hmcts · peterpilgrim · Mar 8, 2024 · Mar 7, 2024 · Mar 7, 2024
diff --git a/src/main/query/jira.issue.ts b/src/main/query/jira.issue.ts
@@ -1,49 +1,53 @@
-import JiraApi from 'jira-client';
-import { config } from '../config';
+// import JiraApi from 'jira-client';
+// import { config } from '../config';
 
-// Initialize
-const jira = new JiraApi({
-  protocol: 'https',
-  host: 'tools.hmcts.net',
-  apiVersion: '2',
-  strictSSL: true,
-  base: '/jira',
-  bearer: config.jiraToken,
-});
+// // Initialize
+// const jira = new JiraApi({
+//   protocol: 'https',
+//   host: 'tools.hmcts.net',
+//   apiVersion: '2',
+//   strictSSL: true,
+//   base: '/jira',
+//   bearer: config.jiraToken,
+// });
 
 export const run = async () => {
-  const issues = await getIssues();
-  const uniqueIssues = issues.reduce((acc, issue) => {
-    acc[issue.key] = issue;
-    return acc;
-  }, {} as Record<string, JiraApi.IssueObject>);
-
-  return Object.values(uniqueIssues).map(issue => ({
-    id: issue.key,
-    project_id: issue.fields.project.key,
-    title: issue.fields.project.key !== 'SNI' ? issue.fields.summary : '',
-    type: issue.fields.issuetype.name,
-    description: issue.fields.project.key !== 'SNI' ? issue.fields.description : '',
-    labels: issue.fields.labels.map((l: string) => l.toLowerCase()).join(','),
-    status: issue.fields.status.name,
-    status_category: issue.fields.status.statusCategory.name,
-    creator: issue.fields.creator.name,
-    assignee: issue.fields.assignee?.name,
-    created_at: issue.fields.created,
-    updated_at: issue.fields.updated,
-    resolved_at: issue.fields.resolutiondate,
-    priority: issue.fields.priority?.name,
-    incident_programme: issue.fields.customfield_21610?.value,
-    incident_project: issue.fields.customfield_21610?.child?.value,
-  }));
+  return [];
 };
 
-const getIssues = async (startAt = 0): Promise<JiraApi.IssueObject[]> => {
-  const results = await jira.searchJira(`updated >= -30m`, { startAt });
-
-  if (results.startAt + results.maxResults < results.total) {
-    return [...results.issues, ...(await getIssues(startAt + results.maxResults))];
-  } else {
-    return results.issues;
-  }
-};
+// export const run = async () => {
+//   const issues = await getIssues();
+//   const uniqueIssues = issues.reduce((acc, issue) => {
+//     acc[issue.key] = issue;
+//     return acc;
+//   }, {} as Record<string, JiraApi.IssueObject>);
+//
+//   return Object.values(uniqueIssues).map(issue => ({
+//     id: issue.key,
+//     project_id: issue.fields.project.key,
+//     title: issue.fields.project.key !== 'SNI' ? issue.fields.summary : '',
+//     type: issue.fields.issuetype.name,
+//     description: issue.fields.project.key !== 'SNI' ? issue.fields.description : '',
+//     labels: issue.fields.labels.map((l: string) => l.toLowerCase()).join(','),
+//     status: issue.fields.status.name,
+//     status_category: issue.fields.status.statusCategory.name,
+//     creator: issue.fields.creator.name,
+//     assignee: issue.fields.assignee?.name,
+//     created_at: issue.fields.created,
+//     updated_at: issue.fields.updated,
+//     resolved_at: issue.fields.resolutiondate,
+//     priority: issue.fields.priority?.name,
+//     incident_programme: issue.fields.customfield_21610?.value,
+//     incident_project: issue.fields.customfield_21610?.child?.value,
+//   }));
+// };
+//
+// const getIssues = async (startAt = 0): Promise<JiraApi.IssueObject[]> => {
+//   const results = await jira.searchJira(`updated >= -30m`, { startAt });
+//
+//   if (results.startAt + results.maxResults < results.total) {
+//     return [...results.issues, ...(await getIssues(startAt + results.maxResults))];
+//   } else {
+//     return results.issues;
+//   }
+// };
diff --git a/src/main/query/jira.project.ts b/src/main/query/jira.project.ts
@@ -1,20 +1,25 @@
-import JiraApi from 'jira-client';
-import { config } from '../config';
-
-const jira = new JiraApi({
-  protocol: 'https',
-  host: 'tools.hmcts.net',
-  apiVersion: '2',
-  strictSSL: true,
-  base: '/jira',
-  bearer: config.jiraToken,
