common

package
v0.0.0-...-7b880fd Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2022 License: MPL-2.0 Imports: 27 Imported by: 6

Documentation

Index

Constants

View Source 
const (
	ALERT_NEW          = "NEW"
	ALERT_ACKNOWLEDGED = "ACKNOWLEDGED"
	ALERT_ESCALATED    = "ESCALATED"

	ESCALATE_TO = "escalate_to"
)
View Source 
const (
	META_ADDON_FILENAME                    = "addon_filename"
	META_ADDON_FROM_API                    = "addon_from_api"
	META_ADDON_GUID                        = "addon_guid"
	META_ADDON_ID                          = "addon_id"
	META_ADDON_SIZE                        = "addon_size"
	META_ADDON_UPLOAD_HASH                 = "addon_upload_hash"
	META_ADDON_USER_ID                     = "addon_user_id"
	META_ADDON_VERSION                     = "addon_version"
	META_ALERT_HANDLING_SEVERITY           = "alert_handling_severity"
	META_ALERT_NOTIFICATION_TYPE           = "alert_notification_type"
	META_ALERT_SUBCATEGORY_FIELD           = "category"
	META_ALERTIO_IGNORE_EVENT              = "alertio_ignore_event"
	META_AUTH_ALERT_TYPE                   = "auth_alert_type"
	META_AWS_ACCOUNT_ID                    = "aws_account_id"
	META_AWS_ACCOUNT_NAME                  = "aws_account_name"
	META_AWS_REGION                        = "aws_region"
	META_BYTES                             = "bytes"
	META_COUNT                             = "count"
	META_DESCRIPTION                       = "description"
	META_DOC_LINK                          = "doc_link"
	META_EMAIL                             = "email"
	META_EMAIL_CONTACT                     = "email_contact"
	META_EMAIL_SIMILAR                     = "email_similar"
	META_END                               = "end"
	META_ENDPOINT                          = "endpoint"
	META_ENDPOINT_PATTERN                  = "endpoint_pattern"
	META_ENTRY_KEY                         = "entry_key"
	META_ERROR_COUNT                       = "error_count"
	META_ERROR_THRESHOLD                   = "error_threshold"
	META_ESCALATE_TO                       = "escalate_to"
	META_EVENT_TIMESTAMP                   = "event_timestamp"
	META_EVENT_TIMESTAMP_SOURCE_LOCAL      = "event_timestamp_source_local"
	META_FINDING_ID                        = "finding_id"
	META_FINDING_TYPE                      = "finding_type"
	META_IDENTITY_KEY                      = "identity_key"
	META_IDENTITY_UNTRACKED                = "identity_untracked"
	META_INDICATOR                         = "indicator"
	META_INSTANCE_NAME                     = "instance_name"
	META_IPREPD_EXEMPT                     = "iprepd_exempt"
	META_IPREPD_EXEMPT_CREATED_BY          = "iprepd_exempt_created_by"
	META_IPREPD_SUPPRESS_RECOVERY          = "iprepd_suppress_recovery"
	META_KM_DISTANCE                       = "km_distance"
	META_MATCHED_METADATA_KEY              = "matched_metadata_key"
	META_MATCHED_METADATA_VALUE            = "matched_metadata_value"
	META_MATCHED_OBJECT                    = "matched_object"
	META_MATCHED_TYPE                      = "matched_type"
	META_MEAN                              = "mean"
	META_METHOD                            = "method"
	META_MONITORED_RESOURCE                = "monitored_resource"
	META_NOTIFY_EMAIL_DIRECT               = "notify_email_direct"
	META_NOTIFY_MERGE                      = "notify_merge"
	META_NOTIFY_MERGED_COUNT               = "notify_merged_count"
	META_NOTIFY_SLACK_DIRECT               = "notify_slack_direct"
