Last active
May 17, 2017 05:07
-
-
Save lanches-kurashita/cd637cfd8cb60cc4456d0696e9402300 to your computer and use it in GitHub Desktop.
check latest JVN vulnerability information by google apps script.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var JVN_API_URL = "http://jvndb.jvn.jp/myjvn"; | |
| var CW_AUTH_TOKEN = "xxxxxx"; | |
| var CW_ROOM_ID = "123456789"; | |
| var CW_API_URL = "https://api.chatwork.com/v2/rooms/" + CW_ROOM_ID + "/messages"; | |
| var SPREADSHEET_ID = 'xxxxxxxxxxxxxxxxxxx'; | |
| function checkLatestVulnerabilityInformation() { | |
| var products = getSheetData(SPREADSHEET_ID); | |
| var res = fetchJVN(products); | |
| var new_info = parseXML(res.getContentText()); | |
| new_info.forEach(function(info){ | |
| postToChatwork(info); | |
| }); | |
| } | |
| function getSheetData(sheed_id) { | |
| var ss = SpreadsheetApp.openById(SPREADSHEET_ID); | |
| var sheet = ss.getSheets()[0]; | |
| var start_row = 6; // 行 | |
| var start_col = 2; // 列 | |
| var num_row = sheet.getLastRow(); // 最終行まで | |
| var num_col = 1; // 2列目のみ | |
| var sheet_values = sheet.getSheetValues(start_row, start_col, num_row, num_col); | |
| var products = []; | |
| sheet_values.forEach(function(values){ | |
| if(values[0]) { | |
| products.push(values[0]); | |
| } | |
| }); | |
| return products; | |
| } | |
| function fetchJVN(products) { | |
| var date = new Date(); | |
| // 前日分の更新情報を取得 | |
| date.setDate(date.getDate() - 1) | |
| var year = date.getYear().toString(); | |
| var month = (date.getMonth() + 1).toString(); | |
| var day = date.getDate().toString(); | |
| var data = { | |
| // "rangeDatePublic": "n", | |
| // "rangeDatePublished": "n", | |
| // "rangeDateFirstPublished": "n", | |
| // "lang": "ja", | |
| "method": "getVulnOverviewList", | |
| "datePublishedStartY": year, | |
| "datePublishedStartM": month, | |
| "datePublishedStartD": day | |
| }; | |
| var cpe_names = []; | |
| products.forEach(function(product){ | |
| cpe_names.push('cpe:/*:*:*' + product + '*') | |
| }); | |
| var cpe_name = cpe_names.join('+'); | |
| data['cpeName'] = cpe_name; | |
| var options = { | |
| 'method' : 'get', | |
| 'payload' : data | |
| }; | |
| return UrlFetchApp.fetch(JVN_API_URL, options); | |
| } | |
| function parseXML(xml) { | |
| document = XmlService.parse(xml); | |
| // xmlパース用namespace | |
| var rss = XmlService.getNamespace('http://purl.org/rss/1.0/'); | |
| var sec = XmlService.getNamespace('http://jvn.jp/rss/mod_sec/'); | |
| var items = document.getRootElement().getChildren('item', rss); | |
| var products = []; | |
| for (var i = 0; i < items.length; i++) { | |
| var item = items[i]; | |
| var title = item.getChild('title', rss).getText(); | |
| var link = item.getChild('link', rss).getText(); | |
| var severity = item.getChild('cvss', sec).getAttribute('severity').getValue(); | |
| var score = item.getChild('cvss', sec).getAttribute('score').getValue(); | |
| var product = item.getChild('cpe-item', sec).getChild('title', sec).getText(); | |
| var product = { | |
| title: title, | |
| link: link, | |
| severity: severity, | |
| score: score, | |
| product: product | |
| }; | |
| products.push(product); | |
| } | |
| return products; | |
| } | |
| function postToChatwork(info) { | |
| var data = { | |
| 'body': '[info][title]JVN脆弱性情報[/title]' + info['title'] + "\n" + info['link'] + "\n" + '対象:' + info['product'] + ' 深刻度 ' + info['score'] + ' (' + info['severity'] + ')[/info]' | |
| }; | |
| var options = { | |
| 'method' : 'post', | |
| 'headers': { | |
| 'X-ChatWorkToken': CW_AUTH_TOKEN | |
| }, | |
| 'payload' : data | |
| }; | |
| UrlFetchApp.fetch(CW_API_URL, options); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment