feat(jira update/save): implement the ability to update/save update

feat #179
softrams · Aug 7, 2020 · 1d586cf · 1d586cf
1 parent 399a618
commit 1d586cf
Show file tree

Hide file tree

Showing 12 changed files with 476 additions and 211 deletions.
diff --git a/frontend/src/app/alert/alert/alert.component.html b/frontend/src/app/alert/alert/alert.component.html
@@ -1,4 +1,4 @@
-<div *ngFor="let alert of alerts" class="{{ cssClass(alert) }} alert-dismissable">
+<div *ngFor="let alert of alerts" class="{{ cssClass(alert) }} alert-dismissable text-center">
   {{ alert.message }}
   <a class="close" (click)="removeAlert(alert)">&times;</a>
 </div>
diff --git a/frontend/src/app/asset-form/asset-form.component.html b/frontend/src/app/asset-form/asset-form.component.html
@@ -8,7 +8,8 @@
       <label for="assetName">JIRA Host</label>
       <input formControlName="jiraHost" type="text" class="form-control" id="jiraHost" />
       <label for="assetName">JIRA API Key</label>
-      <input formControlName="jiraApiKey" type="password" class="form-control" id="jiraApiKey" />
+      <input formControlName="jiraApiKey" type="password" class="form-control" id="jiraApiKey"
+        [placeholder]="keyPlaceholder" />
     </div>
     <button [disabled]="!assetForm.valid" class="btn btn-primary float-right" type="submit" data-toggle="tooltip"
       data-placement="bottom" title="Submit">
@@ -19,4 +20,4 @@
       Back to Assets
     </button>
   </form>
-</div>
+</div>
diff --git a/frontend/src/app/asset-form/asset-form.component.ts b/frontend/src/app/asset-form/asset-form.component.ts
@@ -14,6 +14,7 @@ export class AssetFormComponent implements OnInit, OnChanges {
   public assetForm: FormGroup;
   public orgId: number;
   public assetId: number;
+  public keyPlaceholder = '************************';
   constructor(
     private fb: FormBuilder,
     public appService: AppService,

diff --git a/frontend/src/app/login/login.component.html b/frontend/src/app/login/login.component.html
@@ -2,30 +2,11 @@
   <div id="formContent">
     <!-- Login Form -->
     <form [formGroup]="loginForm" (ngSubmit)="onSubmit(loginForm)">
-      <input
-        formControlName="email"
-        type="text"
-        id="email"
-        class="form-control"
-        name="email"
-        placeholder="Email"
-        style="margin-bottom: 5px;"
-      />
-      <input
-        formControlName="password"
-        type="password"
-        id="password"
-        class="form-control"
-        name="password"
-        placeholder="Password"
-        style="margin-bottom: 5px;"
-      />
-      <input
-        [disabled]="!loginForm.valid"
-        type="submit"
-        class="btn btn-success float-right"
-        value="Log In"
-      />
+      <input formControlName="email" type="text" id="email" class="form-control text-center" name="email"
+        placeholder="Email" style="margin-bottom: 5px;" />
+      <input formControlName="password" type="password" id="password" class="form-control text-center" name="password"
+        placeholder="Password" style="margin-bottom: 5px;" />
+      <input [disabled]="!loginForm.valid" type="submit" class="btn btn-success float-right" value="Log In" />
     </form>
 
     <!-- TODO: Set up email registration -->

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -85,10 +85,12 @@
     "express": "^4.17.1",
     "helmet": "^4.0.0",
     "jira-client": "^6.18.0",
+    "jira2md": "^2.0.4",
     "jsonwebtoken": "^8.5.1",
     "mime-types": "^2.1.27",
     "multer": "^1.4.2",
     "mysql": "^2.18.1",
+    "node-fetch": "^2.6.0",
     "nodemailer": "^6.4.11",
     "password-validator": "^5.0.3",
     "puppeteer": "^5.2.1",

