class SecretFilenameMatchTrigger(BaseTrigger): __trigger_name__ = 'FILENAMEMATCH' __description__ = 'Triggers if a file exists in the container that matches with any of the regular expressions given as SECRETCHECK_NAMEREGEXP parameters.' __params__ = {'SECRETCHECK_NAMEREGEXP': PipeDelimitedStringListValidator()} def evaluate(self, image_obj, context): # decode the param regexes from b64 fname_regexps = [] regex_param = self.eval_params.get(self.__params__.keys()[0]) if regex_param: fname_regexps = regex_param.split('|') if not fname_regexps: # Short circuit return if context.data.get('filenames'): files = context.data.get('filenames') else: files = image_obj.fs.files().keys( ) # returns a map of path -> entry for thefile in files: thefile = thefile.encode('ascii', errors='replace') for regexp in fname_regexps: if re.match(regexp, thefile): self._fire( msg= 'Application of regexp matched file found in container: file={} regexp={}' .format(thefile, regexp))
def test_pipe_delim_validator(self): v = PipeDelimitedStringListValidator() matrix = [ ("ab", True), ("abc|c", True), ("ab|c|d", True), ("|a", False), ("a|", False), ] self.run_matrix_test(matrix, v)
def test_pipe_delim_validator(self): v = PipeDelimitedStringListValidator() matrix = [ ('ab', True), ('abc|c', True), ('ab|c|d', True), ('|a', False), ('a|', False) ] self.run_matrix_test(matrix, v)
class SecretContentMatchTrigger(BaseTrigger): __trigger_name__ = 'CONTENTMATCH' __description__ = 'Triggers if the content search analyzer has found any matches. If the parameter is set, then will only trigger against found matches that are also in the SECRETCHECK_CONTENTREGEXP parameter list. If the parameter is absent or blank, then the trigger will fire if the analyzer found any matches.' __params__ = { 'SECRETCHECK_CONTENTREGEXP': PipeDelimitedStringListValidator() } def evaluate(self, image_obj, context): match_filter = self.eval_params.get(self.__params__.keys()[0]) if match_filter: matches = [x.encode('base64') for x in match_filter.split('|')] matches_decoded = match_filter.split('|') else: matches = [] matches_decoded = [] for thefile, regexps in context.data.get('secret_content_regexp', {}).items(): thefile = thefile.encode('ascii', errors='replace') if not regexps: continue for regexp in regexps.keys(): try: regexp_name, theregexp = regexp.decode('base64').split( "=", 1) except: regexp_name = None theregexp = regexp.decode('base64') if not matches: self._fire( msg= 'Secret search analyzer found regexp match in container: file={} regexp={}' .format(thefile, regexp.decode('base64'))) elif regexp in matches or theregexp in matches_decoded: self._fire( msg= 'Secret search analyzer found regexp match in container: file={} regexp={}' .format(thefile, regexp.decode('base64'))) elif regexp_name and regexp_name in matches_decoded: self._fire( msg= 'Secret search analyzer found regexp match in container: file={} regexp={}' .format(thefile, regexp.decode('base64')))