From 74584da7fb15da863c9a88860491c37204834a47 Mon Sep 17 00:00:00 2001 From: Josh Rickard Date: Tue, 12 Mar 2024 11:19:02 -0500 Subject: [PATCH] wip --- .../veracode_findings/lib/veracode_client.rb | 18 +++++++++--------- .../veracode_findings/veracode_findings.rb | 11 ++++++++--- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/tasks/connectors/veracode_findings/lib/veracode_client.rb b/tasks/connectors/veracode_findings/lib/veracode_client.rb index eecb7b3c..eeb72477 100644 --- a/tasks/connectors/veracode_findings/lib/veracode_client.rb +++ b/tasks/connectors/veracode_findings/lib/veracode_client.rb @@ -16,7 +16,7 @@ class FindingsClient HOST = "api.veracode.com" REQUEST_VERSION = "vcode_request_version_1" - def initialize(id, key, output_dir, filename, kenna_api_host, kenna_connector_id, kenna_api_key) + def initialize(id, key, output_dir, filename, kenna_api_host, kenna_connector_id, kenna_api_key, match_key) @id = id @key = key @output_dir = output_dir @@ -24,6 +24,7 @@ def initialize(id, key, output_dir, filename, kenna_api_host, kenna_connector_id @kenna_api_host = kenna_api_host @kenna_connector_id = kenna_connector_id @kenna_api_key = kenna_api_key + @match_key = match_key @category_recommendations = [] end @@ -75,7 +76,7 @@ def category_recommendations(page_size) @category_recommendations = cat_rec_list end - def get_findings(app_guid, app_name, tags, page_size, omit_line_number) + def get_findings(app_guid, app_name, tags, page_size) print_debug "pulling issues for #{app_name}" puts "pulling issues for #{app_name}" # DBRO app_request = "#{FINDING_PATH}/#{app_guid}/findings?size=#{page_size}" @@ -109,7 +110,6 @@ def get_findings(app_guid, app_name, tags, page_size, omit_line_number) url = finding["finding_details"]["url"] ext_id = "[#{app_name}] - #{url}" end - finding_id = "#{app_name}:#{finding['issue_id']}" # Pull Status from finding["finding_status"]["status"] # Per docs this shoule be "OPEN" or "CLOSED" @@ -166,7 +166,7 @@ def get_findings(app_guid, app_name, tags, page_size, omit_line_number) # craft the vuln hash finding = { - "scanner_identifier" => finding_id, + "scanner_identifier" => cwe, "scanner_type" => "veracode", "severity" => scanner_score * 2, "triage_state" => status, @@ -178,7 +178,7 @@ def get_findings(app_guid, app_name, tags, page_size, omit_line_number) finding.compact! vuln_def = { - "scanner_identifier" => finding_id, + "scanner_identifier" => cwe, "scanner_type" => "veracode", "cwe_identifiers" => cwe, "name" => cwe_name, @@ -188,7 +188,7 @@ def get_findings(app_guid, app_name, tags, page_size, omit_line_number) vuln_def.compact! # Create the KDI entries - create_kdi_asset_finding(asset, finding) + create_kdi_asset_finding(asset, finding, @match_key) create_kdi_vuln_def(vuln_def) end url = (result["_links"]["next"]["href"] unless result["_links"]["next"].nil?) || nil @@ -302,16 +302,16 @@ def get_findings_sca(app_guid, app_name, tags, page_size) vuln_def.compact! # Create the KDI entries - create_kdi_asset_finding(asset, finding) + create_kdi_asset_finding(asset, finding, @match_key) create_kdi_vuln_def(vuln_def) end url = (result["_links"]["next"]["href"] unless result["_links"]["next"].nil?) || nil end end - def issues(app_guid, app_name, tags, page_size, omit_line_number) + def issues(app_guid, app_name, tags, page_size) # Get Findings - get_findings(app_guid, app_name, tags, page_size, omit_line_number) + get_findings(app_guid, app_name, tags, page_size) # Get SCA Findings get_findings_sca(app_guid, app_name, tags, page_size) diff --git a/tasks/connectors/veracode_findings/veracode_findings.rb b/tasks/connectors/veracode_findings/veracode_findings.rb index 91befada..392b5544 100644 --- a/tasks/connectors/veracode_findings/veracode_findings.rb +++ b/tasks/connectors/veracode_findings/veracode_findings.rb @@ -43,6 +43,11 @@ def self.metadata required: false, default: nil, description: "If set, we'll try to upload to this connector" }, + { name: "match_key", + type: "string", + required: false, + default: nil, + description: "If set, payloads will be constructed deduplicating onto the match key" }, { name: "output_directory", type: "filename", required: false, @@ -65,14 +70,14 @@ def run(opts) veracode_id = @options[:veracode_id] veracode_key = @options[:veracode_key] page_size = @options[:veracode_page_size] - omit_line_number = @options[:omit_line_number] @kenna_api_host = @options[:kenna_api_host] @kenna_api_key = @options[:kenna_api_key] @kenna_connector_id = @options[:kenna_connector_id] + @match_key = @options[:match_key] @output_dir = "#{$basedir}/#{@options[:output_directory]}" @filename = ".json" - client = Kenna::Toolkit::Veracode::FindingsClient.new(veracode_id, veracode_key, @output_dir, @filename, @kenna_api_host, @kenna_connector_id, @kenna_api_key) + client = Kenna::Toolkit::Veracode::FindingsClient.new(veracode_id, veracode_key, @output_dir, @filename, @kenna_api_host, @kenna_connector_id, @kenna_api_key, @match_key) client.category_recommendations(page_size) @@ -83,7 +88,7 @@ def run(opts) guid = application.fetch("guid") appname = application.fetch("name").tr('"', "'") tags = application.fetch("tags") - client.issues(guid, appname, tags, page_size, omit_line_number) + client.issues(guid, appname, tags, page_size) end return unless @kenna_connector_id && @kenna_api_host && @kenna_api_key