Module: PWN::Plugins::JiraServer

Defined in:

lib/pwn/plugins/jira_server.rb

Overview

This plugin is used for interacting w/ on-prem Jira Server’s REST API using the ‘rest’ browser type of PWN::Plugins::TransparentBrowser. This is based on the following Jira API Specification: developer.atlassian.com/server/jira/platform/rest-apis/

Constant Summary

@@logger =

PWN::Plugins::PWNLogger.create

Class Method Summary

• .authors ⇒ Object

  Author(s)

  0day Inc.

• .create_issue(opts = {}) ⇒ Object

  Supported Method Parameters

  issue_resp = PWN::Plugins::JiraServer.create_issue( base_api_uri: ‘required - base URI for Jira (e.g. jira.corp.com/rest/api/latest)’, token: ‘required - personal access token’, project_key: ‘required - project key (e.g. PWN)’, summary: ‘required - summary of the issue (e.g. Epic for PWN-1337)’, issue_type: ‘required - issue type (e.g. :epic, :story, :bug)’, description: ‘optional - description of the issue’, epic_name: ‘optional - name of the epic’, additional_fields: ‘optional - additional fields to set in the issue (e.g. labels, components, custom fields, etc.)’ attachments: ‘optional - array of attachment paths to upload to the issue (e.g. [“/tmp/file1.txt”, “/tmp/file2.txt”])’, comment: ‘optional - comment to add to the issue (e.g. “This is a comment”)’ ).

• .delete_attachment(opts = {}) ⇒ Object

  Supported Method Parameters

  issue_resp = PWN::Plugins::JiraServer.delete_attachment( base_api_uri: ‘required - base URI for Jira (e.g. jira.corp.com/rest/api/latest)’, token: ‘required - personal access token’, id: ‘required - attachment ID to delete (e.g. 10000) found in #get_issue method’ ).

• .delete_issue(opts = {}) ⇒ Object

  Supported Method Parameters

  issue_resp = PWN::Plugins::JiraServer.delete_issue( base_api_uri: ‘required - base URI for Jira (e.g. jira.corp.com/rest/api/latest)’, token: ‘required - personal access token’, issue: ‘required - issue to delete (e.g. Bug, Issue, Story, or Epic ID)’ ).

• .get_all_fields(opts = {}) ⇒ Object

  Supported Method Parameters

  all_fields = PWN::Plugins::JiraServer.get_all_fields( base_api_uri: ‘required - base URI for Jira (e.g. jira.corp.com/rest/api/latest)’, token: ‘required - personal access token’ ).

• .get_issue(opts = {}) ⇒ Object

  Supported Method Parameters

  issue_resp = PWN::Plugins::JiraServer.get_issue( base_api_uri: ‘required - base URI for Jira (e.g. jira.corp.com/rest/api/latest)’, token: ‘required - personal access token’, issue: ‘required - issue to lookup (e.g. Bug, Issue, Story, or Epic ID)’, params: ‘optional - additional parameters to pass in the URI (e.g. fields, expand, etc.)’ ).

• .get_user(opts = {}) ⇒ Object

  Supported Method Parameters

  user = PWN::Plugins::JiraServer.get_user( base_api_uri: ‘required - base URI for Jira (e.g. jira.corp.com/rest/api/latest)’, token: ‘required - personal access token’, username: ‘required - username to lookup (e.g. jane.doe)’, params: ‘optional - additional parameters to pass in the URI (e.g. expand, etc.)’ ).

• .help ⇒ Object

  Display Usage for this Module.

• .issue_comment(opts = {}) ⇒ Object

  Supported Method Parameters

  issue_resp = PWN::Plugins::JiraServer.issue_comment( base_api_uri: ‘required - base URI for Jira (e.g. jira.corp.com/rest/api/latest)’, token: ‘required - personal access token’, issue: ‘required - issue to delete (e.g. Bug, Issue, Story, or Epic ID)’, comment_action: ‘required - action to perform on the issue comment (e.g. :delete, :add, :update - Defaults to :add)’, comment_id: ‘optional - comment ID to delete or update (e.g. 10000)’, author: ‘optional - author of the comment (e.g. “jane.doe”)’, comment: ‘optional - comment to add or update in the issue (e.g. “This is a comment”)’ ).

