Merge pull request #28 from sodmelody/master

新增飞书推送
2021-10-18 11:31:12 +08:00 · 2021-10-18 11:31:12 +08:00 · dad392cfe5
commit dad392cfe5
parent 2e1818149e 0bbcb82695
4 changed files with 53 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -2,6 +2,32 @@

 ## 更新

+
+#### 添加飞书捷径推送
+> 飞书工作台  - 飞书捷径 -webhook
+
+
+![image](https://user-images.githubusercontent.com/29257678/136410980-302be028-3817-447c-9bad-e3d63045060d.png)
+注意参数这里：
+添加下列json信息
+```php
+{"at":{},"msgtype":"text","text":{"content":"有新的CVE送达！\r\nCVE编号：CVE-2021-41773\r\nGithub地址：https://github.com/iilegacyyii/PoC-CVE-2021-41773\r\nCVE描述：\r\n在Apache HTTP Server 2.4.49的路径规范化更改中发现了一个缺陷。攻击者可以使用路径遍历攻击将url映射到预期文档根之外的文件。如果文档根目录之外的文件没有被“require all denied”保护，这些请求就可以成功。此外，这个缺陷可能会泄露解释文件(如CGI脚本)的源代码。众所周知，这个问题是在野外被利用的。此问题仅影响Apache 2.4.49，不影响Apache 2.4.49之前的版本。"}}
+```
+
+![image](https://user-images.githubusercontent.com/29257678/136413189-f393dfa2-4874-4fea-b8be-7b5892d65fcf.png)
+
+![image](https://user-images.githubusercontent.com/29257678/136411286-99c2e4db-0d8a-4b61-8613-96e3ebad8e44.png)
+
+> 选择json里面的模块
+
+
+![image](https://user-images.githubusercontent.com/29257678/136413413-48417c13-285d-47ff-9fba-c78bed592430.png)
+
+> 查看效果
+
+![image](https://user-images.githubusercontent.com/29257678/136413553-48c2100b-8f2d-4f81-8b8b-74351bde0456.png)
+
+
 [修复钉钉通知小bug](https://github.com/yhy0/github-cve-monitor/issues/4)，修复cve编号推送错误

 >钉钉通知的话，有个安全设置，通过添加加签发送消息，双击，右键复制
--- a/config.yaml
+++ b/config.yaml
@ -1,10 +1,14 @@
 all_config:
 github_token: xxxxxx
 dingding:
-   - enable: 1
+   - enable: 0
   - webhook: xxxxxxx
   - secretKey: xxxxxxx
   - app_name: dingding
+ feishu:
+   - enable: 1
+   - webhook: xxx
+   - app_name: feishu
 server:
   - enable: 0
   - sckey: 123123
--- a/github_cve_monitor.py
+++ b/github_cve_monitor.py
@ -3,7 +3,7 @@
 # @Author : yhy&ddm&w4ter

 # 每3分钟检测一次githu
-# 是否有新的cve漏洞提交记录，若有则通过server酱和钉钉机器人推送（二者配置一个即可）
+# 是否有新的cve漏洞提交记录，若有则通过server酱和钉钉机器人推送,飞书捷径推送（二者配置一个即可）
 # 建议使用screen命令运行在自己的linux vps后台上，就可以愉快的接收各种cve了

 # https://my.oschina.net/u/4581868/blog/4380482
@ -28,6 +28,10 @@ def load_config():
            dingding_secretKey = config['all_config']['dingding'][2]['secretKey']
            app_name = config['all_config']['dingding'][3]['app_name']
            return app_name,github_token,dingding_webhook,dingding_secretKey
+        elif int(config['all_config']['feishu'][0]['enable']) == 1:
+            feishu_webhook = config['all_config']['feishu'][1]['webhook']
+            app_name = config['all_config']['feishu'][2]['app_name']
+            return app_name,github_token,feishu_webhook,feishu_webhook
        elif int(config['all_config']['server'][0]['enable']) == 1:
            server_sckey = config['all_config']['server'][1]['sckey']
            app_name = config['all_config']['server'][2]['app_name']
@ -37,8 +41,8 @@ def load_config():
            tgbot_group_id = config['all_config']['tgbot'][2]['group_id']
            app_name = config['all_config']['tgbot'][3]['app_name']
            return app_name,github_token,tgbot_token,tgbot_group_id
-        elif int(config['all_config']['tgbot'][0]['enable']) == 0 and int(config['all_config']['server'][0]['enable']) == 0 and int(config['all_config']['dingding'][0]['enable']) == 0:
-            print("[-] 配置文件有误，三个社交软件的enable不能为0")
+        elif int(config['all_config']['tgbot'][0]['enable']) == 0 and int(config['all_config']['feishu'][0]['enable']) == 0 and int(config['all_config']['server'][0]['enable']) == 0 and int(config['all_config']['dingding'][0]['enable']) == 0:
+            print("[-] 配置文件有误，四个社交软件的enable不能为0")

 github_headers = {
    'Authorization': "token {}".format(load_config()[1])  # 替换自己的github token     https://github.com/settings/tokens/new
@ -277,6 +281,8 @@ def send_body(url,query_pushed_at,query_tag_name):
                body = "工具名称：" + tools_name + "\r\n" + "更新详情地址：" + download_url + "\r\n" + "commit更新日志：" + "\r\n" + update_log
                if load_config()[0] == "dingding":
                    dingding(text, body,load_config()[2],load_config()[3])
+                elif load_config()[0] == "feishu":
+                    feishu(text,body,load_config()[2])
                elif load_config()[0] == "server":
                    server(text, body,load_config()[2])
                elif load_config()[0] == "tgbot":
@ -301,6 +307,8 @@ def send_body(url,query_pushed_at,query_tag_name):
            body = "工具名称：" + tools_name + "\r\n" + "工具地址：" + download_url + "\r\n" + "commit更新日志：" + "\r\n" + update_log
            if load_config()[0] == "dingding":
                dingding(text, body, load_config()[2], load_config()[3])
+            elif load_config()[0] == "feishu":
+                feishu(text,body,load_config[2])
            elif load_config()[0] == "server":
                server(text, body, load_config()[2])
            elif load_config()[0] == "tgbot":
@ -371,6 +379,10 @@ def translate(word):
 def dingding(text, msg,webhook,secretKey):
    ding = cb.DingtalkChatbot(webhook, secret=secretKey)
    ding.send_text(msg='{}\r\n{}'.format(text, msg), is_at_all=False)
+## 飞书
+def feishu(text,msg,webhook):
+    ding = cb.DingtalkChatbot(webhook)
+    ding.send_text(msg='{}\r\n{}'.format(text, msg), is_at_all=False)
 # server酱  http://sc.ftqq.com/?c=code
 def server(text, msg,sckey):
    try:
@ -422,6 +434,9 @@ def sendNews(data):
                if load_config()[0] == "dingding":
                    dingding(text, body, load_config()[2], load_config()[3])
                    print("钉钉 发送 CVE 成功")
+                elif load_config()[0] == "feishu":
+                    feishu(text, body, load_config()[2])
+                    print("飞书 发送 CVE 成功")
                elif load_config()[0] == "server":
                    server(text, body, load_config()[2])
                    print("server酱 发送 CVE 成功")
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1,4 @@
+requests
+dingtalkchatbot
+pyyaml
+lxml