JS and JSM permission resolvers added, no method detection yet. JSM u…

…nit tests work but JS swagger is unparseable

crates/forge_analyzer/src/checkers.rs

@@ -1103,7 +1103,15 @@ impl<'cx> Dataflow<'cx> for PermissionDataflow {
                             first_arg_vec.iter().for_each(|first_arg| {
                                 let first_arg = first_arg.replace(&['\"'][..], "");
                                 second_arg_vec.iter().for_each(|second_arg| {
-                                    if intrinsic_func_type
+                                    if intrinsic_func_type == IntrinsicName::RequestJiraSoftware {
+                                        let permissions = check_url_for_permissions(
+                                            interp.jira_software_permission_resolver,
+                                            interp.jira_software_regex_map,
+                                            translate_request_type(Some(second_arg)),
+                                            &first_arg,
+                                        );
+                                        permissions_within_call.extend_from_slice(&permissions)
+                                    } else if intrinsic_func_type
                                         == IntrinsicName::RequestJiraServiceManagement
                                     {
                                         let permissions = check_url_for_permissions(
@@ -1146,7 +1154,15 @@ impl<'cx> Dataflow<'cx> for PermissionDataflow {
                         } else {
                             first_arg_vec.iter().for_each(|first_arg| {
                                 let first_arg = first_arg.replace(&['\"'][..], "");
-                                if intrinsic_func_type
+                                if intrinsic_func_type == IntrinsicName::RequestJiraSoftware {
+                                    let permissions = check_url_for_permissions(
+                                        interp.jira_software_permission_resolver,
+                                        interp.jira_software_regex_map,
+                                        RequestType::Get,
+                                        &first_arg,
+                                    );
+                                    permissions_within_call.extend_from_slice(&permissions)
+                                } else if intrinsic_func_type
                                     == IntrinsicName::RequestJiraServiceManagement
                                 {
                                     let permissions = check_url_for_permissions(

crates/forge_analyzer/src/definitions.rs

@@ -617,6 +617,7 @@ enum LowerStage {
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub enum IntrinsicName {
+    RequestJiraSoftware,
     RequestJiraServiceManagement,
     RequestConfluence,
     RequestJira,

crates/forge_analyzer/src/interp.rs

@@ -390,11 +390,14 @@ pub struct Interp<'cx, C: Runner<'cx>> {
     pub callstack_arguments: Vec<Vec<Value>>,
     pub value_manager: ValueManager,
     pub permissions: Vec<String>,
+    pub jira_software_permission_resolver: &'cx PermissionHashMap,
     pub jira_service_management_permission_resolver: &'cx PermissionHashMap,
     pub jira_permission_resolver: &'cx PermissionHashMap,
     pub confluence_permission_resolver: &'cx PermissionHashMap,
     pub jira_service_management_regex_map: &'cx HashMap<String, Regex>,
     pub bitbucket_permission_resolver: &'cx PermissionHashMap,
+    pub jira_software_regex_map: &'cx HashMap<String, Regex>,
+    pub jira_service_management_regex_map: &'cx HashMap<String, Regex>,
     pub jira_regex_map: &'cx HashMap<String, Regex>,
     pub confluence_regex_map: &'cx HashMap<String, Regex>,
     pub bitbucket_regex_map: &'cx HashMap<String, Regex>,
@@ -510,6 +513,8 @@ impl<'cx, C: Runner<'cx>> Interp<'cx, C> {
         call_all: bool,
         call_uncalled: bool,
         permissions: Vec<String>,
+        jira_software_permission_resolver: &'cx PermissionHashMap,
+        jira_software_regex_map: &'cx HashMap<String, Regex>,
         jira_service_management_permission_resolver: &'cx PermissionHashMap,
         jira_service_management_regex_map: &'cx HashMap<String, Regex>,
         jira_permission_resolver: &'cx PermissionHashMap,
@@ -544,11 +549,14 @@ impl<'cx, C: Runner<'cx>> Interp<'cx, C> {
                 expecting_value: VecDeque::default(),
             },
             permissions,
+            jira_software_permission_resolver,
             jira_service_management_permission_resolver,
             jira_permission_resolver,
             confluence_permission_resolver,
             jira_service_management_regex_map,
             bitbucket_permission_resolver,
+            jira_software_regex_map,
+            jira_service_management_regex_map,
             jira_regex_map,
             confluence_regex_map,
             bitbucket_regex_map,

