search

tenable / integration-jira-cloud

67 stars 52 forks source link

The issue type selected is invalid. API 3 #18

Closed j-monroe closed 4 years ago

j-monroe commented 4 years ago 
2020-03-03 21:31:24,808 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "POST /rest/api/3/search HTTP/1.1" 200 None
2020-03-03 21:31:24,810 tenable_jira.jira.Jira DEBUG uri=https://healthtap.atlassian.net/rest/api/3/issue, query={'update_history': False}, body={"fields": {"project": {"key": "VULN"}, "issuetype": {"id": "11527"}, "customfield_13757": ["CVE-2018-19518", "CVE-2018-19935", "CVE-2018-20783"], "customfield_13758": "8.5", "customfield_13759": "7.0", "customfield_13760": "7.5", "customfield_13761": "7.0", "customfield_13762": "119764", "customfield_13763": "CGI abuses", "customfield_13764": "PHP 5.6.x < 5.6.39 Multiple vulnerabilities", "customfield_13765": "High", "customfield_13782": "7.4", "summary": "[119764] PHP 5.6.x < 5.6.39 Multiple vulnerabilities", "description": {"version": 1, "type": "doc", "content": [{"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Description"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "According to its banner, the version of PHP running on the remote web\nserver is 5.6.x prior to 5.6.39. It is, therefore, affected by\nmultiple vulnerabilities:\n\n  - An arbitrary command injection vulnerability exists in the\n  imap_open function due to improper filters for mailbox names prior\n  to passing them to rsh or ssh commands. An authenticated, remote\n  attacker can exploit this by sending a specially crafted IMAP server\n  name to cause the execution of arbitrary commands on the target\n  system. (CVE-2018-19518)\n\n  - A denial of service (DoS) vulnerability exists in\n  ext/imap/php_imap.c. An unauthenticated, remote attacker can\n  exploit this issue, via an empty string in the message argument\n  to the imap_mail function, to cause the application to stop\n  responding. (CVE-2018-19935)\n\n  - A heap buffer over-read exists in the phar_parse_pharfile function.\n  An unauthenticated, remote attacker can exploit this to read\n  allocated or unallocated memory past the actual data when trying to\n  parse a .phar file. (CVE-2018-20783)"}]}, {"type": "heading", "attrs": {"level": 1}, "content": [{"type": "text", "text": "Solution"}]}, {"type": "paragraph", "content": [{"type": "text", "text": "Upgrade to PHP version 5.6.39 or later."}]}]}}}
2020-03-03 21:31:25,045 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "POST /rest/api/3/issue?update_history=False HTTP/1.1" 400 None
2020-03-03 21:31:25,048 restfly.errors.BadRequestError ERROR [400: POST] https://healthtap.atlassian.net/rest/api/3/issue?update_history=False body=b'{"errorMessages":[],"errors":{"issuetype":"The issue type selected is invalid."}}'
SteveMcGrath commented 4 years ago

I think i'm going to need some more information. It looks like it's selecting issuetype ID 11527. What I'm going to need to you do is save and run the following code:

from tenable_jira.jira import Jira
from tenable_jira.config import base_config
from restfly.utils import dict_merge
import yaml, json

config_file = 'config.yaml'

config = dict_merge(
    base_config(),
    yaml.load(open(config_file), Loader=yaml.Loader)
)
jira = Jira(
    'https://{}/rest/api/3'.format(config['jira']['address']),
    config['jira']['api_username'],
    config['jira']['api_token']
)
print('Issuetypes Selected are:')
for i in jira.issue_types.upsert(config['issue_types']):
    print('{:>10}: {}'.format(i.get('jira_id'), i.get('name')))
print('Available Issue Types are:')
for a in jira.issue_types.list():
    print('{:>10}: {}'.format(a.get('id'), a.get('name')))

It should output something like this:

Issuetypes Selected are:
     10101: Task
     10102: Sub-task
Available Issue Types are:
     10100: Story
     10101: Task
     10103: Bug
     10102: Sub-task
     10000: Epic

Please reply with the results of the script.

j-monroe commented 4 years ago 
Issuetypes Selected are:
     11527: Task
     11200: Sub-task
Available Issue Types are:
     11533: Problem
     11558: New Feature
     11557: Improvement
     11529: Incident
     11530: Service Request
     11531: Service Request with Approvals
     11532: Change
     11200: Sub-task
     11504: Story
     10900: Story
     11525: Story
     11526: Epic
     11528: Bug
     11527: Task
     11513: Writing
        10: Bug
        12: Task
     11515: Test
     11300: Feature Enhancement
         6: Epic
        13: Design
     11503: Story
SteveMcGrath commented 4 years ago

Multiple issuetypes named "Task" may likely be the issue. Not sure if they are the right IDs, but here is a stab at it...

