Skip to content

Instantly share code, notes, and snippets.

@wheel5up

wheel5up/Add Vulnerability.postman_collection.json

Created October 25, 2020 18:35
Show Gist options
  • Save wheel5up/5fc197cb831e944f411ff58718a65869 to your computer and use it in GitHub Desktop.
Save wheel5up/5fc197cb831e944f411ff58718a65869 to your computer and use it in GitHub Desktop.
Download ZIP
Reference design for postman collection to reconcile Security Scorecard issues with Jira
Raw
Add Vulnerability.postman_collection.json
{
"info": {
"_postman_id": "adfce9c7-7a45-443d-9ae0-0fbc77075059",
"name": "Add Vulnerability",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "search jira for issue",
"event": [
{
"listen": "test",
"script": {
"id": "d7148e37-dbba-441f-8642-4fd68f070a50",
"exec": [
"pm.test ('checking if issue exists',function (){",
" var response = pm.response.json();",
" if (Array.isArray(response.issues) && !response.issues.length){",
" //no result or search for this page found. Create page",
" console.log('Issue does not exist! Create new issue: '+response.issues.length);",
" postman.setNextRequest(\"create jira issue\");",
" } else if(Array.isArray(response.issues) && response.issues.length == 1) {",
" //one result or search for this page found. Go update",
" console.log('Found issue! Update existing issue: '+response.issues[0].key);",
" if( response.issues[0].fields.status.statusCategory.key == \"done\") {",
" console.log('Issue marked as closed!-->'+response.issues[0].key);",
" postman.setNextRequest(\"re-open jira issue\");",
" } else {",
" postman.setNextRequest(\"update jira issue\");",
" }",
" pm.environment.set(\"issueKey\", response.issues[0].key);",
" } else {",
" //error condition no action",
" console.log('search turned up multiple results. This is not expected'+response.issues.length);",
" postman.setNextRequest(\"search jira existing issues\");",
" }",
"});"
],
"type": "text/javascript"
}
},
{
"listen": "prerequest",
"script": {
"id": "7bd0b777-4653-45e5-bad0-b6f033e0ab46",
"exec": [
"var mydate = require('moment');",
"var externalid = pm.iterationData.get(\"ISSUE ID\"); //no change",
"var summary = pm.iterationData.get(\"FACTOR NAME\")+\" - \"+pm.iterationData.get(\"ISSUE TYPE TITLE\").replace(/\"\"|\\n|\"/g,''); //concat these two",
"var sevlc = pm.iterationData.get(\"ISSUE TYPE SEVERITY\").toLowerCase(); //lower case from security scorecarrd.",
"var severity = sevlc.charAt(0).toUpperCase() + sevlc.slice(1); //first step was to lower case, then capitalize first letter",
"var recommendation = pm.iterationData.get(\"ISSUE RECOMMENDATION\").replace(/\"\"|\\n|\"/g,''); //remove double quotes",
"var firstseen = mydate(pm.iterationData.get(\"FIRST SEEN\")).format('YYYY-MM-DD'); //Jira data format",
"var lastseen = mydate(pm.iterationData.get(\"LAST SEEN\")).format('YYYY-MM-DD'); //Jira data format",
"var hostname = pm.iterationData.get(\"HOSTNAME\"); //no change",
"var port = pm.iterationData.get(\"PORTS\") ? pm.iterationData.get(\"PORTS\") : 0; //zero to satisfy definition of int on jira side",
"var cve = pm.iterationData.get(\"CVE\"); //no change",
"var url = pm.iterationData.get(\"INITIAL URL\"); //no change",
"var ipaddress = pm.iterationData.get(\"IP ADDRESSES\"); //no change",
"var description = pm.iterationData.get(\"DESCRIPTION\").replace(/\"\"|\\n|\"/g,''); //remove double quotes",
"pm.environment.set(\"externalid\", externalid);",
"pm.environment.set(\"summary\", summary);",
"pm.environment.set(\"severity\", severity);",
"pm.environment.set(\"recommendation\", recommendation);",
