From a288f416f7f26b7b4eedb143595bdfabb7aedca8 Mon Sep 17 00:00:00 2001 From: Quim Date: Wed, 27 Feb 2019 18:06:16 +0100 Subject: [PATCH] added label *false positive* for reporting on jira --- vulnwhisp/reporting/jira_api.py | 9 +++++++-- vulnwhisp/reporting/resources/ticket.tpl | 2 ++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/vulnwhisp/reporting/jira_api.py b/vulnwhisp/reporting/jira_api.py index 4ed8e3b..a9dee8f 100644 --- a/vulnwhisp/reporting/jira_api.py +++ b/vulnwhisp/reporting/jira_api.py @@ -385,6 +385,9 @@ class JiraAPI(object): elif "server_decommission" in labels: self.logger.warn("Ticket {} server decommissioned, will be ignored".format(ticket_obj)) return True + elif "false_positive" in labels: + self.logger.warn("Ticket {} flagged false positive, will be ignored".format(ticket_obj)) + return True self.logger.info("Ticket {} risk has not been accepted".format(ticket_obj)) return False @@ -398,8 +401,10 @@ class JiraAPI(object): try: if self.is_ticket_reopenable(ticket_obj): comment = '''This ticket has been reopened due to the vulnerability not having been fixed (if multiple assets are affected, all need to be fixed; if the server is down, lastest known vulnerability might be the one reported). - In the case of the team accepting the risk and wanting to close the ticket, please add the label "*risk_accepted*" to the ticket before closing it. - If server has been decommissioned, please add the label "*server_decommission*" to the ticket before closing it. + - In the case of the team accepting the risk and wanting to close the ticket, please add the label "*risk_accepted*" to the ticket before closing it. + - If server has been decommissioned, please add the label "*server_decommission*" to the ticket before closing it. + - If when checking the vulnerability it looks like a false positive, _+please elaborate in a comment+_ and add the label "*false_positive*" before closing it; we will review it and report it to the vendor. + If you have further doubts, please contact the Security Team.''' error = self.jira.transition_issue(issue=ticketid, transition=self.JIRA_REOPEN_ISSUE, comment = comment) self.logger.info("Ticket {} reopened successfully".format(ticketid)) diff --git a/vulnwhisp/reporting/resources/ticket.tpl b/vulnwhisp/reporting/resources/ticket.tpl index 675a560..dc03b38 100644 --- a/vulnwhisp/reporting/resources/ticket.tpl +++ b/vulnwhisp/reporting/resources/ticket.tpl @@ -30,3 +30,5 @@ Please do not delete or modify the ticket assigned tags or title, as they are us In the case of the team accepting the risk and wanting to close the ticket, please add the label "*risk_accepted*" to the ticket before closing it. If server has been decommissioned, please add the label "*server_decommission*" to the ticket before closing it. + +If when checking the vulnerability it looks like a false positive, _+please elaborate in a comment+_ and add the label "*false_positive*" before closing it; we will review it and report it to the vendor.