Updating extension api (#2)

* updating extension api * cleanup * Adding New Result Objects * App Store Enhancements * updating how configs work * update tests and pom.xml
factionsecurity · Mar 2, 2024 · e0aa894 · e0aa894
1 parent bbe32dd
commit e0aa894
Show file tree

Hide file tree

Showing 8 changed files with 90 additions and 61 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 target/*
+/target/
 
diff --git a/pom.xml b/pom.xml
@@ -2,26 +2,16 @@
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
-	<groupId>JiraPlugin</groupId>
-	<artifactId>JiraPlugin</artifactId>
-	<version>0.0.1</version>
-	<name>JiraPlugin</name>
-	<repositories>
-		<repository>
-			<id>FactionExtender</id>
-			<url>
-				https://github.com/factionsecurity/faction-extender/raw/mvn-repo/</url>
-			<snapshots>
-				<enabled>true</enabled>
-				<updatePolicy>always</updatePolicy>
-			</snapshots>
-		</repository>
-	</repositories>
+
+	<groupId>faction-jira-extension</groupId>
+	<artifactId>faction-jira-extension</artifactId>
+	<version>1.0</version>
+	<name>Faction Jira Extension</name>
 	<dependencies>
 		<dependency>
-			<groupId>FactionExtender</groupId>
-			<artifactId>FactionExtender</artifactId>
-			<version>1.1</version>
+			<groupId>com.factionsecurity</groupId>
+			<artifactId>faction-extender</artifactId>
+			<version>2.5</version>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.clerezza.ext</groupId>
@@ -54,9 +44,12 @@
 					<descriptorRefs>
 						<descriptorRef>jar-with-dependencies</descriptorRef>
 					</descriptorRefs>
-					<archive> 
+					<archive>
 						<manifestEntries>
-							<Import-Library>org.faction.JiraPlugin</Import-Library>
+							<Title>${project.name}</Title>
+							<Version>${project.version}</Version>
+							<Author>Josh Summitt</Author>
+							<URL>https://www.factionsecurity.com</URL>
 						</manifestEntries>
 					</archive>
 				</configuration>

diff --git a/src/main/java/org/faction/JiraPlugin.java b/src/main/java/org/faction/JiraPlugin.java
@@ -4,9 +4,10 @@
 import java.util.List;
 
 import com.faction.elements.Assessment;
+import com.faction.elements.BaseExtension;
 import com.faction.elements.CustomField;
 import com.faction.elements.Vulnerability;
-
+import com.faction.elements.results.AssessmentManagerResult;
 import org.apache.http.HttpResponse;
 import org.apache.http.client.HttpClient;
 import org.apache.http.client.methods.HttpPost;
@@ -17,28 +18,11 @@
 import org.json.simple.parser.JSONParser;
 
 
-/*
- * This is an example Jira Plugin to be used with faction. 
- * This Plugin has 3 requirements:
- * 
- * 1. Must ensure your pom.xml file is updated to include this 
- *    package in the manifest. This is is controlled by the 
- *    Import-Libary directive in the maven-assembly-plugin 
- * 
- *    Example: <Import-Library>org.faction.JiraPlugin</Import-Library>
- *    
- * 2. You must set the Environment Variables JIRA_HOST and 
- *    JIRA_API_KEY in your tomcat environment. 
- * 
- * 3. Set the Jira Project Name using a Custom Field in Faction. 
- *    This is added in admin settings. (Faction->admin->settings)
- *    The name should be "Jira Project", 'variable' can be what ever
- *    you want. Variable names are only used for report generation.   
- */
-public class JiraPlugin implements com.faction.extender.AssessmentManager{
+
+public class JiraPlugin extends BaseExtension implements com.faction.extender.AssessmentManager{
 
 	@Override
-	public Object[] assessmentChange(Assessment assessment, List<Vulnerability> vulns, Operation opcode) {
+	public AssessmentManagerResult assessmentChange(Assessment assessment, List<Vulnerability> vulns, Operation opcode) {
 
 		System.out.println("Running Assessment Manager");
 		String project ="KAN";  //Default Jira Project Name.
@@ -68,33 +52,42 @@ public Object[] assessmentChange(Assessment assessment, List<Vulnerability> vuln
 			}
 		}
 		//return the assessment and updated vulns back to Faction;
-		return new Object [] {assessment, vulns};
+		AssessmentManagerResult result = new AssessmentManagerResult();
+		result.setAssessment(assessment);
+		result.setVulnerabilities(vulns);
+		return result;
+
 	}
-
-
 	/*
 	 * This Utility function handles creating the Jira Issue and sending 
 	 * the correct JSON to the Jira Server. 
 	 */
 	public String sendVulnerbilityToJira(Vulnerability vuln, String projectName) {
+		try {
 
-		JSONObject issueType = new JSONObject();
-		issueType.put("name", "Bug");
-
-		JSONObject project = new JSONObject();
-		project.put("key", projectName);
+			JSONObject issueType = new JSONObject();
+			issueType.put("name", "Bug");
 
