Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wiz (new) #169

Open
wants to merge 49 commits into
base: dev
Choose a base branch
from
Open

wiz (new) #169

Show file tree
Hide file tree
Changes from 47 commits
Commits
Show all changes
49 commits
Select commit Hold shift + click to select a range
391018b
Wiz: initial version
vtalas Aug 28, 2024
1ab1ef4
update
vtalas Aug 28, 2024
b0215e7
update
vtalas Aug 29, 2024
e1d360b
update
vtalas Aug 29, 2024
825a6f8
update
vtalas Aug 29, 2024
e368fd0
wiz: UploadSecurityScan.js
vtalas Sep 2, 2024
a345ac8
update icon
vtalas Sep 2, 2024
4c27eb6
pagination
vtalas Sep 2, 2024
17ab642
update
vtalas Sep 4, 2024
a858301
update
vtalas Sep 11, 2024
e36c624
update
vtalas Sep 11, 2024
81bdae0
update
vtalas Sep 12, 2024
0f9b901
update
vtalas Sep 12, 2024
f3ba4da
update
vtalas Oct 21, 2024
859e6a4
wiz update
vtalas Nov 12, 2024
8859f06
update
vtalas Nov 20, 2024
09670e8
update
vtalas Nov 22, 2024
1a8feb4
update
vtalas Dec 3, 2024
7ea0829
update
vtalas Dec 4, 2024
7f310cd
update
vtalas Dec 4, 2024
619e77b
update
vtalas Dec 4, 2024
53b7aea
update
vtalas Dec 6, 2024
eebe8be
update
vtalas Dec 12, 2024
13352fc
update
vtalas Dec 12, 2024
0810bc6
update typo
vtalas Dec 16, 2024
24831a2
update
vtalas Jan 8, 2025
8802809
update
vtalas Jan 9, 2025
ec16022
wiz
vtalas Jan 15, 2025
64f9bb7
update
vtalas Jan 28, 2025
ec5b984
base slack 250
vtalas Feb 25, 2025
f21a76c
update
vtalas Feb 26, 2025
1507934
update
vtalas Feb 28, 2025
00e0617
wiz - remove output type for findcloud
vtalas Mar 3, 2025
469cef1
wiz - remove output type for findcloud
vtalas Mar 3, 2025
98ac821
update
vtalas Mar 7, 2025
d4232a3
update
vtalas Mar 7, 2025
720c0f4
update
vtalas Mar 19, 2025
457962e
update
vtalas Mar 19, 2025
e2d9841
update
vtalas Mar 19, 2025
31a127c
update
vtalas Mar 19, 2025
0ca3aa2
update
vtalas Mar 19, 2025
c759a50
update
vtalas Mar 20, 2025
d77fb5c
update
vtalas Mar 20, 2025
813c254
update
vtalas Mar 20, 2025
9f36129
update
vtalas Mar 20, 2025
8f75dbe
update
vtalas Mar 24, 2025
f55ceb3
bump
vtalas Mar 24, 2025
97e1a06
refactor
vtalas Mar 26, 2025
5177dd7
update
vtalas Mar 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 59 additions & 0 deletions src/appmixer/wiz/auth.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
'use strict';

module.exports = {

type: 'pwd',

definition: {

auth: {
url: {
type: 'text',
name: 'Wiz Endpoint URL. For example: https://api.us18.app.wiz.io/graphql'
},
clientId: {
type: 'text',
name: 'Client ID'
},
clientSecret: {
type: 'text',
name: 'Client Secret'
}
},

accountNameFromProfileInfo: context => {

const name = context.clientId;
const threshold = 10;
if (name.length > threshold) {
return name.slice(0, 3) + '....' + name.slice(-3);
}
return name;
},
Comment on lines +24 to +32
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Consider validating the clientId before using it.

The accountNameFromProfileInfo function assumes context.clientId is always a string. Add validation to handle cases where it might be undefined or not a string.

 accountNameFromProfileInfo: context => {

-    const name = context.clientId;
+    const name = context.clientId || '';
     const threshold = 10;
     if (name.length > threshold) {
         return name.slice(0, 3) + '....' + name.slice(-3);
     }
     return name;
 },
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
accountNameFromProfileInfo: context => {
const name = context.clientId;
const threshold = 10;
if (name.length > threshold) {
return name.slice(0, 3) + '....' + name.slice(-3);
}
return name;
},
accountNameFromProfileInfo: context => {
const name = context.clientId || '';
const threshold = 10;
if (name.length > threshold) {
return name.slice(0, 3) + '....' + name.slice(-3);
}
return name;
},


validate: async context => {

const url = 'https://auth.app.wiz.io/oauth/token';

const { data } = await context.httpRequest({
method: 'POST',
headers: {
'content-type': 'application/x-www-form-urlencoded',
'accept': 'application/json'
},
data: {
grant_type: 'client_credentials',
audience: 'wiz-api',
client_id: context.clientId,
client_secret: context.clientSecret
},
url
});

return {
token: data.access_token,
expires: data.expires_in
};
}
Comment on lines +34 to +57
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add error handling for failed authentication.

The validate function doesn't have explicit error handling for API failures. Consider adding try/catch and providing helpful error messages when authentication fails.

 validate: async context => {

     const url = 'https://auth.app.wiz.io/oauth/token';

+    try {
         const { data } = await context.httpRequest({
             method: 'POST',
             headers: {
                 'content-type': 'application/x-www-form-urlencoded',
                 'accept': 'application/json'
             },
             data: {
                 grant_type: 'client_credentials',
                 audience: 'wiz-api',
                 client_id: context.clientId,
                 client_secret: context.clientSecret
             },
             url
         });

         return {
             token: data.access_token,
             expires: data.expires_in
         };
+    } catch (error) {
+        const statusCode = error.response?.status;
+        const errorMessage = error.response?.data?.error_description || error.message;
+        
+        if (statusCode === 401) {
+            throw new Error(`Authentication failed: Invalid client credentials. ${errorMessage}`);
+        } else if (statusCode === 403) {
+            throw new Error(`Authentication failed: Insufficient permissions. ${errorMessage}`);
+        } else {
+            throw new Error(`Authentication failed: ${errorMessage}`);
+        }
+    }
 }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
validate: async context => {
const url = 'https://auth.app.wiz.io/oauth/token';
const { data } = await context.httpRequest({
method: 'POST',
headers: {
'content-type': 'application/x-www-form-urlencoded',
'accept': 'application/json'
},
data: {
grant_type: 'client_credentials',
audience: 'wiz-api',
client_id: context.clientId,
client_secret: context.clientSecret
},
url
});
return {
token: data.access_token,
expires: data.expires_in
};
}
validate: async context => {
const url = 'https://auth.app.wiz.io/oauth/token';
try {
const { data } = await context.httpRequest({
method: 'POST',
headers: {
'content-type': 'application/x-www-form-urlencoded',
'accept': 'application/json'
},
data: {
grant_type: 'client_credentials',
audience: 'wiz-api',
client_id: context.clientId,
client_secret: context.clientSecret
},
url
});
return {
token: data.access_token,
expires: data.expires_in
};
} catch (error) {
const statusCode = error.response?.status;
const errorMessage = error.response?.data?.error_description || error.message;
if (statusCode === 401) {
throw new Error(`Authentication failed: Invalid client credentials. ${errorMessage}`);
} else if (statusCode === 403) {
throw new Error(`Authentication failed: Insufficient permissions. ${errorMessage}`);
} else {
throw new Error(`Authentication failed: ${errorMessage}`);
}
}
}

}
};
12 changes: 12 additions & 0 deletions src/appmixer/wiz/bundle.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{
"name": "appmixer.wiz",
"version": "1.0.6",
"changelog": {
"1.0.5": [
"Initial version."
],
"1.0.6": [
"UploadSecurityScan: remove vulnerabilityFindings part."
]
}
}
25 changes: 25 additions & 0 deletions src/appmixer/wiz/core/FindCloudResources/FindCloudResources.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
'use strict';
const lib = require('../../lib');
const resources = require('./resources');

module.exports = {

// docs: https://win.wiz.io/reference/pull-cloud-resources
async receive(context) {

const { filter, limit = 10 } = context.messages.in.content;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add missing outputType parameter to input destructuring.

The outputType is used in line 23 but it's not extracted from the input content, causing it to always be undefined. Extracting the parameter and providing a default of 'object' would match the implementation.

-        const { filter, limit = 10 } = context.messages.in.content;
+        const { outputType = 'object', filter, limit = 10 } = context.messages.in.content;
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
const { filter, limit = 10 } = context.messages.in.content;
const { outputType = 'object', filter, limit = 10 } = context.messages.in.content;


let filterBy;
if (filter) {
try {
filterBy = JSON.parse(filter);
} catch (e) {
throw new context.CancelError('Invalid Input: Filter', e);
}
}

const records = await resources.exposed.getResources(context, { filterBy, limit });

return lib.sendArrayOutput({ context, records, outputType: 'object' });
}
};
291 changes: 291 additions & 0 deletions src/appmixer/wiz/core/FindCloudResources/component.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,291 @@
{
"name": "appmixer.wiz.core.FindCloudResources",
"author": "Appmixer <[email protected]>",
"description": "Execute the CloudResourceSearch query to return a list of cloud resources according to different filters, such as project ID or entity type.",
"private": false,
"auth": {
"service": "appmixer:wiz"
},
"quota": {
"manager": "appmixer:wiz",
"resources": "requests"
},
"version": "1.0.0",
"inPorts": [
{
"name": "in",
"schema": {
"type": "object",
"properties": {
"filter": { "type": "string" },
"limit": { "type": "number" }
},
"required": []
},
"inspector": {
"inputs": {
"filter": {
"type": "textarea",
"label": "Filter",
"tooltip": "This object defines query filters to narrow down search results and return specific cloud resources.",
"index": 0
},
"limit": {
"type": "number",
"label": "Limit",
"defaultValue": 100,
"index": 1
}
}
}
}
],
"outPorts": [
{
"name": "out",
"options": [
{
"label": "Id",
"value": "id",
"schema": {
"type": "string"
}
},
{
"label": "Name",
"value": "name",
"schema": {
"type": "string"
}
},
{
"label": "Type",
"value": "type",
"schema": {
"type": "string"
}
},
{
"label": "Subscription Id",
"value": "subscriptionId",
"schema": {
"type": "string"
}
},
{
"label": "Subscription External Id",
"value": "subscriptionExternalId",
"schema": {
"type": "string"
}
},
{
"label": "Graph Entity",
"value": "graphEntity",
"schema": {
"type": "object",
"properties": {
"id": {
"type": "string",
"title": "Graph Entity.Id"
},
"providerUniqueId": {
"type": "null",
"title": "Graph Entity.Provider Unique Id"
},
"name": {
"type": "string",
"title": "Graph Entity.Name"
},
"type": {
"type": "string",
"title": "Graph Entity.Type"
},
"projects": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"title": "Graph Entity.Projects.Id"
}
}
},
"title": "Graph Entity.Projects"
},
"properties": {
"type": "object",
"properties": {
"_environments": {
"type": "string",
"title": "Graph Entity.Properties.Environments"
},
"_productIDs": {
"type": "string",
"title": "Graph Entity.Properties.Product I Ds"
},
"_vertexID": {
"type": "string",
"title": "Graph Entity.Properties.Vertex I D"
},
"allPorts": {
"type": "boolean",
"title": "Graph Entity.Properties.All Ports"
},
"cloudPlatform": {
"type": "string",
"title": "Graph Entity.Properties.Cloud Platform"
},
"cloudProviderURL": {
"type": "null",
"title": "Graph Entity.Properties.Cloud Provider U R L"
},
"exposureLevel_description": {
"type": "string",
"title": "Graph Entity.Properties.Exposure Level Description"
},
"exposureLevel_name": {
"type": "string",
"title": "Graph Entity.Properties.Exposure Level Name"
},
"exposureLevel_value": {
"type": "number",
"title": "Graph Entity.Properties.Exposure Level Value"
},
"externalId": {
"type": "string",
"title": "Graph Entity.Properties.External Id"
},
"finalHost": {
"type": "string",
"title": "Graph Entity.Properties.Final Host"
},
"finalPort": {
"type": "number",
"title": "Graph Entity.Properties.Final Port"
},
"fullResourceName": {
"type": "null",
"title": "Graph Entity.Properties.Full Resource Name"
},
"hasScreenshot": {
"type": "boolean",
"title": "Graph Entity.Properties.Has Screenshot"
},
"host": {
"type": "string",
"title": "Graph Entity.Properties.Host"
},
"httpContentType": {
"type": "string",
"title": "Graph Entity.Properties.Http Content Type"
},
"httpGETStatus": {
"type": "string",
"title": "Graph Entity.Properties.Http G E T Status"
},
"httpGETStatusCode": {
"type": "number",
"title": "Graph Entity.Properties.Http G E T Status Code"
},
"httpTitleSnippet": {
"type": "string",
"title": "Graph Entity.Properties.Http Title Snippet"
},
"name": {
"type": "string",
"title": "Graph Entity.Properties.Name"
},
"nativeType": {
"type": "null",
"title": "Graph Entity.Properties.Native Type"
},
"path": {
"type": "null",
"title": "Graph Entity.Properties.Path"
},
"port": {
"type": "number",
"title": "Graph Entity.Properties.Port"
},
"portEnd": {
"type": "number",
"title": "Graph Entity.Properties.Port End"
},
"portRange": {
"type": "boolean",
"title": "Graph Entity.Properties.Port Range"
},
"portStart": {
"type": "number",
"title": "Graph Entity.Properties.Port Start"
},
"portValidationResult": {
"type": "string",
"title": "Graph Entity.Properties.Port Validation Result"
},
"protocol": {
"type": "null",
"title": "Graph Entity.Properties.Protocol"
},
"protocols": {
"type": "string",
"title": "Graph Entity.Properties.Protocols"
},
"providerUniqueId": {
"type": "null",
"title": "Graph Entity.Properties.Provider Unique Id"
},
"region": {
"type": "null",
"title": "Graph Entity.Properties.Region"
},
"resourceGroupExternalId": {
"type": "null",
"title": "Graph Entity.Properties.Resource Group External Id"
},
"status": {
"type": "null",
"title": "Graph Entity.Properties.Status"
},
"subscriptionExternalId": {
"type": "string",
"title": "Graph Entity.Properties.Subscription External Id"
},
"updatedAt": {
"type": "string",
"title": "Graph Entity.Properties.Updated At"
},
"zone": {
"type": "null",
"title": "Graph Entity.Properties.Zone"
}
},
"title": "Graph Entity.Properties"
},
"firstSeen": {
"type": "string",
"title": "Graph Entity.First Seen"
},
"lastSeen": {
"type": "string",
"title": "Graph Entity.Last Seen"
}
}
}
}
]
},
{
"name": "notFound",
"options": [
{
"label": "Filter",
"value": "filter"
}
]
}
],
"icon": "data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGZpbGw9Im5vbmUiIGNsYXNzPSJTdmdJY29uX19TdHlsZWRJY29uLXNjLXYxbnN1ei0wIGgtW2NhbGModmFyKC0tdG9wLW5hdmJhci1oZWlnaHQpLThweCldIGljb24tYWNjZW50IGRhcms6aWNvbi13aGl0ZSIgdmlld0JveD0iMTYgNCA2OCA1MCI+PHBhdGggZmlsbD0iY3VycmVudENvbG9yIiBkPSJNMzkuNzE3IDI3LjExNmEuMDk3LjA5NyAwIDAgMCAuMTc5LS4wMDZsMi44NDItNy40MWEuOTIuOTIgMCAwIDEgLjg1MS0uNTlsMi42NTEtLjAxNGEuOTE2LjkxNiAwIDAgMSAuODY1IDEuMjM1TDQwLjY5MyAzNy42NGMtLjAxLjAyNy0uMjIuMjExLS4zNTQuMzE0LS4wNjYuMDUtLjE0NC4wNTYtLjIyNC4wMzNhLjkuOSAwIDAgMS0uNTgtLjUxNmwtMy40MjEtOC4yNDZhLjQ4NC40ODQgMCAwIDAtLjg3NS0uMDE4bC00LjI5IDguNThhLjA5Ny4wOTcgMCAwIDEtLjE3OC0uMDA4bC02LjcwOS0xNy40NDVhLjkxNy45MTcgMCAwIDEgLjg1NS0xLjI0NWgyLjg4Yy4zOCAwIC43Mi4yMzQuODU2LjU4OWwyLjg0MiA3LjQzMmMuMDMuMDguMTQyLjA4NC4xNzguMDA2bDMuNTgyLTcuNzk2YS40ODUuNDg1IDAgMCAxIC44OCAwek03Mi4zNDggMTIuMDc4Yy0uMDIyLS4xMDQtLjI0NS0uMTA0LS4yNjYgMC0uMTY3LjgxMi0uNTEzIDIuMDM2LTEuMTYzIDIuNjg2LS42NTEuNjUtMS44NzYuOTk3LTIuNjg3IDEuMTYzLS4xMDQuMDIyLS4xMDQuMjQ1IDAgLjI2Ni44MTEuMTY3IDIuMDM2LjUxMyAyLjY4NiAxLjE2My44NS44NSAxLjE0MyAyLjAxIDEuMjQ0IDIuNzA4LjAwNi4wNDQuMTQ1LjA1LjE1My4wMDcuMTUzLS43NS41LTIuMDIgMS4xOTYtMi43MTUuNjUtLjY1IDEuODc1LS45OTYgMi42ODYtMS4xNjMuMTA0LS4wMjEuMTA0LS4yNDQgMC0uMjY2LS44MTEtLjE2Ni0yLjAzNi0uNTEyLTIuNjg2LTEuMTYzLS42NS0uNjUtLjk5Ny0xLjg3NC0xLjE2My0yLjY4Nk00OC4xNjQgMjAuMTA4YzAtLjUwNy40MS0uOTE3LjkxNy0uOTE3aDIuNzdjLjUwNiAwIC45MTYuNDEuOTE2LjkxN3YxNi45NmMwIC41MDYtLjQxLjkxNi0uOTE3LjkxNmgtMi43N2EuOTE3LjkxNyAwIDAgMS0uOTE2LS45MTd6TTYwLjc2NCAyNC4wNDJhLjI0Mi4yNDIgMCAwIDAtLjIxNy0uMzVoLTUuNDczYS45MTcuOTE3IDAgMCAxLS45MTctLjkxN3YtMi42NjdjMC0uNTA3LjQxLS45MTcuOTE3LS45MTdoMTIuNjI4Yy4zOTIgMCAuOTE5LjMxOS43MzIuNjY0LS4wNi4xMS03LjI2NyAxMy41OTMtNy4yOTkgMTMuNjUybC0uMDAxLjAwM2EuMjQyLjI0MiAwIDAgMCAuMjE0LjM1Nmg2LjY3Yy41MDYgMCAuOTE2LjQxLjkxNi45MTZ2Mi4yODVjMCAuNTA3LS40MS45MTctLjkxNi45MTdINTQuNjI0Yy0uNDQyIDAtLjUzLS42NDItLjMzMi0xLjAzNnoiPjwvcGF0aD48L3N2Zz4="
}
Loading
Loading