Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add custom Discord notification #686

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

dirtboll
Copy link

@dirtboll dirtboll commented Sep 3, 2023

This adds the ability to provide Discord notification template using JSON via discord_message_template environment variable. Example inside a bash script:

set -a
discord_webhook=https://discord.com/api/webhooks/blablabla
# Generated from https://discohook.org/
read -r -d '' discord_message_template <<- 'EOF'
  {
    "content": null,
    "embeds": [
      {
        "title": "<a:furnace_angry:839235629454983218> Detected Malware `${malware-family}`",
        "color": 16711680,
        "fields": [
          {
            "name": "Server",
            "value": "My Infected Server",
            "inline": true
          },
          {
            "name": "File",
            "value": "`${file-path}`",
            "inline": true
          },
          {
            "name": "Malware type",
            "value": "[${malware-platform}.${malware-type}.${malware-family}.${malware-variant}](https://www.google.com/search?q=${malware-platform}+${malware-type}+${malware-family}+${malware-variant})"
          },
          {
            "name": "Class path",
            "value": "`${malware-class-path}`",
            "inline": true
          },
          {
            "name": "[Line] SourceFile",
            "value": "**[**${malware-line-number}**]** `${malware-source-path}`"
          }
        ]
      }
    ],
    "username": "Minecraft Malware Scanner",
    "avatar_url": "https://i.imgur.com/i9GSb45.png",
    "attachments": []
  }
EOF
java -jar MCAntiMalware.jar --notify discord --singleScan true

Available format parameters:

Parameter Replaced with
${file-path} Path to the infected file
${malware-platform} Malware platform
${malware-type} Malware type
${malware-family} Malware family
${malware-variant} Malware variant
${malware-class-path} Class path containing the malware
${malware-source-path} Path to the source code containing the malware
${malware-line-number} Line number of the source code

If not using template, you can still customize username and avatar URL using discord_username and discord_avatar_url environment variable.

This adds `discord_username` and `discord_avatar_url` environment variables for custom username and avatar URL. This also enables the ability to provide Discord message template in JSON format using `discord_message_template` environment variable. The provided template can contain format parameters that will be replaced to the scan result, such as `${file-path}`, `${malware-platform}`, `${malware-type}`, `${malware-family}`, `${malware-variant}`, `${malware-class-path}`, `${malware-source-path}`, and `${malware-line-number}`.
@dirtboll dirtboll changed the title Add custom discord notification Add custom Discord notification Sep 3, 2023
public static String format(String template, Map<String, Object> parameters) {
StringBuilder newTemplate = new StringBuilder(template);
List<Object> valueList = new ArrayList<>();
Matcher matcher = Pattern.compile("[$][{]([\\w-_]+)}").matcher(template);
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no reason to have to re-compile this on every method call, convert the Pattern to a CONSTANT.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be resolved.

@dirtboll
Copy link
Author

Sorry, I refactored it a bit. What do you think?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants