def test_put_bad_endpoint(self):
     endpoint = nonexistent_url
     put_data = {"whatevs": "becausenobodycares"}
     session = cloudpassage.HaloSession(key_id,
                                        secret_key,
                                        api_host=api_hostname,
                                        api_port=api_port,
                                        integration_string="SDK-Smoke")
     session.authenticate_client()
     req = cloudpassage.HttpHelper(session)
     with pytest.raises(cloudpassage.CloudPassageResourceExistence) as e:
         req.put(endpoint, put_data)
     assert '404' in str(e)
 def test_delete(self):
     rejected = False
     session = cloudpassage.HaloSession(key_id,
                                        secret_key,
                                        api_host=api_hostname,
                                        api_port=api_port,
                                        integration_string="SDK-Smoke")
     policy = cloudpassage.SpecialEventsPolicy(session)
     try:
         policy.delete("DoesNotEvenMatter")
     except NotImplementedError:
         rejected = True
     assert rejected
 def test_post_bad_payload(self):
     endpoint = "/v1/groups"
     post_data = {"whatevs": "becausenobodycares"}
     session = cloudpassage.HaloSession(key_id,
                                        secret_key,
                                        api_host=api_hostname,
                                        api_port=api_port,
                                        integration_string="SDK-Smoke")
     session.authenticate_client()
     req = cloudpassage.HttpHelper(session)
     with pytest.raises(cloudpassage.CloudPassageValidation) as e:
         req.post(endpoint, post_data)
     assert '400' in str(e)
 def test_get_paginated_404(self):
     endpoint = nonexistent_url
     key = "noexist"
     pages = 5
     session = cloudpassage.HaloSession(key_id,
                                        secret_key,
                                        api_host=api_hostname,
                                        api_port=api_port,
                                        integration_string="SDK-Smoke")
     session.authenticate_client()
     req = cloudpassage.HttpHelper(session)
     with pytest.raises(cloudpassage.CloudPassageResourceExistence) as e:
         req.get_paginated(endpoint, key, pages)
     assert '404' in str(e)
def main():
    halo_key = os.getenv('HALO_API_KEY')
    halo_secret = os.getenv('HALO_API_SECRET_KEY')
    halo_api_host = os.getenv('HALO_API_HOSTNAME')
    target = os.getenv('TARGET')
    session = cloudpassage.HaloSession(halo_key,
                                       halo_secret,
                                       api_host=halo_api_host)
    try:
        result = generate_group_firewall_report(session, target)
        print(result)
    except Exception as e:
        print("Exception caught!\n %s" % e)
    return
 def test_sam_historical_is_unsupported(self):
     rejected = False
     session = cloudpassage.HaloSession(key_id, secret_key,
                                        api_host=api_hostname,
                                        api_port=api_port)
     scanner = cloudpassage.Scan(session)
     server = cloudpassage.Server(session)
     scan_type = "sam"
     server_id = server.list_all()[0]["id"]
     try:
         scanner.last_scan_results(server_id, scan_type)
     except cloudpassage.CloudPassageValidation:
         rejected = True
     assert rejected
 def test_get_paginated_toomany(self):
     endpoint = "/v1/events"
     key = "events"
     pages = 301
     session = cloudpassage.HaloSession(key_id,
                                        secret_key,
                                        api_host=api_hostname,
                                        api_port=api_port,
                                        integration_string="SDK-Smoke")
     session.auth_token = "abc123"
     req = cloudpassage.HttpHelper(session)
     with pytest.raises(cloudpassage.CloudPassageValidation) as e:
         req.get_paginated(endpoint, key, pages)
     assert '300 max.' in str(e)
Ejemplo n.º 8
0
    def __init__(self, key, secret, api_host):
        """Instantiate with key, secret, and API host.

        Args:
            config (ConfigHelper): Config Object
        """
        self.logger = Logger()
        integration = self.get_integration_string()
        self.session = cloudpassage.HaloSession(key,
                                                secret,
                                                api_host=api_host,
                                                integration_string=integration)
        self.issue = cloudpassage.Issue(self.session, endpoint_version=3)
        self.http_helper = cloudpassage.HttpHelper(self.session)
        self.cve_detail = cloudpassage.CveDetails(self.session)
Ejemplo n.º 9
0
 def __init__(self, config, health_string, tasks_obj):
     """Initialization only instantiates the session object."""
     self.session = cloudpassage.HaloSession(config.halo_api_key,
                                             config.halo_api_secret_key,
                                             api_host=config.halo_api_host,
                                             api_port=config.halo_api_port,
                                             integration_string=config.ua)
     self.product_version = config.product_version
     self.monitor_events = config.monitor_events
     self.slack_channel = config.slack_channel
     self.health_string = health_string
     self.tasks = tasks_obj
     self.flower_host = config.flower_host
     self.config = config
     return
Ejemplo n.º 10
0
 def get_last_timestamp(self):
     """Get latest object's timestamp from Halo API."""
     if self.halo_module == "scans":
         url = "/v1/scans?sort_by=created_at.desc&per_page=1"
     elif self.halo_module == "events":
         url = "/v1/events?sort_by=created_at.desc&per_page=1"
     else:
         print("Unrecognized module: %s" % self.halo_module)
     session = cloudpassage.HaloSession(
         self.halo_key,
         self.halo_secret,
         api_host=self.halo_api_hostname,
         integration_string=self.integration_name)
     http_helper = cloudpassage.HttpHelper(session)
     timestamp = http_helper.get(url)[self.halo_module][0]["created_at"]
     return timestamp
Ejemplo n.º 11
0
 def test_instantiation(self):
     session = cloudpassage.HaloSession(key_id, secret_key,
                                        api_host=api_hostname,
                                        api_port=api_port,
                                        integration_string="SDK-Smoke")
     assert cloudpassage.SystemAnnouncement(session)
Ejemplo n.º 12
0
 def __init__(self):
     self.halo_creds = cloudpassage.ApiKeyManager()
     self.halo_session = cloudpassage.HaloSession(
         self.halo_creds.key_id, self.halo_creds.secret_key)
     return
Ejemplo n.º 13
0
 def create_announcement(self):
     session = cloudpassage.HaloSession(key_id, secret_key,
                                        api_host=api_hostname,
                                        api_port=api_port,
                                        integration_string="SDK-Smoke")
     return(cloudpassage.SystemAnnouncement(session))
Ejemplo n.º 14
0
 def __init__(self, *kwargs):
     # Groups and prod lists to be replace by yaml template
     self.cwd = path.realpath(path.join(getcwd(), path.dirname(__file__)))
     self.api_key = environ['CLOUDP_KEY']
     self.api_secret = environ['CLOUDP_SECRET']
     self.session = cloudpassage.HaloSession(self.api_key, self.api_secret)
     self.server = cloudpassage.Server(self.session)
     self.policies = cloudpassage.FirewallPolicy(self.session)
     self.policy_init = cloudpassage.policy.Policy(self.session)
     self.poldetails = cloudpassage.FirewallRule(self.session)
     self.firewall_services = cloudpassage.FirewallService(self.session)
     self.http_helper = cloudpassage.HttpHelper(self.session)
     self.args = args
     self.firewall_ports = {}
     self.filtered_ports = {}
     self.rules = []
     self.myrules = {}
     self.users = {}
     self.user_id = {}
     self.filtered_rules = {}
     self.rule_ids = []
     self.filtered_rule_ids = {}
     self.log_positions = {}
     self.pol_positions = {}
     self.list_of_servers = self.server.list_all()
     self.list_of_policies = self.policies.list_all()
     self.list_of_services = self.firewall_services.list_all()
     self.policy_names = []
     self.filtered_groups = []
     self.policy_ids = []
     self.filtered_policy_ids = []
     self.unfiltered_policy_ids = []
     self.filtered_policies = {}
     self.activerules = {}
     self.myactiverules = {}
     self.activecomments = {}
     self.activeurls = {}
     self.activepolicies = {}
     self.user = {}
     self.json = {}
     self.group = kwargs[0]
     self.chain = kwargs[1]
     self.active = kwargs[2]
     self.source = kwargs[3]
     self.destination = kwargs[4]
     self.states = kwargs[5]
     self.action = kwargs[6]
     self.username = kwargs[11]
     self.all = kwargs[12]
     # Split without spaces being added
     self.service = kwargs[7]
     self.filtered_service = {}
     self.unfiltered_service = {}
     self.log = kwargs[8]
     self.log_prefix = kwargs[9]
     self.comment = kwargs[10]
     self.wildcard = kwargs[13]
     self.setactive = kwargs[14]
     self.setinactive = kwargs[15]
     self.dryrun = kwargs[16]
     self.subtractfromlastrule = kwargs[17]
     self.deleteinactive = kwargs[18]
     self.fullbackup = kwargs[19]
     self.fullrestore = kwargs[20]
     self.filename = kwargs[21]
Ejemplo n.º 15
0
 def __init__(self):
     super(ApiSession, self).__init__()
     self.session = cloudpassage.HaloSession(self.halo_key,
                                             self.halo_secret)
Ejemplo n.º 16
0
 def test_instantiation(self):
     session = cloudpassage.HaloSession(key_id, secret_key)
     assert cloudpassage.FirewallPolicy(session)
 def test_integration_string(self):
     override_string = "Halo API SDK TEST SUITE"
     session = cloudpassage.HaloSession("",
                                        "",
                                        integration_string=override_string)
     assert override_string in session.user_agent
Ejemplo n.º 18
0
 def test_instantiation(self):
     session = cloudpassage.HaloSession(key_id,
                                        secret_key,
                                        api_host=api_hostname,
                                        api_port=api_port)
     assert cloudpassage.Issue(session)
Ejemplo n.º 19
0
 def __new__(cls):
     session = cloudpassage.HaloSession(CONFIG['key_id'],
                                        CONFIG['secret_key'],
                                        api_port=CONFIG["api_port"],
                                        api_host=CONFIG["api_hostname"])
     return cloudpassage.Server(session)
Ejemplo n.º 20
0
    def __init__(self, config):
        self.config = config

