Email Notification Feature for casr-dojo#258
Email Notification Feature for casr-dojo#258PavlNekrasov wants to merge 1 commit intoispras:masterfrom
casr-dojo#258Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #258 +/- ##
==========================================
- Coverage 66.35% 65.06% -1.30%
==========================================
Files 34 34
Lines 8246 8310 +64
==========================================
- Hits 5472 5407 -65
- Misses 2774 2903 +129 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
SweetVishnya
left a comment
SweetVishnya
left a comment
There was a problem hiding this comment.
Please, run cargo fmt and cargo clippy on your code
|
Doesn't DefectDojo support setting up email notifications from its web ui? I am wondering whether it is a good point to send emails directly from Casr... |
|
|
||
| [dependencies] | ||
| lettre = "0.11.15" | ||
| secrecy = "0.8" |
There was a problem hiding this comment.
Please, make these dependencies available only when casr is built with dojo feature (similar to tokio crate).
|
|
||
| Triage crashes found by libFuzzer based fuzzer | ||
| (C/C++/go-fuzz/Atheris/Jazzer/Jazzer.js/jsfuzz/luzer) or LibAFL based fuzzer | ||
| (C/C++/go-fuzz/Atheris/Jazzer/Jazzer.js/jsfuzz) or LibAFL based fuzzer |
| [test] | ||
| test_type = "CASR DAST Report" | ||
| ``` | ||
| Also `casr-dojo` can send email notifications about newly uploaded findings. To enable this feature, add a `[mail]` section to your TOML configuration file: |
| } | ||
| } | ||
|
|
||
| struct FindingInfo { |
There was a problem hiding this comment.
Add docs for structures, fields, and functions
| } | ||
|
|
||
| Ok(()) | ||
| Ok(FindingInfo { |
There was a problem hiding this comment.
You may just return JSON stored to finding variable. Thus, you won't need declaring an additional structure. Id can be stored in finding["id"].
| d | ||
| } | ||
|
|
||
| fn parse_env_var(s: &str) -> Option<&str> { |
There was a problem hiding this comment.
Maybe we can hardcore exactly one supported environment variable CASR_MAIL_PASSWORD?
|
|
||
| impl MailConfig { | ||
| pub fn new(toml: toml::Table, defectdojo_url: String) -> Result<Option<Self>> { | ||
| if !toml.contains_key("mail") || !toml["mail"].is_table() { |
There was a problem hiding this comment.
non-table 'mail' should be an error
| return Ok(None); | ||
| } | ||
|
|
||
| let mail_settings = toml["mail"].as_table().unwrap(); |
There was a problem hiding this comment.
You may just write as_table()? to handle non-table case
| ) { | ||
| Ok(Some(config)) => config, | ||
| Ok(None) => { | ||
| warn!("Mail configuration not found in TOML, skipping notifications"); |
There was a problem hiding this comment.
There should be no warning here
2 participants
Hi,
I needed email notifications when crashes are uploaded to DefectDojo for my workflow, so I've implemented this functionality. If you find it useful, please consider merging this addition.
Reporter: Pavel Nekrasov (p.nekrasov@fobos-nt.ru)