"pm.environment.set(\"firstseen\", firstseen);",
"pm.environment.set(\"lastseen\", lastseen);",
"pm.environment.set(\"hostname\", hostname);",
"pm.environment.set(\"port\", port);",
"pm.environment.set(\"cve\", cve);",
"pm.environment.set(\"url\", url);",
"pm.environment.set(\"ipaddress\", ipaddress);",
"pm.environment.set(\"description\", description);",
"//pm.environment.set(\"externalids\",externalids);",
"pm.environment.set(\"startAt\", 0);",
"if (pm.info.iteration === 0) {",
" var externalids = [];",
" var issuekeys = [];",
" pm.environment.set(\"externalids\",externalids);",
" pm.environment.set(\"issuekeys\",issuekeys);",
" console.log('setting variables for first run');",
"}",
"console.log(pm.info.iteration);",
"//console.log(\"Value of ISSUE ID: \"+externalid);",
"//console.log(\"Value of ISSUE TYPE TITLE: \"+summary);",
"//console.log(\"Value of ISSUE TYPE SEVERITY: \"+severity);",
"//console.log(\"Value of ISSUE RECOMMENDATION: \"+recommendation);",
"//console.log(\"Value of FIRST SEEN: \"+firstseen);",
"//console.log(\"Value of LAST SEEN: \"+lastseen);",
"//console.log(\"Value of HOSTNAME: \"+hostname);",
"//console.log(\"Value of PORTS: \"+port);",
"//console.log(\"Value of CVE: \"+cve);",
"//console.log(\"Value of INITIAL URL: \"+url);",
"//console.log(\"Value of IP ADDRESS: \"+ipaddress);",
"//console.log(\"Value of DESCRIPTION: \"+description);"
],
"type": "text/javascript"
}
}
],
"request": {
"auth": {
"type": "basic",
"basic": [
{
"key": "password",
"value": "{{jira_token}}",
"type": "string"
},
{
"key": "username",
"value": "{{jira_user}}",
"type": "string"
}
]
},
"method": "POST",
"header": [
{
"key": "Accept",
"value": "application/json",
"type": "text"
},
{
"key": "Content-Type",
"value": "application/json",
"type": "text"
}
],
"body": {
"mode": "raw",
"raw": "{ \"jql\" : \"project = VULN and 'external ID' ~ {{ISSUE ID}}\"\n}"
},
"url": {
"raw": "https://{{jira_host}}/rest/api/3/search",
"protocol": "https",
"host": [
"{{jira_host}}"
],
"path": [
"rest",
"api",
"3",
"search"
]
},
"description": "This request searches jira for issues from secruity scorecard. Those issues have a unique id that's used in the external id field"
},
"response": []
},
{
"name": "re-open jira issue",
"event": [
{
"listen": "prerequest",
"script": {
"id": "7bccb2a4-c001-4082-8809-44fc04f657c4",
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"id": "1d337751-f339-41d3-920b-676f5c25f6ef",
"exec": [
"pm.test ('re-open issue',function (){",
" postman.setNextRequest(\"update jira issue\");",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"auth": {
"type": "basic",
"basic": [
{
"key": "password",
"value": "{{jira_token}}",
"type": "string"
},
{
"key": "username",
"value": "{{jira_user}}",
"type": "string"
}
]
},
"method": "POST",
"header": [
{
"key": "Accept",
"type": "text",
"value": "application/json"
},
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
}
],
"body": {
"mode": "raw",
"raw": "{\n\t\"transition\": {\n\t\t\"id\": \"11\"\n\t}\n}"
},
"url": {
"raw": "https://{{jira_host}}/rest/api/3/issue/{{issueKey}}/transitions",
"protocol": "https",
"host": [
"{{jira_host}}"
],
"path": [
"rest",
"api",
"3",
"issue",
"{{issueKey}}",
"transitions"
]
}
},
"response": []
},
{
"name": "update jira issue",
"event": [
{
"listen": "prerequest",
"script": {
"id": "ed147841-fc7b-456b-87e5-e9b998154353",
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"id": "61f1dd53-2743-4489-9159-cb09cfac0153",
"exec": [
"pm.test ('updated issue',function (){",
