Merge pull request #43 from HCL-TECH-SOFTWARE/jiraAuth

Jira auth

README.md

@@ -141,7 +141,7 @@ Please note : Below information is w.r.t to the new APIs /v2/issues/pushjobs. Fo
 
 ## Known Issues & Limitations
 
-- The JIRA support only handles Basic Auth (username and password)
+- The JIRA support only handles Basic Auth (username and password) or using a personal access token.
 - A robust automated test suite is required.
 - The service is English only and need to go through a String externalization exercise.
 

pom.xml

@@ -5,7 +5,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.hcl.appscan</groupId>
 	<artifactId>appscan-issue-gateway</artifactId>
-	<version>0.3.1</version>
+	<version>0.3.3</version>
 	<packaging>jar</packaging>
 	<name>appscan-issue-gateway</name>
 	<description>AppScan Issue Gateway Service</description>
@@ -59,6 +59,7 @@
 					<artifactId>servlet-api</artifactId>
 				</exclusion>
 			</exclusions>
+			<version>3.0.8</version>
 		</dependency>
 		<dependency>
 			<groupId>org.codehaus.groovy</groupId>

providers/jira/JIRAConstants.groovy

@@ -1,6 +1,6 @@
 /**
  * � Copyright IBM Corporation 2018.
- * � Copyright HCL Technologies Ltd. 2018,2019.
+ * � Copyright HCL Technologies Ltd. 2018,2023.
  * LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0
  */
 package jira
@@ -14,6 +14,7 @@ public class JIRAConstants {
 	static def SERVER_URL  = "url"
 	static def USERNAME    = "username"
 	static def PASSWORD    = "password"
+	static def TOKEN       = "token"
 	static def PROJECTKEY  = "projectkey"
 
 	//Optional fields
@@ -27,15 +28,16 @@ public class JIRAConstants {
 	static def PROVIDER_DESCRIPTION =
 	[
 		'JIRA provider. Configuration fields are below',
-		'(Required)' + SERVER_URL    + ': the JIRA URL to connect to',
-		'(Required)' + USERNAME      + ': User name',
-		'(Required)' + PASSWORD      + ': Password',
-		'(Required)' + PROJECTKEY    + ': Project Key',
-		'(Optional)' + ISSUETYPE     + ': Issue Type.Default value is bug',
-	    '(Optional)' + SUMMARY       + ': Override default issue summary. Issue attributes can be included with %% substitution variables.  For example the default is \'AppScan: %IssueType% found at %Location%\'',
-		'(Optional)' + SEVERITYFIELD + ': Field Id that corresponds to \'priority\' or \'severity\'. This field will be populated with the AppScan Issue Severity.  Default value = \'priority\'',
-		'(Optional)' + SEVERITYMAP   + ': Map of AppScan Severities to JIRA Priorities.  If set, a mapping must be provided for High, Medium, Low, Informational',
-		'(Optional)' + OTHERFIELDS   + ': Additional JSON that should be sent when creating JIRA issues.  For example:  { labels: [\'appscan\',\'security\'] }',
+		'(Required)'    + SERVER_URL    + ': The JIRA URL to connect to',
+		'(Recommended)' + TOKEN         + ': A personal access token. Required if not using username and password.',
+		'(Optional)'    + USERNAME      + ': User name. Required if not using a personal access token.',
+		'(Optional)'    + PASSWORD      + ': Password. Required if not using a personal access token.',
+		'(Required)'    + PROJECTKEY    + ': Project Key',
+		'(Optional)'    + ISSUETYPE     + ': Issue Type.Default value is bug',
+	    '(Optional)'    + SUMMARY       + ': Override default issue summary. Issue attributes can be included with %% substitution variables.  For example the default is \'AppScan: %IssueType% found at %Location%\'',
+		'(Optional)'    + SEVERITYFIELD + ': Field Id that corresponds to \'priority\' or \'severity\'. This field will be populated with the AppScan Issue Severity.  Default value = \'priority\'',
+		'(Optional)'    + SEVERITYMAP   + ': Map of AppScan Severities to JIRA Priorities.  If set, a mapping must be provided for High, Medium, Low, Informational',
+		'(Optional)'    + OTHERFIELDS   + ': Additional JSON that should be sent when creating JIRA issues.  For example:  { labels: [\'appscan\',\'security\'] }',
 		'Complete JSON Example: (replace single quotes with double quotes and ignore leading and trailing double quotes on each line)                                                       ',
 		'     {                                                                                                    ',                                                                 
 	    '       \'appscanData\': {                                                                                   ',                                     
@@ -52,8 +54,7 @@ public class JIRAConstants {
 		'          \'provider\': \'jira\',                                                                             ',
 		'          \'config\': {                                                                                     ',
      	'            \'url\': \'http://localhost:8080\',                                                               ',
-        '            \'username\': \'testuser\',                                                                       ',
-        '            \'password\': \'passwopd\',                                                                       ',
+        '            \'token\': \'xxxxxxxx\',                                                                       ',
         '            \'projectkey\': \'ABC\',                                                                          ',
         '            \'issuetype\': \'Story\',                                                                         ',
         '            \'summary\': \'Security issue: %IssueType% found by %Scanner%.  We must fix it!\',                ',

providers/jira/JIRAProvider.groovy

@@ -1,6 +1,6 @@
 /**
  * � Copyright IBM Corporation 2018.
- * � Copyright HCL Technologies Ltd. 2018,2019.
+ * � Copyright HCL Technologies Ltd. 2018,2023.
  * LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0
  */
 package jira
@@ -46,12 +46,8 @@ class JIRAProvider extends JIRAConstants implements IProvider {
 			errors.add("JIRA Configuration: URL must be set");
 			valid = false;
 		}
-		if (!config.containsKey(USERNAME)) {
-			errors.add("JIRA Configuration: Username must be set");
-			valid = false;
-		}
-		if (!config.containsKey(PASSWORD)) {
-			errors.add("JIRA Configuration: Password must be set");
+		if (!(config.containsKey(USERNAME) && config.containsKey(PASSWORD)) && !config.containsKey(TOKEN)) {
+			errors.add("JIRA Configuration: Username and Password or Token must be set");
 			valid = false;
 		}
 		if (!config.containsKey(PROJECTKEY)) {
@@ -135,9 +131,15 @@ class JIRAProvider extends JIRAConstants implements IProvider {
 	}
 
 	private getAuthString(Map<String, Object> config) {
-		def username = config.get(USERNAME)
-		def password = config.get(PASSWORD)
-		"Basic " + (username + ":" + password).bytes.encodeBase64().toString()
+		if(config.containsKey(USERNAME) && config.containsKey(PASSWORD)){
+			def username = config.get(USERNAME)
+			def password = config.get(PASSWORD)
+			"Basic " + (username + ":" + password).bytes.encodeBase64().toString()
+		}
+		else {
+			def token = config.get(TOKEN)
+			"Bearer " + token
+		}
 	}
 
 	private createIssueJSON(IAppScanIssue appscanIssue, Map<String, Object> config) {

providers/jira/README.md

@@ -24,8 +24,7 @@
     "provider": "jira",
     "config": {
       "url": "https://<jira server>",
-      "username": "testuser",
-      "password": "testpassword",
+      "token": "xxxxxxxx",
       "projectkey": "Test Project key",
       "issuetype": "Story",
       "summary": "Security issue: %IssueType% found by %Scanner%.",
@@ -61,10 +60,11 @@ Hopefully some of the JSON is self-explanatory, but here&#39;s a quick summary o
 
 **imData** : configuration required to connect to the Issue Management system (Jira in this case)
 
-- url: the JIRA URL to connect to.
-- Username: The user name to connect to the Jira URL.
-- Password: The password used to connect to the Jira URL.
-- Projectkey: The Jira project name to be used for the issue migration. The issues would be migrated from ASE(or ASoC) to this project.
+- url: The JIRA URL to connect to.
+- token: (Recommended) A personal access token for authentication. 
+- username: (Optional) The user name to connect to the Jira URL. Using an access token is recommended.
+- password: (Optional) The password used to connect to the Jira URL. Using an access token is recommended.
+- projectkey: The Jira project name to be used for the issue migration. The issues would be migrated from ASE(or ASoC) to this project.
 - issuetype: (Optional) Used if you would like to override the default issue type. Default = &quot;Bug&quot;
 - summary: (Optional) Override default issue summary. Issue attributes can be included with %% substitution variables. For example the default is &#39;AppScan: %IssueType% found at %Location%&#39;
 - severityfield: (Optional) Field Id that corresponds to &#39;priority&#39; or &#39;severity&#39;. This field will be populated with the AppScan Issue Severity. Default value = &#39;priority&#39;