Snyk fix ca2753884b7af29829d75b5bbfd54b4a

.github/workflows/python-app.yml

@@ -0,0 +1,37 @@
+# This workflow will install Python dependencies, run tests and lint with a single version of Python
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+
+name: Python application
+
+on: [workflow_dispatch]
+
+permissions:
+  contents: read
+
+env:
+    REMOTE_REPO_URL: ${{ github.repository }},
+    GITHUB_ORG: ${{ github.repository.owner }}
+    SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }},
+    POETRY_VIRTUALENVS_CREATE: false
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python 3.9
+      uses: actions/setup-python@v3
+      with:
+        python-version: "3.9"
+    - name: Install Poetry
+      run: |
+        pip install -U pip
+        pip install poetry
+        poetry install
+
+    - name: Install dependencies
+      run: poetry install --no-interaction --no-root
+    - name: Create and delete GitHub issues based off of Snyk projects
+      run: python ci_scripts_library/snyk_scm_issues_to_gh_issues/cli.py snyk-license-check

.github/workflows/run_snyk_gh_issues.yml

@@ -0,0 +1,25 @@
+name: Running Snyk GH Issues
+
+on: [push]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [3.7]
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v1
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install flake8 pytest
+        if [ -f requirements2.txt ]; then pip install -r requirements2.txt; fi
+    - name: Run Snyk_GH_Issues.py
+      run: python3 Snyk_GH_Issues.py

.github/workflows/snowflakestuff.yml

@@ -0,0 +1,29 @@
+name: Example workflow using Snyk
+on: push
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/node@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --json-file-output=snyk.json
+
+
+      - name: install snyk-to-html
+        run: |
+          npm install snyk-to-html -g
+          cat snyk.json | snyk-to-html -o result.html
+          mkdir downloads
+          pwd
+          ls -al
+          cp -v /home/runner/work/rhicksiii91/goof/*.html /home/runner/work/rhicksiii91/goof/downloads
+      - name: Run Snyk test 
+        uses: actions/upload-artifact@v2
+        with:
+          name: results
+          path: downloads

.github/workflows/snyk-scm-issues-to-gh-issues.yml

@@ -0,0 +1,15 @@
+name: Snyk SCM Issues to Github Issues
+on: workflow_dispatch
+  # - push
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: snyk-labs/actions/scm-issues-to-gh-issues@main
+        with:
+         snyk_prefix: "cse"
+         use_fresh_issues: "true"
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
+          REMOTE_REPO_URL: ${{ github.repositoryUrl }}

.gitignore

@@ -6,3 +6,5 @@ node_modules
 sass
 config.rb
 npm-debug.log
+
+goofenv

Jenkinsfile

@@ -0,0 +1,47 @@
+pipeline {
+    agent any
+        tools
+            {
+            nodejs 'NodeJS 18.1.0'
+            }
+
+            environment {
+                    SNYK_TOKEN = 'da12766a-46b6-4186-8ba1-83eb1aae653c'
+                }
+
+    stages {
+        stage('Install Snyk and Snyk Filter') {
+              steps {
+                sh 'node -v'
+                sh 'npm prune'
+                sh 'npm install -g snyk'
+                sh 'npm install -g snyk-filter'
+              }
+            }
+
+        stage('Build') {
+            steps {
+            sh 'node -v'
+            sh 'npm install'
+            }
+        }
+
+
+        stage('Snyk Monitor') {
+          steps {
+            sh 'echo "***RUNNING SNYK TEST***"'
+            sh 'snyk monitor --org=fdf3b63a-9a4e-43d8-bae3-85212f002bea --project-name=JenkinsGoof'
+                }
+            }
+
+
+      stage('Snyk Test') {
+              steps {
+                sh 'echo "***RUNNING SNYK TEST***"'
+                sh 'snyk test --json-file-output=vuln.json || true'
+                sh 'snyk-filter -i vuln.json -f example-licenses-only.yml'
+                sh 'snyk code test'
+                    }
+                }
+     }
+    }

