django-DefectDojo/dojo/github/services.py at a8246a0b03eea8b819b175e026f28e0665c9d09a · DefectDojo/django-DefectDojo · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
import logging
import sys

from django.template.loader import render_to_string
from github import Auth, Github

from dojo.github.models import GITHUB_Issue, GITHUB_PKey
from dojo.models import Engagement, Product

logger = logging.getLogger(__name__)


def validate_github_credentials(api_key):
    """Verify a GitHub API key by fetching the authenticated user. Raises on failure."""
    g = Github(api_key)
    user = g.get_user()
    logger.debug("Using user " + user.login)
    return user.login


def reopen_external_issue_github(find, note, prod, eng):
    # Ensure the system setting for GitHub integration is enabled
    from dojo.utils import get_system_setting  # noqa: PLC0415 circular import
    if not get_system_setting("enable_github"):
        return
    # Check if we have github info related to the product
    if not GITHUB_PKey.objects.filter(product=prod).exists():
        return
    # Get the GitHub product configuration
    github_product = GITHUB_PKey.objects.get(product=prod)
    if github_product is None:
        logger.error("Unable to get project key")
        return
    # Check if we have github info related to the finding
    if not GITHUB_Issue.objects.filter(finding=find).exists():
        return
    # Get the GitHub issue related to the finding
    g_issue = GITHUB_Issue.objects.get(finding=find)
    if not g_issue:
        logger.error("Unable to get github issue")
        return

    try:
        g_ctx = Github(auth=Auth.Token(github_product.git_conf.api_key))
        repo = g_ctx.get_repo(github_product.git_project)
        issue = repo.get_issue(int(g_issue.issue_id))
    except:
        e = sys.exc_info()[0]
        logger.error("cannot update finding in github: " + e)

    logger.info("Will close github issue " + g_issue.issue_id)
    issue.edit(state="open")
    issue.create_comment(note)


def close_external_issue_github(find, note, prod, eng):
    # Ensure the system setting for GitHub integration is enabled
    from dojo.utils import get_system_setting  # noqa: PLC0415 circular import
    if not get_system_setting("enable_github"):
        return
    # Check if we have github info related to the product
    if not GITHUB_PKey.objects.filter(product=prod).exists():
        return
    # Get the GitHub product configuration
    github_product = GITHUB_PKey.objects.get(product=prod)
    if github_product is None:
        logger.error("Unable to get project key")
        return
    # Check if we have github info related to the finding
    if not GITHUB_Issue.objects.filter(finding=find).exists():
        return
    # Get the GitHub issue related to the finding
    g_issue = GITHUB_Issue.objects.get(finding=find)
    if not g_issue:
        logger.error("Unable to get github issue")
        return

    try:
        g_ctx = Github(auth=Auth.Token(github_product.git_conf.api_key))
        repo = g_ctx.get_repo(github_product.git_project)
        issue = repo.get_issue(int(g_issue.issue_id))
    except:
        e = sys.exc_info()[0]
        logger.error("cannot update finding in github: " + e)

    logger.info("Will close github issue " + g_issue.issue_id)
    issue.edit(state="closed")
    issue.create_comment(note)


def update_external_issue_github(find, prod, eng):
    # Ensure the system setting for GitHub integration is enabled
    from dojo.utils import get_system_setting  # noqa: PLC0415 circular import
    if not get_system_setting("enable_github"):
        return
    # Check if we have github info related to the product
    if not GITHUB_PKey.objects.filter(product=prod).exists():
        return
    # Get the GitHub product configuration
    github_product = GITHUB_PKey.objects.get(product=prod)
    if github_product is None:
        logger.error("Unable to get project key")
        return
    # Check if we have github info related to the finding
    if not GITHUB_Issue.objects.filter(finding=find).exists():
        return
    # Get the GitHub issue related to the finding
    g_issue = GITHUB_Issue.objects.get(finding=find)
    if not g_issue:
        logger.error("Unable to get github issue")
        return

    try:
        g_ctx = Github(auth=Auth.Token(github_product.git_conf.api_key))
        repo = g_ctx.get_repo(github_product.git_project)
        issue = repo.get_issue(int(g_issue.issue_id))
        issue.edit(title=find.title, body=github_body(find), labels=["defectdojo", "security / " + find.severity])
    except:
        e = sys.exc_info()[0]
        logger.error("cannot update finding in github: " + e)


def add_external_issue_github(find, prod, eng):
    # Ensure the system setting for GitHub integration is enabled
    from dojo.utils import get_system_setting  # noqa: PLC0415 circular import
    if not get_system_setting("enable_github"):
        return
    # Check if we have github info related to the product
    if not GITHUB_PKey.objects.filter(product=prod).exists():
        return
    # Get the GitHub product configuration
    github_product = GITHUB_PKey.objects.get(product=prod)
    if github_product is None:
        logger.error("Unable to get project key")
        return
    # We push only active and verified issues
    if "Active" in find.status() and ("Verified" in find.status() and get_system_setting("enforce_verified_status", True)):
        eng = Engagement.objects.get(test=find.test)
        prod = Product.objects.get(engagement=eng)
        github_product_key = GITHUB_PKey.objects.get(product=prod)
        logger.info("Create issue with github profile: " + str(github_product_key.git_conf) + " on product: " + str(github_product_key))

        try:
            g = Github(auth=Auth.Token(github_product_key.git_conf.api_key))
            user = g.get_user()
            logger.debug("logged in with github user: " + user.login)
            logger.debug("Look for project: " + github_product_key.git_project)
            repo = g.get_repo(github_product_key.git_project)
            logger.debug("Found repo: " + str(repo.url))
            issue = repo.create_issue(title=find.title, body=github_body(find), labels=["defectdojo", "security / " + find.severity])
            logger.debug("created issue: " + str(issue.html_url))
            g_issue = GITHUB_Issue(issue_id=issue.number, issue_url=issue.html_url, finding=find)
            g_issue.save()
        except:
            e = sys.exc_info()[0]
            logger.error("cannot create finding in github: " + e)


def github_body(find):
    template = "issue-trackers/jira_full/jira-description.tpl"
    kwargs = {}
    kwargs["finding"] = find
    return render_to_string(template, kwargs)