	META_NOTIFY_SLACK_SUPPLEMENTARY        = "notify_slack_supplementary"
	META_OBJECT                            = "object"
	META_PROJECT_ID                        = "project_id"
	META_PROJECT_NUMBER                    = "project_number"
	META_PROVIDER                          = "provider"
	META_REAL_ADDRESS_HASH_ACTUAL          = "real_address_hash_actual"
	META_REAL_ADDRESS_HASH_EXPECTED        = "real_address_hash_expected"
	META_REFERENCE_ID                      = "reference_id"
	META_REQUEST_THRESHOLD                 = "request_threshold"
	META_RESOURCE                          = "resource"
	META_RESTRICTED_VALUE                  = "restricted_value"
	META_RULE_NAME                         = "rule_name"
	META_SLACK_SUPPLEMENTARY_MESSAGE       = "slack_supplementary_message"
	META_SOURCE_ALERT                      = "source_alert"
	META_SOURCEADDRESS_AS_ORG              = "sourceaddress_as_org"
	META_SOURCEADDRESS_ASN                 = "sourceaddress_asn"
	META_SOURCEADDRESS_CITY                = "sourceaddress_city"
	META_SOURCEADDRESS_COUNTRY             = "sourceaddress_country"
	META_SOURCEADDRESS_IS_ANONYMOUS        = "sourceaddress_is_anonymous"
	META_SOURCEADDRESS_IS_ANONYMOUS_VPN    = "sourceaddress_is_anonymous_vpn"
	META_SOURCEADDRESS_IS_HOSTING_PROVIDER = "sourceaddress_is_hosting_provider"
	META_SOURCEADDRESS_IS_LEGITIMATE_PROXY = "sourceaddress_is_legitimate_proxy"
	META_SOURCEADDRESS_IS_PUBLIC_PROXY     = "sourceaddress_is_public_proxy"
	META_SOURCEADDRESS_IS_TOR_EXIT_NODE    = "sourceaddress_is_tor_exit_node"
	META_SOURCEADDRESS_ISP                 = "sourceaddress_isp"
	META_SOURCEADDRESS_PREVIOUS_AS_ORG     = "sourceaddress_previous_as_org"
	META_SOURCEADDRESS_PREVIOUS_ASN        = "sourceaddress_previous_asn"
	META_SOURCEADDRESS_PREVIOUS_CITY       = "sourceaddress_previous_city"
	META_SOURCEADDRESS_PREVIOUS_COUNTRY    = "sourceaddress_previous_country"
	META_SOURCEADDRESS_PREVIOUS_ISP        = "sourceaddress_previous_isp"
	META_SOURCEADDRESS_RISKSCORE           = "sourceaddress_riskscore"
	META_SOURCEADDRESS_TIMEZONE            = "sourceaddress_timezone"
	META_SOURCEADDRESSES                   = "sourceaddresses"
	META_START                             = "start"
	META_STATE_ACTION_TYPE                 = "state_action_type"
	META_STATUS                            = "status"
	META_TECHNIQUE                         = "technique"
	META_TEMPLATE_NAME_EMAIL               = "template_name_email"
	META_TEMPLATE_NAME_SLACK               = "template_name_slack"
	META_TEMPLATE_NAME_SLACK_CATCHALL      = "template_name_slack_catchall"
	META_THRESHOLD                         = "threshold"
	META_THRESHOLD_MODIFIER                = "threshold_modifier"
	META_TIME_DELTA_SECONDS                = "time_delta_seconds"
	META_TOTAL_ADDRESS_COUNT               = "total_address_count"
	META_TOTAL_ALERT_COUNT                 = "total_alert_count"
	META_UID                               = "uid"
	META_USERAGENT                         = "useragent"
	META_USERNAME                          = "username"
	META_URL_TO_FINDING                    = "url_to_finding"
	META_WATCHLIST_CREATED_BY              = "watchlist_created_by"
	META_WINDOW_TIMESTAMP                  = "window_timestamp"
	META_SOURCEADDRESS                     = "sourceaddress"
	META_SOURCEADDRESS_PREVIOUS            = "sourceaddress_previous"
)
View Source 
const (
	ALERT_NAMESPACE = "alerts"
	ALERT_KIND      = ALERT_NAMESPACE

