SUP-1602 Snyk task API migration from deprecated version to REST API version

Gemfile

@@ -19,7 +19,7 @@ gem "aws-sdk-inspector2"
 gem "httparty"
 gem "ipaddress"
 gem "rest-client"
-gem "rexml", ">= 3.2.5"
+gem "rexml", ">= 3.2.7"
 gem "ruby-limiter"
 gem "sanitize"
 gem "strscan"

Gemfile.lock

@@ -92,7 +92,8 @@ GEM
       netrc (~> 0.8)
     reverse_markdown (2.1.1)
       nokogiri
-    rexml (3.2.5)
+    rexml (3.2.8)
+      strscan (>= 3.0.9)
     rspec (3.12.0)
       rspec-core (~> 3.12.0)
       rspec-expectations (~> 3.12.0)
@@ -145,7 +146,7 @@ GEM
       unicode-display_width (>= 1.5, < 3.0)
       unicode_utils (~> 1.4)
     strings-ansi (0.2.0)
-    strscan (3.0.6)
+    strscan (3.1.0)
     thor (1.2.1)
     tilt (2.0.11)
     timecop (0.9.6)
@@ -185,7 +186,7 @@ DEPENDENCIES
   pry
   pry-byebug
   rest-client
-  rexml (>= 3.2.5)
+  rexml (>= 3.2.7)
   rspec
   rspec-github
   rubocop
@@ -203,4 +204,4 @@ RUBY VERSION
    ruby 3.2.2p53
 
 BUNDLED WITH
-   2.4.10
+   2.5.9

tasks/connectors/snyk_v2/lib/snyk_v2_client.rb

@@ -6,44 +6,58 @@ module SnykV2
       class SnykV2Client
         class ApiError < StandardError; end
 
-        HOST = "https://snyk.io"
-
-        def initialize(token)
+        def initialize(token, snyk_api_base)
           @token = token
+          @api_base_url = "https://#{snyk_api_base}/rest"
           @headers = {
-            "content-type" => "application/json",
-            "accept" => "application/json",
-            "Authorization" => "token #{token}"
+            "Content-Type" => "application/json",
+            "Accept" => "application/json",
+            "Authorization" => "Token #{@token}"
           }
         end
 
         def snyk_get_orgs
           print "Getting list of orgs"
 
-          response = http_get("#{HOST}/api/v1/orgs", @headers)
-          raise ApiError, "Unable to retrieve submissions, please check credentials." unless response
+          response = http_get("#{@api_base_url}/orgs?version=2024-04-29", @headers)
+          raise ApiError, "Unable to retrieve organizations, please check credentials." unless response
 
-          JSON.parse(response)["orgs"]
+          JSON.parse(response)["data"]
         end
 
         def snyk_get_projects(org)
           print "Getting list of projects"
 
-          response = http_get("#{HOST}/api/v1/org/#{org}/projects", @headers)
-          raise ApiError, "Unable to retrieve submissions, please check credentials." unless response
+          response = http_get("#{@api_base_url}/orgs/#{org}/projects?version=2024-04-29&limit=100", @headers)
+          raise ApiError, "Unable to retrieve projects, please check credentials." unless response
 
-          JSON.parse(response)["projects"]
+          JSON.parse(response)["data"]
         end
 
-        def snyk_get_issues(per_page, search_json, page_num, from_date, to_date)
-          print "Getting issues"
-          snyk_query_api = "https://snyk.io/api/v1/reporting/issues?perPage=#{per_page}&page=#{page_num}&from=#{from_date}&to=#{to_date}"
-          print_debug("Get issues query: #{snyk_query_api}")
+        def snyk_get_issues(per_page, page_num, from_date, to_date, org)
+          print "Getting list of issues"
+          pages = page_num
+
+          all_issues = []
+          next_url = "#{@api_base_url}/orgs/#{org}/issues?version=2024-04-29&limit=#{per_page}&created_after=#{from_date}&created_before=#{to_date}"
+
+          pages.times do
+            print_debug("Fetching data from URL: #{next_url}")
+
+            response = http_get(next_url, @headers)
+            raise ApiError, "Unable to retrieve issues, please check credentials." unless response
+
+            data = JSON.parse(response)
+            page_issues = data["data"]
+            all_issues << page_issues
+
+            next_url = data.dig("links", "next")
+            break unless next_url
 
-          response = http_post(snyk_query_api, @headers, search_json)
-          raise ApiError, "Unable to retrieve submissions, please check credentials." unless response
+            next_url = URI.join(@api_base_url, next_url).to_s
+          end
 
-          JSON.parse(response)["results"]
+          all_issues
         end
       end
     end

tasks/connectors/snyk_v2/readme.md

@@ -1,39 +1,37 @@
 ## Running the Snyk V2 task
 
-This toolkit brings in data from Snyk V2
+This toolkit brings in data from Snyk V2.
 
-To run this task you need the following information from Snyk V2:
+To run this task, you need the following information from Snyk V2:
 
 1. Snyk API Token
+2. Snyk environment API base URL without prefix e.g. api.eu.snyk.io, api.snyk.io or api.au.snyk.io
 
 ## Command Line
 
-See the main Toolkit for instructions on running tasks. For this task, if you leave off the Kenna API Key and Kenna Connector ID, the task will create a json file in the default or specified output directory. You can review the file before attempting to upload to the Kenna directly.
+See the main Toolkit for instructions on running tasks. For this task, if you leave off the Kenna API Key and Kenna Connector ID, the task will create a JSON file in the default or specified output directory. You can review the file before attempting to upload to Kenna directly.
 
 Recommended Steps:
 
-1. Run with Snyk V2 Keys only to ensure you are able to get data properly from the scanner
-1. Review output for expected data
-1. Create Kenna Data Importer connector in Kenna (example name: Snyk V2 KDI)
-1. Manually run the connector with the json from step 1
-1. Click on the name of the connector to get the connector id
-1. Run the task with Snyk V2 Keys and Kenna Key/connector id
+1. Run with Snyk V2 Keys only to ensure you are able to get data properly from the scanner.
+2. Review output for expected data.
+3. Create Kenna Data Importer connector in Kenna (example name: Snyk V2 KDI).
+4. Manually run the connector with the JSON from step 1.
+5. Click on the name of the connector to get the connector ID.
+6. Run the task with Snyk V2 Keys and Kenna Key/connector ID.
 
 Complete list of Options:
 
-| Option | Required | Description | default |
+| Option | Required | Description | Default |
 | --- | --- | --- | --- |
 | snyk_api_token | true | Snyk API Token | n/a |
-| import_type | false | what to import "vulns" or "findings". By default "vulns" | vulns |
-| retrieve_from | false | default will be 90 days before today | 90 |
-| include_license | false | retrieve license issues. | n/a |
-| projectName_strip_colon | false | strip colon and following data from Project Name - used as application identifier | n/a |
-| packageManager_strip_colon | false | strip colon and following data from packageManager - used in asset file locator | n/a |
-| package_strip_colon | false | strip colon and following data from package - used in asset file locator | n/a |
-| application_locator_mapping | false | indicates which field should be used in application locator. Valid options are application and organization. Default is application. | application |
-| page_size | false | The number of objects per page (currently limited from 1 to 1000). | 1000 |
-| batch_size | false | The maximum number of issues to submit to Kenna in each batch. | 500 |
+| retrieve_from | false | Default will be 60 days before today | 60 |
+| include_license | false | Retrieve license issues | false |
+| page_size | false | The number of objects per page (Min 10┃Max 100┃multiple of 10) | 100 |
+| batch_size | false | The maximum number of issues to submit to Kenna in each batch | 500 |
+| page_num | false | Max pagination number | 5000 |
 | kenna_connector_id | false | If set, we'll try to upload to this connector | n/a |
 | kenna_api_key | false | Kenna API Key | n/a |
 | kenna_api_host | false | Kenna API Hostname | api.kennasecurity.com |
+| snyk_api_base | true  | Snyk environment API base URL without prefix e.g. api.eu.snyk.io, api.snyk.io or api.au.snyk.io | n/a |
 | output_directory | false | If set, will write a file upon completion. Path is relative to toolkit root directory | output/snyk |