Skip to content
This repository has been archived by the owner on Jul 15, 2022. It is now read-only.

Stage #6

Open
wants to merge 179 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
179 commits
Select commit Hold shift + click to select a range
53341e9
including qualys scheduled scans in the rescan process
Mar 31, 2020
fd416a3
go mod update
Mar 31, 2020
8ac95ae
go mod udpates
Apr 1, 2020
66d1f5a
go mod update
Apr 1, 2020
66e90be
inferring if qualys tag is name or id
Apr 1, 2020
a953467
go mod updates
Apr 1, 2020
93c21c0
no longer loading asset tags for rescans from the schedule api
Apr 1, 2020
46984d2
merging with recennt master changes
Apr 3, 2020
804c756
Using the cloud decom job on scheduled scan assets
Apr 6, 2020
f2451bf
ISSUE5 remarshalling an object removes fields from original json if n…
Apr 6, 2020
f1b5f8b
doing an asset sync during rescans
Apr 8, 2020
9a265d6
wrong var initialized
Apr 8, 2020
609c661
ISSUE5 allowing recreating devices with same ip or instance id with d…
Apr 8, 2020
b0b1a32
making some conditionals a bit more readable
Apr 9, 2020
b755363
allowing multiple devices to return for an instance ID - useful for c…
Apr 10, 2020
a1a978e
nil check preventing panic
Apr 10, 2020
2741e5f
no longer basing detections on jobconfig last run even if no group id…
Apr 10, 2020
168333d
adding a nil check
Apr 10, 2020
413f6af
better log for an asset group error
Apr 10, 2020
1ba84dc
was passing the wrong ID for a sproc
Apr 13, 2020
6c72278
audit field needs to match the size of the field it's tracking
Apr 13, 2020
426e18a
doing a substring search instead of exact match in sproc
Apr 13, 2020
163587e
wrong concat method for mysql
Apr 13, 2020
ad5d2cb
Adding logs for when cloud decom scan is kicked off
Apr 13, 2020
b5304ce
adding warning to cloud decom for empty instance id attached to ip
Apr 14, 2020
714af3d
having RSQ skip tag tracked tickets
Apr 14, 2020
5663f16
was mapping by incorrect device id in cloud decom job
Apr 14, 2020
e9b9cee
ISSUE5 db detection updates wasnt called by job
Apr 15, 2020
812e634
adding comment to last found update
Apr 15, 2020
649ed89
adding VulnID to cache log
Apr 15, 2020
b11d068
cutting off the port from the vulnID before loading the vuln from the db
Apr 15, 2020
09c0f83
adding more verbose log while failing to load detection info
Apr 15, 2020
680e34b
Adding group ID filtering to host list API call
Apr 15, 2020
75b4796
ISSUE5 if no host data is returned, we critical log instead of moving…
Apr 15, 2020
ac977d7
ISSUE5 allowing the hostname to be used in assignment rules
Apr 20, 2020
179c386
ISSUE5 adding a rescanqueue skip column to the Asset Group table to p…
Apr 21, 2020
0160838
was missing arguments for new debug log
Apr 21, 2020
4a6efa2
adding patchable as a field for tickets
Apr 24, 2020
367629e
adding log when a scan has been processing for three+ days
Apr 27, 2020
fa0c188
Merge branch 'stage' into dev
Apr 27, 2020
193bd0a
rescanclose no longer checks ignore table for each detection update, …
Apr 28, 2020
49def9a
Merge branch 'stage' into dev
Apr 28, 2020
c210489
Merge pull request #7 from nortonlifelock/dev
ryan-everhart Apr 30, 2020
490548a
nil dereference avoidance
May 1, 2020
99c46ca
Merge branch 'stage' of github.com:nortonlifelock/aegis into stage
May 1, 2020
67823b4
Adding vuln category to VI table
May 5, 2020
3a14eac
loading type id in exceptions load
May 6, 2020
704d55c
Merge branch 'dev' into stage
May 6, 2020
7333a97
changing the way ignores are saved/updated as the old method was crea…
May 6, 2020
c12cbd9
upading a device if its os doesnt match whats in the db
May 8, 2020
9577e6d
adding aqua code for image rescanning
May 14, 2020
f5ffbf1
adding the TrackingMethod to the device table and asset sync
May 15, 2020
761233d
ignoring port and protocol for agent detections
May 19, 2020
554568f
looks like scan failed when scan data didnt return any data because a…
May 19, 2020
a1ac426
adding rescan support for ip/agent deduping
May 21, 2020
f3604c1
adding changed submodule
May 21, 2020
dca1b18
Merge branch 'stage' into dev
May 21, 2020
26ad7d9
delete snow driver
May 21, 2020
695bd60
was loading the vendor reference with the incorrect vuln id
May 21, 2020
8dd1a97
removing permit channel from ticketing job
May 26, 2020
7d9dcb6
supporting hyperlinks from href, inactive kernel is true when == 0
