Skip to content

Commit

Permalink
JS and JSM permission resolvers added, no method detection yet. JSM u…
Browse files Browse the repository at this point in the history 
…nit tests work but JS swagger is unparseable
  • Loading branch information
@dxu2atlassian
dxu2atlassian committed Dec 16, 2024
1 parent 03e073e commit fdc9347
Show file tree
Hide file tree
Showing 5 changed files with 130 additions and 2 deletions.
42 changes: 40 additions & 2 deletions crates/forge_analyzer/src/checkers.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1103,7 +1103,27 @@ impl<'cx> Dataflow<'cx> for PermissionDataflow {
first_arg_vec.iter().for_each(|first_arg| {
let first_arg = first_arg.replace(&['\"'][..], "");
second_arg_vec.iter().for_each(|second_arg| {
if intrinsic_func_type == IntrinsicName::RequestConfluence {
if intrinsic_func_type == IntrinsicName::RequestJiraSoftware {
let permissions = check_url_for_permissions(
interp.jira_software_permission_resolver,
interp.jira_software_regex_map,
translate_request_type(Some(second_arg)),
&first_arg,
);
permissions_within_call.extend_from_slice(&permissions)
} else if intrinsic_func_type
== IntrinsicName::RequestJiraServiceManagement
{
let permissions = check_url_for_permissions(
interp.jira_service_management_permission_resolver,
interp.jira_service_management_regex_map,
translate_request_type(Some(second_arg)),
&first_arg,
);
permissions_within_call.extend_from_slice(&permissions)
} else if intrinsic_func_type
== IntrinsicName::RequestConfluence
{
let permissions = check_url_for_permissions(
interp.confluence_permission_resolver,
interp.confluence_regex_map,
Expand All @@ -1125,7 +1145,25 @@ impl<'cx> Dataflow<'cx> for PermissionDataflow {
} else {
first_arg_vec.iter().for_each(|first_arg| {
let first_arg = first_arg.replace(&['\"'][..], "");
if intrinsic_func_type == IntrinsicName::RequestConfluence {
if intrinsic_func_type == IntrinsicName::RequestJiraSoftware {
let permissions = check_url_for_permissions(
interp.jira_software_permission_resolver,
interp.jira_software_regex_map,
RequestType::Get,
&first_arg,
);
permissions_within_call.extend_from_slice(&permissions)
} else if intrinsic_func_type
== IntrinsicName::RequestJiraServiceManagement
{
let permissions = check_url_for_permissions(
interp.jira_service_management_permission_resolver,
interp.jira_service_management_regex_map,
RequestType::Get,
&first_arg,
);
permissions_within_call.extend_from_slice(&permissions)
} else if intrinsic_func_type == IntrinsicName::RequestConfluence {
let permissions = check_url_for_permissions(
interp.confluence_permission_resolver,
interp.confluence_regex_map,
Expand Down
2 changes: 2 additions & 0 deletions crates/forge_analyzer/src/definitions.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -617,6 +617,8 @@ enum LowerStage {

#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum IntrinsicName {
RequestJiraSoftware,
RequestJiraServiceManagement,
RequestConfluence,
RequestJira,
Other,
Expand Down
12 changes: 12 additions & 0 deletions crates/forge_analyzer/src/interp.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -390,8 +390,12 @@ pub struct Interp<'cx, C: Runner<'cx>> {
pub callstack_arguments: Vec<Vec<Value>>,
pub value_manager: ValueManager,
pub permissions: Vec<String>,
pub jira_software_permission_resolver: &'cx PermissionHashMap,
pub jira_service_management_permission_resolver: &'cx PermissionHashMap,
pub jira_permission_resolver: &'cx PermissionHashMap,
pub confluence_permission_resolver: &'cx PermissionHashMap,
pub jira_software_regex_map: &'cx HashMap<String, Regex>,
pub jira_service_management_regex_map: &'cx HashMap<String, Regex>,
pub jira_regex_map: &'cx HashMap<String, Regex>,
pub confluence_regex_map: &'cx HashMap<String, Regex>,
_checker: PhantomData<C>,
Expand Down Expand Up @@ -506,6 +510,10 @@ impl<'cx, C: Runner<'cx>> Interp<'cx, C> {
call_all: bool,
call_uncalled: bool,
permissions: Vec<String>,
jira_software_permission_resolver: &'cx PermissionHashMap,
jira_software_regex_map: &'cx HashMap<String, Regex>,
jira_service_management_permission_resolver: &'cx PermissionHashMap,
jira_service_management_regex_map: &'cx HashMap<String, Regex>,
jira_permission_resolver: &'cx PermissionHashMap,
jira_regex_map: &'cx HashMap<String, Regex>,
confluence_permission_resolver: &'cx PermissionHashMap,
Expand Down Expand Up @@ -536,8 +544,12 @@ impl<'cx, C: Runner<'cx>> Interp<'cx, C> {
expecting_value: VecDeque::default(),
},
permissions,
jira_software_permission_resolver,
jira_service_management_permission_resolver,
jira_permission_resolver,
confluence_permission_resolver,
jira_software_regex_map,
jira_service_management_regex_map,
jira_regex_map,
confluence_regex_map,
_checker: PhantomData,
Expand Down
51 changes: 51 additions & 0 deletions crates/forge_permission_resolver/src/permissions_resolver.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,18 @@ pub fn check_url_for_permissions(
vec![]
}