-});
+// import JiraApi from 'jira-client';
+// import { config } from '../config';
+//
+// const jira = new JiraApi({
+//   protocol: 'https',
+//   host: 'tools.hmcts.net',
+//   apiVersion: '2',
+//   strictSSL: true,
+//   base: '/jira',
+//   bearer: config.jiraToken,
+// });
+//
+//
+// export const run = async () => {
+//   const projects = await jira.listProjects();
+//
+//   return projects.flat().map(project => ({
+//     id: project.key,
+//     name: project.name,
+//   }));
+// };
 
 export const run = async () => {
-  const projects = await jira.listProjects();
-
-  return projects.flat().map(project => ({
-    id: project.key,
-    name: project.name,
-  }));
+  return [];
 };
diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues
@@ -1,117 +1 @@
-{
-    "actions":
-    [],
-    "advisories":
-    {
-        "1095102":
-        {
-            "findings":
-            [
-                {
-                    "version": "2.5.0",
-                    "paths":
-                    [
-                        "tough-cookie",
-                        "jira-client>postman-request>tough-cookie"
-                    ]
-                }
-            ],
-            "metadata": null,
-            "vulnerable_versions": "<4.1.3",
-            "module_name": "tough-cookie",
-            "severity": "moderate",
-            "github_advisory_id": "GHSA-72xf-g2v4-qvf3",
-            "cves":
-            [
-                "CVE-2023-26136"
-            ],
-            "access": "public",
-            "patched_versions": ">=4.1.3",
-            "cvss":
-            {
-                "score": 6.5,
-                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
-            },
-            "updated": "2023-11-29T22:32:01.000Z",
-            "recommendation": "Upgrade to version 4.1.3 or later",
-            "cwe":
-            [
-                "CWE-1321"
-            ],
-            "found_by": null,
-            "deleted": null,
-            "id": 1095102,
-            "references": "- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
-            "created": "2023-07-01T06:30:16.000Z",
-            "reported_by": null,
-            "title": "tough-cookie Prototype Pollution vulnerability",
-            "npm_advisory_id": null,
-            "overview": "Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.",
-            "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3"
-        },
-        "1096571":
-        {
-            "findings":
-            [
-                {
-                    "version": "2.0.0",
-                    "paths":
-                    [
-                        "ip",
-                        "db-migrate>tunnel-ssh>ssh2>nan>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip",
-                        "db-migrate>tunnel-ssh>ssh2>cpu-features>nan>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip"
-                    ]
-                }
-            ],
-            "metadata": null,
-            "vulnerable_versions": "=2.0.0",
-            "module_name": "ip",
-            "severity": "moderate",
-            "github_advisory_id": "GHSA-78xj-cgh5-2h22",
-            "cves":
-            [
-                "CVE-2023-42282"
-            ],
-            "access": "public",
-            "patched_versions": ">=2.0.1",
-            "cvss":
-            {
-                "score": 0,
-                "vectorString": null
-            },
-            "updated": "2024-02-20T18:30:41.000Z",
-            "recommendation": "Upgrade to version 2.0.1 or later",
-            "cwe":
-            [
-                "CWE-918"
-            ],
-            "found_by": null,
-            "deleted": null,
-            "id": 1096571,
-            "references": "- https://nvd.nist.gov/vuln/detail/CVE-2023-42282\n- https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html\n- https://github.com/JoshGlazebrook/socks/issues/93#issue-2128357447\n- https://github.com/github/advisory-database/pull/3504#issuecomment-1937179999\n- https://github.com/indutny/node-ip/pull/138\n- https://github.com/indutny/node-ip/commit/32f468f1245574785ec080705737a579be1223aa\n- https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894\n- https://github.com/advisories/GHSA-78xj-cgh5-2h22",
