diff --git a/.github/workflows/pre-release-upload.yml b/.github/workflows/pre-release-upload.yml new file mode 100644 index 000000000..413feefdd --- /dev/null +++ b/.github/workflows/pre-release-upload.yml @@ -0,0 +1,43 @@ +on: + pull_request_review: + types: [submitted] + +permissions: + contents: read + +jobs: + upload: + if: github.head_ref == 'main' + name: Pre-Release Upload to GA + runs-on: ubuntu-latest + env: + API_HOST: ${{ secrets.GA_API_HOST }} + API_TOKEN: ${{ secrets.GA_API_TOKEN }} + steps: + - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + + - name: Validate Secrets + if: ${{ env.GA_API_HOST == '' || env.GA_API_TOKEN == '' }} + run: | + echo "API_HOST or API_TOKEN not set" + exit 0 + + - name: Checkout panther-analysis + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1 + + - name: Set python version + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 #v5.2.0 + with: + python-version: "3.11" + + - name: Install pipenv + run: pip install pipenv + + - name: Setup venv + run: make venv + + - name: upload + run: | + pipenv run panther_analysis_tool upload --api-host ${{ env.GA_API_HOST }} --api-token ${{ env.GA_API_TOKEN }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5fe44d67c..e3827cc9b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,6 +6,35 @@ permissions: jobs: test: + if: github.event.pull_request.head.repo.fork == true + name: Test + runs-on: ubuntu-latest + steps: + - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + disable-sudo: true + egress-policy: audit + + - name: Checkout panther-analysis + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1 + + - name: Set python version + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 #v5.2.0 + with: + python-version: "3.11" + + - name: Install pipenv + run: pip install pipenv + + - name: Setup venv + run: make venv + + - name: test + run: | + pipenv run panther_analysis_tool test --show-failures-only + + test-authenticated: + if: github.event.pull_request.head.repo.fork == false name: Test runs-on: ubuntu-latest env: diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 65b4285cf..35368a592 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -7,7 +7,7 @@ permissions: jobs: validate: - if: github.event.review.state == 'approved' + if: github.event.review.state == 'approved' && github.event.pull_request.head.repo.fork == false name: Validate runs-on: ubuntu-latest env: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 99449ad73..24ab6793e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -8,7 +8,7 @@ Please familiarize yourself with these helpful resources on writing high-quality - The blog post Panther's founder, Jack Naglieri, wrote on [The Anatomy of a High Quality SIEM Rule](https://jacknaglieri.substack.com/p/hq-siem-rules) - Panther's [Detection Documentation](https://docs.panther.com/detections) -- The `panther-analysis` [Style Guide](https://github.com/panther-labs/panther-analysis/blob/main/STYLE_GUIDE.md) +- The `panther-analysis` [Style Guide](https://github.com/panther-labs/panther-analysis/blob/main/style_guides/STYLE_GUIDE.md) Especially excellent contributions will be considered for a quarterly prize! We will announce a winner in the **Panther-Analysis Seasonal Newsletter**, where we share updates and celebrate contributions to Panther’s open-source ruleset. diff --git a/rules/gsuite_activityevent_rules/gsuite_workspace_calendar_external_sharing.py b/rules/gsuite_activityevent_rules/gsuite_workspace_calendar_external_sharing.py index d290a1d30..72d602aba 100644 --- a/rules/gsuite_activityevent_rules/gsuite_workspace_calendar_external_sharing.py +++ b/rules/gsuite_activityevent_rules/gsuite_workspace_calendar_external_sharing.py @@ -18,5 +18,5 @@ def title(event): f"GSuite workspace setting for default calendar sharing was changed by " f"[{event.deep_get('actor', 'email', default='')}] " + f"from [{event.deep_get('parameters', 'OLD_VALUE', default='')}] " - + "to [{event.deep_get('parameters', 'NEW_VALUE', default='')}]" + + f"to [{event.deep_get('parameters', 'NEW_VALUE', default='')}]" )