Add a vulnerability_found event for notice when we detect a vuln

Fixes #637 Note: This PR does *not* actually raise the event; it merely adds support for it
2015-10-13 18:14:52 -04:00 · 2015-10-13 18:14:52 -04:00 · 0f3db709ea
commit 0f3db709ea
parent 3677947521
19 changed files with 476 additions and 159 deletions
--- a/endpoints/api/repositorynotification.py
+++ b/endpoints/api/repositorynotification.py
@ -57,6 +57,10 @@ class RepositoryNotificationList(RepositoryParamResource):
          'type': 'object',
          'description': 'JSON config information for the specific method of notification'
        },
+        'eventConfig': {
+          'type': 'object',
+          'description':  'JSON config information for the specific event of notification',
+        },
        'title': {
          'type': 'string',
          'description': 'The human-readable title of the notification',
@ -84,6 +88,7 @@ class RepositoryNotificationList(RepositoryParamResource):

    new_notification = model.notification.create_repo_notification(repo, parsed['event'],
                                                             parsed['method'], parsed['config'],
+                                                             parsed['eventConfig'],
                                                             parsed.get('title', None))

    resp = notification_view(new_notification)
--- a/endpoints/notificationevent.py
+++ b/endpoints/notificationevent.py
@ -84,6 +84,40 @@ def _build_summary(event_data):
  return summary


+class VulnerabilityFoundEvent(NotificationEvent):
+  @classmethod
+  def event_name(cls):
+    return 'vulnerability_found'
+
+  def get_level(self, event_data, notification_data):
+    priority = event_data['vulnerability']['priority']
+    if priority == 'Defcon1' or priority == 'Critical':
+      return 'error'
+
+    if priority == 'Medium' or priority == 'High':
+      return 'warning'
+
+    return 'info'
+
+  def get_sample_data(self, repository):
+    return build_event_data(repository, {
+      'tags': ['latest', 'prod'],
+      'image': 'some-image-id',
+      'vulnerability': {
+        'id': 'CVE-FAKE-CVE',
+        'description': 'A futurist vulnerability',
+        'link': 'https://security-tracker.debian.org/tracker/CVE-FAKE-CVE',
+        'priority': 'Critical',
+      },
+    })
+
+  def get_summary(self, event_data, notification_data):
+    msg = '%s vulnerability detected in repository %s in tags %s'
+    return msg % (event_data['vulnerability']['priority'],
+                  event_data['repository'],
+                  ', '.join(event_data['tags']))
+
+
 class BuildQueueEvent(NotificationEvent):
  @classmethod
  def event_name(cls):