" var externalids = pm.environment.get('externalids');",
" var externalid = pm.environment.get('externalid');",
" console.log(externalid);",
" console.log(externalids);",
" externalids.push(externalid);",
" pm.environment.set('externalids',externalids);",
" if (pm.info.iteration +1 < pm.info.iterationCount) {",
" postman.setNextRequest(null);",
" } else {",
" postman.setNextRequest(\"search jira existing issues\");",
" }",
" console.log(externalid);",
" console.log(externalids);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"auth": {
"type": "basic",
"basic": [
{
"key": "password",
"value": "{{jira_token}}",
"type": "string"
},
{
"key": "username",
"value": "{{jira_user}}",
"type": "string"
}
]
},
"method": "PUT",
"header": [
{
"key": "Accept",
"type": "text",
"value": "application/json"
},
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
}
],
"body": {
"mode": "raw",
"raw": "{\n\t\"fields\": {\n\t\t\"summary\": \"{{summary}}\",\n \"issuetype\": {\n\t\t\t\"id\":\"10007\"\n\t\t},\n\t\t\"project\": {\n\t\t\t\"id\": \"10012\"\n\t\t},\n\t\t\"customfield_10053\": \"{{externalid}}\",\n\t\t\"customfield_10054\": {\"value\":\"{{severity}}\"},\n\t\t\"customfield_10057\": \"{{firstseen}}\",\n\t\t\"customfield_10051\": \"{{lastseen}}\",\n\t\t\"description\": {\n\t\t\t\"type\":\"doc\",\n\t\t\t\"version\":1,\n\t\t\t\"content\": [\n\t\t\t\t{\n\t\t\t\t\t\"type\": \"paragraph\",\n\t\t\t\t\t\"content\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"type\":\"text\",\n\t\t\t\t\t\t\t\"text\":\"{{description}}\"\n\t\t\t\t\t\t}\n\t\t\t\t\t\t]\n\t\t\t\t}\n\t\t\t\t]\n\t\t},\n\t\t\"customfield_10085\": \"{{cve}}\",\n\t\t\"customfield_10056\": \"{{hostname}}\",\n\t\t\"customfield_10059\": \"{{ipaddress}}\",\n\t\t\"customfield_10060\": {{port}},\n\t\t\"customfield_10058\": {\n\t\t\t\"type\":\"doc\",\n\t\t\t\"version\":1,\n\t\t\t\"content\": [\n\t\t\t\t{\n\t\t\t\t\t\"type\": \"paragraph\",\n\t\t\t\t\t\"content\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"type\": \"text\",\n\t\t\t\t\t\t\t\"text\": \"{{recommendation}}\"\n\t\t\t\t\t\t}]\n\t\t\t\t}]\n\t\t},\n\t\t\"customfield_10061\": \"{{url}}\"\n\t}\n}"
},
"url": {
"raw": "https://{{jira_host}}/rest/api/3/issue/{{issueKey}}",
"protocol": "https",
"host": [
"{{jira_host}}"
],
"path": [
"rest",
"api",
"3",
"issue",
"{{issueKey}}"
]
}
},
"response": []
},
{
"name": "create jira issue",
"event": [
{
"listen": "test",
"script": {
"id": "5a5d8861-25c6-496e-927f-336a980f4c9a",
"exec": [
"pm.test ('created issue',function (){",
" var externalids = pm.environment.get(\"externalids\");",
" var externalid = pm.environment.get(\"externalid\");",
" console.log(externalid);",
" console.log(externalids);",
" externalids.push(externalid);",
" pm.environment.set('externalids',externalids);",
" if (pm.info.iteration +1 < pm.info.iterationCount) {",
" postman.setNextRequest(null);",
" } else {",
" postman.setNextRequest(\"search jira existing issues\");",
" } ",
" console.log(externalid);",
" console.log(externalids);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"auth": {
"type": "basic",
"basic": [
{
"key": "password",
"value": "{{jira_token}}",
"type": "string"
},
{
"key": "username",
"value": "{{jira_user}}",
"type": "string"
}
]
},
"method": "POST",
"header": [
{
"key": "Accept",
"type": "text",
"value": "application/json"
},
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
}
],
"body": {
"mode": "raw",
