From f33644b81440eb0ca56af53b0543ed4b4814fae8 Mon Sep 17 00:00:00 2001
From: Quim <qmontal@protonmail.com>
Date: Tue, 2 Apr 2019 11:58:44 +0200
Subject: [PATCH] fix reported tracking for jira

---
 bin/vuln_whisperer     |  2 ++
 vulnwhisp/vulnwhisp.py | 28 +++++++++++++++-------------
 2 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/bin/vuln_whisperer b/bin/vuln_whisperer
index f5273ef..187abbf 100644
--- a/bin/vuln_whisperer
+++ b/bin/vuln_whisperer
@@ -39,6 +39,8 @@ def main():
     # First setup logging
     logging.basicConfig(
         stream=sys.stdout,
+        #format only applies when not using -F flag for colouring
+        format='%(levelname)s:%(name)s:%(funcName)s:%(message)s',
         level=logging.DEBUG if args.debug else logging.INFO
     )
     logger = logging.getLogger()
diff --git a/vulnwhisp/vulnwhisp.py b/vulnwhisp/vulnwhisp.py
index ea1e8ed..8a5af1a 100755
--- a/vulnwhisp/vulnwhisp.py
+++ b/vulnwhisp/vulnwhisp.py
@@ -161,12 +161,13 @@ class vulnWhispererBase(object):
             self.logger.error("Failed to insert record in database. Error: {}".format(e))
             sys.exit(1)
 
-    def set_latest_scan_processed(self, filename):
+    def set_latest_scan_reported(self, filename):
         #the reason to use the filename instead of the source/scan_name is because the filename already belongs to
         #that latest scan, and we maintain integrity making sure that it is the exact scan we checked
         try:
-            self.cur.execute('UPDATE scan_history SET processed = 1 WHERE filename="{}";'.format(filename))
-            self.logger.debug('Scan {} marked as successfully processed.'.format(filename))
+            self.cur.execute('UPDATE scan_history SET reported = 1 WHERE filename="{}";'.format(filename))
+            self.conn.commit()
+            self.logger.info('Scan {} marked as successfully processed.'.format(filename))
             return True
         except Exception as e:
             self.logger.error('Failed while setting scan with file {} as processed'.format(filename))
@@ -210,13 +211,14 @@ class vulnWhispererBase(object):
             #TODO delete backward compatibility check after some versions
             last_column_table = self.cur.execute('PRAGMA table_info(scan_history)').fetchall()[-1][1]
             if results and last_column_table == self.table_columns[-1]:
-                processed = self.cur.execute('SELECT processed FROM scan_history WHERE filename="{}"'.format(results)).fetchall()[0][0]
-                if processed:
-                    self.logger.debug("Last downloaded scan from source {source} scan_name {scan_name} has already been processed".format(source=source, scan_name=scan_name))
+                reported = self.cur.execute('SELECT reported FROM scan_history WHERE filename="{}"'.format(results)).fetchall()
+                reported = reported[0][0]
+                if reported:
+                    self.logger.debug("Last downloaded scan from source {source} scan_name {scan_name} has already been reported".format(source=source, scan_name=scan_name))
 
         except Exception as e:
             self.logger.error("Error when getting latest results from {}.{} : {}".format(source, scan_name, e))
-        return results, processed
+        return results, reported
         
     def get_scan_profiles(self):
         # Returns a list of source.scan_name elements from the database
@@ -1013,7 +1015,7 @@ class vulnWhispererJIRA(vulnWhispererBase):
             sys.exit(0)
             
         #datafile path
-        filename, processed = self.get_latest_results(source, scan_name)
+        filename, reported = self.get_latest_results(source, scan_name)
         fullpath = ""
         
         # search data files under user specified directory
@@ -1021,8 +1023,8 @@ class vulnWhispererJIRA(vulnWhispererBase):
             if filename in filenames:
                 fullpath = "{}/{}".format(root,filename)
         
-        if processed:
-            self.logger.warn('Last Scan of "{scan_name}" for source "{source}" has already been processed; will be skipped.'.format(scan_name=scan_name, source=source))
+        if reported:
+            self.logger.warn('Last Scan of "{scan_name}" for source "{source}" has already been reported; will be skipped.'.format(scan_name=scan_name, source=source))
             return [False] * 5
 
         if not fullpath:
@@ -1185,7 +1187,7 @@ class vulnWhispererJIRA(vulnWhispererBase):
         project, components, fullpath, min_critical, dns_resolv = self.get_env_variables(source, scan_name)
 
         if not project:
-            self.logger.debug("Skipping scan for source '{source}' and scan '{scan_name}'".format(source=source, scan_name=scan_name))
+            self.logger.debug("Skipping scan for source '{source}' and scan '{scan_name}': vulnerabilities have already been reported.".format(source=source, scan_name=scan_name))
             return False
 
         vulnerabilities = []
@@ -1206,10 +1208,10 @@ class vulnWhispererJIRA(vulnWhispererBase):
             self.jira.sync(vulnerabilities, project, components)
         else:
             self.logger.info("[{source}.{scan_name}] No vulnerabilities or vulnerabilities not parsed.".format(source=source, scan_name=scan_name))
-            self.set_latest_scan_processed(fullpath.split("/")[-1])
+            self.set_latest_scan_reported(fullpath.split("/")[-1])
             return False
 
-        self.set_latest_scan_processed(fullpath.split("/")[-1])
+        self.set_latest_scan_reported(fullpath.split("/")[-1])
         return True
 
     def sync_all(self):