Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add customizable secret phrase parameter #19

Merged
merged 1 commit into from
Nov 7, 2022
Merged

Add customizable secret phrase parameter #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions cortexutils/analyzer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@

class Analyzer(Worker):

def __init__(self, job_directory=None):
Worker.__init__(self, job_directory)
def __init__(self, job_directory=None, secret_phrases=None):
Worker.__init__(self, job_directory, secret_phrases)

# Not breaking compatibility
self.artifact = self._input
Expand Down
4 changes: 2 additions & 2 deletions cortexutils/responder.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@

class Responder(Worker):

def __init__(self, job_directory=None):
Worker.__init__(self, job_directory)
def __init__(self, job_directory=None, secret_phrases=None):
Worker.__init__(self, job_directory, secret_phrases)

# Not breaking compatibility
self.artifact = self._input
Expand Down
23 changes: 14 additions & 9 deletions cortexutils/worker.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,28 @@
#!/usr/bin/env python
# encoding: utf-8

import os
import sys
import codecs
import json
import os
import select
import sys

DEFAULT_SECRET_PHRASES = ("key", "password", "secret")

class Worker(object):
READ_TIMEOUT = 3 # seconds

def __init__(self, job_directory):
def __init__(self, job_directory, secret_phrases):
if job_directory is None:
if len(sys.argv) > 1:
job_directory = sys.argv[1]
else:
job_directory = '/job'
self.job_directory = job_directory
if secret_phrases is None:
self.secret_phrases = DEFAULT_SECRET_PHRASES
else:
self.secret_phrases = secret_phrases
# Load input
self._input = {}
if os.path.isfile('%s/input/input.json' % self.job_directory):
Expand Down Expand Up @@ -144,13 +149,13 @@ def error(self, message, ensure_ascii=False):
# Get analyzer input
analyzer_input = self._input

# Define sensitive key values
secrets = ['password', 'key', 'secret']

# Loop over all the sensitive config names and clean them
for config_key, v in analyzer_input.get('config', {}).items():
if any(secret in config_key.lower() for secret in secrets):
analyzer_input.get('config', {})[config_key] = 'REMOVED'
for config_key in analyzer_input.get('config', {}).keys():
if any(
secret_phrase in config_key.lower()
for secret_phrase in self.secret_phrases
):
analyzer_input['config'][config_key] = 'REMOVED'

self.__write_output({'success': False,
'input': analyzer_input,
Expand Down