"raw": "{\n\t\"fields\": {\n\t\t\"summary\": \"{{summary}}\",\n\t\t\"issuetype\": {\n\t\t\t\"id\":\"10007\"\n\t\t},\n\t\t\"project\": {\n\t\t\t\"id\": \"10012\"\n\t\t},\n\t\t\"customfield_10053\": \"{{externalid}}\",\n\t\t\"customfield_10054\": {\"value\":\"{{severity}}\"},\n\t\t\"customfield_10057\": \"{{firstseen}}\",\n\t\t\"customfield_10051\": \"{{lastseen}}\",\n\t\t\"customfield_10055\": \"{{Close Date}}\",\n\t\t\"description\": {\n\t\t\t\"type\":\"doc\",\n\t\t\t\"version\":1,\n\t\t\t\"content\": [\n\t\t\t\t{\n\t\t\t\t\t\"type\": \"paragraph\",\n\t\t\t\t\t\"content\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"type\":\"text\",\n\t\t\t\t\t\t\t\"text\":\"{{description}}\"\n\t\t\t\t\t\t}\n\t\t\t\t\t\t]\n\t\t\t\t}\n\t\t\t\t]\n\t\t},\n\t\t\"customfield_10085\": \"{{cve}}\",\n\t\t\"customfield_10056\": \"{{hostname}}\",\n\t\t\"customfield_10059\": \"{{ipaddress}}\",\n\t\t\"customfield_10060\": {{port}},\n\t\t\"customfield_10058\": {\n\t\t\t\t\t\"type\":\"doc\",\n\t\t\t\"version\":1,\n\t\t\t\"content\": [\n\t\t\t\t{\n\t\t\t\t\t\"type\": \"paragraph\",\n\t\t\t\t\t\"content\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"type\":\"text\",\n\t\t\t\t\t\t\t\"text\":\"{{recommendation}}\"\n\t\t\t\t\t\t}\n\t\t\t\t\t\t]\n\t\t\t\t}\n\t\t\t\t]\n\t\t},\n\t\t\"customfield_10061\": \"{{url}}\",\n\t\t\"labels\": [\n\t\t\t\"securityscorecard\"]\n\t}\n}"
},
"url": {
"raw": "https://{{jira_host}}/rest/api/3/issue",
"protocol": "https",
"host": [
"{{jira_host}}"
],
"path": [
"rest",
"api",
"3",
"issue"
]
}
},
"response": []
},
{
"name": "search jira existing issues",
"event": [
{
"listen": "test",
"script": {
"id": "92f54ce0-8672-4fe9-802f-dacb7ea43c47",
"exec": [
"pm.test ('search existing issues',function (){",
" var response = pm.response.json();",
"// var externalids = JSON.parse(pm.environment.get(\"externalids\"));",
" var externalids = pm.environment.get(\"externalids\");",
" var issuekeys = pm.environment.get(\"issuekeys\");",
" var total = response.total;",
" var startAt = response.startAt +50;",
" console.log('Start at: '+startAt);",
" console.log('Current number of issues: '+externalids.length);",
" if (Array.isArray(response.issues) && response.issues.length){",
" console.log('Issues array is none zero length: '+response.issues.length);",
" response.issues.forEach(function (issue) {",
" if (externalids.indexOf(issue.fields.customfield_10053) >= 0) {",
" console.log('Field at position: '+externalids.indexOf(issue.fields.customfield_10053));",
" console.log('Found the field! Removing from Array: '+issue.fields.customfield_10053);",
" externalids.splice(externalids.indexOf(issue.fields.customfield_10053),1);",
" console.log(externalids.length);",
" } else {",
" console.log('Field at position: '+externalids.indexOf(issue.fields.customfield_10053));",
" console.log('Did not find the field! Adding to the array: '+issue.fields.customfield_10053);",
" console.log('Pushing issue key onto array: '+issue.key);",
" externalids.push(issue.fields.customfield_10053);",
" issuekeys.push(issue.key);",
" console.log(externalids.length);",
" console.log(issue.key);",
" }",
" });",
" console.log(externalids);",
" console.log(issuekeys);",
" if (startAt < total) {",
" console.log('Start at is less than total: '+total);",
" postman.setNextRequest('search jira existing issues');",
" pm.environment.set(\"startAt\",startAt);",
" } else {",
" console.log('Start at is not less than total: '+total);",
" postman.setNextRequest('update jira close date');",
" ",
" }",
"// pm.environment.set(\"externalids\",JSON.stringify(externalids));",
" pm.environment.set(\"externalids\",externalids);",
" pm.environment.set(\"issuekeys\",issuekeys);",