diff --git a/src/interfaces/jira/jira-issue-link-type.interface.ts b/src/interfaces/jira/jira-issue-link-type.interface.ts
diff --git a/src/interfaces/jira/jira-issue-link.interface.ts b/src/interfaces/jira/jira-issue-link.interface.ts
@@ -1,11 +1,12 @@
-import { IssueLinkType } from './jira-issue-link-type.interface';
-import { JiraIssue } from './jira-issue.interface';
-
 export interface IssueLink {
-  id: number;
-  type: IssueLinkType;
-  direction: string; // Inward, Outward
-  outwardIssue: JiraIssue;
-  inwardIssue: JiraIssue;
-  linkedIssue: JiraIssue;
+  id?: number;
+  outwardIssue?: {
+    key: string;
+  };
+  inwardIssue?: {
+    key: string;
+  };
+  type?: {
+    name: string;
+  };
 }
diff --git a/src/interfaces/jira/jira-issue.interface.ts b/src/interfaces/jira/jira-issue.interface.ts
@@ -15,7 +15,9 @@ export interface JiraIssue {
     id?: number;
     key?: string;
     summary?: string;
-    parent?: JiraIssue;
+    parent?: {
+      key: string;
+    };
     subtasks?: JiraIssue[];
     description?: any;
     environment?: string;

diff --git a/src/routes/asset.controller.ts b/src/routes/asset.controller.ts
@@ -22,6 +22,7 @@ export const getOrgAssets = async (req: UserRequest, res: Response) => {
   const asset = await getConnection()
     .getRepository(Asset)
     .find({
+      select: ['id', 'name', 'status'],
       where: { organization: req.params.id, status: status.active }
     });
   if (!asset) {
@@ -45,6 +46,7 @@ export const getArchivedOrgAssets = async (req: Request, res: Response) => {
   const asset = await getConnection()
     .getRepository(Asset)
     .find({
+      select: ['id', 'name', 'status'],
       where: { organization: req.params.id, status: status.archived }
     });
   if (!asset) {
@@ -108,6 +110,7 @@ export const getAssetById = async (req: UserRequest, res: Response) => {
     return res.status(400).send('Invalid Asset Request');
   }
   const asset = await getConnection().getRepository(Asset).findOne(req.params.assetId);
+  delete asset.jiraApiKey;
   if (!asset) {
     return res.status(404).send('Asset does not exist');
   }

diff --git a/src/routes/vulnerability.controller.ts b/src/routes/vulnerability.controller.ts
@@ -280,19 +280,20 @@ export const exportToJira = async (req: UserRequest, res: Response) => {
   }
   const vuln = await getConnection()
     .getRepository(Vulnerability)
-    .findOne(req.params.vulnId, { relations: ['screenshots'] });
-  const assessment = await getConnection().getRepository(Assessment).findOne(vuln.assessment);
-  const asset = await getConnection().getRepository(Asset).findOne(assessment.asset);
+    .findOne(req.params.vulnId, { relations: ['screenshots', 'resources', 'problemLocations', 'assessment'] });
+  const assessment = await getConnection()
+    .getRepository(Assessment)
+    .findOne(vuln.assessment.id, { relations: ['asset'] });
   if (!assessment.jiraId) {
-    return res.status(400).json('Unable to create JIRA ticket.  Assessment must have an associated JIRA ticket.');
+    return res.status(400).json('Unable to create JIRA ticket.  Assessment requires JIRA URL.');
   }
-  if (!(asset.jiraApiKey || asset.jiraHost || asset.jiraUsername)) {
+  if (!(assessment.asset.jiraApiKey || assessment.asset.jiraHost || assessment.asset.jiraUsername)) {
     return res.status(400).json('Unable to create JIRA ticket.  Please provide JIRA credentials to the parent Asset.');
   }
   const jiraInit: JiraInit = {
-    apiKey: asset.jiraApiKey,
-    host: asset.jiraHost,
-    username: asset.jiraUsername
+    apiKey: assessment.asset.jiraApiKey,
+    host: assessment.asset.jiraHost,
+    username: assessment.asset.jiraUsername
   };
   try {
     const result = await addNewVulnIssue(vuln, jiraInit);