Skip to content

Commit a242fa8

Browse files
J12934J12934
committed
Enable email notifier to use different mail addresses on a per scan basis
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
1 parent 7af3a65 commit a242fa8

File tree

6 files changed

+128
-14
lines changed

6 files changed

+128
-14
lines changed

hooks/notification/.helm-docs.gotmpl

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -274,6 +274,21 @@ env:
274274
value: secureCodeBox
275275
```
276276

277+
You can overwrite the default email recipient of the notification mail for every scan by setting a `notification.securecodebox.io/email-recipient` annotation on the scan to another email address:
278+
279+
```yaml
280+
apiVersion: "execution.securecodebox.io/v1"
281+
kind: Scan
282+
metadata:
283+
name: "nmap-juice-shop"
284+
annotations:
285+
notification.securecodebox.io/email-recipient: "foo@example.com"
286+
spec:
287+
scanType: "nmap"
288+
parameters:
289+
- juice-shop.default.svc
290+
```
291+
277292
#### Configuration Of A MS Teams Notification
278293

279294
To configure a MS Teams notification you need to set the type to `ms-teams`.

hooks/notification/README.md

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -293,6 +293,21 @@ env:
293293
value: secureCodeBox
294294
```
295295
296+
You can overwrite the default email recipient of the notification mail for every scan by setting a `notification.securecodebox.io/email-recipient` annotation on the scan to another email address:
297+
298+
```yaml
299+
apiVersion: "execution.securecodebox.io/v1"
300+
kind: Scan
301+
metadata:
302+
name: "nmap-juice-shop"
303+
annotations:
304+
notification.securecodebox.io/email-recipient: "foo@example.com"
305+
spec:
306+
scanType: "nmap"
307+
parameters:
308+
- juice-shop.default.svc
309+
```
310+
296311
#### Configuration Of A MS Teams Notification
297312
298313
To configure a MS Teams notification you need to set the type to `ms-teams`.

hooks/notification/docs/README.ArtifactHub.md

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -301,6 +301,21 @@ env:
301301
value: secureCodeBox
302302
```
303303
304+
You can overwrite the default email recipient of the notification mail for every scan by setting a `notification.securecodebox.io/email-recipient` annotation on the scan to another email address:
305+
306+
```yaml
307+
apiVersion: "execution.securecodebox.io/v1"
308+
kind: Scan
309+
metadata:
310+
name: "nmap-juice-shop"
311+
annotations:
312+
notification.securecodebox.io/email-recipient: "foo@example.com"
313+
spec:
314+
scanType: "nmap"
315+
parameters:
316+
- juice-shop.default.svc
317+
```
318+
304319
#### Configuration Of A MS Teams Notification
305320
306321
To configure a MS Teams notification you need to set the type to `ms-teams`.

hooks/notification/hook/Notifiers/EMailNotifier.test.ts

Lines changed: 78 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -21,20 +21,10 @@ jest.mock("nodemailer", () => {
2121
};
2222
});
2323

24-
const creationTimestamp = new Date("2021-01-01T14:29:25Z")
24+
const creationTimestamp = new Date("2021-01-01T14:29:25Z");
2525

26-
test("Should Send Mail", async () => {
27-
const from = "secureCodeBox";
28-
const smtp = "smtp://user:pass@smtp.ethereal.email/";
29-
process.env[EMailNotifier.SMTP_CONFIG] = smtp;
30-
const channel: NotificationChannel = {
31-
name: "Channel Name",
32-
type: NotifierType.EMAIL,
33-
template: "email",
34-
rules: [],
35-
endPoint: "mail@some.email",
36-
};
37-
const scan: Scan = {
26+
function createExampleScan(): Scan {
27+
return {
3828
metadata: {
3929
uid: "09988cdf-1fc7-4f85-95ee-1b1d65dbc7cc",
4030
name: "demo-scan-1601086432",
@@ -74,6 +64,20 @@ test("Should Send Mail", async () => {
7464
state: "Done",
7565
},
7666
};
67+
}
68+
69+
test("Should Send Mail", async () => {
70+
const from = "secureCodeBox";
71+
const smtp = "smtp://user:pass@smtp.ethereal.email/";
72+
process.env[EMailNotifier.SMTP_CONFIG] = smtp;
73+
const channel: NotificationChannel = {
74+
name: "Channel Name",
75+
type: NotifierType.EMAIL,
76+
template: "email",
77+
rules: [],
78+
endPoint: "mail@some.email",
79+
};
80+
const scan: Scan = createExampleScan();
7781

7882
const args = new Array();
7983
args[EMailNotifier.EMAIL_FROM] = from;
@@ -119,3 +123,64 @@ Strict-Transport-Security Header Not Set: 1
119123
});
120124
expect(close).toBeCalled();
121125
});
126+
127+
test("should send mail to recipient overwritten in scan annotation", async () => {
128+
const from = "secureCodeBox";
129+
const smtp = "smtp://user:pass@smtp.ethereal.email/";
130+
process.env[EMailNotifier.SMTP_CONFIG] = smtp;
131+
const channel: NotificationChannel = {
132+
name: "Channel Name",
133+
type: NotifierType.EMAIL,
134+
template: "email",
135+
rules: [],
136+
endPoint: "mail@some.email",
137+
};
138+
const scan: Scan = createExampleScan();
139+
scan.metadata.annotations = {
140+
"notification.securecodebox.io/email-recipient": "foo@example.com",
141+
};
142+
143+
const args = new Array();
144+
args[EMailNotifier.EMAIL_FROM] = from;
145+
146+
const notifier = new EMailNotifier(channel, scan, [], args);
147+
148+
await notifier.sendMessage();
149+
150+
expect(sendMail).toBeCalledWith({
151+
from: "secureCodeBox",
152+
html: `<strong>Scan demo-scan-1601086432</strong><br>
153+
Created at ${creationTimestamp.toString()}
154+
<br>
155+
<br>
156+
<strong>Findings Severity Overview:</strong><br>
157+
high: 10<br>
158+
medium: 5<br>
159+
low: 2<br>
160+
informational: 1<br>
161+
162+
<br>
163+
<strong>Findings Category Overview:</strong><br>
164+
A Client Error response code was returned by the server: 1<br>
165+
Information Disclosure - Sensitive Information in URL: 1<br>
166+
Strict-Transport-Security Header Not Set: 1<br>
167+
`,
168+
subject: "New nmap security scan results are available!",
169+
text: `*Scan demo-scan-1601086432*
170+
Created at ${creationTimestamp.toString()}
171+
172+
*Findings Severity Overview*:
173+
high: 10
174+
medium: 5
175+
low: 2
176+
informational: 1
177+
178+
*Findings Category Overview*:
179+
A Client Error response code was returned by the server: 1
180+
Information Disclosure - Sensitive Information in URL: 1
181+
Strict-Transport-Security Header Not Set: 1
182+
`,
183+
to: "foo@example.com",
184+
});
185+
expect(close).toBeCalled();
186+
});

hooks/notification/hook/Notifiers/EMailNotifier.ts

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,10 @@ export class EMailNotifier extends AbstractNotifier {
4242

4343
private prepareMessage(): any {
4444
const message = JSON.parse(this.renderMessage());
45-
message.to = this.resolveEndPoint();
45+
if(!message.to) {
46+
// only use fixed endpoint / mail address if it isn't already defined by the template
47+
message.to = this.resolveEndPoint();
48+
}
4649
message.from = this.args[EMailNotifier.EMAIL_FROM];
4750
return message;
4851
}

hooks/notification/hook/notification-templates/email.njk

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ SPDX-FileCopyrightText: the secureCodeBox authors
33
44
SPDX-License-Identifier: Apache-2.0
55
#}
6+
to: {{ scan.metadata.annotations["notification.securecodebox.io/email-recipient"] | default(null, true) | safe}}
67
subject: New {{ scan.spec.scanType }} security scan results are available!
78
text: |
89
*Scan {{ scan.metadata.name }}*

0 commit comments

Comments
 (0)