# Slack

## Create Slack Message

{% embed url="<https://youtu.be/UxByLi-wNKI?si=Jvrwj_yYnw4AbZWX>" %}

The purpose of this example is to create a message in a [Slack Channel](https://slack.com/intl/en-au/help/articles/360017938993-What-is-a-channel) when a Vulnerability is created in AttackForge.

This example Flow can be downloaded from our [Flows GitHub Repository](https://github.com/AttackForge/Flows) and [imported](#importing-exporting-flows) into your AttackForge.

**Initial Set Up**

* **Event**: Vulnerability Created
* **Secrets**:
  * slack\_auth - your [Slack Bot Token](https://api.slack.com/tutorials/tracks/getting-a-token)

**Action 1 - Post Slack Message**

* **Method**: POST
* **URL**: <https://slack.com/api/chat.postMessage>
* **Headers**:
  * Key = Content-Type; Type = Value; Value = application/json
  * Key = Authorization; Type = Secret; Value = slack\_auth
* **Request Script**:

```javascript
return {
  request: {
    body: buildRequestBody()
  }
};

function buildRequestBody() {
  let afProjectId;
  let afProjectName;
  let channel;

  if (data.vulnerability_projects) {
    for (let i = 0; i < data.vulnerability_projects.length; i++) {
      if (data.vulnerability_projects[i].name) {
        afProjectName = data.vulnerability_projects[i].name;
      }

      if (data.vulnerability_projects[i].id) {
        afProjectId = data.vulnerability_projects[i].id;
      }

      if (data.vulnerability_projects[i].custom_fields) {
        for (let j = 0; j < data.vulnerability_projects[i].custom_fields.length; j++) {
          if (data.vulnerability_projects[i].custom_fields[j].key === 'slack_channel') {
            channel = data.vulnerability_projects[i].custom_fields[j].value;
            break;
          }
        }
      }
    }
  }

  let text = '';

  if (data.vulnerability_priority) {
    text += '[' + data.vulnerability_priority + '] ';
  }

  text += 'Vulnerability ';

  if (data.vulnerability_title) {
    text += '[' + data.vulnerability_title + '] ';
  }

  text += 'discovered in Project';

  if (afProjectName) {
    text += ' [' + afProjectName + ']';
  }

  if (afProjectId) {
    text += ' - <https://afe1.attackforge.dev/projects/' + afProjectId + '/vulnerabilities/' + data.vulnerability_id + '|View Vulnerability>';
  }

  return {
    channel: channel,
    text: text
  };
}
```

* **Response Script**:

```javascript
let body;

if (response.headers['Content-Type'] === 'application/json; charset=utf-8') {
  body = JSON.parse(response.body);
}
else {
  return {
    decision: {
      status: 'abort',
      message: 'Content-Type is expected to be application/json; charset=utf-8'
    }
  };
}

if (body?.ok === true) {
  return {
    decision: 'continue'
  };
}
else {
  Logger.error(JSON.stringify(response));

  return {
    decision: { 
      status: 'abort',
      message: 'SLACK message not posted',
    },
  };   
}
```