAAI,CAAC,gBAAgB,CAAC,IAAI;SAC9C,CAAC;QACF,GAAG,CAAC,MAAM,CAAC,IAAI,CACb,sCAAsC;YACpC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CACtC,CAAC;QACF,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,GAAG,CAAC,MAAM,CAAC,KAAK,CACd,iCAAiC;gBAC/B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC,CAChD,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,gBAAgB,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACnC,GAAG,CAAC,MAAM,CAAC,KAAK,CACd,6BAA6B;gBAC3B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAC,CACjD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,GAAkB;QAElB,yEAAyE;QACzE,uBAAuB;QACvB,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;QAClD,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,oCAAoC;QACpC,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;QACxD,MAAM,YAAY,GAAG,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAChE,MAAM,YAAY,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACpE,MAAM,kBAAkB,GAAG,IAAI,CAAC,eAAe,CAC7C,YAAY,EACZ,YAAY,EACZ,GAAG,CACJ,CAAC;QACF,GAAG,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,CAAC;QAEhC,8CAA8C;QAC9C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAClD,IAAI,CAAC,qBAAqB,EAC1B,GAAG,CACJ,CAAC;QACF,GAAG,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;QAEzB,6CAA6C;QAC7C,MAAM,yBAAyB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CACnE,IAAI,CAAC,WAAW,EAChB,GAAG,CACJ,CAAC;QACF,GAAG,CAAC,IAAI,CAAC,GAAG,yBAAyB,CAAC,CAAC;QACvC,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC;QACvE,GAAG,CAAC,IAAI,CAAC,GAAG,uBAAuB,CAAC,CAAC;QACrC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACtB,OAAO,GAAG,CAAC;IACb,CAAC;CACF;AAzfD,0CAyfC"}
|
package/lib/destination.js
CHANGED
|
@@ -258,7 +258,9 @@ class FarosDestination extends faros_airbyte_cdk_1.AirbyteDestination {
|
|
|
258
258
|
else {
|
|
259
259
|
this.redactFieldsByModel = {};
|
|
260
260
|
}
|
|
261
|
-
this.redactor = new record_redactor_1.RecordRedactor(config.redact_custom_replace, config.redact_custom_regex
|
|
261
|
+
this.redactor = new record_redactor_1.RecordRedactor(config.redact_custom_replace, typeof config.redact_custom_regex === 'string'
|
|
262
|
+
? JSON.parse(config.redact_custom_regex)
|
|
263
|
+
: config.redact_custom_regex);
|
|
262
264
|
const jira_configs = (_b = (_a = config.source_specific_configs) === null || _a === void 0 ? void 0 : _a.jira) !== null && _b !== void 0 ? _b : {};
|
|
263
265
|
if (typeof jira_configs.truncate_limit === 'number' &&
|
|
264
266
|
jira_configs.truncate_limit < 0) {
|