Merge pull request #17 from hazcod/work/commandbot

Feature: skip findings without mitigations and holiday skipper
hazcod · Aug 17, 2021 · 7711901 · 7711901
2 parents 53829cf + 3958a70
commit 7711901
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -31,6 +31,8 @@ slack:
   security_user: "[email protected]"
   # skip sending a security overview if there is nothing to mention
   skip_no_report: true
+  # don't send a message to the user if 'Vacationing' status is set
+  skip_on_holiday: true
 
 # falcon crowdstrike
 falcon:

diff --git a/cmd/main.go b/cmd/main.go
@@ -92,7 +92,7 @@ func main() {
 			continue
 		}
 
-		if strings.EqualFold(slackUser.Profile.StatusText, slackStatusHoliday) {
+		if config.Slack.SkipOnHoliday && strings.EqualFold(slackUser.Profile.StatusText, slackStatusHoliday) {
 			logrus.WithField("slack_name", slackUser.Name).Warn("skipping user since he/she is on holiday")
 			continue
 		}

diff --git a/config/config.go b/config/config.go
@@ -18,6 +18,7 @@ type Config struct {
 		SecurityUser string `yaml:"security_user" emv:"SLACK_SECURITY_USER"`
 
 		SkipNoReport bool `yaml:"skip_no_report" env:"SLACK_SKIP_NO_REPORT"`
+		SkipOnHoliday bool `yaml:"skip_on_holiday" env:"SLACK_SKIP_ON_HOLIDAY"`
 	} `yaml:"slack"`
 
 	Falcon struct {

diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/hazcod/crowdstrike-spotlight-slacker
 go 1.16
 
 require (
-	github.com/crowdstrike/gofalcon v0.2.6
+	github.com/crowdstrike/gofalcon v0.2.7
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.8.1

diff --git a/go.sum b/go.sum
@@ -54,8 +54,8 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/crowdstrike/gofalcon v0.2.6 h1:WRZV6stnbfVKYwfDOUmGZp92lT0FkkQLxFpSlriins0=
-github.com/crowdstrike/gofalcon v0.2.6/go.mod h1:tM+/b9HnHhJxysZmpn2ZXDfv1F4r4VSp6tFdCao/3Gw=
+github.com/crowdstrike/gofalcon v0.2.7 h1:aijfM6rg3Y+baE0DIk8F2bAMfieG7BPn2o3vNtVsUY4=
+github.com/crowdstrike/gofalcon v0.2.7/go.mod h1:tM+/b9HnHhJxysZmpn2ZXDfv1F4r4VSp6tFdCao/3Gw=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

diff --git a/pkg/falcon/extractor.go b/pkg/falcon/extractor.go
@@ -114,7 +114,7 @@ func GetMessages(config *config.Config, ctx context.Context) (results map[string
 
 	queryResult, err := client.SpotlightVulnerabilities.QueryVulnerabilities(
 		&spotlight_vulnerabilities.QueryVulnerabilitiesParams{
-			Context: context.Background(),
+			Context: ctx,
 			Filter:  "status:'open',remediation.ids:'*'",
 			Limit:   &falconAPIMaxRecords,
 		},
@@ -197,10 +197,17 @@ func GetMessages(config *config.Config, ctx context.Context) (results map[string
 			ProductName:         *vuln.App.ProductNameVersion,
 			CveID:               *vuln.Cve.ID,
 			CveSeverity:         *vuln.Cve.Severity,
-			MitigationAvailable: true,
+			MitigationAvailable: len(vuln.Remediation.Ids) > 0,
 			TimestampFound:      *vuln.CreatedTimestamp,
 		}
 
+		if !deviceFinding.MitigationAvailable {
+			logrus.WithField("cve",*vuln.Cve.ID).WithField("severity", *vuln.Cve.Severity).
+				WithField("product", *vuln.App.ProductNameVersion).
+				Warn("skipping finding without mitigation(s)")
+			continue
+		}
+
 		if _, ok := devices[uniqueDeviceID]; !ok {
 			devices[uniqueDeviceID] = UserDevice{
 				MachineName: fmt.Sprintf(