Skip to content

Instantly share code, notes, and snippets.

@RVIRUS0817
Last active Apr 26, 2018
Embed
What would you like to do?
Vuls Chatwork support
// ChatWorkWriter定義。Writeメソッドを定義して、vuls report -to-chatworkを実行時に標準出力に加えてchatworkにもoutputするプログラム
package report
import (
"fmt"
"net/http"
"net/url"
"strconv"
"strings"
"github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/models"
)
// ChatWorkWriter send report to ChatWork
type ChatWorkWriter struct{}
func (w ChatWorkWriter) Write(rs ...models.ScanResult) (err error) {
// tomlをパースしてconfig.Conf.ChatWorkに設定値が入りからの取得
conf := config.Conf.ChatWork
for _, r := range rs {
// api call OS名や詳細を取得
serverInfo := fmt.Sprintf("%s", r.ServerInfo())
if err = ChatWorkpostMessage(conf.Room, conf.ApiToken, serverInfo); err != nil {
return err
}
// メッセージ組み立て処理してCVEの値をループしている
for _, vinfo := range r.ScannedCves {
maxCvss := vinfo.MaxCvssScore()
severity := strings.ToUpper(maxCvss.Value.Severity)
if severity == "" {
severity = "?"
}
// chatworkへ通知するメッセージ生成
message := fmt.Sprintf(`%s[info][title]"https://nvd.nist.gov/vuln/detail/%s" %s %s[/title]%s[/info]`,
serverInfo,
vinfo.CveID,
strconv.FormatFloat(maxCvss.Value.Score, 'f', 1, 64),
severity,
vinfo.Summaries(config.Conf.Lang, r.Family)[0].Value)
if err = ChatWorkpostMessage(conf.Room, conf.ApiToken, message); err != nil {
return err
}
}
return nil
}
func ChatWorkpostMessage(room, token, message string) error {
// chatwork api url生成 token埋め込み
uri := fmt.Sprintf("https://api.chatwork.com/v2/rooms/%s/messages=%s", room, token)
// payload生成
payload := url.Values{
"body": {message},
}
// chatworkにpayloadを添えてPOST
reqs, err := http.NewRequest("POST", uri, strings.NewReader(payload.Encode()))
// chatwork api リクエストヘッダー追記
reqs.Header.Add("X-ChatWorkToken", token)
reqs.Header.Add("Content-Type", "application/x-www-form-urlencoded")
if err != nil {
return err
}
client := &http.Client{}
// HTTP Requestを投げている
resp, err := client.Do(reqs)
if err != nil {
return err
}
// http body readerをclose
defer resp.Body.Close()
return nil
}
// add program
HipChat HipChatConf
// config追加
+ ChatWork ChatWorkConf
ToHipChat bool
+ ToChatWork bool
if hipchaterrs := c.HipChat.Validate(); 0 < len(hipchaterrs) {
errs = append(errs, hipchaterrs...)
}
// -to-chatworkオプションを付けたのに設定がない場合のエラー処理
+ if chatworkerrs := c.ChatWork.Validate(); 0 < len(chatworkerrs) {
+ errs = append(errs, chatworkerrs...)
+ }
// tomlのchatwork configを受け取る構造体
+ // ChatWorkConf is ChatWork config
+ type ChatWorkConf struct {
ApiToken string `json:"ApiToken"`
Room string `json:"Room"`
}
// configのvalidate処理
+ // Validate validates configuration
+ func (c *ChatWorkConf) Validate() (errs []error) {
+ if !Conf.ToChatWork {
+ return
+ }
+ if len(c.Room) == 0 {
+ + errs = append(errs, fmt.Errorf("chatworkcaht.room must not be empty"))
+ +}
+ if len(c.ApiToken) == 0 {
+ errs = append(errs, fmt.Errorf("chatworkcaht.ApiToken must not be empty"))
+ }
+ _, err := valid.ValidateStruct(c)
+ if err != nil {
+ errs = append(errs, err)
+ }
+ return
+}
// chatworkに通知するroomとapiTokenを指定
[chatwork]
room = "xxxxxxxxxx"
apiToken = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
[servers]
[servers.localhost]
host = "localhost"
port = "local"
// chatworkにreportするように追記
# vuls report -format-short-text -format-json -to-chatwork -cvss-over=7 -lang=ja
// add program
toHipChat bool
// toChatWorkオプションの変数追加
+ toChatWork bool
[-to-hipchat]
// vuls report --helpを実行したときに表示されるusageに-to-chatworkオプションがある旨を追記
+ [-to-chatwork]
// コマンドラインオプションを受け取り、上記で定義したto-chatworkにbooleanの値を插入
f.BoolVar(&p.toHipChat, "to-hipchat", false, "Send report via hipchat")
+ f.BoolVar(&p.toChatWork, "to-chatwork", false, "Send report via chatwork")
c.Conf.ToHipChat = p.toHipChat
+ c.Conf.ToChatWork = p.toChatWork
// ChatWorkWriter構造体を作って、Writeメソッドをcall
if p.toHipChat {
reports = append(reports, report.HipChatWriter{})
}
+ if p.toChatWork {
+ reports = append(reports, report.ChatWorkWriter{})
+ }
Conf.HipChat = conf.HipChat
+ Conf.ChatWork = conf.ChatWork
@RVIRUS0817
Copy link
Author

RVIRUS0817 commented Apr 22, 2018

#github.com/future-architect/vuls/report
report/hipchat.go:46:47: postMessage redeclared in this block
previous declaration at report/chatwork.go:47:47
#github.com/future-architect/vuls/report
report/hipchat.go:46:47: postMessage redeclared in this block
previous declaration at report/chatwork.go:47:47
make: *** [vet] Error 123

postMessage to ChatWorkpostMessage

@RVIRUS0817
Copy link
Author

RVIRUS0817 commented Apr 23, 2018

https://qiita.com/ota42y/items/a67f285fb3e7cbc392ec
通知来ないのはこいつを応用する

@RVIRUS0817
Copy link
Author

RVIRUS0817 commented Apr 24, 2018

2018-04-24 17 50 48

通知はできたが、改行コードが反映しない

@RVIRUS0817
Copy link
Author

RVIRUS0817 commented Apr 24, 2018

____________________________2018-04-24_19 39 34

プルリク出しやす!

@RVIRUS0817
Copy link
Author

RVIRUS0817 commented Apr 25, 2018

____________________________2018-04-25_14 41 15

ホスト名の詳細を出るように。

_2018-04-25_16_12_44

変更済み。

@RVIRUS0817
Copy link
Author

RVIRUS0817 commented Apr 25, 2018

・vuls document update
https://github.com/RVIRUS0817/vuls/tree/update-usage-report.md-chatwork

・vuls branch name chatwork-support
https://github.com/RVIRUS0817/vuls-1/tree/chatwork-support

・プルリク済み
future-architect/vuls#634

※go fmt忘れずに!

@RVIRUS0817
Copy link
Author

RVIRUS0817 commented Apr 26, 2018

// var message string

からのfmt.Sprintfを使って見やすくするとこうなる

message := fmt.Sprintf(`%s[info][title]"https://nvd.nist.gov/vuln/detail/%s" %s %s[/title]%s[/info]`,
      serverInfo,
      vinfo.CveID,
      strconv.FormatFloat(maxCvss.Value.Score, 'f', 1, 64),
      severity,
      vinfo.Summaries(config.Conf.Lang, r.Family)[0].Value)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment