certspotter icon indicating copy to clipboard operation
certspotter copied to clipboard
verified publisher icon SSLMate

Search pattern in -script

Open gerhard-tinned opened this issue 8 years ago • 3 comments

When writing a script for the -script option, I noticed that there are many details about the CT and the certificate. I was wondering if there is a variable to identify the matching search therms from the watchlist.

Example: I have multiple search terms in the watchlist. When I get a script call, I would like to know which search term was triggering it to trigger the correct actions in the script (e.g. notify the correct people, ...)

How could this be done? Is there a variable I did not see documented in Issue #11.

gerhard-tinned avatar Jan 23 '17 22:01 gerhard-tinned

This is not currently possible, but I can see the utility.

To be clear, do you want to know which identifiers in the certificate matched, or do you want to know which watchlist entries matched? The former would be easier to implement.

AGWA avatar Jan 23 '17 22:01 AGWA

The watchlist entry (entries) would be the interesting information. The watchlist entry is the identifying information for the notification sent out.

gerhard-tinned avatar Jan 24 '17 07:01 gerhard-tinned

Is there any update for If and when this will be implemented?

gerhard-tinned avatar Feb 26 '17 18:02 gerhard-tinned

As of v0.15.0, certspotter sets $WATCH_ITEM containing the first item from the watch list which matched the certificate.

AGWA avatar Feb 09 '23 00:02 AGWA