예제 #1
0
def hydrate_forseti(event):
    """Hydrator for forseti events, enriching them with owner, a fingerprint and metadata.
    
    Args:
      event (comet_core.app.EventContainer): the incoming event to hydrate
    """
    msg = event.message

    event.set_owner(f"{msg.get('project_owner')}@example.com")
    event.set_fingerprint(
        comet_event_fingerprint(data_dict=msg,
                                blacklist=['id', 'rule_index'],
                                prefix='forseti_'))

    # arbitrary metadata
    event.set_metadata({
        'issue_type': msg.get('resource'),
        'source_readable': 'GCP Configuration Scanner',
        'resource': msg['project_id'] + '/' + msg['resource_id'],
        'resource_readable':
        f"{msg.get('resource_type')} {msg.get('resource_id')} (in {msg.get('project_id')})",
        'issue_type_readable': {
            'policy_violations': 'GCP project owner outside org',
            'buckets_acl_violations': 'Storage bucket shared too widely',
            'cloudsql_acl_violations': 'CloudSQL open to the public internet',
            'bigquery_acl_violations': 'BigQuery data shared too widely',
        }.get(msg.get('resource'), msg.get('resource'))
    })
예제 #2
0
 def __init__(self, source_type, message):
     self.source_type = source_type
     self.message = message
     self.owner = None
     self.fingerprint = comet_event_fingerprint(data_dict=message,
                                                prefix=source_type + "_")
     self.event_metadata = dict()
예제 #3
0
def test_event_fingerprint_blacklist_prefix():  # pylint: disable=invalid-name,missing-docstring
    fingerprint = comet_event_fingerprint(ORIG_DICT, BLACKLIST, 'test')
    assert fingerprint != AFTER_BLACKLIST_FP
예제 #4
0
def test_event_fingerprint_no_blacklist():  # pylint: disable=invalid-name,missing-docstring
    fingerprint = comet_event_fingerprint(ORIG_DICT)
    assert fingerprint == ORIG_DICT_FP