	EXEMPTED_OBJ_NAMESPACE = "exempted_object"
)
View Source 
const (
	IP_TYPE    = "ip"
	EMAIL_TYPE = "email"
)
View Source 
const ASSIGNED = "ASSIGNED"
View Source 
const (
	EMAIL_CHAR_SET = "UTF-8"
)
View Source 
const REOPENED = "REOPENED"

Variables

This section is empty.

Functions

This section is empty.

Types

type ActionType 

type ActionType string
const (
	SlashCommand  ActionType = "slash_command"
	Interaction   ActionType = "interaction"
	ScheduledTask ActionType = "scheduled_task"
)

type Alert 

type Alert struct {
	Id        string       `json:"id"`
	Severity  string       `json:"severity"`
	Category  string       `json:"category"`
	Summary   string       `json:"summary"`
	Payload   string       `json:"payload"`
	Metadata  []*AlertMeta `json:"metadata"`
	Timestamp time.Time    `json:"timestamp"`
}

func PubSubMessageToAlert 

func PubSubMessageToAlert(psmsg pubsub.Message) (*Alert, error)

func PubSubMessageToAlerts 

func PubSubMessageToAlerts(psmsg pubsub.Message) ([]*Alert, error)

func StateToAlert 

func StateToAlert(sf *StateField) (*Alert, error)

func (*Alert) GetMetadata 

func (a *Alert) GetMetadata(key string) string

func (*Alert) GuarddutyMarkdownFormat 

func (a *Alert) GuarddutyMarkdownFormat() string

Used by `bugzilla-alert-manager` to format guardduty alerts within Bugzilla bug description/comments.

Example of output: 

#### Core Alert Info
Finding Type: <>
Finding URL: <>
Finding ID: <>
AWS Account Name: <>
AWS Account ID: <>
Finding Description: <>

#### Fraud Pipeline Info
Id: <>
Summary: <>
Severity: <>
Category: <>
Timestamp: <>

### Metadata
....

func (*Alert) IsStatus 

func (a *Alert) IsStatus(s string) bool

func (*Alert) MarkdownFormat 

func (a *Alert) MarkdownFormat() string

func (*Alert) OlderThan 

func (a *Alert) OlderThan(dur time.Duration) bool

func (*Alert) PrettyPrint 

func (a *Alert) PrettyPrint() string

func (*Alert) SetMetadata 

func (a *Alert) SetMetadata(key, value string)

type AlertMeta 

type AlertMeta struct {
	Key   string `json:"key"`
	Value string `json:"value"`
}

type BugResp 

type BugResp struct {
	Id           int       `json:"id"`
	CreationTime time.Time `json:"creation_time"`
	AssignedTo   string    `json:"assigned_to"`
	IsOpen       bool      `json:"is_open"`
}

type BugzillaClient 

type BugzillaClient struct {
	Config BugzillaConfig
	Url    string
}

func NewBugzillaClient 

func NewBugzillaClient(c BugzillaConfig, url string) *BugzillaClient

func (*BugzillaClient) AddAlertsToBug 

func (bc *BugzillaClient) AddAlertsToBug(bugId int, alerts []*Alert) error

func (*BugzillaClient) CreateBugFromAlerts 

func (bc *BugzillaClient) CreateBugFromAlerts(assignedTo, category string, alerts []*Alert) (int, error)

func (*BugzillaClient) CreateDefaultBugzillaRequest 

func (bc *BugzillaClient) CreateDefaultBugzillaRequest(method string, url string, body io.Reader) (*http.Request, error)

func (*BugzillaClient) SearchBugs 

func (bc *BugzillaClient) SearchBugs(searchValues url.Values) (*SearchBugResponse, error)

func (*BugzillaClient) UpdateBug 

func (bc *BugzillaClient) UpdateBug(bugId int, updateReq *UpdateBugReq) error

type BugzillaConfig 

type BugzillaConfig struct {
	ApiKey            string            `yaml:"api_key"`
	CategoryToTracker map[string]string `yaml:"category_to_tracker"`
	Product           string            `yaml:"product"`
	Component         string            `yaml:"component"`
	Groups            []string          `yaml:"groups"`
	DefaultAssignedTo string            `yaml:"default_assigned_to"`
}

type BugzillaErrorResponse 

type BugzillaErrorResponse struct {
	Error   bool   `json:"error,omitempty"`
	Message string `json:"message,omitempty"`
	Code    int    `json:"code,omitempty"`
}

type Configuration 

type Configuration struct {
	Environment  string `yaml:"env,omitempty"`
	GCPProjectId string `yaml:"gcp_project_id"`

	AwsAccessKeyId     string `yaml:"aws_access_key_id"`
	AwsSecretAccessKey string `yaml:"aws_secret_access_key"`
	AwsRegion          string `yaml:"aws_region"`

	SesSenderEmail         string        `yaml:"ses_sender_email"`
	DefaultEscalationEmail string        `yaml:"default_escalation_email"`
	AlertEscalationTTL     time.Duration `yaml:"alert_escalation_ttl"`
	EmergencyCcEmail       string        `yaml:"emergency_cc_email"`

