Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prepare for 3.49.0 #1204

Merged
merged 19 commits into from
Apr 9, 2024
Merged

Prepare for 3.49.0 #1204

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
33fb108
bump black (#1184)
le4ker Apr 3, 2024
03b7c0c
disable dependabot (#1185)
le4ker Apr 3, 2024
7f9e60a
Use make venv rather than make install
Apr 3, 2024
0322629
remove failing test case (#1189)
arielkr256 Apr 3, 2024
f57680f
Fix Dockerfile; add Workflow to test image
Apr 3, 2024
8feb8bf
Update PAT to 0.45.0
Apr 4, 2024
40c114d
apply make fmt using upgraded black version (#1196)
arielkr256 Apr 4, 2024
c2ca2a9
Add mongodb_alert_context (#1178)
melenevskyi Apr 4, 2024
88a64fb
Update linting Makefile targets to run isort and prettier --check (#1…
Apr 4, 2024
314a51a
Format code before committing it (#1193)
le4ker Apr 4, 2024
25011dd
fix - Okta Password Accessed False positive (#1198)
akozlovets098 Apr 5, 2024
b8e8fc8
Add MongoDB.2FA.Disabled rule (#1190)
melenevskyi Apr 5, 2024
cb74958
Add MongoDB.User.Created.Or.Deleted and Add MongoDB.User.Roles.Chang…
melenevskyi Apr 5, 2024
5350dbe
MongoDB - alerting disabled (rule) (#1197)
akozlovets098 Apr 5, 2024
a168668
MongoDB - Allow access from anywhere (rule) (#1199)
akozlovets098 Apr 5, 2024
bc12190
MongoDB - org membership restriction disabled (rule) (#1200)
akozlovets098 Apr 5, 2024
eec76b3
Add MongoDB.External.UserInvited.NoConfig rule (#1191)
melenevskyi Apr 8, 2024
1feb96d
Add MongoDB.Identity.Provider.Activity rule (#1202)
melenevskyi Apr 8, 2024
918fa2a
Add MongoDB.Logging.Toggled rule (#1203)
melenevskyi Apr 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 0 additions & 11 deletions .github/dependabot.yml
View file
Open in desktop

This file was deleted.

21 changes: 21 additions & 0 deletions .github/workflows/docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
on:
pull_request:
paths:
- "Dockerfile"

jobs:
test:
name: Build Dockerfile
runs-on: ubuntu-latest
steps:
- name: Checkout panther-analysis
uses: actions/checkout@v4
- uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Build Image
run: docker buildx build --load -f Dockerfile -t panther-analysis:latest .
- name: Test Image
run: |
docker run --rm -t panther-analysis:latest pipenv run panther_analysis_tool --version
5 changes: 2 additions & 3 deletions .github/workflows/lint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ jobs:
steps:
- name: Checkout panther-analysis
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}

- name: Set python version
uses: actions/setup-python@v4
Expand All @@ -18,9 +20,6 @@ jobs:
- name: Install pipenv
run: pip install pipenv

- name: Install
run: make install

- name: Setup venv
run: make venv

Expand Down
3 changes: 0 additions & 3 deletions .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,6 @@ jobs:
- name: Install pipenv
run: pip install pipenv

- name: Install
run: make install

- name: Setup venv
run: make venv

Expand Down
3 changes: 0 additions & 3 deletions .github/workflows/upload.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,6 @@ jobs:
- name: Install pipenv
run: pip install pipenv

- name: Install
run: make install

- name: Setup venv
run: make venv

Expand Down
3 changes: 3 additions & 0 deletions .husky/pre-commit
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/bin/sh

make fmt
2 changes: 0 additions & 2 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,5 +57,3 @@ ENV PATH="/home/panther-analysis/node_modules/.bin:$PATH"
# Remove pipfile so it doesn't interfere with local files after install
RUN rm Pipfile
RUN rm Pipfile.lock

ENTRYPOINT [ "/bin/bash" ]
10 changes: 6 additions & 4 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,12 @@ lint: lint-pylint lint-fmt
lint-pylint:
pipenv run bandit -r $(dirs)
pipenv run pylint $(dirs)
pipenv run isort --profile=black --check-only $(dirs)

lint-fmt:
@echo Checking python file formatting with the black code style checker
pipenv run black --line-length=100 --check $(dirs)
npx prettier . --check

venv:
pipenv sync --dev
Expand All @@ -51,7 +53,7 @@ pat-update:
fmt:
pipenv run isort --profile=black $(dirs)
pipenv run black --line-length=100 $(dirs)
npx prettier . --write
npx prettier . --write --list-different

install:
pipenv sync --dev
Expand All @@ -62,10 +64,10 @@ test: global-helpers-unit-test
pipenv run panther_analysis_tool test $(TEST_ARGS)

docker-build:
docker build -t panther-analysis .
docker build -t panther-analysis:latest .

docker-test:
docker run --mount "type=bind,source=${CURDIR},target=/home/panther-analysis" panther-analysis make test TEST_ARGS="$(TEST_ARGS)"
docker run --mount "type=bind,source=${CURDIR},target=/home/panther-analysis" panther-analysis:latest make test TEST_ARGS="$(TEST_ARGS)"

docker-lint:
docker run --mount "type=bind,source=${CURDIR},target=/home/panther-analysis" panther-analysis make lint
docker run --mount "type=bind,source=${CURDIR},target=/home/panther-analysis" panther-analysis:latest make lint
4 changes: 2 additions & 2 deletions Pipfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ verify_ssl = true

[dev-packages]
bandit = "~=1.7"
black = "~=22.8"
black = "~=24.3.0"
click = "~=8.1"
decorator = "~=5.1"
dill = "~=0.3"
Expand All @@ -19,7 +19,7 @@ wrapt = "~=1.15"
[packages]
policyuniverse = "==1.5.1.20230817"
requests = "==2.31.0"
panther-analysis-tool = "~=0.44"
panther-analysis-tool = "~=0.45"
panther-detection-helpers = "==0.3.0"

[requires]
Expand Down
86 changes: 52 additions & 34 deletions Pipfile.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 7 additions & 5 deletions global_helpers/global_helpers_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1334,12 +1334,14 @@ def random_kv_pair() -> dict:
"".join(
secrets.choice(string.hexdigits)
for _ in range(secrets.SystemRandom().randrange(1, 6))
): "".join(
secrets.choice(string.hexdigits)
for _ in range(secrets.SystemRandom().randrange(1, 6))
): (
"".join(
secrets.choice(string.hexdigits)
for _ in range(secrets.SystemRandom().randrange(1, 6))
)
if secrets.choice([True, False])
else secrets.randbelow(secrets.SystemRandom().randrange(1, 11) ** 10)
)
if secrets.choice([True, False])
else secrets.randbelow(secrets.SystemRandom().randrange(1, 11) ** 10)
for _ in range(secrets.SystemRandom().randrange(1, 6))
}

Expand Down
4 changes: 4 additions & 0 deletions global_helpers/panther_base_helpers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,13 +40,17 @@ def in_pci_scope_tags(resource):


PCI_NETWORKS = config.PCI_NETWORKS


# Expects a string in cidr notation (e.g. '10.0.0.0/24') indicating the ip range being checked
# Returns True if any ip in the range is marked as in scope
def is_pci_scope_cidr(ip_range):
return any(ip_network(ip_range).overlaps(pci_network) for pci_network in PCI_NETWORKS)


DMZ_NETWORKS = config.DMZ_NETWORKS


# Expects a string in cidr notation (e.g. '10.0.0.0/24') indicating the ip range being checked
# Returns True if any ip in the range is marked as DMZ space.
def is_dmz_cidr(ip_range):
Expand Down
1 change: 1 addition & 0 deletions global_helpers/panther_iocs.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -605,6 +605,7 @@
"ami-083bb1ae22e9bf463", # fedora-coreos-40.20240329.10.0-aarch64 us-west-2
}


# IOC Helper functions:
def ioc_match(indicators: list, known_iocs: set) -> list:
"""Matches a set of indicators against known Indicators of Compromise
Expand Down
14 changes: 7 additions & 7 deletions global_helpers/panther_ipinfo_helpers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@
IPINFO_PRIVACY_LUT_NAME = "ipinfo_privacy"


class PantherIPInfoException(Exception):
...
# pylint: disable=multiple-statements
class PantherIPInfoException(Exception): ...


class IPInfoLocation(LookupTableMatches):
Expand Down Expand Up @@ -95,19 +95,19 @@ def __init__(self, event):
super().__init__()
super()._register(event, IPINFO_PRIVACY_LUT_NAME)

def hosting(self, match_field: str) -> bool or list:
def hosting(self, match_field: str) -> Union[bool, list]:
return self._lookup(match_field, "hosting")

def proxy(self, match_field: str) -> bool or list:
def proxy(self, match_field: str) -> Union[bool, list]:
return self._lookup(match_field, "proxy")

def tor(self, match_field: str) -> bool or list:
def tor(self, match_field: str) -> Union[bool, list]:
return self._lookup(match_field, "tor")

def vpn(self, match_field: str) -> bool or list:
def vpn(self, match_field: str) -> Union[bool, list]:
return self._lookup(match_field, "vpn")

def relay(self, match_field: str) -> bool or list:
def relay(self, match_field: str) -> Union[bool, list]:
return self._lookup(match_field, "relay")

def service(self, match_field: str) -> Union[list[str], str]:
Expand Down
Loading
Loading