May 27, 2020
92916d7
removing tracking method from domain master branch
May 27, 2020
e747495
no long passing unconfirmed scan results to scan close job
May 28, 2020
35ff7cc
allowing ticketing of inactive kernels
May 28, 2020
eca39bf
adding new detection statuses
May 29, 2020
7d68f42
changing reslution date if existing ticket doesnt have one set
Jun 1, 2020
051a14f
updating qualys
Jun 2, 2020
fe6e408
patching up some merging stuff
Jun 2, 2020
1f907c1
returning permit thread to ticketing job
Jun 3, 2020
6b61f51
updating detections by id
Jun 3, 2020
93c3faa
removing ignore saving from exception job
Jun 4, 2020
3800d7f
adding method to grab all detection info
Jun 4, 2020
afbc64a
loading approval during exception load
Jun 5, 2020
1a2d7b5
now closing potential vulns during rescans
Jun 5, 2020
aa6ae07
merging with stage
Jun 8, 2020
bc10bf4
fixing bug that could cause freezing of ticketing job
Jun 9, 2020
86b2b26
allowing the use of multiple sets of tag tracked asset syncs
Jun 9, 2020
8a8e743
Merge branch 'stage' into ISSUE8
Jun 9, 2020
c14a25d
adding code to wait four hours before queuing rescan for agent ticket
Jun 10, 2020
2aa1587
adding agent check to rsq
Jun 11, 2020
bdce1e8
fixing tag mapping issue in ticketing job
Jun 11, 2020
77e9fc7
Merge branch 'stage' into ISSUE8
Jun 11, 2020
c806d4e
fixing issue where interface was passed instead of string to map key
Jun 11, 2020
dfd3940
adding SystemName to tickets
Jun 12, 2020
e0c2aa4
adding updated date to ticket sync
Jun 12, 2020
c11490a
moving unused method
Jun 12, 2020
bd84a9f
merging with stage
Jun 12, 2020
9f33e5b
stopping agent scans from going to scan error based on updated date
Jun 15, 2020
c3b271f
adding flag controlling for the time waited after an agent is updated
Jun 15, 2020
4053fa6
updating qualys driver
Jun 16, 2020
6d4aa26
qualys driver update
Jun 16, 2020
3aa1113
rescanclose now loads tracking method regardless of scan type
Jun 16, 2020
fa22371
trimming inactive kernel comment
Jun 24, 2020
65cd9a8
adding hostname for global ignores
Jun 24, 2020
7c6b326
checking for lack of detections before sending a device to cloud deco…
Jun 29, 2020
d3bda71
adding method for updating detection id of ticket
Jun 29, 2020
64021dc
rescans can close tickets with empty host list responses
Jul 2, 2020
67e93b1
ip and group id were swapped in sproc call
Jul 7, 2020
095cbcd
updating go mod
Jul 13, 2020
a8c408e
improvements to qualys WAS and Aqua
Jul 13, 2020
1444651
WAS loading multiple pages of vulns
Jul 14, 2020
af3c3ad
updating go mod
Jul 15, 2020
8fffd34
allowing agents to decom in scheduled scans
Jul 15, 2020
53a94a0
allowing scans to cover subset of tickets passed to RSJ
Jul 16, 2020
02c70c4
RSQ now kicks of cloud decom job when appropriate
Jul 20, 2020
cf3a0b6
forgot to pull ips from tickets for cloud decom job
Jul 20, 2020
8a5e9f2
moving the cloud decom kickoff to before the skiprsq check
Jul 20, 2020
64ffb75
cloud decom no longer queued if one is already covering that ip
Jul 21, 2020
1d619e5
supporting org-specific sns topics
Jul 23, 2020
600d2d0
moving sns to default profile
Jul 23, 2020
f37692b
when RSJs create > 20 scans, they wait
Jul 27, 2020
721e3cf
increasing scan pause to 30 minutes
Jul 28, 2020
4470997
taking a break every 10 scans
Jul 28, 2020
6be8eb4
removing scan limiting from rsj as it is now controlled by qualys driver
Jul 28, 2020
5c43d9f
allowing empty ticket group ids
Jul 28, 2020
7c6f504
aqua improvements
Aug 4, 2020
a2bf695
removing device constraint from exception sproc to allow it to load g…
Aug 4, 2020
a0b9417
changing ignore field from int to char
Aug 4, 2020
3a308f7
Deleting IgnoreIDs from Detection table when Exceptions expire
Aug 6, 2020
80a8242
adding exception creation to aqua driver
Aug 13, 2020
46ffdaa
duplicate variable declaration
Aug 13, 2020
104dd6c
closing jira tickets when a finding is marked as an exception in aqua
Aug 13, 2020
010030c
only marking exception in aqua if it's not already marked
Aug 24, 2020
b31e451
modifying ignore audit to reflect change in audited table
Aug 24, 2020
ae1a667
changing global ignore sproc to use empty device id instead of null
Aug 24, 2020
235f61e
adding an exit for the cloud sync job for job cancellation
Aug 25, 2020
83346f2
adding additional cloud account information to the dome9 ticket descr…
Aug 25, 2020
ad9d712