Can you add the following to your configuration file:

issue_types:
  - name: Task
    jira_id: 12
    type: standard
    search:
      - Tenable Plugin ID
  - name: Sub-task
    jira_id: 11200
    type: subtask
    search:
      - Tenable Platform
      - Tenable Plugin ID
      - Tenable Asset UUID
      - Device IPv4 Addresses
      - Device IPv6 Addresses
      - Vulnerability Port
      - Vulnerability Protocol
j-monroe commented 4 years ago

Thanks Steve, it does work I am finding that it only pulls high, critical. I am seeing that it is that way for config.py

from the config.yaml I am seeing I might add this 

   tio_severities:
    - low
    - medium
    - high
    - critical

is this the best approach to be able to pull in all the findings from the tenable platform ?

SteveMcGrath commented 4 years ago

it would actually be listed under the tenable section. so it would look like this:

tenable:
  tio_severities:
    - low
    - medium
    - high
    - critical
j-monroe commented 4 years ago

Thanks Steve, I added 

tenable:
  tio_severities:
    - low
    - medium
    - high
    - critical

at the top of the file and it's till only pulling the high and critical findings

SteveMcGrath commented 4 years ago

remember spaces are important. also you'll want to make sure that you merge this into the rest of your tenable section. it should look something like this all said and done:

tenable:
  platform: tenable.io
  access_key: ACCESS_KEY_GOES_HERE
  secret_key: SECRET_KEY_GOES_HERE
  tio_severities:
    - low
    - medium
    - high
    - critical
j-monroe commented 4 years ago

I'm very sorry. I'm not sure if I am doing something wrong 

cat config.yaml | grep -v key | head -25
tenable:
  platform: tenable.io
  # Tenable.io or API Access Key

  # Tenable.io or API Secret Key
  tio_severities:
    - low
    - medium
    - high
    - critical

the key values have been suppressed

This results still in only pulling the high / critical events out

j-monroe commented 4 years ago

I start python3 directly and then issued

import yaml f = open('config.yaml') yaml = yaml.safe_load(f) print(yaml['tenable']['tio_severities']) ['low', 'medium', 'high', 'critical']

SteveMcGrath commented 4 years ago

can you enable debug logging so we can see what's being passed to the API?

j-monroe commented 4 years ago

yes, I have a debug setting for the log but I am not sure what parts of the log file that you're hoping to see

