support sending scan summary & link

deepfence_server/constants/api-messages/success.go

@@ -14,4 +14,5 @@ const (
 	ErrIntegrationTypeCannotBeUpdated = "integration type cannot be updated"
 	ErrIntegrationTypeEmpty           = "integration type cannot be empty"
 	ErrNotificationTypeEmpty          = "notification type cannot be empty"
+	ErrSendSummaryNotSupported        = "notification type does not support sending summary links"
 )

deepfence_server/go.mod

@@ -134,7 +134,7 @@ require (
 	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/sendgrid/sendgrid-go v3.14.0+incompatible
 	github.com/shopspring/decimal v1.2.0 // indirect
-	github.com/spf13/cast v1.6.0 // indirect
+	github.com/spf13/cast v1.6.0
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/swaggest/jsonschema-go v0.3.64 // indirect
 	github.com/swaggest/refl v1.3.0 // indirect

deepfence_server/handler/integration.go

@@ -44,6 +44,18 @@ func (h *Handler) AddIntegration(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if req.SendSummary {
+		if integration.SupportsSummaryLink(req.IntegrationType) {
+			req.Config["send_summary"] = True
+		} else {
+			err = httpext.JSON(w, http.StatusBadRequest, model.ErrorResponse{Message: api_messages.ErrSendSummaryNotSupported})
+			if err != nil {
+				log.Error().Msg(err.Error())
+			}
+			return
+		}
+	}
+
 	req.Config["filter_hash"], err = GetFilterHash(req.Filters)
 	if err != nil {
 		log.Error().Msgf("%v", err)

deepfence_server/model/integration.go

@@ -27,6 +27,7 @@ type IntegrationAddReq struct {
 	IntegrationType  string                 `json:"integration_type" required:"true"`
 	NotificationType string                 `json:"notification_type" required:"true"`
 	Filters          IntegrationFilters     `json:"filters"`
+	SendSummary      bool                   `json:"send_summary"`
 }
 
 type IntegrationFilters struct {

deepfence_server/pkg/integration/aws-security-hub/awssecurityhub.go

@@ -433,3 +433,7 @@ func (a AwsSecurityHub) mapPayloadToFindings(msg []map[string]interface{}, resou
 func (a AwsSecurityHub) IsValidCredential(ctx context.Context) (bool, error) {
 	return true, nil
 }
+
+func (a AwsSecurityHub) SendSummaryLink() bool {
+	return false
+}

deepfence_server/pkg/integration/elasticsearch/elasticsearch.go

@@ -100,3 +100,7 @@ func (e ElasticSearch) IsValidCredential(ctx context.Context) (bool, error) {
 
 	return true, nil
 }
+
+func (e ElasticSearch) SendSummaryLink() bool {
+	return false
+}

deepfence_server/pkg/integration/email/email.go

@@ -6,8 +6,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"sort"
-	"strconv"
 	"strings"
 
 	"github.com/deepfence/ThreatMapper/deepfence_server/model"
@@ -35,69 +33,49 @@ func New(ctx context.Context, b []byte) (*Email, error) {
 	return &h, nil
 }
 
-func (e Email) FormatMessage(message []map[string]interface{}) string {
-	var entiremsg strings.Builder
-	entiremsg.WriteString("*")
-	entiremsg.WriteString(e.Resource)
-	entiremsg.WriteString("*\n\n")
-
-	// Prepare the sorted keys so that the output has the records in same order
-	var keys []string
-	if len(message) > 0 {
-		keys = make([]string, 0, len(message[0]))
-		for key := range message[0] {
-			keys = append(keys, key)
-		}
+func (e Email) FormatMessage(message []map[string]interface{},
+	extras map[string]interface{}) (string, map[string][]byte) {
 
-		sort.Strings(keys)
-	}
+	var msg strings.Builder
+	var attachments = map[string][]byte{}
 
-	for k, v := range message {
-		entiremsg.WriteString("#")
-		entiremsg.WriteString(strconv.Itoa(k + 1))
-		entiremsg.WriteString("\n")
-		for _, key := range keys {
-			if val, ok := v[key]; ok {
-				fmtVal := ""
-				if val != nil {
-					fmtVal = fmt.Sprintf("%v", val)
+	for k, v := range extras {
+		if v != "" {
+			if k == "severity_counts" {
+				s := ""
+				for i, j := range v.(map[string]int32) {
+					s = fmt.Sprintf("   %s: %d\r\n", i, j)
 				}
-				entiremsg.WriteString(key)
-				entiremsg.WriteString(": ")
-				entiremsg.WriteString(fmtVal)
-				entiremsg.WriteString("\n")
-				delete(v, key)
+				msg.WriteString(fmt.Sprintf("%s:\r\n%s", k, s))
+			} else {
+				msg.WriteString(fmt.Sprintf("%s: %v\r\n", k, v))
 			}
 		}
+	}
 
-		// This is to handle if we have unprocessed data in the map
-		// Possilbe if all the records are not uniform
-		for key, val := range v {
-			fmtVal := ""
-			if val != nil {
-				fmtVal = fmt.Sprintf("%v", val)
-			}
-			entiremsg.WriteString(key)
-			entiremsg.WriteString(": ")
-			entiremsg.WriteString(fmtVal)
-			entiremsg.WriteString("\n")
-		}
-		entiremsg.WriteString("\n")
+	r, err := json.Marshal(message)
+	if err != nil {
+		log.Error().Err(err).Msg("failed to marshal results")
 	}
-	return entiremsg.String()
+
+	attachments["scan-results.json"] = r
+
+	return msg.String(), attachments
 }
 
-func (e Email) SendNotification(ctx context.Context, message []map[string]interface{}, extras map[string]interface{}) error {
+func (e Email) SendNotification(ctx context.Context,
+	message []map[string]interface{}, extras map[string]interface{}) error {
 
 	_, span := telemetry.NewSpan(ctx, "integrations", "email-send-notification")
 	defer span.End()
 
-	m := e.FormatMessage(message)
+	m, a := e.FormatMessage(message, extras)
 	emailSender, err := sendemail.NewEmailSender(ctx)
 	if err != nil {
 		return err
 	}
-	return emailSender.Send([]string{e.Config.EmailID}, "Deepfence Subscription", m, "", nil)
+	return emailSender.Send([]string{e.Config.EmailID},
+		fmt.Sprintf("Deepfence %s Subscription", e.Resource), m, "", a)
 }
 
 func (e Email) IsEmailConfigured(ctx context.Context) bool {
@@ -127,3 +105,7 @@ func (e Email) IsEmailConfigured(ctx context.Context) bool {
 func (e Email) IsValidCredential(ctx context.Context) (bool, error) {
 	return true, nil
 }
+
+func (e Email) SendSummaryLink() bool {
+	return e.Config.SendSummary
+}

deepfence_server/pkg/integration/email/types.go

@@ -15,7 +15,8 @@ type Email struct {
 }
 
 type Config struct {
-	EmailID string `json:"email_id"  validate:"required,email" required:"true"`
+	EmailID     string `json:"email_id"  validate:"required,email" required:"true"`
+	SendSummary bool   `json:"send_summary"`
 }
 
 func (e Email) ValidateConfig(validate *validator.Validate) error {

deepfence_server/pkg/integration/google-chronicle/googlechronicle.go

@@ -65,3 +65,7 @@ func (g GoogleChronicle) SendNotification(ctx context.Context, message []map[str
 func (g GoogleChronicle) IsValidCredential(ctx context.Context) (bool, error) {
 	return true, nil
 }
+
+func (g GoogleChronicle) SendSummaryLink() bool {
+	return false
+}

deepfence_server/pkg/integration/http-endpoint/http-endpoint.go

@@ -103,3 +103,7 @@ func (h HTTPEndpoint) IsValidCredential(ctx context.Context) (bool, error) {
 	// Check the response status code.
 	return resp.StatusCode == http.StatusOK, nil
 }
+
+func (h HTTPEndpoint) SendSummaryLink() bool {
+	return false
+}

deepfence_server/pkg/integration/integration.go

@@ -58,17 +58,31 @@ func GetIntegration(ctx context.Context, integrationType string, b []byte) (Inte
 func IsMessagingFormat(integrationType string) bool {
 	retVal := false
 	switch integrationType {
-	case constants.Slack, constants.Teams, constants.PagerDuty,
-		constants.Email, constants.Jira:
+	case constants.Slack,
+		constants.Teams,
+		constants.PagerDuty,
+		constants.Email,
+		constants.Jira:
 		retVal = true
 	}
 	return retVal
 }
 
+func SupportsSummaryLink(integrationType string) bool {
+	switch integrationType {
+	case constants.Slack,
+		constants.Teams:
+		return true
+	}
+	return false
+}
+
 // Integration is the interface for all integrations
 type Integration interface {
 	// extras are additional fields that are not part of the message
+	// if SendSummaryLink is true then message array is expected to be scan summay
 	SendNotification(ctx context.Context, message []map[string]interface{}, extras map[string]interface{}) error
 	ValidateConfig(*validator.Validate) error
 	IsValidCredential(ctx context.Context) (bool, error)
+	SendSummaryLink() bool
 }

deepfence_server/pkg/integration/jira/jira.go

@@ -53,7 +53,15 @@ func (j Jira) SendNotification(ctx context.Context, message []map[string]interfa
 	extraStr := []string{}
 	for k, v := range extras {
 		if v != "" {
-			extraStr = append(extraStr, fmt.Sprintf("%s: %v", k, v))
+			if k == "severity_counts" {
+				s := ""
+				for i, j := range v.(map[string]int32) {
+					s = fmt.Sprintf("  %s: %d\n", i, j)
+				}
+				extraStr = append(extraStr, fmt.Sprintf("%s:\n%s", k, s))
+			} else {
+				extraStr = append(extraStr, fmt.Sprintf("%s: %v\n", k, v))
+			}
 		}
 	}
 
@@ -168,3 +176,7 @@ func (j Jira) IsValidCredential(ctx context.Context) (bool, error) {
 
 	return true, nil
 }
+
+func (j Jira) SendSummaryLink() bool {
+	return false
+}

deepfence_server/pkg/integration/pagerduty/pagerduty.go

@@ -158,3 +158,7 @@ func IsValidCreds(p PagerDuty) (bool, error) {
 func (p PagerDuty) IsValidCredential(ctx context.Context) (bool, error) {
 	return true, nil
 }
+
+func (p PagerDuty) SendSummaryLink() bool {
+	return false
+}

deepfence_server/pkg/integration/s3/s3.go

@@ -142,3 +142,7 @@ func (s S3) IsValidCredential(ctx context.Context) (bool, error) {
 
 	return true, nil
 }
+
+func (s S3) SendSummaryLink() bool {
+	return false
+}