feat: use falllback user for Slack

README.md

@@ -10,15 +10,21 @@ Nags users on Slack about outstanding application vulnerabilities found by Crowd
 
 ```yaml
 slack:
+  # slack bot token
   token: "XXX"
+  # Slack user that receives  messages if the user is not found
+  fallback_user: "security@mycompany.com"
 
 falcon:
   clientid: "XXX"
   secret: "XXX"
   cloud_region: "eu-1"
 
-email_domain: "mycompany"
+email:
+  # email domain
+  domain: "mycompany"
 
+# what is sent to the user in Go templating
 message: |
   *:warning:  We found security vulnerabilities on your device(s)*
   Hi {{ .Slack.Profile.FirstName }} {{ .Slack.Profile.LastName }}! One or more of your devices seem to be vulnerable.

cmd/main.go

@@ -61,7 +61,10 @@ func getUniqueDeviceID(hostInfo models.DomainAPIVulnerabilityHostInfoV2) (string
 
 func findEmailTag(tags []string, emailHost string) (email string, err error) {
 	for _, tag := range tags {
-		tag = strings.TrimLeft(tag, tagFalconPrefix)
+		tag = strings.ToLower(tag)
+		tag = strings.TrimLeft(tag, strings.ToLower(tagFalconPrefix))
+
+		logrus.WithField("tag", tag).Debug("looking at falcon tag")
 
 		if !strings.HasPrefix(tag, tagEmailPrefix) {
 			continue
@@ -95,9 +98,16 @@ func findEmailTag(tags []string, emailHost string) (email string, err error) {
 func main() {
 	ctx := context.Background()
 
-	configPath := flag.String("config", "", "Path to your config file")
+	configPath := flag.String("config", "", "Path to your config file.")
+	logLevelStr:= flag.String("log", "info", "Log level.")
 	flag.Parse()
 
+	logLevel, err := logrus.ParseLevel(*logLevelStr)
+	if err != nil {
+		logrus.WithError(err).Fatal("could not parse log level")
+	}
+	logrus.SetLevel(logLevel)
+
 	config, err := config2.LoadConfig(*configPath)
 	if err != nil {
 		log.Fatalf("could not load configuration: %s", err)
@@ -227,14 +237,16 @@ func main() {
 	users := map[string]DeviceUser{}
 
 	for _, device := range devices {
-		userEmail, err := findEmailTag(device.Tags, config.EmailDomain)
+		userEmail, err := findEmailTag(device.Tags, config.Email.Domain)
 		if err != nil {
 			logrus.
 				WithError(err).
 				WithField("tags", device.Tags).
 				WithField("prefix", tagEmailPrefix).
-				Warn("could not find user email for " + device.MachineName)
-			continue
+				WithField("device", device.MachineName).
+				Warn("could not find user email, using fallback user")
+
+			userEmail = config.Slack.FallbackUser
 		}
 
 		user, ok := users[userEmail]

config/config.go

@@ -15,6 +15,7 @@ const (
 type Config struct {
 	Slack struct {
 		Token string `yaml:"token" env:"SLACK_TOKEN"`
+		FallbackUser string `yaml:"fallback_user" emv:"SLACK_FALLBACK_USER"`
 	} `yaml:"slack"`
 
 	Falcon struct {
@@ -23,7 +24,9 @@ type Config struct {
 		CloudRegion string `yaml:"cloud_region" env:"FALCON_CLOUD_REGION"`
 	} `yaml:"falcon"`
 
-	EmailDomain string `yaml:"email_domain" env:"EMAIL_DOMAIN"`
+	Email struct {
+		Domain string `yaml:"domain" env:"DOMAIN"`
+	} `yaml:"email"`
 
 	Message string `yaml:"message" env:"MESSAGE"`
 }
@@ -68,7 +71,7 @@ func (c *Config) Validate() error {
 		return errors.New("missing falcon cloud region")
 	}
 
-	if c.EmailDomain == "" {
+	if c.Email.Domain == "" {
 		return errors.New("missing email domain")
 	}