j-monroe commented 4 years ago 
2020-03-06 00:38:24,547 root INFO Tenable2JiraCloud Version 1.1.3
2020-03-06 00:38:24,547 root INFO Using configuration file config.yaml
2020-03-06 00:38:24,551 root INFO Running on Python 3.7.6 Linux/x86_64
2020-03-06 00:38:24,553 urllib3.connectionpool DEBUG Starting new HTTPS connection (1): healthtap.atlassian.net:443
2020-03-06 00:38:24,854 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/project/VULN HTTP/1.1" 200 None
2020-03-06 00:38:25,121 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/field HTTP/1.1" 200 None
2020-03-06 00:38:25,278 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/issuetype HTTP/1.1" 200 None
2020-03-06 00:38:25,281 tenable_jira.jira.Jira DEBUG uri=https://healthtap.atlassian.net/rest/api/3/screens, query={'startAt': 0, 'maxResults': 100}, body={}
2020-03-06 00:38:25,437 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/screens?startAt=0&maxResults=100 HTTP/1.1" 200 None
2020-03-06 00:38:25,440 tenable_jira.jira.Jira DEBUG uri=https://healthtap.atlassian.net/rest/api/3/screens, query={'startAt': 100, 'maxResults': 100}, body={}
2020-03-06 00:38:25,669 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/screens?startAt=100&maxResults=100 HTTP/1.1" 200 None
2020-03-06 00:38:25,672 tenable_jira.transform.Tio2Jira INFO Using JIRA Screens [13822, 13823]
2020-03-06 00:38:25,801 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/screens/13822/tabs HTTP/1.1" 200 None
2020-03-06 00:38:25,999 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/screens/13822/tabs/14336/fields HTTP/1.1" 200 None
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO CVEs already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO Tenable VPR Score already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO CVSSv2 Base Score already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO CVSSv2 Temporal Score already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO CVSSv3 Base Score already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO CVSSv3 Temporal Score already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO Tenable Plugin ID already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO Tenable Plugin Family already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO Tenable Plugin Name already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO Vulnerability Severity already exists in 13822:14336
2020-03-06 00:38:26,001 tenable_jira.transform.Tio2Jira INFO Vulnerability First Seen already exists in 13822:14336
2020-03-06 00:38:26,002 tenable_jira.transform.Tio2Jira INFO Vulnerability Last Seen already exists in 13822:14336
2020-03-06 00:38:26,002 tenable_jira.transform.Tio2Jira INFO Vulnerability Last Fixed already exists in 13822:14336
2020-03-06 00:38:26,002 tenable_jira.transform.Tio2Jira INFO Vulnerability State already exists in 13822:14336
2020-03-06 00:38:26,002 tenable_jira.transform.Tio2Jira INFO Vulnerability Port already exists in 13822:14336
2020-03-06 00:38:26,002 tenable_jira.transform.Tio2Jira INFO Vulnerability Protocol already exists in 13822:14336
2020-03-06 00:38:26,170 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/screens/13822/tabs/14337/fields HTTP/1.1" 200 None
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Tenable Asset UUID already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Tenable Platform already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Device Hostname already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Device NetBIOS Name already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Device DNS Name already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Device IPv4 Addresses already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Device IPv6 Addresses already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Device MAC Addresses already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Device Network ID already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Vulnerability Repository ID already exists in 13822:14337
2020-03-06 00:38:26,173 tenable_jira.transform.Tio2Jira INFO Vulnerability Repository Name already exists in 13822:14337
2020-03-06 00:38:26,378 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/screens/13823/tabs HTTP/1.1" 200 None
2020-03-06 00:38:26,547 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/screens/13823/tabs/14338/fields HTTP/1.1" 200 None
2020-03-06 00:38:26,550 tenable_jira.transform.Tio2Jira INFO CVEs already exists in 13823:14338
2020-03-06 00:38:26,550 tenable_jira.transform.Tio2Jira INFO Tenable VPR Score already exists in 13823:14338
2020-03-06 00:38:26,550 tenable_jira.transform.Tio2Jira INFO CVSSv2 Base Score already exists in 13823:14338
2020-03-06 00:38:26,550 tenable_jira.transform.Tio2Jira INFO CVSSv2 Temporal Score already exists in 13823:14338
2020-03-06 00:38:26,550 tenable_jira.transform.Tio2Jira INFO CVSSv3 Base Score already exists in 13823:14338
2020-03-06 00:38:26,550 tenable_jira.transform.Tio2Jira INFO CVSSv3 Temporal Score already exists in 13823:14338
2020-03-06 00:38:26,550 tenable_jira.transform.Tio2Jira INFO Tenable Plugin ID already exists in 13823:14338
2020-03-06 00:38:26,550 tenable_jira.transform.Tio2Jira INFO Tenable Plugin Family already exists in 13823:14338
2020-03-06 00:38:26,551 tenable_jira.transform.Tio2Jira INFO Tenable Plugin Name already exists in 13823:14338
2020-03-06 00:38:26,551 tenable_jira.transform.Tio2Jira INFO Vulnerability Severity already exists in 13823:14338
2020-03-06 00:38:26,551 tenable_jira.transform.Tio2Jira INFO Vulnerability First Seen already exists in 13823:14338
2020-03-06 00:38:26,551 tenable_jira.transform.Tio2Jira INFO Vulnerability Last Seen already exists in 13823:14338
2020-03-06 00:38:26,551 tenable_jira.transform.Tio2Jira INFO Vulnerability Last Fixed already exists in 13823:14338
2020-03-06 00:38:26,551 tenable_jira.transform.Tio2Jira INFO Vulnerability State already exists in 13823:14338
2020-03-06 00:38:26,551 tenable_jira.transform.Tio2Jira INFO Vulnerability Port already exists in 13823:14338
2020-03-06 00:38:26,551 tenable_jira.transform.Tio2Jira INFO Vulnerability Protocol already exists in 13823:14338
2020-03-06 00:38:26,688 urllib3.connectionpool DEBUG https://healthtap.atlassian.net:443 "GET /rest/api/3/screens/13823/tabs/14339/fields HTTP/1.1" 200 None
2020-03-06 00:38:26,690 tenable_jira.transform.Tio2Jira INFO Tenable Asset UUID already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Tenable Platform already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Device Hostname already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Device NetBIOS Name already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Device DNS Name already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Device IPv4 Addresses already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Device IPv6 Addresses already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Device MAC Addresses already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Device Network ID already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Vulnerability Repository ID already exists in 13823:14339
2020-03-06 00:38:26,691 tenable_jira.transform.Tio2Jira INFO Vulnerability Repository Name already exists in 13823:14339
2020-03-06 00:38:26,691 tenable.io.TenableIO DEBUG {"method": "POST", "url": "https://cloud.tenable.com/vulns/export", "params": {}, "body": {"filters": {"last_found": 1582574923, "severity": ["low", "medium", "high", "critical"]}, "num_assets": "1000"}}
2020-03-06 00:38:26,694 urllib3.connectionpool DEBUG Starting new HTTPS connection (1): cloud.tenable.com:443
2020-03-06 00:38:26,860 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "POST /vulns/export HTTP/1.1" 200 None
2020-03-06 00:38:26,861 tenable.io.TenableIO DEBUG Request-UUID 9cb8b1bf17fa3ede2be4f6cd3e941f8e for https://cloud.tenable.com/vulns/export
2020-03-06 00:38:26,861 tenable.io.TenableIO DEBUG Initiated vuln export 207d3cae-493e-47c0-b487-8a611e055dee
2020-03-06 00:38:26,861 tenable.io.TenableIO DEBUG {"method": "GET", "url": "https://cloud.tenable.com/vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/status", "params": {}, "body": {}}
2020-03-06 00:38:26,988 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/status HTTP/1.1" 200 None
2020-03-06 00:38:26,989 tenable.io.TenableIO DEBUG Request-UUID baa655c0df4620da6e8a8aafde5a94f5 for https://cloud.tenable.com/vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/status
2020-03-06 00:38:28,992 tenable.io.TenableIO DEBUG {"method": "GET", "url": "https://cloud.tenable.com/vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/status", "params": {}, "body": {}}
2020-03-06 00:38:29,066 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/status HTTP/1.1" 200 None
2020-03-06 00:38:29,067 tenable.io.TenableIO DEBUG Request-UUID fa60a4f7e21e92f68a302ef7e8916a8e for https://cloud.tenable.com/vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/status
2020-03-06 00:38:29,067 tenable.io.TenableIO DEBUG {"method": "GET", "url": "https://cloud.tenable.com/vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/chunks/1", "params": {}, "body": {}}
2020-03-06 00:38:29,324 urllib3.connectionpool DEBUG https://cloud.tenable.com:443 "GET /vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/chunks/1 HTTP/1.1" 200 363014
2020-03-06 00:38:29,344 tenable.io.TenableIO DEBUG Request-UUID b530ba1b13fa533243cd555fb82b58a8 for https://cloud.tenable.com/vulns/export/207d3cae-493e-47c0-b487-8a611e055dee/chunks/1
SteveMcGrath commented 4 years ago

From the look of it, it appears to be working as expected:

2020-03-06 00:38:26,691 tenable.io.TenableIO DEBUG {"method": "POST", "url": "https://cloud.tenable.com/vulns/export", "params": {}, "body": {"filters": {"last_found": 1582574923, "severity": ["low", "medium", "high", "critical"]}, "num_assets": "1000"}}

Note the severity parameter.