Merge pull request #3 from Issif/notifier_worker

v2.1
Issif · Jun 8, 2020 · c6c43b8 · c6c43b8
2 parents 59097dc + 1a78371
commit c6c43b8
Show file tree

Hide file tree

Showing 17 changed files with 451 additions and 215 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,6 @@
 cercat
 config.yaml
 dist
-dist/**
+dist/**
+lib/*.xml
+.vscode
diff --git a/README.md b/README.md
@@ -1,10 +1,10 @@
 # cercat
 
-`certcat` is for **Certificate Catcher**. It's monitors issued certificates from [CertStream](https://certstream.calidog.io/) stream and send an alert to **Slack** if a domain matchs a specified **regexp**.
+`certcat` is for **Certificate Catcher**. It monitors issued certificates from [CertStream](https://certstream.calidog.io/) stream and sends an alert to **Slack** if a domain matches a specified **regexp**.
 
 ```bash
                websocket    +----------+   POST
-CertSteam <-----------------> certcat  +-----------> Slack
+CertSteam <-----------------> cercat   +-----------> Slack
                             | (regexp) |
                             +----------+
 ```
@@ -13,6 +13,8 @@ CertSteam <-----------------> certcat  +-----------> Slack
 
 It's highly inspired by [CertStreamMonitor](https://github.com/AssuranceMaladieSec/CertStreamMonitor/blob/master/README.md), the first idea was to improve performances for catching with a **Golang** version.
 
+The regexp is applied on principal an SAN domains. If one of these domains is an [IDN](https://en.wikipedia.org/wiki/Internationalized_domain_name), it's converted in an equivalend in ASCII before applying the regexp.
+
 ## Configuration
 
 Two methods are available for configuration and can be mixed :
@@ -27,8 +29,6 @@ SlackWebhookURL: "" #Slack Webhook URL
 SlackIconURL: "" #Slack Icon (Avatar) URL
 SlackUsername: "" #Slack Username
 Regexp: ".*\\.fr$" #Regexp to match. Can't be empty. It uses Golang regexp format
-Workers: 20 #Number of workers for consuming feed from CertStream
-DisplayErrors: false #Enable/Disable display of errors in logs
 ```
 
 ### With env vars
@@ -37,8 +37,6 @@ DisplayErrors: false #Enable/Disable display of errors in logs
 - **SLACKICONURL**: Slack Icon (Avatar) URL
 - **SLACKUSERNAME**: Slack Username
 - **REGEXP**: Regexp to match, if empty, '.*' is used. Use Golang regexp format
-- **WORKERS**: Number of workers for consuming feed from CertStream
-- **DISPLAYERRORS**: Enable/Disable display of errors in logs
 
 ## Run
 
@@ -55,14 +53,14 @@ Flags:
 You can run with Docker :
 
 ```
-docker run -d -e SLACKWEBHOOKURL=https://hooks.slack.com/services/XXXXX -e REGEXP=".*fr$" issif/cercat:latest 
+docker run -d -e SLACKWEBHOOKURL=https://hooks.slack.com/services/XXXXX -e REGEXP=".*\\.fr$" issif/cercat:latest 
 ```
 
 ## Logs
 
 ```bash
-2020/04/14 17:29:40 [INFO]  : A certificate for 'www.XXXX.fr' has been issued : {"domain":"www.XXXX.fr","SAN":["www.XXXX.fr"],"issuer":"Let's Encrypt","Addresses":["XX.XX.XX.183","XX.XX.XX.182"]}
-2020/04/14 17:29:41 [INFO]  : A certificate for 'XXXX.fr' has been issued : {"domain":"XXXX.fr","SAN":["mail.XXXX.fr","XXXX.fr","www.XXXX.fr"],"issuer":"Let's Encrypt","Addresses":["XX.XX.XX.108"]}
+INFO[0005] A certificate for 'xxxx.fr' has been issued : {"domain":"xxxx.fr","SAN":["xxxx.fr","www.xxxx.fr"],"issuer":"Let's Encrypt","Addresses":["X.X.X.129"]} 
+INFO[0008] A certificate for 'xxxx.fr' has been issued : {"domain":"xxxx.fr","SAN":["xxxx.fr","www.xxxx.fr"],"issuer":"Let's Encrypt","Addresses":["X.X.X.116"]} 
 ```
 
 ## Profiles, Traces and Metrics
@@ -73,6 +71,8 @@ The service opens port `6060` for `profiles`, `traces` and `expvar`. Go to [http
 
 MIT
 
-## Author
+## Authors
 
 Thomas Labarussias - [@Issif](https://www.github.com/issif)
+Ayoul Elaassal - [@Ayoul3](https://github.com/ayoul3)
+
diff --git a/config_example.yaml → example.yaml b/config_example.yaml → example.yaml
@@ -3,5 +3,3 @@ SlackWebhookURL: "" #Slack Webhook URL
 SlackIconURL: "" #Slack Icon (Avatar) URL
 SlackUsername: "" #Slack Username
 Regexp: ".*\\.fr$" #Regexp to match. Can't be empty. It uses Golang regexp format
-Workers: 20 #Number of workers for consuming stream from CertStream
-DisplayErrors: false #Enable/Disable display of errors in logs
diff --git a/go.mod b/go.mod
@@ -3,18 +3,16 @@ module cercat
 go 1.14
 
 require (
-	github.com/CaliDog/certstream-go v0.0.0-20180219203951-6016c5462366
-	github.com/falcosecurity/falcosidekick v0.0.0-20200128210241-efc9dea5ac3a
 	github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee // indirect
 	github.com/gobwas/pool v0.2.0 // indirect
 	github.com/gobwas/ws v1.0.3
-	github.com/google/pprof v0.0.0-20200413000643-b1a96885c1c6 // indirect
-	github.com/gorilla/websocket v1.4.2
-	github.com/jmoiron/jsonq v0.0.0-20150511023944-e874b168d07e
-	github.com/likexian/whois-go v1.5.0
-	github.com/likexian/whois-parser-go v1.10.4
-	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
-	github.com/pkg/errors v0.9.1
+	github.com/onsi/ginkgo v1.12.2
+	github.com/onsi/gomega v1.10.1
+	github.com/patrickmn/go-cache v2.1.0+incompatible
+	github.com/picatz/homoglyphr v0.0.0-20180114170158-6e9a0e190785
+	github.com/sirupsen/logrus v1.2.0
 	github.com/spf13/viper v1.6.3
+	github.com/stretchr/testify v1.4.0 // indirect
+	golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
 )