-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathgraph_ql.py
102 lines (75 loc) · 3.86 KB
/
graph_ql.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# Copyright 2019, Oath Inc.
# Licensed under the terms of the Apache 2.0 license. See LICENSE file in project root for terms.
import requests
import pprint
from queries import query
from constants import headers_graphql
from constants import graphql_url
from constants import jira_url
from arguments import jira_project_key
from constants import headers_jira
from arguments import vulnerabilities_issue_created_track_path
import json
import collections
# A simple function to use requests.post to make the API call. Note the json= section.
def run_query(query):
request = requests.post(graphql_url, json={'query': query}, headers=headers_graphql)
if request.status_code == 200:
return request.json()
else:
raise Exception("Query failed to run by returning code of {}. {}".format(request.status_code, query))
result = run_query(query) # Execute the query
def get_vulnerabilities():
vulnerabilities_list = {}
for edges in result['data']['organization']['repositories']['edges']:
for vulIssues in edges['node']['vulnerabilityAlerts']['edges']:
vulnerable_repo_name = edges['node']['name']
if vulnerable_repo_name not in vulnerabilities_list:
vulnerabilities_list[vulnerable_repo_name] = set()
vulnerabilities = vulIssues['node']['packageName']
vulnerabilities_list[vulnerable_repo_name].add(vulnerabilities)
return vulnerabilities_list
ordered_vulnerabilities_list = collections.OrderedDict(get_vulnerabilities())
print(ordered_vulnerabilities_list)
res = ordered_vulnerabilities_list
vulnerabilities_keys_list = list(res.keys())
vulnerabilities_values_list = list(res.values())
vulnerabilities_issues_created_keys_list = []
vulnerabilities_issues_created_values_list = []
def create_jira_issue():
for i in range(0,len(vulnerabilities_keys_list)):
if vulnerabilities_keys_list[i] not in vulnerabilities_issues_created_keys_list and \
vulnerabilities_values_list[i] not in vulnerabilities_issues_created_values_list and \
vulnerabilities_keys_list[i] not in open(vulnerabilities_issue_created_track_path).read():
issue_body = {"fields": {
"project":
{
"key": "%s" % (jira_project_key)
},
"summary": "Security vulnerability issues found in project %s" % (vulnerabilities_keys_list[i]),
"description": "Following are the list of vulnerabilities found for the above project %s" %
(vulnerabilities_values_list[i]),
"issuetype": {
"name": "Defect"
}
}
}
issue_body_data = json.dumps(issue_body)
request = requests.post(jira_url, data=issue_body_data, headers=headers_jira)
vulnerabilities_issues_created_keys_list.append(vulnerabilities_keys_list[i])
vulnerabilities_issues_created_values_list.append(vulnerabilities_values_list[i])
tracked_repos = '\n'.join(vulnerabilities_issues_created_keys_list)
f = open(vulnerabilities_issue_created_track_path, "w")
f.write(tracked_repos)
if request.status_code == 201:
print(request.json())
else:
raise Exception("Issue failed to be created by returning code of {}. {}".format(request.status_code,
request.json()))
if len(vulnerabilities_issues_created_keys_list) == len(vulnerabilities_keys_list) and\
len(vulnerabilities_issues_created_values_list) == len(vulnerabilities_values_list):
return True
else:
continue
ans = create_jira_issue()
print(len(vulnerabilities_issues_created_keys_list))