Home Explore Help
Sign In
kotnik
/
certstream-watcher
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Slack notifications

Nikola Kotur 5 years ago
parent
8ae1a19b3c
commit
bc338d95d3
2 changed files with 55 additions and 10 deletions
Split View Show Diff Stats
  1. 1 3
      README.md
  2. 54 7
      certstream/watcher.py

+ 1 - 3
README.md
View File 

@@ -10,9 +10,7 @@ This is Platform.sh project written to aggregate, parse and watch certificate da
 
 env:WATCH_SUFFIX = .platform.sh,*.plat.farm
 
 ```
 
 
-* Variable to watch endings
 
-* Slack integration hook
 
-
 
+`SLACK_WEBHOOK_URL`: Slack webhook to post findings.
 
 
 ## Development

+ 54 - 7
certstream/watcher.py
View File 

@@ -4,6 +4,8 @@ import math
 
 import sys
 
 import os
 
 import datetime
 
+import json
 
+import requests
 
 
 import aiohttp
 
 import requests
 
@@ -180,7 +182,8 @@ class TransparencyWatcher(object):
 
 
 async def mux_ctl_stream(watcher):
 
     logger = logging.getLogger('certstream.watcher')
 
-    watch_suffix = os.getenv("WATCH_SUFFIX", None)
 
+    watch_suffix = os.getenv('WATCH_SUFFIX', None)
 
+    slack_webhook = os.getenv('SLACK_WEBHOOK_URL', None)
 
 
     if not watch_suffix:
 
         return
 
@@ -200,13 +203,57 @@ async def mux_ctl_stream(watcher):
 
         found = False
 
         if cn and cn.endswith(tuple(suffixes)):
 
             found = True
 
+        alts = []
 
+        found_alts = []
 
+        for dnsname in alt.split(','):
 
+            dnsname = dnsname.strip().replace('DNS:', '')
 
+            if dnsname.endswith(tuple(suffixes)):
 
+                found = True
 
+                found_alts.append(dnsname)
 
+            else:
 
+                alts.append(dnsname)
 
+
 
+        if not found:
 
+            continue
 
+
 
+        if slack_webhook:
 
+            alt_msg = ', '.join(found_alts)
 
+            if found_alts and alts:
 
+                alt_msg += ' and '
 
+            if alts:
 
+                alt_msg += '%s others' % len(alts)
 
+
 
+            slack_data = {
 
+                'attachments': [
 
+                    {
 
+                        'fallback': '%s (%s): %s' % (cn, source, alt),
 
+                        'color': '#36a64f',
 
+                        'fields': [
 
+                            {
 
+                                'title': 'Common Name',
 
+                                'value': cn,
 
+                                'short': False
 
+                            },
 
+                            {
 
+                                'title': 'Alt Name',
 
+                                'value': alt_msg,
 
+                                'short': False
 
+                            }
 
+                        ],
 
+                        'footer': source
 
+                    }
 
+                ]
 
+            }
 
+            response = requests.post(
 
+                slack_webhook, data=json.dumps(slack_data),
 
+                headers={'Content-Type': 'application/json'}
 
+            )
 
+            if response.status_code != 200:
 
+                logger.exception(ValueError(
 
+                    'Slack returned an error %s, the response is: %s',
 
+                    response.status_code, response.text
 
+                ))
 
         else:
 
-            for dnsname in alt.split(','):
 
-                if dnsname.strip().endswith(tuple(suffixes)):
 
-                    found = True
 
-                    break
 
-
 
-        if found:
 
             logger.info('%s: %s, %s', cert_data['source']['url'], cert_data['leaf_cert']['subject']['CN'], cert_data['leaf_cert']['extensions'].get('subjectAltName', ''))