Skip to content

Added queries to limit the scan scope via the --scope input param #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Apr 24, 2025
Merged

Added queries to limit the scan scope via the --scope input param #34

merged 7 commits into from
Apr 24, 2025

Conversation

@blupants
Copy link
Collaborator

@blupants blupants commented Apr 21, 2025
edited
Loading

This PR addresses issues:

  • Jira scan, add possibility to use JQL to limit the scope of the scan [issue 33]
  • DeprecationWarning: Flags not at the start of the expression [issue 30]

You can now define queries (such as JQL for Jira, CQL for Confluence, GitHub search, Slack search or Zendesk search)

Python 3.6 introduced the DeprecationWarning: Flags not at the start of the expression warning. The point is that the Python re now does not allow using inline modifiers not at the start of string. In Python 2.x, you can use your pattern without any problem and warnings as (?s) is silently applied to the whole regular expression under the hood. Since it is not always an expected behavior, the Python developers decided to produce a warning. In order to fix that, this PR modifies the regex ingestion behavior, so every-time a modifier is found not in the beginning of the regex, n0s1 will move it to the beginning.

Sample queries to limit the scan scope

Scan all projects in Jira except MAR:

n0s1 jira_scan --email marcelo@spark1.us --server https://spark1us.atlassian.net --scope "jql:project != MAR"

Scan only projects MAR and "Auto Service" in Jira:

n0s1 jira_scan --email marcelo@spark1.us --server https://spark1us.atlassian.net --scope "jql:project=MAR OR project=\"Auto Service\""

Scan all pages from workspace KB in Confluence:

n0s1 confluence_scan --email marcelo@spark1.us --server https://spark1us.atlassian.net --scope "cql:space=KB and type=page"

Scan only Slack messages with the word "database":

n0s1 slack_scan --scope "search:database"

Scan only GitHub repos from the org spark1security with the word "action" in the name:

n0s1 github_scan --debug --scope "search:org:spark1security action in:name"

Scan only Zendesk tickets with the word "AWS" in the title:

n0s1 zendesk_scan --email securebycode@gmail.com --server cybersecurity9851 --scope "query:type:ticket subject:AWS"

@blupants blupants requested a review from spark1security April 21, 2025 01:12
@blupants blupants self-assigned this Apr 21, 2025
@blupants blupants changed the title Added support to query to limit the scope of the scan Added support queries to limit the scan scope via the --scope input param Apr 21, 2025
@blupants blupants changed the title Added support queries to limit the scan scope via the --scope input param Added queries to limit the scan scope via the --scope input param Apr 24, 2025
@blupants blupants merged commit 6c7179a into main Apr 24, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spark1security spark1security Awaiting requested review from spark1security

Assignees

@blupants blupants

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@blupants