Vuls Chatwork support
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// ChatWorkWriter定義。Writeメソッドを定義して、vuls report -to-chatworkを実行時に標準出力に加えてchatworkにもoutputするプログラム | |
package report | |
import ( | |
"fmt" | |
"net/http" | |
"net/url" | |
"strconv" | |
"strings" | |
"github.com/future-architect/vuls/config" | |
"github.com/future-architect/vuls/models" | |
) | |
// ChatWorkWriter send report to ChatWork | |
type ChatWorkWriter struct{} | |
func (w ChatWorkWriter) Write(rs ...models.ScanResult) (err error) { | |
// tomlをパースしてconfig.Conf.ChatWorkに設定値が入りからの取得 | |
conf := config.Conf.ChatWork | |
for _, r := range rs { | |
// api call OS名や詳細を取得 | |
serverInfo := fmt.Sprintf("%s", r.ServerInfo()) | |
if err = ChatWorkpostMessage(conf.Room, conf.ApiToken, serverInfo); err != nil { | |
return err | |
} | |
// メッセージ組み立て処理してCVEの値をループしている | |
for _, vinfo := range r.ScannedCves { | |
maxCvss := vinfo.MaxCvssScore() | |
severity := strings.ToUpper(maxCvss.Value.Severity) | |
if severity == "" { | |
severity = "?" | |
} | |
// chatworkへ通知するメッセージ生成 | |
message := fmt.Sprintf(`%s[info][title]"https://nvd.nist.gov/vuln/detail/%s" %s %s[/title]%s[/info]`, | |
serverInfo, | |
vinfo.CveID, | |
strconv.FormatFloat(maxCvss.Value.Score, 'f', 1, 64), | |
severity, | |
vinfo.Summaries(config.Conf.Lang, r.Family)[0].Value) | |
if err = ChatWorkpostMessage(conf.Room, conf.ApiToken, message); err != nil { | |
return err | |
} | |
} | |
return nil | |
} | |
func ChatWorkpostMessage(room, token, message string) error { | |
// chatwork api url生成 token埋め込み | |
uri := fmt.Sprintf("https://api.chatwork.com/v2/rooms/%s/messages=%s", room, token) | |
// payload生成 | |
payload := url.Values{ | |
"body": {message}, | |
} | |
// chatworkにpayloadを添えてPOST | |
reqs, err := http.NewRequest("POST", uri, strings.NewReader(payload.Encode())) | |
// chatwork api リクエストヘッダー追記 | |
reqs.Header.Add("X-ChatWorkToken", token) | |
reqs.Header.Add("Content-Type", "application/x-www-form-urlencoded") | |
if err != nil { | |
return err | |
} | |
client := &http.Client{} | |
// HTTP Requestを投げている | |
resp, err := client.Do(reqs) | |
if err != nil { | |
return err | |
} | |
// http body readerをclose | |
defer resp.Body.Close() | |
return nil | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// add program | |
HipChat HipChatConf | |
// config追加 | |
+ ChatWork ChatWorkConf | |
ToHipChat bool | |
+ ToChatWork bool | |
if hipchaterrs := c.HipChat.Validate(); 0 < len(hipchaterrs) { | |
errs = append(errs, hipchaterrs...) | |
} | |
// -to-chatworkオプションを付けたのに設定がない場合のエラー処理 | |
+ if chatworkerrs := c.ChatWork.Validate(); 0 < len(chatworkerrs) { | |
+ errs = append(errs, chatworkerrs...) | |
+ } | |
// tomlのchatwork configを受け取る構造体 | |
+ // ChatWorkConf is ChatWork config | |
+ type ChatWorkConf struct { | |
ApiToken string `json:"ApiToken"` | |
Room string `json:"Room"` | |
} | |
// configのvalidate処理 | |
+ // Validate validates configuration | |
+ func (c *ChatWorkConf) Validate() (errs []error) { | |
+ if !Conf.ToChatWork { | |
+ return | |
+ } | |
+ if len(c.Room) == 0 { | |
+ + errs = append(errs, fmt.Errorf("chatworkcaht.room must not be empty")) | |
+ +} | |
+ if len(c.ApiToken) == 0 { | |
+ errs = append(errs, fmt.Errorf("chatworkcaht.ApiToken must not be empty")) | |
+ } | |
+ _, err := valid.ValidateStruct(c) | |
+ if err != nil { | |
+ errs = append(errs, err) | |
+ } | |
+ return | |
+} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// chatworkに通知するroomとapiTokenを指定 | |
[chatwork] | |
room = "xxxxxxxxxx" | |
apiToken = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx" | |
[servers] | |
[servers.localhost] | |
host = "localhost" | |
port = "local" | |
// chatworkにreportするように追記 | |
# vuls report -format-short-text -format-json -to-chatwork -cvss-over=7 -lang=ja |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// add program | |
toHipChat bool | |
// toChatWorkオプションの変数追加 | |
+ toChatWork bool | |
[-to-hipchat] | |
// vuls report --helpを実行したときに表示されるusageに-to-chatworkオプションがある旨を追記 | |
+ [-to-chatwork] | |
// コマンドラインオプションを受け取り、上記で定義したto-chatworkにbooleanの値を插入 | |
f.BoolVar(&p.toHipChat, "to-hipchat", false, "Send report via hipchat") | |
+ f.BoolVar(&p.toChatWork, "to-chatwork", false, "Send report via chatwork") | |
c.Conf.ToHipChat = p.toHipChat | |
+ c.Conf.ToChatWork = p.toChatWork | |
// ChatWorkWriter構造体を作って、Writeメソッドをcall | |
if p.toHipChat { | |
reports = append(reports, report.HipChatWriter{}) | |
} | |
+ if p.toChatWork { | |
+ reports = append(reports, report.ChatWorkWriter{}) | |
+ } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Conf.HipChat = conf.HipChat | |
+ Conf.ChatWork = conf.ChatWork |
https://qiita.com/ota42y/items/a67f285fb3e7cbc392ec
通知来ないのはこいつを応用する
・vuls document update
https://github.com/RVIRUS0817/vuls/tree/update-usage-report.md-chatwork
・vuls branch name chatwork-support
https://github.com/RVIRUS0817/vuls-1/tree/chatwork-support
・プルリク済み
future-architect/vuls#634
※go fmt忘れずに!
// var message string
からのfmt.Sprintfを使って見やすくするとこうなる
message := fmt.Sprintf(`%s[info][title]"https://nvd.nist.gov/vuln/detail/%s" %s %s[/title]%s[/info]`,
serverInfo,
vinfo.CveID,
strconv.FormatFloat(maxCvss.Value.Score, 'f', 1, 64),
severity,
vinfo.Summaries(config.Conf.Lang, r.Family)[0].Value)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
#github.com/future-architect/vuls/report
report/hipchat.go:46:47: postMessage redeclared in this block
previous declaration at report/chatwork.go:47:47
#github.com/future-architect/vuls/report
report/hipchat.go:46:47: postMessage redeclared in this block
previous declaration at report/chatwork.go:47:47
make: *** [vet] Error 123
postMessage to ChatWorkpostMessage