defaulting to ticket group id if it is present
Aug 25, 2020
268fe09
supporting both YY and YYYY for jira tool
Aug 26, 2020
254e52d
returning code that removes expired ignore ids
Aug 27, 2020
1d36cca
adding the Category field along with architecture for rules, no longe…
Sep 2, 2020
d585181
adding ability to ticket indivudal devices
Sep 9, 2020
6f7e90f
adding exception date to ticket interface/db/synchronization
Sep 10, 2020
8f47290
exception job waits for cerf to load and cache before beginning next …
Sep 10, 2020
98b9561
removing owasp, causing issues
Sep 11, 2020
1008986
adding qualys as CIS scanner
Sep 15, 2020
5a8414d
no longer transitioning closed tickets in rescanclose job
Sep 16, 2020
c22f847
cloudview now pages and sorts content in api calls
Sep 17, 2020
f3e251d
cloud view now filters out tickets with an evidence containing errors
Sep 21, 2020
0026c59
finishing up initial code for ec2 scan creation
Sep 23, 2020
30975bd
having cloud sync update region of device if it is empty
Sep 24, 2020
9f43be5
having ec2 scans overwrite the seendevice map each scan creation so e…
Sep 25, 2020
1501384
fixing bug where unpopulated jira dates would set to 12/30/00
Sep 28, 2020
11289e7
preventing from loading >1 cerf at once, as it can cause jira to cras…
Sep 28, 2020
87b5e3e
asset sync can now have certain groups skip global ignore checks
Sep 30, 2020
6e14b07
allowing rescan job to create cloud decom jobs
Sep 30, 2020
3ee5b6a
single empty regions no longer prevent ec2 scans from kicking off
Oct 8, 2020
7d23b45
forgot to go mod update for qualys
Oct 8, 2020
e29a24e
adding code for CIS/image scanners to add results to db, removing red…
Oct 14, 2020
251b876
splitting port and protocol differently
Oct 14, 2020
1ba8d28
adding a preceeding 0 for the image rescan service ports to match con…
Oct 14, 2020
aef82eb
increasing protocol length
Oct 14, 2020
dfca964
increasing protocol len on last two sprocs
Oct 14, 2020
9f14e76
fixing issues in image rescan & changing name of ticket interface to …
Oct 15, 2020
aab4d4e
allowing cisrescan job to create exception entries
Oct 15, 2020
b621e3d
increasing size of protocol column in ignore table
Oct 15, 2020
8903a8d
adding the ports while calling cisrescan sproc
Oct 15, 2020
0916d7f
forgot a service port addition to sproc call
Oct 15, 2020
0d31942
removing ticket syncing from cis rescan - just have a ticket sync job…
Oct 16, 2020
24ebb5f
no longer having the exception job update the detection ignores as it…
Oct 16, 2020
c10ecaa
now looking at ticket status when determining if exception or fp
Oct 16, 2020
428f656
adding missing arguments
Oct 16, 2020
30c0d25
removing the exception code from the cisrescan, should just have exce…
Oct 16, 2020
6758f70
making CIS priority check case-insensitive
Oct 19, 2020
abb7f4d
fixing error with ticketing Application name
Oct 19, 2020
ebbc1ca
qualys rescan bug fix
Oct 22, 2020
1ffde5b
adding ability for cloud decomm to include stopped state
Oct 27, 2020
793502a
allowing cloud decom jobs to use payload from jobconfig
Oct 27, 2020
9b2b084
adding payload to jc sproc
Oct 28, 2020
1938772
including database updates for previous sproc update
Oct 28, 2020
9a2edda
adding in progress/scan error status filters to GetOpenTicketsByGroup…
Nov 2, 2020
f0ae97b
allowing image exceptions to have an assignee
Nov 3, 2020
c5f725c
removing jira ticket check from ticketing job, the db should have it …
Nov 3, 2020
8421c38
if a cloud asset is found as decommed during a normal rescan, it is n…
Nov 4, 2020
4a8f721
changing the int bundle id to the string rule id so the policy name c…
Nov 10, 2020
7b8903b
qualys CV now uses group id from method if api doesnt provide
Nov 12, 2020
4b04685
adding tracking method to ticket interface
Nov 12, 2020
f37b825
removing newlines from summary when present
Nov 12, 2020
52e6c1d
jira go mod update
Nov 18, 2020
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
removing jira ticket check from ticketing job, the db should have it …
…if it exists
ryan.everhart committed Nov 3, 2020
commit c5f725cdcf0cb5387afc6c8c908457192b4bb696
56 changes: 5 additions & 51 deletions internal/implementations/ticketing.go
Original file line number Diff line number Diff line change
Expand Up @@ -618,38 +618,12 @@ func (job *TicketingJob) checkForExistingTicket(in <-chan *vulnerabilityPayload)