Snyk_GH_Issues.py

@@ -0,0 +1,132 @@
+import datetime
+from github import Github
+import json
+from json2html import *
+import requests
+
+gh = Github("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")
+repo = gh.get_repo("https://github.com/TSRobworld/goof")
+total_snyk_issues = 0
+current_gh_issues = []
+split_current_issues = []
+current_snyk_issues = []
+open_gh_issues = []
+new_issues = 0
+today = datetime.date.today()
+yesterday_date = today - datetime.timedelta(days=1)
+
+# "orgs" is the Snyk orgId, and has to be a string
+values = """
+
+{
+  "filters": {
+    "orgs": ["fdf3b63a-9a4e-43d8-bae3-85212f002bea"], 
+    "severity": [
+      "high",
+      "medium",
+      "low"
+    ],
+    "exploitMaturity": [
+      "mature",
+      "proof-of-concept",
+      "no-known-exploit",
+      "no-data"
+    ],
+    "types": [
+      "vuln",
+      "license"
+    ],
+    "languages": [
+      "javascript"
+    ],
+    "projects": [],
+    "issues": [],
+    "identifier": "",
+    "fixable": false,
+    "isFixed": false
+  }
+}
+"""
+
+headers = {
+    'Content-Type': 'application/json; charset=utf-8',
+    'Authorization': 'da12766a-46b6-4186-8ba1-83eb1aae653c'
+}
+
+new_issues_url = 'https://snyk.io/api/v1/reporting/issues/?from=' + str(yesterday_date) + '&to=' + str(today)
+
+results = requests.post(new_issues_url, data=values, headers=headers)
+
+results_output = results.json()
+
+# getting the issues from github
+# taking the issues object, turning it into a string
+# splitting the string to format properly
+# taking that info, putting it into a list to compare the list of issues from snyk
+# need to do this (for now) in order to grab the unique Snyk issue ID
+open_issues = repo.get_issues(state='open')
+for issue in open_issues:
+  issue_object_to_string = str(issue)
+  issue_split = issue_object_to_string[13:]
+  issue_list = issue_split.split('"')[0]
+  current_gh_issues.append(issue_list)
+  split_current_issues = [i.split('- ')[1] for i in current_gh_issues]
+
+
+for issue in results_output['results']:
+  total_snyk_issues = total_snyk_issues + 1
+
+if total_snyk_issues > 0:
+  print(f"Total Snyk issues found: {total_snyk_issues}")
+
+for issue in results_output['results']:
+  issue_title = issue['issue']['title']
+  issue_type = issue['issue']['type']
+  issue_id = issue['issue']['id']
+  issue_url = issue['issue']['url']
+  issue_severity = issue['issue']['severity']
+  issue_version = issue['issue']['version']
+  issue_introducedDate = issue['introducedDate']
+# if the issue id from the snyk API is not in the list of issues we pulled from GH
+# add additional meta data to the issue, then create the issue
+# using Snyk's issue ID as it's a unique identifier
+# using Snyk's issue ID will prevent duplicated from being entered
+  if issue_id not in split_current_issues:
+    project_name = issue['project']['name'] 
+    project_url = issue['project']['url']
+    project_targetFile = issue['project']['targetFile']
+    new_issues = new_issues + 1
+
+    repo.create_issue(title=issue_title + " | Snyk ID - " + issue_id, body=("Title: " + issue_title) + "\n" 
+                                                                      + ("  Snyk ID: " + issue_id) + "\n"
+                                                                      + ("  URL: " + issue_url) + "\n"
+                                                                      + ("  Severity: " + issue_severity) + "\n"
+                                                                      + ("  Version: " + issue_version) + "\n"
+                                                                      + ("  Introduced Date: " + issue_introducedDate) + "\n"
+                                                                      + ("  Projects with Vulnerability: " + project_name) + "\n"
+                                                                      + ("  Project URL: " + project_url) + "\n"
+                                                                      + ("  Target File: " + project_targetFile)
+                      )
+
+#this section closes github issues once the vulns have been fixed in Snyk:
+for issue_from_snyk in results_output['results']:
+  snyk_issue_title = issue_from_snyk['issue']['title']
+  snyk_issue_type = issue_from_snyk['issue']['type']
+  snyk_issue_id = issue_from_snyk['issue']['id']
+  current_snyk_issues.append(snyk_issue_title + " | Snyk ID - " + snyk_issue_id)
+
+for gh_open_issue in open_issues:
+  open_gh_issues.append(gh_open_issue.title)
+  if gh_open_issue.title not in current_snyk_issues:
+    print(gh_open_issue.title + " has been fixed in Snyk. The GitHub issue will be closed...")
+    gh_open_issue.edit(state='closed')
+
+if new_issues != 0:
+  if new_issues > 1:
+    print(f"{new_issues} new issues found!")
+    print(f"Added {new_issues} issues to GitHub Issues")
+  else:
+    print(f"{new_issues} new issue found!")
+    print(f"Added {new_issues} issue to GitHub Issues")
+else:
+  print("No new issues found since last scan.")

azure-pipelines.yml

@@ -0,0 +1,26 @@
+# Node.js
+# Build a general Node.js project with npm.
+# Add steps that analyze code, save build artifacts, deploy, and more:
+# https://docs.microsoft.com/azure/devops/pipelines/languages/javascript
+
+trigger:
+- master
+
+pool:
+  vmImage: ubuntu-latest
+
+steps:
+- task: NodeTool@0
+  inputs:
+    versionSpec: '10.x'
+  displayName: 'Install Node.js'
+
+- script: |
+    npm install
+    npm run build
+  displayName: 'npm install and build'
+
+- script: |
+    npm install -g snyk
+    snyk auth
+    snyk code test

ci_scripts_library/core/__init__.py

@@ -0,0 +1,2 @@
+from .super_snyk_client import SuperSnykClient
+from .github import GithubWithIssueMetadata