Update send-scan.py with gh meta and verbosity

Added: * GitHub metadata to request - usefull when having multiple repos * Verbosity flag printing request body and response code KU-1194
canonical · Aug 15, 2024 · 80ed305 · 80ed305
1 parent 45f815c
commit 80ed305
Showing 1 changed file with 28 additions and 9 deletions.
diff --git a/scripts/cve-reports/send-scan.py b/scripts/cve-reports/send-scan.py
@@ -1,5 +1,5 @@
 #!/usr/bin/python3
-# Copyright 2023 Canonical Ltd.
+# Copyright 2024 Canonical Ltd.
 # See LICENSE file for licensing details.
 #
 
@@ -19,6 +19,16 @@
 }
 
 
+def get_github_meta():
+    """Get GitHub Metadata"""
+    return {
+        "github_server_url": os.getenv("GITHUB_SERVER_URL"),
+        "github_run_id": os.getenv("GITHUB_RUN_ID"),
+        "github_sha": os.getenv("GITHUB_SHA"),
+        "github_repository": os.getenv("GITHUB_REPOSITORY"),
+    }
+
+
 def parse_json(filename):
     """Parse JSON file"""
     record_list = []
@@ -55,10 +65,11 @@ def parse_json(filename):
                     "description": vuln["Description"],
                     "references": "\n".join(vuln["References"]),
                     "primary_url": vuln["PrimaryURL"],
-                    "priority": severity_to_priority_map.get(vuln["Severity"], "Lowest"),
+                    "priority": severity_to_priority_map.get(
+                        vuln["Severity"], "Lowest"
+                    ),
                 }
             )
-
     return record_list
 
 
@@ -91,7 +102,9 @@ def parse_sarif(filename):
                 "severity": severity,
                 "cve_id": result["ruleId"],
                 "package_name": pkg_name,
-                "installed_version": record_message[1].replace("Installed Version: ", ""),
+                "installed_version": record_message[1].replace(
+                    "Installed Version: ", ""
+                ),
                 "fixed_version": record_message[4].replace("Fixed Version: ", ""),
                 "title": record_rule["shortDescription"]["text"],
                 "description": record_rule["help"]["text"],
@@ -100,13 +113,12 @@ def parse_sarif(filename):
                 "priority": severity_to_priority_map.get(severity, "Lowest"),
             }
         )
-
     return record_list
 
 
-def main(report_path, jira_url):
+def main(report_path, jira_url, gh_meta=False, verbose=False):
     input_path = Path(report_path)
-
+    gh_metadata = get_github_meta() if gh_meta else None
     file_list = []
     if input_path.is_dir():
         # directory is supplied, retrieve list of files
@@ -133,12 +145,19 @@ def main(report_path, jira_url):
 
         # send records
         for record in records:
-            requests.post(jira_url, json=record)
+            if gh_metadata is not None:
+                record = {**record, **gh_metadata}
+            res = requests.post(jira_url, json=record)
+            if verbose:
+                print(record)
+                print(res)
 
 
 if __name__ == "__main__":
     parser = argparse.ArgumentParser()
     parser.add_argument("--report-path")
     parser.add_argument("--jira-url")
+    parser.add_argument("--add-github-meta", action="store_true")
+    parser.add_argument("--verbose", action="store_true")
     args = parser.parse_args()
-    main(args.report_path, args.jira_url)
+    main(args.report_path, args.jira_url, args.add_github_meta, args.verbose)