pub fn get_permission_resolver_jira_software() -> (PermissionHashMap, HashMap<String, Regex>) {
let jira_software_url = "https://developer.atlassian.com/cloud/jira/software/swagger.v3.json";
get_permission_resolver(jira_software_url)
}

pub fn get_permission_resolver_jira_service_management(
) -> (PermissionHashMap, HashMap<String, Regex>) {
let jira_service_management_url =
"https://developer.atlassian.com/cloud/jira/service-desk/swagger.v3.json";
get_permission_resolver(jira_service_management_url)
}

pub fn get_permission_resolver_jira() -> (PermissionHashMap, HashMap<String, Regex>) {
let jira_url = "https://developer.atlassian.com/cloud/jira/platform/swagger-v3.v3.json";
get_permission_resolver(jira_url)
Expand Down Expand Up @@ -265,4 +277,43 @@ mod test {

assert_eq!(result, expected_permission);
}

#[test]
fn test_get_organization() {
let (permission_map, regex_map) = get_permission_resolver_jira_service_management();
let url = "/rest/servicedeskapi/organization";
let request_type = RequestType::Get;
let result = check_url_for_permissions(&permission_map, &regex_map, request_type, url);

println!("Permission Map: {:?}", permission_map);
println!("Regex Map: {:?}", regex_map);

assert!(!result.is_empty(), "Should have parsed permissions");
assert!(
result.contains(&String::from("manage:servicedesk-customer")),
"Should require manage:servicedesk-customer permission"
);
}

// TODO: this fails right now as the Jira Software swagger does not have the "x-atlassian-oauth2-scopes" in it that we parse for with serde
// #[test]
// fn test_get_issues_for_epic() {
// let (permission_map, regex_map) = get_permission_resolver_jira_software();
// let url = "/rest/agile/1.0/sprint/23";
// let request_type = RequestType::Get;
// let result = check_url_for_permissions(&permission_map, &regex_map, request_type, url);

// println!("Permission Map: {:?}", permission_map); // TODO: this does not give back any scopes?
// println!("Regex Map: {:?}", regex_map);

// assert!(!result.is_empty(), "Should have parsed permissions");

// // let expected_permission: Vec<String> = vec![
// // String::from("read:epic:jira-software"),
// // String::from("read:issue-details:jira"),
// // String::from("read:jql:jira"),
// // ];

// // assert_eq!(result, expected_permission);
// }
}
25 changes: 25 additions & 0 deletions crates/fsrt/src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ mod test;
use clap::{Parser, ValueHint};
use forge_permission_resolver::permissions_resolver::{
get_permission_resolver_confluence, get_permission_resolver_jira,
get_permission_resolver_jira_service_management, get_permission_resolver_jira_software,
};

use std::{
Expand Down Expand Up @@ -274,6 +275,10 @@ pub(crate) fn scan_directory<'a>(

let permissions = permissions_declared.into_iter().collect::<Vec<_>>();

let (jira_software_permission_resolver, jira_software_regex_map) =
get_permission_resolver_jira_software();
let (jira_service_management_permission_resolver, jira_service_management_regex_map) =
get_permission_resolver_jira_service_management();
let (jira_permission_resolver, jira_regex_map) = get_permission_resolver_jira();
let (confluence_permission_resolver, confluence_regex_map) =
get_permission_resolver_confluence();
Expand All @@ -283,6 +288,10 @@ pub(crate) fn scan_directory<'a>(
false,
true,
permissions.clone(),
&jira_software_permission_resolver,
&jira_software_regex_map,
&jira_service_management_permission_resolver,
&jira_service_management_regex_map,
&jira_permission_resolver,
&jira_regex_map,
&confluence_permission_resolver,
Expand All @@ -294,6 +303,10 @@ pub(crate) fn scan_directory<'a>(
false,
false,
permissions.clone(),
&jira_software_permission_resolver,
&jira_software_regex_map,
&jira_service_management_permission_resolver,
&jira_service_management_regex_map,
&jira_permission_resolver,
&jira_regex_map,
&confluence_permission_resolver,
Expand All @@ -304,6 +317,10 @@ pub(crate) fn scan_directory<'a>(
false,
false,
permissions.clone(),
&jira_software_permission_resolver,
&jira_software_regex_map,
&jira_service_management_permission_resolver,
&jira_service_management_regex_map,
&jira_permission_resolver,
&jira_regex_map,
&confluence_permission_resolver,
Expand All @@ -316,6 +333,10 @@ pub(crate) fn scan_directory<'a>(
false,
false,
permissions.clone(),
&jira_software_permission_resolver,
&jira_software_regex_map,
&jira_service_management_permission_resolver,
&jira_service_management_regex_map,
&jira_permission_resolver,
&jira_regex_map,
&confluence_permission_resolver,
Expand All @@ -328,6 +349,10 @@ pub(crate) fn scan_directory<'a>(
false,
true,
permissions,
&jira_software_permission_resolver,
&jira_software_regex_map,
&jira_service_management_permission_resolver,
&jira_service_management_regex_map,
&jira_permission_resolver,
&jira_regex_map,
&confluence_permission_resolver,
Expand Down

0 comments on commit fdc9347

Please sign in to comment.