• .update_issue(opts = {}) ⇒ Object

  Supported Method Parameters

  issue_resp = PWN::Plugins::JiraServer.update_issue( base_api_uri: ‘required - base URI for Jira (e.g. jira.corp.com/rest/api/latest)’, token: ‘required - personal access token’, fields: ‘required - fields to update in the issue (e.g. summary, description, labels, components, custom fields, etc.)’, attachments: ‘optional - array of attachment paths to upload to the issue (e.g. [“/tmp/file1.txt”, “/tmp/file2.txt”])’, ).

Class Method Details

.authors ⇒ Object

Author(s)

0day Inc. <support@0dayinc.com>

# File 'lib/pwn/plugins/jira_server.rb', line 510

public_class_method def self.authors
  "AUTHOR(S):
    0day Inc. <support@0dayinc.com>
  "
end

.create_issue(opts = {}) ⇒ Object

Supported Method Parameters

issue_resp = PWN::Plugins::JiraServer.create_issue(

base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
token: 'required - personal access token',
project_key: 'required - project key (e.g. PWN)',
summary: 'required - summary of the issue (e.g. Epic for PWN-1337)',
issue_type: 'required - issue type (e.g. :epic, :story, :bug)',
description: 'optional - description of the issue',
epic_name: 'optional - name of the epic',
additional_fields: 'optional - additional fields to set in the issue (e.g. labels, components, custom fields, etc.)'
attachments: 'optional - array of attachment paths to upload to the issue (e.g. ["/tmp/file1.txt", "/tmp/file2.txt"])',
comment: 'optional - comment to add to the issue (e.g. "This is a comment")'

)

# File 'lib/pwn/plugins/jira_server.rb', line 231

public_class_method def self.create_issue(opts = {})
  base_api_uri = opts[:base_api_uri]

  token = opts[:token]
  token ||= PWN::Plugins::AuthenticationHelper.mask_password(
    prompt: 'Personal Access Token'
  )
  project_key = opts[:project_key]
  raise 'ERROR: project_key cannot be nil.' if project_key.nil?

  summary = opts[:summary]
  raise 'ERROR: summary cannot be nil.' if summary.nil?

  issue_type = opts[:issue_type]
  raise 'ERROR: issue_type values must be one of :epic, :story, or :bug.' unless %i[epic story bug].include?(issue_type)

  description = opts[:description].to_s.scrub

  additional_fields = opts[:additional_fields] ||= { fields: {} }
  raise 'ERROR: additional_fields Hash must contain a :fields key that is also a Hash.' unless additional_fields.is_a?(Hash) && additional_fields.key?(:fields) && additional_fields[:fields].is_a?(Hash)

  attachments = opts[:attachments] ||= []
  raise 'ERROR: attachments must be an Array.' unless attachments.is_a?(Array)

  comment = opts[:comment]

  all_fields = get_all_fields(base_api_uri: base_api_uri, token: token)
  epic_name_field_key = all_fields.find { |field| field[:name] == 'Epic Name' }[:id]

  epic_name = opts[:epic_name]

  http_body = {
    fields: {
      project: {
        key: project_key
      },
      summary: summary,
      issuetype: {
        name: issue_type.to_s.capitalize
      },
      "#{epic_name_field_key}": epic_name,
      description: description
    }
  }

  http_body[:fields].merge!(additional_fields[:fields])

  issue_resp = rest_call(
    http_method: :post,
    base_api_uri: base_api_uri,
    token: token,
    rest_call: 'issue',
    http_body: http_body
  )
  issue = issue_resp[:key]

  if attachments.any?
    attachments.each do |attachment|
      raise "ERROR: #{attachment} not found." unless File.exist?(attachment)

      http_body = {
        multipart: true,
        file: File.new(attachment, 'rb')
      }

      rest_call(
        http_method: :post,
        base_api_uri: base_api_uri,
        token: token,
        rest_call: "issue/#{issue}/attachments",
        http_body: http_body
      )
    end
  end

  if comment
    issue_comment(
      base_api_uri: base_api_uri,
      token: token,
      issue: issue,
      comment_action: :add,
      comment: comment
    )
  end

  get_issue(
    base_api_uri: base_api_uri,
    token: token,
    issue: issue
  )
rescue StandardError => e
  raise e
end

.delete_attachment(opts = {}) ⇒ Object

Supported Method Parameters

issue_resp = PWN::Plugins::JiraServer.delete_attachment(

base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
token: 'required - personal access token',
id: 'required - attachment ID to delete (e.g. 10000) found in #get_issue method'

)

# File 'lib/pwn/plugins/jira_server.rb', line 487

public_class_method def self.delete_attachment(opts = {})
  base_api_uri = opts[:base_api_uri]

  token = opts[:token]
  token ||= PWN::Plugins::AuthenticationHelper.mask_password(
    prompt: 'Personal Access Token'
  )

  id = opts[:id]
  raise 'ERROR: attachment_id cannot be nil.' if id.nil?

  rest_call(
    http_method: :delete,
    base_api_uri: base_api_uri,
    token: token,
    rest_call: "attachment/#{id}"
  )
rescue StandardError => e
  raise e
end

.delete_issue(opts = {}) ⇒ Object

Supported Method Parameters

issue_resp = PWN::Plugins::JiraServer.delete_issue(

base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
token: 'required - personal access token',
issue: 'required - issue to delete (e.g. Bug, Issue, Story, or Epic ID)'

)

# File 'lib/pwn/plugins/jira_server.rb', line 459

public_class_method def self.delete_issue(opts = {})
  base_api_uri = opts[:base_api_uri]

  token = opts[:token]
  token ||= PWN::Plugins::AuthenticationHelper.mask_password(
    prompt: 'Personal Access Token'
  )

  issue = opts[:issue]
  raise 'ERROR: issue cannot be nil.' if issue.nil?

  rest_call(
    http_method: :delete,
    base_api_uri: base_api_uri,
    token: token,
    rest_call: "issue/#{issue}"
  )
rescue StandardError => e
  raise e
end

.get_all_fields(opts = {}) ⇒ Object

Supported Method Parameters

all_fields = PWN::Plugins::JiraServer.get_all_fields(

base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
token: 'required - personal access token'

)

# File 'lib/pwn/plugins/jira_server.rb', line 135

public_class_method def self.get_all_fields(opts = {})
  base_api_uri = opts[:base_api_uri]

  token = opts[:token]
  token ||= PWN::Plugins::AuthenticationHelper.mask_password(
    prompt: 'Personal Access Token'
  )

  rest_call(
    base_api_uri: base_api_uri,
    token: token,
    rest_call: 'field'
  )
rescue StandardError => e
  raise e
end

.get_issue(opts = {}) ⇒ Object

Supported Method Parameters

issue_resp = PWN::Plugins::JiraServer.get_issue(

base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
token: 'required - personal access token',
issue: 'required - issue to lookup (e.g. Bug, Issue, Story, or Epic ID)',
params: 'optional - additional parameters to pass in the URI (e.g. fields, expand, etc.)'

)

# File 'lib/pwn/plugins/jira_server.rb', line 194

public_class_method def self.get_issue(opts = {})
  base_api_uri = opts[:base_api_uri]

  token = opts[:token]
  token ||= PWN::Plugins::AuthenticationHelper.mask_password(
    prompt: 'Personal Access Token'
  )

  issue = opts[:issue]
  params = opts[:params]

  raise 'ERROR: issue cannot be nil.' if issue.nil?

  rest_call(
    base_api_uri: base_api_uri,
    token: token,
    rest_call: "issue/#{issue}",
    params: params
  )
rescue StandardError => e
  raise e
end

.get_user(opts = {}) ⇒ Object

Supported Method Parameters

user = PWN::Plugins::JiraServer.get_user(

base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
token: 'required - personal access token',
username: 'required - username to lookup (e.g. jane.doe)',
params: 'optional - additional parameters to pass in the URI (e.g. expand, etc.)'

)

# File 'lib/pwn/plugins/jira_server.rb', line 160

public_class_method def self.get_user(opts = {})
  base_api_uri = opts[:base_api_uri]

  token = opts[:token]
  token ||= PWN::Plugins::AuthenticationHelper.mask_password(
    prompt: 'Personal Access Token'
  )

  username = opts[:username]
  raise 'ERROR: username cannot be nil.' if username.nil?

  params = { key: username }
  additional_params = opts[:params]

  params.merge!(additional_params) if additional_params.is_a?(Hash)

  rest_call(
    base_api_uri: base_api_uri,
    token: token,
    rest_call: 'user',
    params: params
  )
rescue StandardError => e
  raise e
end

.help ⇒ Object

Display Usage for this Module

# File 'lib/pwn/plugins/jira_server.rb', line 518

public_class_method def self.help
  puts "USAGE:
    all_fields = #{self}.get_all_fields(
      base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
      token: 'required - personal access token'
    )

    user = #{self}.get_user(
      base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
      token: 'required - personal access token',
      username: 'required - username to lookup (e.g. jane.doe')',
      params: 'optional - additional parameters to pass in the URI (e.g. expand, etc.)'
    )

    issue_resp = #{self}.get_issue(
      base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
      token: 'required - personal access token',
      issue: 'required - issue to lookup (e.g. Bug, Issue, Story, or Epic ID)',
      params: 'optional - additional parameters to pass in the URI'
    )

    issue_resp = #{self}.create_issue(
      base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
      token: 'required - personal access token',
      project_key: 'required - project key (e.g. PWN)',
      summary: 'required - summary of the issue (e.g. Epic for PWN-1337)',
      issue_type: 'required - issue type (e.g. :epic, :story, :bug)',
      description: 'optional - description of the issue',
      epic_name: 'optional - name of the epic',
      additional_fields: 'optional - additional fields to set in the issue (e.g. labels, components, custom fields, etc.)',
      attachments: 'optional - array of attachment paths to upload to the issue (e.g. [\"/tmp/file1.txt\", \"/tmp/file2.txt\"])',
      comment: 'optional - comment to add to the issue (e.g. \"This is a comment\")'
    )

    issue_resp = #{self}.update_issue(
      base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
      token: 'required - personal access token',
      issue: 'required - issue to update (e.g. Bug, Issue, Story, or Epic ID)',
      fields: 'required - fields to update in the issue (e.g. summary, description, labels, components, custom fields, etc.)',
      attachments: 'optional - array of attachment paths to upload to the issue (e.g. [\"/tmp/file1.txt\", \"/tmp/file2.txt\"])'
    )

    issue_resp = #{self}.issue_comment(
      base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
      token: 'required - personal access token',
      issue: 'required - issue to comment on (e.g. Bug, Issue, Story, or Epic ID)',
      comment_action: 'required - action to perform on the issue comment (e.g. :delete, :add, :update - Defaults to :add)',
      comment_id: 'optional - comment ID to delete or update (e.g. 10000)',
      author: 'optional - author of the comment (e.g. \"jane.doe\")',
      comment: 'optional - comment to add or update in the issue (e.g. \"This is a comment\")'
    )

    issue_resp = #{self}.delete_issue(
      base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
      token: 'required - personal access token',
      issue: 'required - issue to delete (e.g. Bug, Issue, Story, or Epic ID)'
    )

    issue_resp = #{self}.delete_attachment(
      base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
      token: 'required - personal access token',
      id: 'required - attachment ID to delete (e.g. 10000) found in #get_issue method'
    )

    **********************************************************************
    * For more information on the Jira Server REST API, see:
    * https://developer.atlassian.com/server/jira/platform/rest-apis/

    #{self}.authors
  "
end

.issue_comment(opts = {}) ⇒ Object

Supported Method Parameters

issue_resp = PWN::Plugins::JiraServer.issue_comment(

base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
token: 'required - personal access token',
issue: 'required - issue to delete (e.g. Bug, Issue, Story, or Epic ID)',
comment_action: 'required - action to perform on the issue comment (e.g. :delete, :add, :update - Defaults to :add)',
comment_id: 'optional - comment ID to delete or update (e.g. 10000)',
author: 'optional - author of the comment (e.g. "jane.doe")',
comment: 'optional - comment to add or update in the issue (e.g. "This is a comment")'

)

# File 'lib/pwn/plugins/jira_server.rb', line 398

public_class_method def self.issue_comment(opts = {})
  base_api_uri = opts[:base_api_uri]

  token = opts[:token]
  token ||= PWN::Plugins::AuthenticationHelper.mask_password(
    prompt: 'Personal Access Token'
  )

  issue = opts[:issue]
  raise 'ERROR: issue cannot be nil.' if issue.nil?

  comment_action = opts[:comment_action] ||= :add
  raise 'ERROR: comment_action must be one of :delete, :add, or :update.' unless %i[delete add update].include?(comment_action)

  comment_id = opts[:comment_id]
  raise 'ERROR: comment_id cannot be nil when comment_action is :delete or :update.' unless %i[delete update].include?(comment_action) || comment_id.nil?

  author = opts[:author]
  comment = opts[:comment].to_s.scrub

  case comment_action
  when :add
    http_method = :post
    rest_call = "issue/#{issue}/comment"
    http_body = { body: comment }
    http_body[:author] = { key: author } if author
  when :delete
    http_method = :delete
    rest_call = "issue/#{issue}/comment/#{comment_id}"
    http_body = nil
  when :update
    http_method = :put
    rest_call = "issue/#{issue}/comment/#{comment_id}"
    http_body = { body: comment }
    http_body[:author] = { key: author } if author
  end

  rest_call(
    http_method: http_method,
    base_api_uri: base_api_uri,
    token: token,
    rest_call: rest_call,
    http_body: http_body
  )

  get_issue(
    base_api_uri: base_api_uri,
    token: token,
    issue: issue
  )
rescue StandardError => e
  raise e
end

.update_issue(opts = {}) ⇒ Object

Supported Method Parameters

issue_resp = PWN::Plugins::JiraServer.update_issue(

base_api_uri: 'required - base URI for Jira (e.g. https:/jira.corp.com/rest/api/latest)',
token: 'required - personal access token',
fields: 'required - fields to update in the issue (e.g. summary, description, labels, components, custom fields, etc.)',
attachments: 'optional - array of attachment paths to upload to the issue (e.g. ["/tmp/file1.txt", "/tmp/file2.txt"])',

)

# File 'lib/pwn/plugins/jira_server.rb', line 333

public_class_method def self.update_issue(opts = {})
  base_api_uri = opts[:base_api_uri]

  token = opts[:token]
  token ||= PWN::Plugins::AuthenticationHelper.mask_password(
    prompt: 'Personal Access Token'
  )
  issue = opts[:issue]
  raise 'ERROR: project_key cannot be nil.' if issue.nil?

  fields = opts[:fields] ||= { fields: {} }
  raise 'ERROR: fields Hash must contain a :fields key that is also a Hash.' unless fields.is_a?(Hash) && fields.key?(:fields) && fields[:fields].is_a?(Hash)

  attachments = opts[:attachments] ||= []
  raise 'ERROR: attachments must be an Array.' unless attachments.is_a?(Array)

  http_body = fields

  rest_call(
    http_method: :put,
    base_api_uri: base_api_uri,
    token: token,
    rest_call: "issue/#{issue}",
    http_body: http_body
  )

  if attachments.any?
    attachments.each do |attachment|
      raise "ERROR: #{attachment} not found." unless File.exist?(attachment)

      http_body = {
        multipart: true,
        file: File.new(attachment, 'rb')
      }

      rest_call(
        http_method: :post,
        base_api_uri: base_api_uri,
        token: token,
        rest_call: "issue/#{issue}/attachments",
        http_body: http_body
      )
    end
  end

  get_issue(
    base_api_uri: base_api_uri,
    token: token,
    issue: issue
  )
rescue StandardError => e
  raise e
end