if err == nil {
if existingTicket == nil {

var existingTicketChan <-chan domain.Ticket
var statuses = make(map[string]bool)
statuses[job.ticketingEngine.GetStatusMap(domain.StatusOpen)] = true
statuses[job.ticketingEngine.GetStatusMap(domain.StatusInProgress)] = true
statuses[job.ticketingEngine.GetStatusMap(domain.StatusReopened)] = true
statuses[job.ticketingEngine.GetStatusMap(domain.StatusResolvedRemediated)] = true
statuses[job.ticketingEngine.GetStatusMap(domain.StatusResolvedFalsePositive)] = true
statuses[job.ticketingEngine.GetStatusMap(domain.StatusResolvedDecom)] = true
statuses[job.ticketingEngine.GetStatusMap(domain.StatusResolvedException)] = true
existingTicketChan, err = job.ticketingEngine.GetTicketsByDeviceIDVulnID(job.insource.Source(), payload.orgCode, sord(payload.device.SourceID()), payload.vuln.SourceID(), statuses, payload.combo.Port(), payload.combo.Protocol())
if err == nil {

if emptyChannel(existingTicketChan) {
job.lstream.Send(log.Infof("No ticket found for vulnerability [%s] on device [%v]. Creating new ticket...", payload.vuln.SourceID(), sord(payload.device.SourceID())))
select {
case <-job.ctx.Done():
return
case out <- payload:
}
}
} else {
job.lstream.Send(log.Error(
fmt.Sprintf(
"Error issues from JIRA with vuln title [%v] and ID [%v].",
payload.vuln.Name(),
payload.vuln.SourceID(),
),
err,
))
job.lstream.Send(log.Infof("No ticket found for vulnerability [%s] on device [%v]. Creating new ticket...", payload.vuln.SourceID(), sord(payload.device.SourceID())))
select {
case <-job.ctx.Done():
return
case out <- payload:
}

} else {
job.lstream.Send(log.Info(
fmt.Sprintf(
Expand Down Expand Up @@ -684,26 +658,6 @@ func (job *TicketingJob) checkForExistingTicket(in <-chan *vulnerabilityPayload)
return out
}

func emptyChannel(in <-chan domain.Ticket) bool {
for {
select {
case _, ok := <-in:
if ok {
go func() {
for {
if _, ok := <-in; !ok {
return
}
}
}()
return false
} else {
return true
}
}
}
}

// takes the Payload and transforms it to a ticket. overwrites/appends information in the ticket fields from cloud service tags if a tag mapping & tags
// for the device are found
func (job *TicketingJob) prepareTicketCreation(in <-chan *vulnerabilityPayload) <-chan *vulnerabilityPayload {
Expand Down