-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Development #3
base: main
Are you sure you want to change the base?
Development #3
Conversation
Added the deleted files Data mapping from machine to device added few properties as per the discussion Changes done as per PR comments
Added the deleted files Data mapping from machine to device added few properties as per the discussion Changes done as per PR comments
Added the deleted files Data mapping from machine to device added few properties as per the discussion Changes done as per PR comments
Added the deleted files Data mapping from machine to device added few properties as per the discussion Changes done as per PR comments
Added the deleted files Data mapping from machine to device added few properties as per the discussion Changes done as per PR comments
const config: IntegrationConfig = { | ||
clientId: process.env.CLIENT_ID || 'a8626c1e-191d-4e8f-9cbc-a4a6e85104ac', | ||
clientSecret: | ||
process.env.CLIENT_SECRET || 'L3X8Q~BO57QkoAsXMSkevrmVR2qiNh.qKEuzucAt', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This appears to be a real secret and should not be included in source code.
It should be possible to use the test/config.ts
with LOAD_ENV
set to true, and your local .env
configured with this secret value. Note how test/config.ts
does this:
export const integrationConfig: IntegrationConfig = {
clientId: process.env.CLIENT_ID || DEFAULT_CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET || DEFAULT_CLIENT_SECRET,
tenant: process.env.TENANT || DEFAULT_TENANT,
};
Here is similar code: https://github.com/JupiterOne/graph-microsoft-365/blob/a2cceb9734bf9715ccbc87a53c0a5e1fbc8dc96f/src/ms-graph/__tests__/client.test.ts#L6
When we need new recordings, we:
- Delete existing recordings so that new recordings are made
- Ensure
.env
has valid credentials - Run
yarn test:env
In CI/CD, there should be no real request made thanks to the recordings, and therefore no need for the actual credentials.
if (process.env.FINDING_SEVERITY) { | ||
filters.push( | ||
'$filter=severity+eq+' + | ||
process.env.FINDING_SEVERITY?.split(',') | ||
.map((z) => "'" + z + "'") | ||
.join('+or+severity+eq+'), | ||
); | ||
} | ||
if (process.env.FINDIGS_LIMIT) { | ||
filters.push('$top=' + process.env.FINDIGS_LIMIT); | ||
} | ||
|
||
if (filters && filters.length) { | ||
filters = filters.join('&'); | ||
} | ||
|
||
const url = `${process.env.BASE_URL_API}/machines/${input.machineId}/vulnerabilities?${filters}`; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All env vars should be defined on the src/config.ts
instanceConfigFields
, and read from the instance.config
, not directly from process.env
. The reason for this is that the managed runtime environment will allow users of JupiterOne to configure properties that are defined in the instanceConfigFields
. The integration SDK will populate these values from the process.env
automatically. See https://github.com/JupiterOne/sdk/blob/main/docs/integrations/development.md#instanceconfigfields.
if (process.env.FINDIGS_LIMIT) { | ||
filters.push('$top=' + process.env.FINDIGS_LIMIT); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This has a typo and does not match the value in the .env.example
file.
src/steps/ms-defender/constants.ts
Outdated
import { entities as adEntities } from '../active-directory'; | ||
|
||
export const steps: Record<string, string> = { | ||
FETCH_MACHINE: 'Fetch machine', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These should be plural since they are processing a collection of resources.
FETCH_MACHINE: 'Fetch machine', | |
FETCH_MACHINES: 'Fetch machines', |
src/steps/ms-defender/constants.ts
Outdated
}, | ||
DEVICE: { | ||
resourceName: 'Device', | ||
_type: 'user_endPoint', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All places that are currently endPoint
should be endpoint
(not camelCase).
src/steps/ms-defender/user/index.ts
Outdated
>[] = [ | ||
{ | ||
id: steps.FETCH_USERS, | ||
name: 'Ms defender machine logged in Users', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
name: 'Ms defender machine logged in Users', | |
name: 'Fetch Machine Users', |
const config: IntegrationConfig = { | ||
clientId: 'a8626c1e-191d-4e8f-9cbc-a4a6e85104ac', | ||
clientSecret: 'L3X8Q~BO57QkoAsXMSkevrmVR2qiNh.qKEuzucAt', | ||
tenant: '5a721b05-53ed-4ed9-be02-aed28f11edbd', | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
More secret materials in git.
@@ -0,0 +1,3 @@ | |||
// Jest Snapshot v1, https://goo.gl/fbAQLP | |||
|
|||
exports[`fetchLogonUsers Should create an User entity correctly when log on User has the correct permissions: logOnUserEntitiesSuccessful 1`] = `Array []`; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another empty snapshot, suggesting the test is doing nothing.
const logOnUserEntities = context.jobState.collectedEntities; | ||
expect(logOnUserEntities.length).toBe(0); | ||
expect(logOnUserEntities).toMatchGraphObjectSchema({ | ||
_class: entities.USER._class, | ||
}); | ||
expect(logOnUserEntities).toMatchSnapshot('logOnUserEntitiesSuccessful'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With the combination of asserting there is nothing collected and an empty snapshot, I think this test is not working to prove the described outcome. I think this may be a similar situation with all the empty snapshots and related test code.
export function createUserEntity(data: UserLogon): Entity { | ||
return createIntegrationEntity({ | ||
entityData: { | ||
source: {}, // removed due to size |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another case where I wonder if this was really a problem. 🤔
…he 2nd PR comments
Description
Thank you for contributing to a JupiterOne integration!
Please include a summary of the change and which issue is fixed. Please also
include relevant motivation and context. List any dependencies that are required
for this change.
Summary
data mapping for meachine data
Relationship between account and machine is complete
vernability mapping according to the schema
userlogon api integration dependson machine Id
Changes for machine user mapping
Moved common params to env configuration file
Account to machine to device mapping changes. Hostagent mapping.
Completed machine to device/userEnpoint mapping
Added necessary comments to the newly written methods
Added all properties to the interface for future use
Type of change
Please leave any irrelevant options unchecked.
not work as expected)
Checklist
General Development Checklist:
Integration Development Checklist:
Please leave any irrelevant options unchecked.
endpoints, and have documented any additional permissions in
jupiterone.md
, where necessary.API
using
dependsOn
JupiterOne data model
to ensure that any new entities/relationships, and relevant properties,
match the recommended model for this class of data
CHANGELOG.md
file to describe my changesreviewed all existing managed questions referencing the entities,
relationships, and their property names, to ensure those questions still
function with my changes.