Rename ircchannel to channel (#1652)

alerts/lib/alerttask.py

@@ -251,15 +251,15 @@ class AlertTask(Task):
     def tagBotNotify(self, alert):
         """
             Tag alert to be excluded based on severity
-            If 'ircchannel' is set in an alert, we automatically notify mozdefbot
+            If 'channel' is set in an alert, we automatically set notify_mozdefbot to True
         """
         alert["notify_mozdefbot"] = True
         if alert["severity"] == "NOTICE" or alert["severity"] == "INFO":
             alert["notify_mozdefbot"] = False
 
-        # If an alert sets specific ircchannel, then we should probably always notify in mozdefbot
+        # If an alert sets specific channel, then we should probably always notify in mozdefbot
         if (
-            "ircchannel" in alert and alert["ircchannel"] != "" and alert["ircchannel"] is not None
+            "channel" in alert and alert["channel"] != "" and alert["channel"] is not None
         ):
             alert["notify_mozdefbot"] = True
         return alert
@@ -426,7 +426,7 @@ class AlertTask(Task):
         events,
         severity="NOTICE",
         url=None,
-        ircchannel=None,
+        channel=None,
     ):
         """
         Create an alert dict
@@ -446,7 +446,7 @@ class AlertTask(Task):
             "category": category,
             "tags": tags,
             "events": [],
-            "ircchannel": ircchannel,
+            "channel": channel,
             "status": DEFAULT_STATUS,
             "classname": classname
         }

alerts/ssh_access_signreleng.json

@@ -1,6 +1,6 @@
 {
     "hostfilter": "(host1|host2.*).*",
-    "ircchannel": "#somechannel",
+    "channel": "#somechannel",
     "exclusions": [
         {"summary":"someuser", "details.sourceipaddress": "4.5.6.7"},
         {"summary":"anotheruser", "details.sourceipaddress": "8.9.10.11"}

alerts/ssh_access_signreleng.py

@@ -16,8 +16,8 @@ class AlertAuthSignRelengSSH(AlertTask):
 
         self.config = self.parse_json_alert_config('ssh_access_signreleng.json')
 
-        if self.config['ircchannel'] == '':
+        if self.config['channel'] == '':
-            self.config['ircchannel'] = None
+            self.config['channel'] = None
 
         search_query.add_must([
             TermMatch('tags', 'releng'),
@@ -62,4 +62,4 @@ class AlertAuthSignRelengSSH(AlertTask):
             targetuser = found_usernames[0]
 
         summary = 'SSH login from {0} on {1} as user {2}'.format(sourceipaddress, targethost, targetuser)
-        return self.createAlertDict(summary, category, tags, [event], severity, ircchannel=self.config['ircchannel'])
+        return self.createAlertDict(summary, category, tags, [event], severity, channel=self.config['channel'])

bot/irc/mozdefbot.py

@@ -315,10 +315,10 @@ class alertConsumer(ConsumerMixin):
 
             # process valid message
             # see where we send this alert
-            ircchannel = options.alertircchannel
+            channel = options.alertchannel
-            if 'ircchannel' in body_dict:
+            if 'channel' in body_dict:
-                if body_dict['ircchannel'] in options.join.split(","):
+                if body_dict['channel'] in options.join.split(","):
-                    ircchannel = body_dict['ircchannel']
+                    channel = body_dict['channel']
 
             # see if we need to delay a bit before sending the alert, to avoid
             # flooding the channel
@@ -333,7 +333,7 @@ class alertConsumer(ConsumerMixin):
                 sys.stdout.write('alert is more than 450 bytes, truncating\n')
                 body_dict['summary'] = body_dict['summary'][:450] + ' truncated...'
 
-            self.ircBot.client.msg(ircchannel, formatAlert(body_dict))
+            self.ircBot.client.msg(channel, formatAlert(body_dict))
 
             message.ack()
         except ValueError as e:
@@ -395,8 +395,8 @@ def initConfig():
         channels.append(channel)
     options.join = ','.join(channels)
 
-    options.alertircchannel = getConfig(
+    options.alertchannel = getConfig(
-        'alertircchannel',
+        'alertchannel',
         '',
         options.configfile)
 
@@ -446,8 +446,8 @@ def initConfig():
     # mqack=True sets persistant delivery, False sets transient delivery
     options.mqack = getConfig('mqack', True, options.configfile)
 
-    if options.alertircchannel == '':
+    if options.alertchannel == '':
-        options.alertircchannel = options.join.split(",")[0]
+        options.alertchannel = options.join.split(",")[0]
 
 
 if __name__ == "__main__":

bot/slack/mozdefbot.py

@@ -73,9 +73,9 @@ class AlertConsumer(ConsumerMixin):
             # process valid message
             # see where we send this alert
             channel = options.default_alert_channel
-            if 'ircchannel' in body_dict:
+            if 'channel' in body_dict:
-                if body_dict['ircchannel'] in options.channels:
+                if body_dict['channel'] in options.channels:
-                    channel = body_dict['ircchannel']
+                    channel = body_dict['channel']
 
             # see if we need to delay a bit before sending the alert, to avoid
             # flooding the channel

tests/alerts/actions/test_triage_bot.py

@@ -47,7 +47,7 @@ def _ssh_sensitive_host_alert():
                     "documentid": "X8-tOG4B-YuPuGRRXQta",
                 }
             ],
-            "ircchannel": None,
+            "channel": None,
             "url": "website.com",
             "notify_mozdefbot": True,
             "details": {"sites": []},
@@ -116,7 +116,7 @@ def _duo_bypass_code_gen_alert():
                     "documentid": "wPPKOG4B-YuPuGRRc2s7",
                 }
             ],
-            "ircchannel": None,
+            "channel": None,
             "url": "website.com",
             "notify_mozdefbot": False,
             "details": {"sites": []},
@@ -191,7 +191,7 @@ def _duo_bypass_code_used_alert():
                     "documentid": "8iMaT3vSO0ddbCe7eaNQ",
                 }
             ],
-            "ircchannel": None,
+            "channel": None,
             "url": "website.com",
             "notify_mozdefbot": False,
             "details": {"sites": []},
@@ -269,7 +269,7 @@ def _ssh_access_releng_alert():
                     "documentid": "hsudfg92123ASDf234rm",
                 }
             ],
-            "ircchannel": "infosec-releng-alerts",
+            "channel": "infosec-releng-alerts",
             "notify_mozdefbot": True,
             "details": {
                 "sourceipv4address": "4.3.2.1",

tests/alerts/alert_test_suite.py

@@ -166,7 +166,7 @@ class AlertTestSuite(UnitTestSuite):
         assert '_index' in document
         alert_body = document['_source']
         assert alert_body['notify_mozdefbot'] is test_case.expected_alert['notify_mozdefbot'], 'Alert from rabbitmq has bad notify_mozdefbot field'
-        assert alert_body['ircchannel'] == test_case.expected_alert['ircchannel'], 'Alert from rabbitmq has bad ircchannel field'
+        assert alert_body['channel'] == test_case.expected_alert['channel'], 'Alert from rabbitmq has bad channel field'
         assert alert_body['summary'] == found_alert['_source']['summary'], 'Alert from rabbitmq has bad summary field'
         assert alert_body['utctimestamp'] == found_alert['_source']['utctimestamp'], 'Alert from rabbitmq has bad utctimestamp field'
         assert alert_body['category'] == found_alert['_source']['category'], 'Alert from rabbitmq has bad category field'
@@ -209,17 +209,17 @@ class AlertTestSuite(UnitTestSuite):
         # Verify there is a utctimestamp field
         assert 'utctimestamp' in found_alert['_source'], 'Alert does not have utctimestamp specified'
 
-        if 'ircchannel' not in test_case.expected_alert:
+        if 'channel' not in test_case.expected_alert:
-            test_case.expected_alert['ircchannel'] = None
+            test_case.expected_alert['channel'] = None
 
         # Verify notify_mozdefbot is set correctly based on severity
         expected_notify_mozdefbot = True
-        if (test_case.expected_alert['severity'] == 'NOTICE' or test_case.expected_alert['severity'] == 'INFO') and test_case.expected_alert['ircchannel'] is None:
+        if (test_case.expected_alert['severity'] == 'NOTICE' or test_case.expected_alert['severity'] == 'INFO') and test_case.expected_alert['channel'] is None:
             expected_notify_mozdefbot = False
         test_case.expected_alert['notify_mozdefbot'] = expected_notify_mozdefbot
 
-        # Verify ircchannel is set correctly
+        # Verify channel is set correctly
-        assert found_alert['_source']['ircchannel'] == test_case.expected_alert['ircchannel'], 'Alert ircchannel field is bad'
+        assert found_alert['_source']['channel'] == test_case.expected_alert['channel'], 'Alert channel field is bad'
 
         # Verify classname is set correctly
         assert found_alert['_source']['classname'] == self.alert_classname, 'Alert classname field is bad'

tests/alerts/test_ssh_access_signreleng.py

@@ -28,7 +28,7 @@ class TestAlertSSHAccessSignReleng(AlertTestSuite):
         "severity": "NOTICE",
         "summary": "SSH login from 1.2.3.4 on host1 as user ttesterson",
         "tags": ['ssh'],
-        'ircchannel': '#somechannel',
+        'channel': '#somechannel',
     }
 
     test_cases = []

tests/mozdef_util/utilities/test_dict2List.py

@@ -407,7 +407,7 @@ TEST_ALERT = {
             "documentid": "Jd7Ro3EBh9xp2NOItEXH",
         },
     ],
-    "ircchannel": None,
+    "channel": None,
     "status": "manual",
     "classname": "AlertGeoModel",
     "details": {