Closed Illbjorn closed 1 month ago
Hello @Illbjorn,
Thanks for your pull request! A Core Committer will review your pull request soon. For code contributions, you can learn more about the review process here.
Per the Mattermost Contribution Guide, we need to add you to the list of approved contributors for the Mattermost project.
Please help complete the Mattermost contribution license agreement?
Once you have signed the CLA, please comment with /check-cla
and confirm that the CLA check is green.
This is a standard procedure for many open source projects.
Please let us know if you have any questions.
We are very happy to have you join our growing community! If you're not yet a member, please consider joining our Contributors community channel to meet other contributors and discuss new opportunities with the core team.
Summary
This PR contains a very basic implementation of a Mattermost plugin (
mm-nvd
) which can be configured via slash commands to monitor the NIST Vulnerabilit Database (NVD) Feed API and announce newly released vulnerabilities as they're discovered.Example posts produced by this plugin (the
subscribe
response and an actual CVE announcement):Basic Usage
/nvdm subscribe
/nvdm unsubscribe
/nvdm set key=value
/nvdm unset key
NOTE: This is not yet implemented, see the various
TODO
s.Currently configurable settings via
/nvdm set
include:cvssv2severity
LOW
,MED
orHIGH
keywordsearch
cvetag
disputed
,unsupported-when-assigned
orexclusively-hosted-service
Package Overview
This plugin is comprised of three major packages:
nvd
@nvd
nvdm
@server/internal/nvdm
nvdp
@server/internal/nvdp
Package: NVD
NVD defines the simple query builder and wrapper for interacting with the NVD API.
Package: NVDP
NVDP ("NVD Plugin") holds the Mattermost plugin itself.
Package: NVDM
NVDM ("NVD Monitor") holds the CVEWatcher and CVEWatcherGroup which serve as the worker(s) and manager for configured NVD queries. Package
NVDP
will register workers via the WatcherGroup'sRegister()
method using the Mattermost channel ID as the "unique ID".Notes
There are some major pieces left unfinished:
/nvdm unset
command is not implemented.nvd
package's capability remains unimplemented by packagesnvdm
andnvdp
.TODO
s in the code comments.