crates/forge_permission_resolver/src/permissions_resolver.rs

@@ -85,6 +85,11 @@ pub fn check_url_for_permissions(
     vec![]
 }
 
+pub fn get_permission_resolver_jira_software() -> (PermissionHashMap, HashMap<String, Regex>) {
+    let jira_software_url = "https://developer.atlassian.com/cloud/jira/software/swagger.v3.json";
+    get_permission_resolver(jira_software_url)
+}
+
 pub fn get_permission_resolver_jira_service_management(
 ) -> (PermissionHashMap, HashMap<String, Regex>) {
     let jira_service_management_url =
@@ -362,4 +367,43 @@ mod test {
             "Should require admin:repository:bitbucket permission"
         );
     }
+
+    #[test]
+    fn test_get_organization() {
+        let (permission_map, regex_map) = get_permission_resolver_jira_service_management();
+        let url = "/rest/servicedeskapi/organization";
+        let request_type = RequestType::Get;
+        let result = check_url_for_permissions(&permission_map, &regex_map, request_type, url);
+
+        println!("Permission Map: {:?}", permission_map);
+        println!("Regex Map: {:?}", regex_map);
+
+        assert!(!result.is_empty(), "Should have parsed permissions");
+        assert!(
+            result.contains(&String::from("manage:servicedesk-customer")),
+            "Should require manage:servicedesk-customer permission"
+        );
+    }
+
+    // TODO: this fails right now as the Jira Software swagger does not have the "x-atlassian-oauth2-scopes" in it that we parse for with serde
+    // #[test]
+    // fn test_get_issues_for_epic() {
+    //     let (permission_map, regex_map) = get_permission_resolver_jira_software();
+    //     let url = "/rest/agile/1.0/sprint/23";
+    //     let request_type = RequestType::Get;
+    //     let result = check_url_for_permissions(&permission_map, &regex_map, request_type, url);
+
+    //     println!("Permission Map: {:?}", permission_map); // TODO: this does not give back any scopes?
+    //     println!("Regex Map: {:?}", regex_map);
+
+    //     assert!(!result.is_empty(), "Should have parsed permissions");
+
+    //     // let expected_permission: Vec<String> = vec![
+    //     //     String::from("read:epic:jira-software"),
+    //     //     String::from("read:issue-details:jira"),
+    //     //     String::from("read:jql:jira"),
+    //     // ];
+
+    //     // assert_eq!(result, expected_permission);
+    // }
 }

crates/fsrt/src/main.rs

@@ -7,7 +7,8 @@ mod test;
 use clap::{Parser, ValueHint};
 use forge_permission_resolver::permissions_resolver::{
     get_permission_resolver_bitbucket, get_permission_resolver_confluence,
-    get_permission_resolver_jira, get_permission_resolver_jira_service_management,
+    get_permission_resolver_jira,
+    get_permission_resolver_jira_service_management, get_permission_resolver_jira_software,
 };
 
 use std::{
@@ -275,6 +276,8 @@ pub(crate) fn scan_directory<'a>(
 
     let permissions = permissions_declared.into_iter().collect::<Vec<_>>();
 
+    let (jira_software_permission_resolver, jira_software_regex_map) =
+        get_permission_resolver_jira_software();
     let (jira_service_management_permission_resolver, jira_service_management_regex_map) =
         get_permission_resolver_jira_service_management();
     let (jira_permission_resolver, jira_regex_map) = get_permission_resolver_jira();
@@ -287,6 +290,8 @@ pub(crate) fn scan_directory<'a>(
         false,
         true,
         permissions.clone(),
+        &jira_software_permission_resolver,
+        &jira_software_regex_map,
         &jira_service_management_permission_resolver,
         &jira_service_management_regex_map,
         &jira_permission_resolver,
@@ -302,6 +307,8 @@ pub(crate) fn scan_directory<'a>(
         false,
         false,
         permissions.clone(),
+        &jira_software_permission_resolver,
+        &jira_software_regex_map,
         &jira_service_management_permission_resolver,
         &jira_service_management_regex_map,
         &jira_permission_resolver,
@@ -316,6 +323,8 @@ pub(crate) fn scan_directory<'a>(
         false,
         false,
         permissions.clone(),
+        &jira_software_permission_resolver,
+        &jira_software_regex_map,
         &jira_service_management_permission_resolver,
         &jira_service_management_regex_map,
         &jira_permission_resolver,
@@ -332,6 +341,8 @@ pub(crate) fn scan_directory<'a>(
         false,
         false,
         permissions.clone(),
+        &jira_software_permission_resolver,
+        &jira_software_regex_map,
         &jira_service_management_permission_resolver,
         &jira_service_management_regex_map,
         &jira_permission_resolver,
@@ -348,6 +359,8 @@ pub(crate) fn scan_directory<'a>(
         false,
         true,
         permissions,
+        &jira_software_permission_resolver,
+        &jira_software_regex_map,
         &jira_service_management_permission_resolver,
         &jira_service_management_regex_map,
         &jira_permission_resolver,