        # authenticate to get a session object
        self.session = cloudpassage.HaloSession(self.config.halo_key,
                                                self.config.halo_secret)
 def create_halo_session_object(self):
     session = cloudpassage.HaloSession(key_id, secret_key)
     return session
Ejemplo n.º 22
0
 def test_instantiation(self):
     session = cloudpassage.HaloSession(key_id, secret_key)
     assert cloudpassage.ConfigurationPolicy(session)
 def test_halosession_build_endpoint_prefix(self):
     session = cloudpassage.HaloSession(key_id, secret_key)
     default_good = "https://api.cloudpassage.com:443"
     fn_out = session.build_endpoint_prefix()
     assert fn_out == default_good
 def test_instantiation(self):
     session = cloudpassage.HaloSession(key_id, secret_key)
     assert cloudpassage.FimBaseline(session)
Ejemplo n.º 25
0
 def build_halo_session(self):
     halo_session = cloudpassage.HaloSession(self.halo_key,
                                             self.halo_secret,
                                             integration_string=self.ua)
     return halo_session
Ejemplo n.º 26
0
 def build_session(self):
     session = cloudpassage.HaloSession(self.api_key,
                                        self.api_secret,
                                        api_host=self.api_host,
                                        api_port=self.api_port)
     return (session)
Ejemplo n.º 27
0
import cloudpassage
from flask import Flask
from flask import render_template
app = Flask(__name__)

halo_creds = cloudpassage.ApiKeyManager()
halo_session = cloudpassage.HaloSession(halo_creds.key_id,
                                        halo_creds.secret_key)


def get_servers(halo_session):
    servers_object = cloudpassage.Server(halo_session)
    all_servers = servers_object.list_all()
    return all_servers


@app.route('/')
def home_page():
    return render_template('mainpage.html')


@app.route('/servers')
def server_list():
    return render_template('servers.html', servers=get_servers(halo_session))
Ejemplo n.º 28
0
def main():
    # Suspect package names
    suspect_packages = "kubectl,kubeadm,kubelet"