" ",
" } else {",
" console.log('No more issues: '+response.issues.length);",
" postman.setNextRequest(null);",
" }",
" console.log('Current number of issues: '+externalids.length);",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"auth": {
"type": "basic",
"basic": [
{
"key": "password",
"value": "{{jira_token}}",
"type": "string"
},
{
"key": "username",
"value": "{{jira_user}}",
"type": "string"
}
]
},
"method": "POST",
"header": [
{
"key": "Accept",
"type": "text",
"value": "application/json"
},
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
}
],
"body": {
"mode": "raw",
"raw": "{ \n\t\"jql\" : \"project = VULN AND status = 'To Do' AND labels = securityscorecard\",\n\t\"startAt\":{{startAt}}\n}"
},
"url": {
"raw": "https://{{jira_host}}/rest/api/3/search",
"protocol": "https",
"host": [
"{{jira_host}}"
],
"path": [
"rest",
"api",
"3",
"search"
]
}
},
"response": []
},
{
"name": "update jira close date",
"event": [
{
"listen": "prerequest",
"script": {
"id": "ed147841-fc7b-456b-87e5-e9b998154353",
"exec": [
"var issuekeys = pm.environment.get('issuekeys');",
"var issuekey = issuekeys.pop();",
"pm.environment.set('issuekeys',issuekeys);",
"pm.environment.set('issueKey',issuekey);",
"console.log('issue key: '+issuekey);",
"console.log(issuekeys);",
""
],
"type": "text/javascript"
}
}
],
"request": {
"auth": {
"type": "basic",
"basic": [
{
"key": "password",
"value": "{{jira_token}}",
"type": "string"
},
{
"key": "username",
"value": "{{jira_user}}",
"type": "string"
}
]
},
"method": "PUT",
"header": [
{
"key": "Accept",
"type": "text",
"value": "application/json"
},
{
"key": "Content-Type",
"type": "text",
"value": "application/json"
}
],
"body": {
"mode": "raw",
"raw": "{\n\t\"fields\": {\n\t\t\"customfield_10063\": \"{{Close Date}}\"\n\t}\n}"
},
"url": {
"raw": "https://{{jira_host}}/rest/api/3/issue/{{issueKey}}",
"protocol": "https",
"host": [
"{{jira_host}}"
],
"path": [
"rest",
"api",
"3",
"issue",
"{{issueKey}}"
]
}
},
"response": []
},
{
"name": "update Jira state",
"event": [
{
"listen": "prerequest",
"script": {
"id": "7bccb2a4-c001-4082-8809-44fc04f657c4",
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"id": "1d337751-f339-41d3-920b-676f5c25f6ef",
"exec": [
"pm.test ('transition issue',function (){",
" var issuekeys = pm.environment.get(\"issuekeys\");",
" if(issuekeys.length > 0) {",
" postman.setNextRequest(\"update jira close date\");",
" } else {",
" postman.setNextRequest(null);",
" } ",
"});"
],
"type": "text/javascript"
}
}
],
"request": {
"auth": {
"type": "basic",
"basic": [
{
"key": "password",
"value": "{{jira_token}}",
"type": "string"
},
{
"key": "username",
"value": "{{jira_user}}",
"type": "string"
}
]
},
"method": "POST",
"header": [
{
"key": "Accept",
"value": "application/json",
"type": "text"
},
{
"key": "Content-Type",
"value": "application/json",
"type": "text"
}
],
"body": {
"mode": "raw",
"raw": "{\n\t\"transition\": {\n\t\t\"id\": \"41\"\n\t}\n}"
},
"url": {
"raw": "https://{{jira_host}}/rest/api/3/issue/{{issueKey}}/transitions",
"protocol": "https",
"host": [
"{{jira_host}}"
],
"path": [
"rest",
"api",
"3",
"issue",
"{{issueKey}}",
"transitions"
]
}
},
"response": []
}
],
"event": [
{
"listen": "prerequest",
"script": {
"id": "45129547-5659-49f3-b292-cfa393c7e0b8",
"type": "text/javascript",
"exec": [
""
]
}
},
{
"listen": "test",
"script": {
"id": "9a1fcc68-34b6-4a89-8734-193936aa53e3",
"type": "text/javascript",
"exec": [
""
]
}
}
],
"protocolProfileBehavior": {}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment