Summary

This PR contains a very basic implementation of a Mattermost plugin (mm-nvd) which can be configured via slash commands to monitor the NIST Vulnerabilit Database (NVD) Feed API and announce newly released vulnerabilities as they're discovered.

Example posts produced by this plugin (the subscribe response and an actual CVE announcement):

Basic Usage

Command	Purpose	Notes
`/nvdm subscribe`	Subscribes a worker to the channel the command was invoked in. The worker will then produce notifications of any new CVEs to this channel as they arrive.
`/nvdm unsubscribe`	Unsubscribes a worker from the channel the command was invoked in.
`/nvdm set key=value`	Sets a configurable value associated with the NVD query. This can refine results produced to only those including specific keywords, above certain severities, etc.
`/nvdm unset key`	Unsets a configurable value associated with the NVD query. NOTE: This is not yet implemented, see the various `TODO`s.

Currently configurable settings via /nvdm set include:

Key	Expected Value	Purpose
`cvssv2severity`	`LOW`, `MED` or `HIGH`	Adjusts the NVD query for the current channel to only produce results at or above the provided severity.
`keywordsearch`	Any	Adjusts the NVD query for the current channel to only produce results including the provided keywords.
`cvetag`	`disputed`, `unsupported-when-assigned` or `exclusively-hosted-service`	Adjusts the NVD query for the current channel to only produce results including the provided tag.

Package Overview

This plugin is comprised of three major packages:

nvd @ nvd
nvdm @ server/internal/nvdm
nvdp @ server/internal/nvdp

Package: NVD

NVD defines the simple query builder and wrapper for interacting with the NVD API.

Package: NVDP

NVDP ("NVD Plugin") holds the Mattermost plugin itself.

Package: NVDM

NVDM ("NVD Monitor") holds the CVEWatcher and CVEWatcherGroup which serve as the worker(s) and manager for configured NVD queries. Package NVDP will register workers via the WatcherGroup's Register() method using the Mattermost channel ID as the "unique ID".

Notes

There are some major pieces left unfinished:

Command autocomplete is not implemented - there's a lot in the way of UX that just isn't where I'd like it to be.
The /nvdm unset command is not implemented.
A large swath of the nvd package's capability remains unimplemented by packages nvdm and nvdp.
Unit tests need to be implemented!
Plugin configuration and data persistence are not implemented.
There's a lot of room left for performance improvements!
Much more - there are plenty of TODOs in the code comments.

Hello @Illbjorn,

Thanks for your pull request! A Core Committer will review your pull request soon. For code contributions, you can learn more about the review process here.

Per the Mattermost Contribution Guide, we need to add you to the list of approved contributors for the Mattermost project.

Please help complete the Mattermost contribution license agreement? Once you have signed the CLA, please comment with /check-cla and confirm that the CLA check is green.

This is a standard procedure for many open source projects.

Please let us know if you have any questions.

We are very happy to have you join our growing community! If you're not yet a member, please consider joining our Contributors community channel to meet other contributors and discuss new opportunities with the core team.

mattermost / mattermost-plugin-starter-template

Sim Assignment: MM-NVD #207