fix(multi-ticket): Fix a finding getting multiple tickets when it exi…

…sts in multiple standards * fix bug in setting default value for process.env.SECURITY_HUB_NEW_ISSUE_DELAY * removed createdAt finding attribute as it makes each finding unique * Add "MEDIUM" severity to run-sync.ts * ncu -u * update github actions versions * removed sinon, refactored all tests to use vitest * Update index.test.ts * move test's constants into their own file * move test's mockResponses into their own file * Update index.test.ts * Starting to move mock clients into their own file * update test constants * undo run-sync.ts change, unnecessary * Update mockClients to put the mocks in place upon import, no need to execute a function after import. * move axios mocking to mockClients.ts * minor axios cleanup * move mocking of jira-client to mockClients.ts * Update index.test.ts * Update index.test.ts * Update index.test.ts * temporarily adding logging statements for troubleshooting tests * bump * fix check for undefined process.env.SECURITY_HUB_NEW_ISSUE_DELAY * dependency updates * Create .nvmrc * cleaning up after troubleshooting * Update security-hub-lib.ts * adding more tests * more unit tests * another unit test * putting each test in its own function * refactoring unit tests * cleanup * additional jira tests * Update jira.test.ts * Create securityHub.test.ts * Update securityHubJiraSync.test.ts * Update mockClients.ts * Update jira.test.ts * Update securityHub.test.ts * dependency updates * Update jira-lib.ts
Enterprise-CMCS · Apr 24, 2023 · 6f4ea42 · 6f4ea42
1 parent 4097509
commit 6f4ea42
Show file tree

Hide file tree

Showing 15 changed files with 3,893 additions and 10,470 deletions.
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -17,4 +17,4 @@ jobs:
       - name: "Checkout Repository"
         uses: actions/checkout@v3
       - name: "Dependency Review"
-        uses: actions/dependency-review-action@v2
+        uses: actions/dependency-review-action@v3
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/setup-python@v2
-      - uses: pre-commit/action@v2.0.2
+      - uses: actions/setup-python@v4
+      - uses: pre-commit/action@v3.0.0
         with:
           extra_args: --all-files
diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
@@ -23,7 +23,7 @@ jobs:
       - run: npm run coverage
       - name: publish test coverage to code climate
         if: always() && env.CC_TEST_REPORTER_ID != ''
-        uses: paambaati/codeclimate-action@v2.7.5
+        uses: paambaati/codeclimate-action@v3.2.0
         env:
           CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
         with:

diff --git a/.nvmrc b/.nvmrc
@@ -0,0 +1 @@
+v18.14.0
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -27,17 +27,16 @@
   ],
   "license": "MIT",
   "devDependencies": {
-    "@semantic-release/changelog": "^6.0.2",
+    "@semantic-release/changelog": "^6.0.3",
     "@semantic-release/git": "^10.0.1",
-    "@types/node": "^18.11.18",
-    "@vitest/coverage-c8": "^0.28.2",
-    "@vitest/ui": "^0.28.2",
+    "@types/node": "^18.15.12",
+    "@vitest/coverage-c8": "^0.30.1",
+    "@vitest/ui": "^0.30.1",
     "aws-sdk-client-mock": "^2.1.1",
-    "semantic-release": "^20.1.1",
-    "sinon": "^15.0.2",
+    "semantic-release": "^21.0.1",
     "tslint": "^6.1.3",
-    "typescript": "^4.9.4",
-    "vitest": "^0.29.3"
+    "typescript": "^5.0.4",
+    "vitest": "^0.30.1"
   },
   "release": {
     "branches": [
@@ -51,11 +50,11 @@
     ]
   },
   "dependencies": {
-    "@aws-sdk/client-iam": "^3.292.0",
-    "@aws-sdk/client-securityhub": "^3.292.0",
-    "@aws-sdk/client-sts": "^3.292.0",
+    "@aws-sdk/client-iam": "^3.316.0",
+    "@aws-sdk/client-securityhub": "^3.317.0",
+    "@aws-sdk/client-sts": "^3.316.0",
     "@types/jira-client": "^7.1.6",
-    "axios": "^1.3.4",
+    "axios": "^1.3.6",
     "dotenv": "^16.0.3",
     "jira-client": "^8.2.2"
   }

diff --git a/src/libs/security-hub-lib.ts b/src/libs/security-hub-lib.ts
@@ -50,7 +50,9 @@ export class SecurityHub {
 
       // delay for filtering out ephemeral issues
       const delayForNewIssues =
-        +process.env.SECURITY_HUB_NEW_ISSUE_DELAY! || 24 * 60 * 60 * 1000; // 1 day
+        typeof process.env.SECURITY_HUB_NEW_ISSUE_DELAY !== "undefined"
+          ? +process.env.SECURITY_HUB_NEW_ISSUE_DELAY
+          : 24 * 60 * 60 * 1000; // 1 day
       const maxDatetime = new Date(currentTime.getTime() - delayForNewIssues);
 
       const filters = {
@@ -69,8 +71,8 @@ export class SecurityHub {
         ],
       };
 
-      // use a Set to store unique findings by title
-      const uniqueFindings = new Set<SecurityHubFinding>();
+      // use an object to store unique findings by title
+      const uniqueFindings: { [title: string]: SecurityHubFinding } = {};
 
       // use a variable to track pagination
       let nextToken: string | undefined = undefined;
@@ -83,18 +85,23 @@ export class SecurityHub {
             NextToken: nextToken,
           })
         );
-        if (response.Findings) {
+        if (response && response.Findings) {
           for (const finding of response.Findings) {
-            uniqueFindings.add(
-              this.awsSecurityFindingToSecurityHubFinding(finding)
-            );
+            const findingForJira =
+              this.awsSecurityFindingToSecurityHubFinding(finding);
+            if (findingForJira.title)
+              uniqueFindings[findingForJira.title] = findingForJira;
           }
         }
-        nextToken = response.NextToken;
+        if (response && response.NextToken) nextToken = response.NextToken;
+        else nextToken = undefined;
       } while (nextToken);
 
-      return Array.from(uniqueFindings).map((finding) => {
-        return { accountAlias: this.accountAlias, ...finding };
+      return Object.values(uniqueFindings).map((finding) => {
+        return {
+          accountAlias: this.accountAlias,
+          ...finding,
+        };
       });
     } catch (e: any) {
       throw new Error(`Error getting Security Hub findings: ${e.message}`);

diff --git a/src/macpro-security-hub-sync.ts b/src/macpro-security-hub-sync.ts
@@ -46,7 +46,8 @@ export class SecurityHubJiraSync {
     );
 
     // Step 2. Get all current findings from Security Hub
-    const shFindings = await this.securityHub.getAllActiveFindings();
+    const shFindingsObj = await this.securityHub.getAllActiveFindings();
+    const shFindings = Object.values(shFindingsObj);
 
     // Step 3. Close existing Jira issues if their finding is no longer active/current
     updatesForReturn.push(

diff --git a/src/tests/constants.ts b/src/tests/constants.ts
@@ -0,0 +1,6 @@
+export const Constants = {
+  TEST_AWS_ACCOUNT_ID: "012345678901",
+  TEST_PROJECT: "TEST_PROJECT",
+  TEST_STATUS: "TEST_STATUS",
+  TEST_AWS_REGION: "us-east-1",
+};
diff --git a/src/tests/index.test.ts b/src/tests/index.test.ts