-            "created": "2024-02-08T18:30:39.000Z",
-            "reported_by": null,
-            "title": "NPM IP package incorrectly identifies some private IP addresses as public",
-            "npm_advisory_id": null,
-            "overview": "The `isPublic()` function in the NPM package `ip` doesn't correctly identify certain private IP addresses in uncommon formats such as `0x7F.1` as private. Instead, it reports them as public by returning `true`. This can lead to security issues such as Server-Side Request Forgery (SSRF) if `isPublic()` is used to protect sensitive code paths when passed user input. Versions 1.1.9 and 2.0.1 fix the issue.",
-            "url": "https://github.com/advisories/GHSA-78xj-cgh5-2h22"
-        }
-    },
-    "muted":
-    [],
-    "metadata":
-    {
-        "vulnerabilities":
-        {
-            "info": 0,
-            "low": 0,
-            "moderate": 5,
-            "high": 0,
-            "critical": 0
-        },
-        "dependencies": 324,
-        "devDependencies": 0,
-        "optionalDependencies": 0,
-        "totalDependencies": 324
-    }
-}
+{"actions":[],"advisories":{"1096571":{"findings":[{"version":"2.0.0","paths":["ip","db-migrate>tunnel-ssh>ssh2>nan>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","db-migrate>tunnel-ssh>ssh2>cpu-features>nan>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip"]}],"metadata":null,"vulnerable_versions":"=2.0.0","module_name":"ip","severity":"moderate","github_advisory_id":"GHSA-78xj-cgh5-2h22","cves":["CVE-2023-42282"],"access":"public","patched_versions":">=2.0.1","cvss":{"score":0,"vectorString":null},"updated":"2024-02-20T18:30:41.000Z","recommendation":"Upgrade to version 2.0.1 or later","cwe":["CWE-918"],"found_by":null,"deleted":null,"id":1096571,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-42282\n- https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html\n- https://github.com/JoshGlazebrook/socks/issues/93#issue-2128357447\n- https://github.com/github/advisory-database/pull/3504#issuecomment-1937179999\n- https://github.com/indutny/node-ip/pull/138\n- https://github.com/indutny/node-ip/commit/32f468f1245574785ec080705737a579be1223aa\n- https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894\n- https://github.com/advisories/GHSA-78xj-cgh5-2h22","created":"2024-02-08T18:30:39.000Z","reported_by":null,"title":"NPM IP package incorrectly identifies some private IP addresses as public","npm_advisory_id":null,"overview":"The `isPublic()` function in the NPM package `ip` doesn't correctly identify certain private IP addresses in uncommon formats such as `0x7F.1` as private. Instead, it reports them as public by returning `true`. This can lead to security issues such as Server-Side Request Forgery (SSRF) if `isPublic()` is used to protect sensitive code paths when passed user input. Versions 1.1.9 and 2.0.1 fix the issue.","url":"https://github.com/advisories/GHSA-78xj-cgh5-2h22"},"1096643":{"findings":[{"version":"2.5.0","paths":["tough-cookie","jira-client>postman-request>tough-cookie"]}],"metadata":null,"vulnerable_versions":"<4.1.3","module_name":"tough-cookie","severity":"moderate","github_advisory_id":"GHSA-72xf-g2v4-qvf3","cves":["CVE-2023-26136"],"access":"public","patched_versions":">=4.1.3","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"updated":"2024-03-07T05:09:24.000Z","recommendation":"Upgrade to version 4.1.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1096643,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3","created":"2023-07-01T06:30:16.000Z","reported_by":null,"title":"tough-cookie Prototype Pollution vulnerability","npm_advisory_id":null,"overview":"Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.","url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":0,"moderate":5,"high":0,"critical":0},"dependencies":324,"devDependencies":0,"optionalDependencies":0,"totalDependencies":324}}