{"errorMessages":["Error in the JQL Query: Expecting either 'OR' or 'AND' but got 'jquery'. (line 1, character 52)"],"errors":{}}

When a vulnerability name contains single quote such as ( Vulnerable version of the library 'jquery' found ), the script fails due to single quote being treated as part of JQL instead of search query. this vulnerability is from Burp XML upload.

[rsenden]

Thanks for reporting this. Based on your description, I'm assuming you are exporting vulnerability data from SSC to JIRA using the SSCToJiraWithParents.xml configuration file, correct? Are you using the default configuration?

Can you please share the value of the jqlExpression property in your configuration file?

Yes, this is from SSC to Jira using the SSCToJiraWithParents.xml, i have modified the configuration for the need on our end. below is the jqlExpression value="summary~'"${summary}"'"

[rsenden]

The utility simply evaluates all ${...} expressions in the jqlExpression property, and then passes this JQL expression to JIRA without any further modifications. As such this is not really a bug with the utility itself, but with the value of the jqlExpression property.

You will need to work with a JIRA specialist to find a working JQL query that matches a summary like Vulnerable version of the library 'jquery' found; maybe you just need to escape or remove any single quotes (and other special characters for that matter). For example, you could potentially use something like ${summary.replaceAll("'", "") to remove all single quotes.

You can also consider already removing any special characters from the summary field (again using ${field.replaceAll(...)} to avoid having to deal with any special characters altogether.

[rsenden]

@miirshad Were you able to get this issue fixed? If so, can you please share the jqlExpression property value that you are currently using?

[4lexaG]

There is a problem when two categories have similar names, since the query uses 'contain'. I recommend adding the vulId to the summary to differentiate them; it worked for me.