-		JSONObject fields = new JSONObject();
-		fields.put("summary", vuln.getName());
-		fields.put("description", vuln.getDescription());
-		fields.put("project", project);
-		fields.put("issuetype", issueType);
+			JSONObject project = new JSONObject();
+			project.put("key", projectName);
+
+			JSONObject fields = new JSONObject();
+			fields.put("summary", vuln.getName());
+			fields.put("description", vuln.getDescription());
+			fields.put("project", project);
+			fields.put("issuetype", issueType);
+
+			JSONObject issue = new JSONObject();
+			issue.put("fields", fields);
+			// Get Extension Configs
+			String jiraHost = this.getConfigs().get("Jira Host");
+			String jiraURL = String.format("%s%s", jiraHost, "rest/api/2/issue/");
+			return httpPost(jiraURL, issue);
+		}catch(Exception ex) {
+			ex.printStackTrace();
+			return null;
+		}
 
-		JSONObject issue = new JSONObject();
-		issue.put("fields", fields);
-		String jiraHost = System.getenv("JIRA_HOST");
-		String jiraURL = String.format("%s%s", jiraHost, "rest/api/2/issue/");
-		return httpPost(jiraURL, issue);
 
 
 
@@ -106,12 +99,16 @@ private String base64(String data) {
 
 	private String httpPost(String url, JSONObject payload) {
 		HttpClient httpClient = HttpClientBuilder.create().build();
-		String apiKey = System.getenv("JIRA_API_KEY");
+
+		// Get Extension Configs.
+		String apiKey = this.getConfigs().get("Jira API Key");
+		String email = this.getConfigs().get("Jira Email");
+
 		try {
 		    HttpPost request = new HttpPost(url);
 		    StringEntity params = new StringEntity(payload.toJSONString());
 		    request.addHeader("content-type", "application/json");
-		    request.addHeader("Authorization", base64(apiKey));
+		    request.addHeader("Authorization", base64(email + ":" + apiKey));
 		    request.setEntity(params);
 		    HttpResponse response = httpClient.execute(request);
 		    if( response.getStatusLine().getStatusCode() == 201) {
@@ -120,6 +117,8 @@ private String httpPost(String url, JSONObject payload) {
 		    	JSONObject jsonObj = (JSONObject) parser.parse(json);
 		    	return (String) jsonObj.get("id");
 		    }else {
+		    	System.out.println(response.getStatusLine().getStatusCode());
+		    	System.out.println(EntityUtils.toString(response.getEntity()));
 		    	return null;
 		    }
 		} catch (Exception ex) {

diff --git a/src/main/resources/META-INF/resources/config.json b/src/main/resources/META-INF/resources/config.json
@@ -0,0 +1,14 @@
+{
+	"Jira Host" : {
+		"type": "text",
+		"value": "https://yourhost.com"
+		},
+	"Jira API Key" : {
+		"type": "password",
+		"value": "your api key"
+		},
+	"Jira Email": {
+		"type" : "text",
+		"value": "[email protected]"
+	}
+}
diff --git a/src/main/resources/META-INF/resources/description.md b/src/main/resources/META-INF/resources/description.md
@@ -0,0 +1,9 @@
+This Extension enables JIRA integration. When the assessment is finalized all vulnerabilities will be sent to JIRA and FACTION will be updated with the JIRA Tracking number.  
+
+To use this extension you must:
+1. Get your JIRA API key. Log into JIRA then go to [Profile->Manage Account->Security->API Tokens](https://id.atlassian.com/manage-profile/security/api-tokens).
+2. Enter your JIRA API Key and JIRA Hostname into the FACTION App Dashboard.
+3. Create a Custom Field to Allow Users to change the location of the JIRA Dashboard. 
+
+You can find more information [here](https://docs.factionsecurity.com/Extending%20FACTION/)
+
diff --git a/src/main/resources/META-INF/resources/logo.png b/src/main/resources/META-INF/resources/logo.png
diff --git a/src/main/resources/META-INF/services/com.faction.extender.AssessmentManager b/src/main/resources/META-INF/services/com.faction.extender.AssessmentManager
@@ -0,0 +1 @@
+org.faction.JiraPlugin
diff --git a/src/test/java/org/faction/JiraTestCase.java b/src/test/java/org/faction/JiraTestCase.java
@@ -1,9 +1,21 @@
 package org.faction;
 import static org.junit.jupiter.api.Assertions.*;
 
+
+import java.io.File;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.URLClassLoader;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.ServiceLoader;
+
 import org.junit.jupiter.api.Test;
 
+import com.faction.elements.Assessment;
 import com.faction.elements.Vulnerability;
+import com.faction.extender.AssessmentManager;
+import com.faction.extender.AssessmentManager.Operation;
 
 class JiraTestCase {