Skip to content

Instantly share code, notes, and snippets.

@Boomatang

Boomatang/JIRA_FORMAT.md

Last active September 29, 2020 13:56
Show Gist options
  • Save Boomatang/cca858371c3e93b911ff3dbcbb7622b2 to your computer and use it in GitHub Desktop.
Save Boomatang/cca858371c3e93b911ff3dbcbb7622b2 to your computer and use it in GitHub Desktop.
Download ZIP
Scripts to help formating for creating jiras
Raw
fromat.py
import json
import sys
def has_cve(item):
if item['CVE'] is not None:
return item['CVE']
else:
return "Premium Data"
def upgrade_version(item):
try:
return item["UPGRADE_TO"][0]
except IndexError:
if len(item["UPGRADE_TO"]) == 0:
return "Unknown"
else:
return item["UPGRADE_TO"]
def load_data():
data = ''
for line in sys.stdin:
data += line
return json.loads(data)
def format_data(data):
for item in data:
print(f'h4. {item["TITLE"]}')
print(f'CVE: {has_cve(item)}')
print(f'Score: {item["SCORE"]}')
print(f'Summary: {item["SUMMARY"]}')
print(f'Upgrade To: {upgrade_version(item)}')
print(f'Known Exploits: {item["KNOWN_EXPLOITS"]}')
print()
def run():
data = load_data()
format_data(data)
if "__main__" == __name__:
print()
print()
run()
Raw
jira_format
srcclr lookup --type=go --coord1=<PACKAGE_NAME> --version=<VERSION> --json | jq 'del(.records[].graphs) | .records[] | .vulnerabilities | sort_by(-.cvssScore) | map({TITLE: .title, SCORE: .cvssScore, CVE: .cve, SUMMARY: .overview, UPGRADE_TO: [.libraries[].details[].updateToVersion], KNOWN_EXPLOITS: .hasExploits})' | python <PATH/TO/FILE>/format.py
Raw
JIRA_FORMAT.md

This gist is to help with the creating of jiras and is a work in progress but will do some of the work for you.

These scripts require you to have srcclr and jq installed.

jira_format is the command line call that needs to be made.

Values in the script that need to be filled are: PACKAGE_NAME: Package where the issues are. VERSION: the version of the packaged wanting to be checked. PATH/TO/FILE: this is the path to the format.py that is included in this gist

Running the script the output will be broken down by reported issue and look like the example below. Do be aware that all issue for a package is reported when using srcclr lookup. There may be some issue that you are not looking for formated data on.

h4. Cross-site Scripting (XSS)
CVE: 2019-3826
Score: 4.3
Summary: github.com/prometheus/prometheus is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists as the highlighter function was not sanitized and could be used for XSS attacks.
Upgrade To: 2.7.1
Known Exploits: False
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment