Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FAI-14839: Tromzo connector - add summary and description #1899

Merged
merged 2 commits into from
Jan 28, 2025
+15 −3
Merged

FAI-14839: Tromzo connector - add summary and description #1899

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6a56640
Tromzo connector, add summary and description
chalenge Jan 28, 2025
8ba8bb2
use utils clean
chalenge Jan 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions destinations/airbyte-faros-destination/src/converters/tromzo/findings.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,9 @@ export class Findings extends Converter {
model: 'sec_Vulnerability',
record: {
...vulnerabilityKey,
title: vulnerability.summary,
description: Utils.cleanAndTruncate(vulnerability.description),
url: finding.url,
vulnerabilityIds: vulnerabilityIds.length ? vulnerabilityIds : null,
severity,
discoveredBy: finding.toolName,
Expand Down
9 changes: 9 additions & 0 deletions destinations/airbyte-faros-destination/test/converters/__snapshots__/tromzo.test.ts.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,17 @@ Array [
Object {
"sec_Vulnerability": Object {
"affectedVersions": null,
"description": "",
"discoveredBy": "codeql",
"severity": 9.5,
"source": "Tromzo",
"title": "Defined vulnerability",
"type": Object {
"category": "Custom",
"detail": "codeql",
},
"uid": "fin_1",
"url": "http://tromzo-instance.com/findings/fin_1",
"vulnerabilityIds": null,
},
},
Expand Down Expand Up @@ -54,14 +57,17 @@ Array [
Object {
"sec_Vulnerability": Object {
"affectedVersions": null,
"description": null,
"discoveredBy": "codeql",
"severity": 3.9,
"source": "Tromzo",
"title": null,
"type": Object {
"category": "Custom",
"detail": "codeql",
},
"uid": "fin_2",
"url": "http://tromzo-instance.com/findings/fin_2",
"vulnerabilityIds": null,
},
},
Expand Down Expand Up @@ -148,14 +154,17 @@ Array [
"affectedVersions": Array [
">= 2.12|^3.0,< 3.0.0",
],
"description": "An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.",
"discoveredBy": "github dependabot",
"severity": 10,
"source": "Tromzo",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"type": Object {
"category": "Dependency",
"detail": "github dependabot",
},
"uid": "fin_3",
"url": "http://tromzo-instance.com/findings/fin_3",
"vulnerabilityIds": Array [
"CVE-2024-21538",
"GHSA-3xgq-45jj-v275",
Expand Down
6 changes: 3 additions & 3 deletions destinations/airbyte-faros-destination/test/resources/tromzo/all-streams.log
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
{"record":{"stream":"mytestsource__tromzo__findings","emitted_at":1727872375253,"data":{"asset":{"description":"","id":"ast_1","name":"faros-ai/airbyte-connectors","type":"Code repository","uid":"ast_1","service":"GitHub"},"dbCreatedAt":"2024-10-16T14:54:31.977163+00:00","dbUpdatedAt":"2024-10-17T09:48:43.407288+00:00","dismissReason":"","dismissedAt":"2024-10-17T09:48:43.405061+00:00","jiraUrl":"","key":"fin_1","lastReviewed":null,"line":117,"projects":"[\"connectors\"]","repository":null,"scannerConfidence":null,"scannerCreatedAt":"2024-09-30T06:55:39+00:00","scannerDismissedAt":"2024-10-17T09:48:43.405055+00:00","scannerStatus":"closed","scannerUpdatedAt":null,"sourceFilename":"jira.ts","sourcePath":"https://github.com/faros-ai/airbyte-connectors/blob/main/sources/jira-source/src/jira.ts","status":"closed","toolName":"codeql","dueDate":null,"userUpdatedStatus":false,"vulnerability":{"cve":"","fixAvailable":true,"ghsa":"","severity":"high","score":"9.5"},"vulnerableVersion":""}},"type":"RECORD"}
{"record":{"stream":"mytestsource__tromzo__findings","emitted_at":1727872375254,"data":{"asset":{"description":"","id":"ast_1","name":"faros-ai/airbyte-connectors","type":"Code repository","uid":"ast_1","service":"Bitbucket"},"dbCreatedAt":"2024-10-16T14:54:31.758757+00:00","dbUpdatedAt":"2024-10-17T09:48:43.356229+00:00","dismissReason":"","jiraUrl":"","key":"fin_2","lastReviewed":null,"line":118,"projects":"[\"connectors\"]","repository":null,"scannerConfidence":null,"scannerCreatedAt":"2024-09-30T06:55:39+00:00","scannerStatus":"open","scannerUpdatedAt":null,"sourceFilename":"jira.ts","sourcePath":"https://github.com/faros-ai/airbyte-connectors/blob/main/sources/jira-source/src/jira.ts","status":"open","toolName":"codeql","dueDate":null,"userUpdatedStatus":false,"vulnerability":{"cve":"","fixAvailable":true,"ghsa":"","severity":"low","score":"0.0"},"vulnerableVersion":""}},"type":"RECORD"}
{"record":{"stream":"mytestsource__tromzo__findings","emitted_at":1727872375255,"data":{"asset":{"description":"BI, API and Automation layer for your Engineering Operations data","id":"ast_2","name":"faros-ai/faros-community-edition","type":"Code repository","uid":"ast_2","service":"GitHub"},"businessRisk":"","dbCreatedAt":"2024-11-08T01:04:57.941460+00:00","dbUpdatedAt":"2024-11-13T00:39:07.533502+00:00","dismissReason":"Missing in Dependabot alerts","dismissedAt":"2024-11-13T00:39:07.521057+00:00","jiraUrl":"","key":"fin_3","lastReviewed":null,"line":null,"projects":"[\"CE\"]","repository":null,"scannerConfidence":null,"scannerCreatedAt":"2024-11-07T01:22:04+00:00","scannerDismissedAt":null,"scannerStatus":"closed","scannerUpdatedAt":null,"sourceFilename":"package-lock.json","sourcePath":"https://github.com/faros-ai/faros-community-edition/blob/main/docker-extension/ui/package-lock.json","status":"resolved","toolName":"github dependabot","dueDate":"2024-11-14T01:22:04+00:00","userUpdatedStatus":false,"vulnerability":{"cve":"CVE-2024-21538","fixAvailable":true,"ghsa":"GHSA-3xgq-45jj-v275","severity":"critical","score":"10"},"vulnerableVersion":">= 2.12|^3.0,< 3.0.0"}},"type":"RECORD"}
{"record":{"stream":"mytestsource__tromzo__findings","emitted_at":1727872375253,"data":{"asset":{"description":"","id":"ast_1","name":"faros-ai/airbyte-connectors","type":"Code repository","uid":"ast_1","service":"GitHub"},"dbCreatedAt":"2024-10-16T14:54:31.977163+00:00","dbUpdatedAt":"2024-10-17T09:48:43.407288+00:00","dismissReason":"","dismissedAt":"2024-10-17T09:48:43.405061+00:00","jiraUrl":"","url":"http://tromzo-instance.com/findings/fin_1","key":"fin_1","lastReviewed":null,"line":117,"projects":"[\"connectors\"]","repository":null,"scannerConfidence":null,"scannerCreatedAt":"2024-09-30T06:55:39+00:00","scannerDismissedAt":"2024-10-17T09:48:43.405055+00:00","scannerStatus":"closed","scannerUpdatedAt":null,"sourceFilename":"jira.ts","sourcePath":"https://github.com/faros-ai/airbyte-connectors/blob/main/sources/jira-source/src/jira.ts","status":"closed","toolName":"codeql","dueDate":null,"userUpdatedStatus":false,"vulnerability":{"cve":"","fixAvailable":true,"ghsa":"","severity":"high","score":"9.5","summary":"Defined vulnerability","description":""},"vulnerableVersion":""}},"type":"RECORD"}
{"record":{"stream":"mytestsource__tromzo__findings","emitted_at":1727872375254,"data":{"asset":{"description":"","id":"ast_1","name":"faros-ai/airbyte-connectors","type":"Code repository","uid":"ast_1","service":"Bitbucket"},"dbCreatedAt":"2024-10-16T14:54:31.758757+00:00","dbUpdatedAt":"2024-10-17T09:48:43.356229+00:00","dismissReason":"","jiraUrl":"","url":"http://tromzo-instance.com/findings/fin_2","key":"fin_2","lastReviewed":null,"line":118,"projects":"[\"connectors\"]","repository":null,"scannerConfidence":null,"scannerCreatedAt":"2024-09-30T06:55:39+00:00","scannerStatus":"open","scannerUpdatedAt":null,"sourceFilename":"jira.ts","sourcePath":"https://github.com/faros-ai/airbyte-connectors/blob/main/sources/jira-source/src/jira.ts","status":"open","toolName":"codeql","dueDate":null,"userUpdatedStatus":false,"vulnerability":{"cve":"","fixAvailable":true,"ghsa":"","severity":"low","score":"0.0"},"vulnerableVersion":""}},"type":"RECORD"}
{"record":{"stream":"mytestsource__tromzo__findings","emitted_at":1727872375255,"data":{"asset":{"description":"BI, API and Automation layer for your Engineering Operations data","id":"ast_2","name":"faros-ai/faros-community-edition","type":"Code repository","uid":"ast_2","service":"GitHub"},"businessRisk":"","dbCreatedAt":"2024-11-08T01:04:57.941460+00:00","dbUpdatedAt":"2024-11-13T00:39:07.533502+00:00","dismissReason":"Missing in Dependabot alerts","dismissedAt":"2024-11-13T00:39:07.521057+00:00","jiraUrl":"","url":"http://tromzo-instance.com/findings/fin_3","key":"fin_3","lastReviewed":null,"line":null,"projects":"[\"CE\"]","repository":null,"scannerConfidence":null,"scannerCreatedAt":"2024-11-07T01:22:04+00:00","scannerDismissedAt":null,"scannerStatus":"closed","scannerUpdatedAt":null,"sourceFilename":"package-lock.json","sourcePath":"https://github.com/faros-ai/faros-community-edition/blob/main/docker-extension/ui/package-lock.json","status":"resolved","toolName":"github dependabot","dueDate":"2024-11-14T01:22:04+00:00","userUpdatedStatus":false,"vulnerability":{"cve":"CVE-2024-21538","fixAvailable":true,"ghsa":"GHSA-3xgq-45jj-v275","severity":"critical","score":"10","summary":"Regular Expression Denial of Service (ReDoS) in cross-spawn","description":"An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string."},"vulnerableVersion":">= 2.12|^3.0,< 3.0.0"}},"type":"RECORD"}