Repository files navigation

The GermanBSI andLSI Bavaria each have a page listing current security notices.
This software queries the APIs of these services for new security notices and sends configurable email notifications.

This Software only supports Linux.

To cross-compile the software fori386,amd64,arm andarm64, runbuild.sh.
You need Go 1.22.x and git.

./wid-notifier<configfile>

where<configfile> is the path of your configuration file. If you don't have a config file yet, the software will create an initial config at the given location. SeeConfiguration for more info.

Example:

{"api_fetch_interval":600,"datafile":"data.json","enabled_api_endpoints": ["bay","bund"  ],"loglevel":2,"recipients": [    {"address":"guenther@example.org","include": [        {"classification":"kritisch"},        {"title_contains":"jQuery"}      ]    }  ],"smtp": {"from":"from@example.org","host":"example.org","port":587,"user":"from@example.org","password":"SiEhAbEnMiChInSgEsIcHtGeFiLmTdAsDüRfEnSiEnIcHt"  },"template": {"subject":"","body":""  }}

To show debug messages, set theloglevel to3.

You define filters for notices to be sent (per recipient). Multiple filters can be set per recipient and multiple criteria can be used per filter. The configuration field for those filters isinclude. SeeConfiguration for an example.

If a notice is included is determined by the following logic:

{criteria, criteria, ... ALL APPLY}OR {criteria, criteria, ... ALL APPLY}OR ...

The following criteria are available. Criteria marked with * are optional fields that are not supported by every API endpoint (e.g.https://wid.lsi.bayern.de) - notices from those endpoints will therefore not be included when using those criteria in filters.

"include": [  {"any":false,"title_contains":"","classification":"","min_basescore":0,"status":"","products_contain":"","no_patch":"","api_endpoint":""  },...]

Includes all notices if set totrue.

"any":true

Include notices whose title contains this text.

"title_contains":"Denial Of Service"

If set to"", this criteria will be ignored.

Include notices whose classification is in this list.
Classification can be"kritisch","hoch","mittel" or"niedrig".

"classification":"hoch"

If set to"", this criteria will be ignored.

Include notices whose basescore (0 -100) is >=min_basescore.

"min_basescore":40

This criteria will be ignored if set to0.

Include notices with this status. This is usually eitherNEU orUPDATE.

"status":"NEU"

If set to"", this criteria will be ignored.

Include notices whose product list contains this text.

"products_contain":"Debian Linux"

If set to"", this criteria will be ignored.

If set to"true", notices where no patch is available will be included.

"no_patch":"true"

If set to"false", notices where no patch is available will be included.

"no_patch":"false"

If set to"", this criteria will be ignored.

Includes notices from the givenAPI Endpoint.

"api_endpoint":"bund"

If set to"", this criteria will be ignored.

If you don't like the default appearance of the notification mails, you can write your own templates for the mail subject and body.

The syntax for the mail templates is describedhere.

All fields from the WidNotice struct can be used.

typeWidNoticestruct {UuidstringNamestringTitlestringPublished time.TimeClassificationstring// optional fields (only fully supported by cert-bund)Basescoreint// -1 = unknownStatusstring// "" = unknownProductNames []string// empty = unknownCves []string// empty = unknownNoPatchstring// "" = unknown// metadataApiEndpointIdstringPortalUrlstring}

Additionally, the fieldWidNotifierVersion holds the version of the software.

For an example, take a look atDEFAULT_SUBJECT_TEMPLATE andDEFAULT_BODY_TEMPLATE intemplate.go.