Rename ircchannel to channel (#1652)

2020-07-06 12:57:02 -05:00 · 2020-07-06 12:57:02 -05:00 · b9fc856c04
--- a/alerts/lib/alerttask.py
+++ b/alerts/lib/alerttask.py
@ -251,15 +251,15 @@ class AlertTask(Task):
    def tagBotNotify(self, alert):
        """
            Tag alert to be excluded based on severity
-            If 'ircchannel' is set in an alert, we automatically notify mozdefbot
+            If 'channel' is set in an alert, we automatically set notify_mozdefbot to True
        """
        alert["notify_mozdefbot"] = True
        if alert["severity"] == "NOTICE" or alert["severity"] == "INFO":
            alert["notify_mozdefbot"] = False

-        # If an alert sets specific ircchannel, then we should probably always notify in mozdefbot
+        # If an alert sets specific channel, then we should probably always notify in mozdefbot
        if (
-            "ircchannel" in alert and alert["ircchannel"] != "" and alert["ircchannel"] is not None
+            "channel" in alert and alert["channel"] != "" and alert["channel"] is not None
        ):
            alert["notify_mozdefbot"] = True
        return alert
@ -426,7 +426,7 @@ class AlertTask(Task):
        events,
        severity="NOTICE",
        url=None,
-        ircchannel=None,
+        channel=None,
    ):
        """
        Create an alert dict
@ -446,7 +446,7 @@ class AlertTask(Task):
            "category": category,
            "tags": tags,
            "events": [],
-            "ircchannel": ircchannel,
+            "channel": channel,
            "status": DEFAULT_STATUS,
            "classname": classname
        }
--- a/alerts/ssh_access_signreleng.json
+++ b/alerts/ssh_access_signreleng.json
@ -1,6 +1,6 @@
 {
    "hostfilter": "(host1|host2.*).*",
-    "ircchannel": "#somechannel",
+    "channel": "#somechannel",
    "exclusions": [
        {"summary":"someuser", "details.sourceipaddress": "4.5.6.7"},
        {"summary":"anotheruser", "details.sourceipaddress": "8.9.10.11"}
--- a/alerts/ssh_access_signreleng.py
+++ b/alerts/ssh_access_signreleng.py
@ -16,8 +16,8 @@ class AlertAuthSignRelengSSH(AlertTask):

        self.config = self.parse_json_alert_config('ssh_access_signreleng.json')

-        if self.config['ircchannel'] == '':
-            self.config['ircchannel'] = None
+        if self.config['channel'] == '':
+            self.config['channel'] = None

        search_query.add_must([
            TermMatch('tags', 'releng'),
@ -62,4 +62,4 @@ class AlertAuthSignRelengSSH(AlertTask):
            targetuser = found_usernames[0]

        summary = 'SSH login from {0} on {1} as user {2}'.format(sourceipaddress, targethost, targetuser)
-        return self.createAlertDict(summary, category, tags, [event], severity, ircchannel=self.config['ircchannel'])
+        return self.createAlertDict(summary, category, tags, [event], severity, channel=self.config['channel'])
--- a/bot/irc/mozdefbot.py
+++ b/bot/irc/mozdefbot.py
@ -315,10 +315,10 @@ class alertConsumer(ConsumerMixin):

            # process valid message
            # see where we send this alert
-            ircchannel = options.alertircchannel
-            if 'ircchannel' in body_dict:
-                if body_dict['ircchannel'] in options.join.split(","):
-                    ircchannel = body_dict['ircchannel']
+            channel = options.alertchannel
+            if 'channel' in body_dict:
+                if body_dict['channel'] in options.join.split(","):
+                    channel = body_dict['channel']

            # see if we need to delay a bit before sending the alert, to avoid
            # flooding the channel
@ -333,7 +333,7 @@ class alertConsumer(ConsumerMixin):
                sys.stdout.write('alert is more than 450 bytes, truncating\n')
                body_dict['summary'] = body_dict['summary'][:450] + ' truncated...'

-            self.ircBot.client.msg(ircchannel, formatAlert(body_dict))
+            self.ircBot.client.msg(channel, formatAlert(body_dict))

            message.ack()
        except ValueError as e:
@ -395,8 +395,8 @@ def initConfig():
        channels.append(channel)
    options.join = ','.join(channels)

-    options.alertircchannel = getConfig(
-        'alertircchannel',
+    options.alertchannel = getConfig(
+        'alertchannel',
        '',
        options.configfile)

@ -446,8 +446,8 @@ def initConfig():
    # mqack=True sets persistant delivery, False sets transient delivery
    options.mqack = getConfig('mqack', True, options.configfile)

-    if options.alertircchannel == '':
-        options.alertircchannel = options.join.split(",")[0]
+    if options.alertchannel == '':
+        options.alertchannel = options.join.split(",")[0]


 if __name__ == "__main__":
--- a/bot/slack/mozdefbot.py
+++ b/bot/slack/mozdefbot.py
@ -73,9 +73,9 @@ class AlertConsumer(ConsumerMixin):
            # process valid message
            # see where we send this alert
            channel = options.default_alert_channel
-            if 'ircchannel' in body_dict:
-                if body_dict['ircchannel'] in options.channels:
-                    channel = body_dict['ircchannel']
+            if 'channel' in body_dict:
+                if body_dict['channel'] in options.channels:
+                    channel = body_dict['channel']

            # see if we need to delay a bit before sending the alert, to avoid
            # flooding the channel
--- a/tests/alerts/actions/test_triage_bot.py
+++ b/tests/alerts/actions/test_triage_bot.py
@ -47,7 +47,7 @@ def _ssh_sensitive_host_alert():
                    "documentid": "X8-tOG4B-YuPuGRRXQta",
                }
            ],
-            "ircchannel": None,
+            "channel": None,
            "url": "website.com",
            "notify_mozdefbot": True,
            "details": {"sites": []},
@ -116,7 +116,7 @@ def _duo_bypass_code_gen_alert():
                    "documentid": "wPPKOG4B-YuPuGRRc2s7",
                }
            ],
-            "ircchannel": None,
+            "channel": None,
            "url": "website.com",
            "notify_mozdefbot": False,
            "details": {"sites": []},
@ -191,7 +191,7 @@ def _duo_bypass_code_used_alert():
                    "documentid": "8iMaT3vSO0ddbCe7eaNQ",
                }
            ],
-            "ircchannel": None,
+            "channel": None,
            "url": "website.com",
            "notify_mozdefbot": False,
            "details": {"sites": []},
@ -269,7 +269,7 @@ def _ssh_access_releng_alert():
                    "documentid": "hsudfg92123ASDf234rm",
                }
            ],
-            "ircchannel": "infosec-releng-alerts",
+            "channel": "infosec-releng-alerts",
            "notify_mozdefbot": True,
            "details": {
                "sourceipv4address": "4.3.2.1",
--- a/tests/alerts/alert_test_suite.py
+++ b/tests/alerts/alert_test_suite.py
@ -166,7 +166,7 @@ class AlertTestSuite(UnitTestSuite):
        assert '_index' in document
        alert_body = document['_source']
        assert alert_body['notify_mozdefbot'] is test_case.expected_alert['notify_mozdefbot'], 'Alert from rabbitmq has bad notify_mozdefbot field'
-        assert alert_body['ircchannel'] == test_case.expected_alert['ircchannel'], 'Alert from rabbitmq has bad ircchannel field'
+        assert alert_body['channel'] == test_case.expected_alert['channel'], 'Alert from rabbitmq has bad channel field'
        assert alert_body['summary'] == found_alert['_source']['summary'], 'Alert from rabbitmq has bad summary field'
        assert alert_body['utctimestamp'] == found_alert['_source']['utctimestamp'], 'Alert from rabbitmq has bad utctimestamp field'
        assert alert_body['category'] == found_alert['_source']['category'], 'Alert from rabbitmq has bad category field'
@ -209,17 +209,17 @@ class AlertTestSuite(UnitTestSuite):
        # Verify there is a utctimestamp field
        assert 'utctimestamp' in found_alert['_source'], 'Alert does not have utctimestamp specified'

-        if 'ircchannel' not in test_case.expected_alert:
-            test_case.expected_alert['ircchannel'] = None
+        if 'channel' not in test_case.expected_alert:
+            test_case.expected_alert['channel'] = None

        # Verify notify_mozdefbot is set correctly based on severity
        expected_notify_mozdefbot = True
-        if (test_case.expected_alert['severity'] == 'NOTICE' or test_case.expected_alert['severity'] == 'INFO') and test_case.expected_alert['ircchannel'] is None:
+        if (test_case.expected_alert['severity'] == 'NOTICE' or test_case.expected_alert['severity'] == 'INFO') and test_case.expected_alert['channel'] is None:
            expected_notify_mozdefbot = False
        test_case.expected_alert['notify_mozdefbot'] = expected_notify_mozdefbot

-        # Verify ircchannel is set correctly
-        assert found_alert['_source']['ircchannel'] == test_case.expected_alert['ircchannel'], 'Alert ircchannel field is bad'
+        # Verify channel is set correctly
+        assert found_alert['_source']['channel'] == test_case.expected_alert['channel'], 'Alert channel field is bad'

        # Verify classname is set correctly
        assert found_alert['_source']['classname'] == self.alert_classname, 'Alert classname field is bad'
--- a/tests/alerts/test_ssh_access_signreleng.py
+++ b/tests/alerts/test_ssh_access_signreleng.py
@ -28,7 +28,7 @@ class TestAlertSSHAccessSignReleng(AlertTestSuite):
        "severity": "NOTICE",
        "summary": "SSH login from 1.2.3.4 on host1 as user ttesterson",
        "tags": ['ssh'],
-        'ircchannel': '#somechannel',
+        'channel': '#somechannel',
    }

    test_cases = []
--- a/tests/mozdef_util/utilities/test_dict2List.py
+++ b/tests/mozdef_util/utilities/test_dict2List.py
@ -407,7 +407,7 @@ TEST_ALERT = {
            "documentid": "Jd7Ro3EBh9xp2NOItEXH",
        },
    ],
-    "ircchannel": None,
+    "channel": None,
    "status": "manual",
    "classname": "AlertGeoModel",
    "details": {