Open ghost opened 5 years ago
ghost
commented
5 years ago The problem is the wrong symbol "_" in the fingerprints. The CONTAINS (~) operator incorrectly supports fingerprint.
Maybe, remove the "" symbol from the fingeprint (by changing the jq instruction "fingerprint": "\ ($ in.pluginid) \ ($ h.uri) _ \ ($ h.method)" on "fingerprint": "\ ($ in.pluginid) \ ($ h.uri) \ ($ h.method)"
@omerlh What do you think about such an idea?
omerlh
commented
5 years ago Sounds good! Seems like there is no need for a PR, right?
ghost
commented
5 years ago @omerlh Unfortunately, the solution does not work. The jql filter is incorrect. I made the test.
Actual jql query
Modify jql query (based on https://community.atlassian.com/t5/Jira-questions/CONTAINS-does-not-seem-to-work-when-searching-description/qaq-p/408602)
Below is an example output :
I hope you understand :-), the current filter does not find any tasks and duplicates are created.
I think the error is in the file glue / lib / glue / filters / jira_one_time_filter.rb (line 46).
I would like to implement Glue productively, and correct reporting is very important, so I am asking for PR.
omerlh
commented
5 years ago Will you able to contribute this PR?
ghost
commented
5 years ago I will try :-), but I will need help with modification /glue/lib/glue/filters/jira_one_time_filter.rb:46.
I changed
jira.Issue.jql ("project = # {@ project} AND description ~ '# {finding.fingerprint}' AND resolution is EMPTY '). each to | issue |
on
jira.Issue.jql ("project = # {@ project} AND description ~ '"\"#{finding.fingerprint}\""' AND resolution is EMPTY"). each to | issue |
I tried this way, but I get the error:
/usr/local/lib/ruby/site_ruby/2.4.0/rubygems/core_ext/kernel_require.rb:117:in `require': /glue/lib/glue/filters/jira_one_time_filter.rb:46: syntax error, unexpected $undefined, expecting ')' (SyntaxError)
project} AND description ~ '"\"#{finding.fingerprint}\""' AN
^
/glue/lib/glue/filters/jira_one_time_filter.rb:46: unterminated string meets end of file
/glue/lib/glue/filters/jira_one_time_filter.rb:46: syntax error, unexpected end-of-input, expecting keyword_end
from /usr/local/lib/ruby/site_ruby/2.4.0/rubygems/core_ext/kernel_require.rb:117:in `require'
from /glue/lib/glue/filters.rb:40:in `block in <top (required)>'
from /glue/lib/glue/filters.rb:39:in `each'
from /glue/lib/glue/filters.rb:39:in `<top (required)>'
from /usr/local/lib/ruby/site_ruby/2.4.0/rubygems/core_ext/kernel_require.rb:54:in `require'
from /usr/local/lib/ruby/site_ruby/2.4.0/rubygems/core_ext/kernel_require.rb:54:in `require'
from /glue/lib/glue.rb:248:in `scan'
from /glue/lib/glue.rb:47:in `run'
from bin/glue:58:in `<main>'
Let's move to OWASP slack, it will be faster - feel free to ping me there :)
stale[bot]
commented
5 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Description Tasks are created in the JIRA system, but the filter that eliminates duplication does not work. Duplicates are created because the jql query is incorrect and incorrectly verified by the "fingerprint".
Proposed solution I found a working solution. https://community.atlassian.com/t5/Jira-questions/CONTAINS-does-not-seem-to-work-when-searching-description/qaq-p/408602 I tested this solution on local machine and it's working.