    # Suspect processes URL
    procs_url = "/v2/servers?process_name=kubelet,kubeadm,kubectl,kube-proxy"

    # Minimum versions safe from API auth bug
    kube_min_ver = {
        "1.10": "1.10.11",
        "1.11": "1.11.5",
        "1.12": "1.12.3",
        "1.13": "1.13.0-rc.1"
    }

    # Get Halo auth info
    key = os.getenv("HALO_API_KEY")
    secret = os.getenv("HALO_API_SECRET_KEY")

    # Set up CloudPassage API abstractions
    session = cloudpassage.HaloSession(key, secret)
    servers = cloudpassage.Server(session)
    scans = cloudpassage.Scan(session)
    helper = cloudpassage.HttpHelper(session)

    # Get servers with suspect packages installed
    servers_installed_kube = [
        x for x in servers.list_all(package_name=suspect_packages)
    ]

    # Get servers with suspect processes
    servers_running_kube = [
        x for x in helper.get_paginated(procs_url, "servers", 99)
    ]

    # Print preliminary metrics
    print("Installation match: %s" % len(servers_installed_kube))
    print("Running process match: %s" % len(servers_running_kube))

    # Get a list of all servers with K8s-related procs or packages
    kube_servers = merge_server_lists(servers_installed_kube,
                                      servers_running_kube)
    # Create a dictionary of packages, processes, and metadata for each server.
    inventory = {
        x["id"]: {
            "packages":
            get_package_listing_from_scan(
                scans.last_scan_results(x["id"], "svm")),  # NOQA
            "processes":
            servers.list_processes(x["id"]),
            "server_metadata":
            x
        }
        for x in kube_servers
    }

    # Print a report to stdout
    print("{}{}{}{}{}{}{}".format(
        "Halo ID".ljust(40), "CSP account".ljust(40), "CSP Instance".ljust(40),
        "kubectl version".ljust(20), "kubeadm version".ljust(20),
        "kubelet version".ljust(20), "kubectl vulnerable".ljust(25),
        "kubeadm vulnerable".ljust(25), "kubelet vulnerable".ljust(25),
        "k8s processes(below)"))
    for x in inventory.items():
        server_id = x[0]
        server_csp_id = x[1]["server_metadata"][
            "csp_account_id"] if "csp_account_id" in x[1][
                "server_metadata"] else ""  # NOQA
        server_instance_id = x[1]["server_metadata"][
            "csp_instance_id"] if "csp_instance_id" in x[1][
                "server_metadata"] else ""  # NOQA
        kubectl_version = get_package_version(x[1]["packages"], "kubectl")
        kubeadm_version = get_package_version(x[1]["packages"], "kubeadm")
        kubelet_version = get_package_version(x[1]["packages"], "kubelet")
        kube_procs = get_kube_procs(x[1]["processes"])
        kubectl_vulnerable = is_kube_vulnerable(kube_min_ver, kubectl_version)
        kubeadm_vulnerable = is_kube_vulnerable(kube_min_ver, kubeadm_version)
        kubelet_vulnerable = is_kube_vulnerable(kube_min_ver, kubelet_version)
        print("{}{}{}{}{}{}{}{}{}\n{}\n\n".format(server_id.ljust(40),
                                                  server_csp_id.ljust(40),
                                                  server_instance_id.ljust(40),
                                                  kubectl_version.ljust(16),
                                                  kubeadm_version.ljust(16),
                                                  kubelet_version.ljust(16),
                                                  kubectl_vulnerable.ljust(20),
                                                  kubeadm_vulnerable.ljust(20),
                                                  kubelet_vulnerable.ljust(20),
                                                  kube_procs))
    dump_to_csv(inventory, kube_min_ver)
    dump_to_json(inventory)
def create_api_session(session):
    config_file_loc = "cloudpassage.yml"
    config_info = cloudpassage.ApiKeyManager(config_file=config_file_loc)
    session = cloudpassage.HaloSession(config_info.key_id,
                                       config_info.secret_key)
    return session
Ejemplo n.º 30
0
 def __init__(self, config):
     session = cloudpassage.HaloSession(config.halo_key,
                                        config.halo_secret,
                                        api_host=config.halo_url)
     self.scan = cloudpassage.Scan(session)