	SlackAuthToken     string `yaml:"slack_auth_token"`
	SlackChannelId     string `yaml:"slack_channel_id"`
	SlackSigningSecret string `yaml:"slack_signing_secret"`

	SlackbotTriggerTopicName string `yaml:"slackbot_trigger_topic_name"`

	PersonsClientId     string   `yaml:"persons_client_id"`
	PersonsClientSecret string   `yaml:"persons_client_secret"`
	PersonsBaseURL      string   `yaml:"persons_base_url"`
	PersonsAuth0URL     string   `yaml:"persons_auth0_url"`
	AllowedLDAPGroups   []string `yaml:"allowed_ldap_groups"`

	IprepdInstances []IprepdInstance `yaml:"iprepd_instances"`

	Auth0Domain       string `yaml:"auth0_domain"`
	Auth0ClientId     string `yaml:"auth0_client_id"`
	Auth0ClientSecret string `yaml:"auth0_client_secret"`

	PagerdutyAuthToken            string `yaml:"pagerduty_auth_token"`
	PagerdutyTicketDutyScheduleId string `yaml:"pagerduty_ticket_duty_schedule_id"`

	BugzillaConfig BugzillaConfig `yaml:"bugzilla_config"`

	DuoAPIHost        string `yaml:"duo_api_host"`
	DuoIntegrationKey string `yaml:"duo_integration_key"`
	DuoSecretKey      string `yaml:"duo_secret_key"`

	PapertrailApiToken string `yaml:"papertrail_api_token"`
	PapertrailQuery    string `yaml:"papertrail_query"`
}

Configuration is a generic config structure for lambda functions and cloudfunctions. The LoadFrom function will load a yaml file in from either a local file or from GCS. If it is encrypted with sops, it will decrypt it.

func (*Configuration) LoadFrom 

func (c *Configuration) LoadFrom(path string) error

type CreateBug 

type CreateBug struct {
	Product     string   `json:"product"`
	Version     string   `json:"version"`
	Component   string   `json:"component"`
	Summary     string   `json:"summary"`
	Alias       string   `json:"alias"`
	Description string   `json:"description"`
	AssignedTo  string   `json:"assigned_to"`
	Blocks      string   `json:"blocks"`
	Type        string   `json:"type"`
	Groups      []string `json:"groups"`
	Whiteboard  string   `json:"whiteboard"`
}

type CreateComment 

type CreateComment struct {
	Comment    string `json:"comment"`
	IsMarkdown bool   `json:"is_markdown"`
}

type DBClient 

type DBClient struct {
	// contains filtered or unexported fields
}

func NewDBClient 

func NewDBClient(ctx context.Context, projectID string) (*DBClient, error)

func (*DBClient) Close 

func (db *DBClient) Close() error

func (*DBClient) DeleteAlert 

func (db *DBClient) DeleteAlert(ctx context.Context, alert *Alert) error

func (*DBClient) DeleteExemptedObject 

func (db *DBClient) DeleteExemptedObject(ctx context.Context, ExemptedObject *ExemptedObject) error

func (*DBClient) ExemptedObjectKey 

func (db *DBClient) ExemptedObjectKey(exemptedObj *ExemptedObject) *datastore.Key

func (*DBClient) GetAlert 

func (db *DBClient) GetAlert(ctx context.Context, alertId string) (*Alert, error)

func (*DBClient) GetAllAlerts 

func (db *DBClient) GetAllAlerts(ctx context.Context) ([]*Alert, error)

func (*DBClient) GetAllExemptedObjects 

func (db *DBClient) GetAllExemptedObjects(ctx context.Context) ([]*ExemptedObject, error)

func (*DBClient) RemoveAlertsOlderThan 

func (db *DBClient) RemoveAlertsOlderThan(ctx context.Context, timeAgo time.Duration) error

func (*DBClient) RemoveExpiredExemptedObjects 

func (db *DBClient) RemoveExpiredExemptedObjects(ctx context.Context) error

func (*DBClient) SaveAlert 

func (db *DBClient) SaveAlert(ctx context.Context, alert *Alert) error

func (*DBClient) SaveExemptedObject 

func (db *DBClient) SaveExemptedObject(ctx context.Context, ExemptedObject *ExemptedObject) error

type EscalationMailer 

type EscalationMailer interface {
	SendEscalationEmail(alert *Alert) error
	Send911Email(caller string, ccAddress string, msg string) error
	DefaultEscalationEmail() string
}

EscalationMailer formats and sends necessary emails for notifications

type ExemptedObject 

type ExemptedObject struct {
	Object    string    `json:"object"`
	Type      string    `json:"type"`
	ExpiresAt time.Time `json:"expires_at"`
	CreatedBy string    `json:"created_by"`
}

func NewExemptedObject 

func NewExemptedObject(object, typestr string, expiresAt time.Time, createdBy string) (*ExemptedObject, error)

func StateToExemptedObject 

func StateToExemptedObject(sf *StateField) (*ExemptedObject, error)

func (*ExemptedObject) IsExpired 

func (eo *ExemptedObject) IsExpired() bool

type InteractionData 

type InteractionData struct {
	ActionName  string
	CallbackID  string
	ResponseURL string
}

type IprepdInstance 

type IprepdInstance struct {
	URL    string `yaml:"url"`
	APIKey string `yaml:"api_key"`
}

type KMSClient 

type KMSClient struct {
	// contains filtered or unexported fields
}

func NewKMSClient 

func NewKMSClient() (*KMSClient, error)

func (*KMSClient) DecryptEnvVar 

func (kms *KMSClient) DecryptEnvVar(keyName, envVar string) (string, error)

func (*KMSClient) DecryptSymmetric 

func (kms *KMSClient) DecryptSymmetric(keyName string, ciphertext []byte) (string, error)

type SESClient 

type SESClient struct {
	// contains filtered or unexported fields
}

func NewSESClient 

func NewSESClient(region, accessKeyId, secretAccessKey, senderEmail, escalationEmail string) (*SESClient, error)

func NewSESClientFromConfig 

func NewSESClientFromConfig(config *Configuration) (*SESClient, error)

func (*SESClient) DefaultEscalationEmail 

func (sesc *SESClient) DefaultEscalationEmail() string

DefaultEscalationEmail returns the default value to which emails are sent

func (*SESClient) Send911Email 

func (sesc *SESClient) Send911Email(caller string, ccAddress string, msg string) error

Send911Email sends an email notification to the default escalation email with a message from the slack slash command invocation

func (*SESClient) SendEmail 

func (sesc *SESClient) SendEmail(recipient string, subject string, bodyMsg string) error

SendEmail sends an email to email

func (*SESClient) SendEscalationEmail 

func (sesc *SESClient) SendEscalationEmail(alert *Alert) error

SendEscalationEmail sends an email notification with an alert that needs to be escalated

type SearchBug 

type SearchBug struct {
	Creator    string
	Whiteboard string
}

type SearchBugResponse 

type SearchBugResponse struct {
	Bugs []BugResp `json:"bugs"`
}

This is only a very small subset of what is returned by Bugzilla. Feel free to add new values as needed. Full response example can be seen here: 

https://bugzilla.readthedocs.io/en/latest/api/core/v1/bug.html#rest-single-bug

func (SearchBugResponse) Len 

func (sr SearchBugResponse) Len() int

func (SearchBugResponse) Less 

func (sr SearchBugResponse) Less(i, j int) bool

func (SearchBugResponse) Swap 

func (sr SearchBugResponse) Swap(i, j int)

type SlashCommandData 

type SlashCommandData struct {
	Cmd         string
	ResponseURL string
	Text        string
	UserID      string
}

type StateField 

type StateField struct {
	State string `datastore:"state,noindex" json:"state"`
}

func AlertToState 

func AlertToState(a *Alert) (*StateField, error)

func ExemptedObjectToState 

func ExemptedObjectToState(eobj *ExemptedObject) (*StateField, error)

type TriggerData 

type TriggerData struct {
	Action       ActionType       `json:"action_type"`
	SlashCommand SlashCommandData `json:"slash_command,omitempty"`
	Interaction  InteractionData  `json:"interaction,omitempty"`
}

func PubSubMessageToTriggerData 

func PubSubMessageToTriggerData(psmsg pubsub.Message) (*TriggerData, error)

func (*TriggerData) ToPubSubMessage 

func (td *TriggerData) ToPubSubMessage() (*pubsub.Message, error)

type UpdateBugReq 

type UpdateBugReq struct {
	Status string `json:"status"`
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.