wazuh-notify/wazuh-notify-go-v2/common/common.go

package common

import (
	"encoding/json"
	"fmt"
	"os"
	"slices"
	"strconv"
	"strings"
	"time"
	"wazuh-notify/config"
	logger "wazuh-notify/log"
)

func ReadFile(path string) (*os.File, error) {
	fmt.Printf("Reading from file: %s\n", path)
	file, err := os.Open(path)
	if err != nil {
		return nil, fmt.Errorf("failed to open file %s: %w", path, err)
	}
	return file, nil
}

func BuildMessage(ar ActiveResponse, target string, emphasis string, priority int) string {

	if slices.Contains(strings.Split(config.File.General.FullAlert, ","), target) {
		fullAlert, _ := json.MarshalIndent(ar, "", "  ")
		fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
		fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")
		fullAlertString = strings.ReplaceAll(fullAlertString, "}", "")
		fullAlertString = strings.ReplaceAll(fullAlertString, "[", "")
		fullAlertString = strings.ReplaceAll(fullAlertString, "]", "")
		fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "")

		return "\n\n ```" +
			fullAlertString +
			"```\n\n"
	} else {
		return "\n\n" +
			fmt.Sprintf("%sTimestamp:%s ", emphasis, emphasis) + time.Now().Format(time.DateTime) + "\n" +
			fmt.Sprintf("%sAgent:%s ", emphasis, emphasis) + ar.Parameters.Alert.Agent.Name + "\n" +
			fmt.Sprintf("%sEvent id:%s ", emphasis, emphasis) + ar.Parameters.Alert.Rule.ID + "\n" +
			fmt.Sprintf("%sRule:%s ", emphasis, emphasis) + ar.Parameters.Alert.Rule.Description + "\n" +
			fmt.Sprintf("%sDescription:%s ", emphasis, emphasis) + ar.Parameters.Alert.FullLog + "\n" +
			fmt.Sprintf("%sThreat level:%s ", emphasis, emphasis) + strconv.Itoa(ar.Parameters.Alert.Rule.Level) + "\n" +
			fmt.Sprintf("%sTimes fired:%s ", emphasis, emphasis) + strconv.Itoa(ar.Parameters.Alert.Rule.FiredTimes) +
			"\n\n" +
			fmt.Sprintf("%sPriority:%s ", emphasis, emphasis) + strconv.Itoa(priority) + "\n"

	}
}

func Ignored(ar ActiveResponse) bool {
	for _, rule := range strings.Split(config.File.General.ExcludedRules, ",") {
		if rule == ar.Parameters.Alert.Rule.ID {
			logger.Log("rule excluded")
			return true
		}
	}
	for _, agent := range strings.Split(config.File.General.ExcludedAgents, ",") {
		if agent == ar.Parameters.Alert.Agent.ID {
			logger.Log("agent excluded")
			return true
		}
	}
	for _, description := range config.File.General.ExcludeDescriptions {
		if description != "" && strings.Contains(ar.Parameters.Alert.FullLog, description) {
			logger.Log("excluded based on description")
			return true
		}
	}
	return false
}
Added wazuh-notifier-v2 2025-11-15 23:00:03 +01:00			`package common`

			`import (`
			`"encoding/json"`
			`"fmt"`
			`"os"`
			`"slices"`
			`"strconv"`
			`"strings"`
			`"time"`
			`"wazuh-notify/config"`
			`logger "wazuh-notify/log"`
			`)`

			`func ReadFile(path string) (*os.File, error) {`
			`fmt.Printf("Reading from file: %s\n", path)`
			`file, err := os.Open(path)`
			`if err != nil {`
			`return nil, fmt.Errorf("failed to open file %s: %w", path, err)`
			`}`
			`return file, nil`
			`}`

			`func BuildMessage(ar ActiveResponse, target string, emphasis string, priority int) string {`

			`if slices.Contains(strings.Split(config.File.General.FullAlert, ","), target) {`
			`fullAlert, _ := json.MarshalIndent(ar, "", " ")`
			fullAlertString := strings.ReplaceAll(string(fullAlert), `"`, "")
			`fullAlertString = strings.ReplaceAll(fullAlertString, "{", "")`
			`fullAlertString = strings.ReplaceAll(fullAlertString, "}", "")`
			`fullAlertString = strings.ReplaceAll(fullAlertString, "[", "")`
			`fullAlertString = strings.ReplaceAll(fullAlertString, "]", "")`
			`fullAlertString = strings.ReplaceAll(fullAlertString, " ,", "")`

			return "\n\n ```" +
			`fullAlertString +`
			"```\n\n"
			`} else {`
			`return "\n\n" +`
			`fmt.Sprintf("%sTimestamp:%s ", emphasis, emphasis) + time.Now().Format(time.DateTime) + "\n" +`
			`fmt.Sprintf("%sAgent:%s ", emphasis, emphasis) + ar.Parameters.Alert.Agent.Name + "\n" +`
			`fmt.Sprintf("%sEvent id:%s ", emphasis, emphasis) + ar.Parameters.Alert.Rule.ID + "\n" +`
			`fmt.Sprintf("%sRule:%s ", emphasis, emphasis) + ar.Parameters.Alert.Rule.Description + "\n" +`
			`fmt.Sprintf("%sDescription:%s ", emphasis, emphasis) + ar.Parameters.Alert.FullLog + "\n" +`
			`fmt.Sprintf("%sThreat level:%s ", emphasis, emphasis) + strconv.Itoa(ar.Parameters.Alert.Rule.Level) + "\n" +`
			`fmt.Sprintf("%sTimes fired:%s ", emphasis, emphasis) + strconv.Itoa(ar.Parameters.Alert.Rule.FiredTimes) +`
			`"\n\n" +`
			`fmt.Sprintf("%sPriority:%s ", emphasis, emphasis) + strconv.Itoa(priority) + "\n"`

			`}`
			`}`

			`func Ignored(ar ActiveResponse) bool {`
			`for _, rule := range strings.Split(config.File.General.ExcludedRules, ",") {`
			`if rule == ar.Parameters.Alert.Rule.ID {`
			`logger.Log("rule excluded")`
			`return true`
			`}`
			`}`
			`for _, agent := range strings.Split(config.File.General.ExcludedAgents, ",") {`
			`if agent == ar.Parameters.Alert.Agent.ID {`
			`logger.Log("agent excluded")`
			`return true`
			`}`
			`}`
			`for _, description := range config.File.General.ExcludeDescriptions {`
			`if description != "" && strings.Contains(ar.Parameters.Alert.FullLog, description) {`
			`logger.Log("excluded based on description")`
			`return true`
			`}`
			`}`
			`return false`
			`}`