diff --git a/README.md b/README.md index 91ada2e..a602e83 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Python RASP

- version 0.5.0 + version 0.5.1 A project by ParaCyberBellum @@ -121,7 +121,7 @@ MIDDLEWARE = [ At startup of the application `pyrasp` loading information is displayed. ``` -### PyRASP v0.5.0 ########## +### PyRASP v0.5.1 ########## [+] Starting PyRASP [+] Loading configuration from rasp.json [+] XSS model loaded @@ -389,10 +389,12 @@ Configuration is set from a JSON file. `pyrasp` instance creation requires 2 specific arguments: - `cloud_url`: URL to retrieve agent configuration from -- `key`: unique key to identify the agent +- `key`: unique key to identify the agent `(, cloud_url = , key = )` +> Those 2 parameters can be set as environment vaiables (see below) + ```python from pyrasp.pyrasp import FastApiRASP @@ -417,6 +419,12 @@ MIDDLEWARE = [ ] ``` +**Environment Variables** + +`cloud_url` and `key` values can be set as environment variables: +- `PYRASP_CLOUD_URL`: URL to retrieve agent configuration from +- `PYRASP_KEY`: unique key to identify the agent + ### Configuration download **Overview** @@ -424,7 +432,7 @@ Configuration file and blacklist are retrieved by the agent through a `GET` requ At agent startup the remote configuration URL is displayed. ``` -### PyRASP v0.5.0 ########## +### PyRASP v0.5.1 ########## [+] Starting PyRASP [+] Loading default configuration [+] Loading configuration from http://192.168.0.10/rasp/connect diff --git a/pyproject.toml b/pyproject.toml index 480f91b..1130eb6 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "pyrasp" -version = "0.5.0" +version = "0.5.1" authors = [ { name = "Renaud Bidou", email = "renaud@paracyberbellum.io" } ] diff --git a/pyrasp/pyrasp.py b/pyrasp/pyrasp.py index c31ef7a..9968a6e 100644 --- a/pyrasp/pyrasp.py +++ b/pyrasp/pyrasp.py @@ -1,4 +1,4 @@ -VERSION = '0.5.0' +VERSION = '0.5.1' from pprint import pprint import time @@ -17,11 +17,13 @@ import sys from functools import partial import psutil +import os # Flask try: from flask import request from flask import Response as FlaskResponse + from werkzeug.utils import import_string except: pass @@ -247,6 +249,9 @@ class PyRASP(): # GLOBAL VARIABLES #################################################### + # ROUTES + ROUTES = [] + # LOGGING LOG_QUEUE = None LOG_WORKER = None @@ -299,6 +304,12 @@ def __init__(self, app = None, app_name = None, hosts = [], conf = None, key = N self.print_screen(f'### PyRASP v{VERSION} ##########', init=True, new_line_up=True) self.print_screen('[+] Starting PyRASP', init=True, new_line_up=False) + # + # Get Routes + # + + self.get_routes(app) + # # Configuration # @@ -308,7 +319,7 @@ def __init__(self, app = None, app_name = None, hosts = [], conf = None, key = N setattr(self, config_key, DEFAULT_CONFIG[config_key]) # Load default configuration - if conf == None and key == None: + if conf == None and cloud_url == None: self.print_screen('[!] No configuration provided. Running default configuration', init=True, new_line_up = False) # Load configuration file @@ -316,12 +327,25 @@ def __init__(self, app = None, app_name = None, hosts = [], conf = None, key = N self.load_file_config(conf) # Load from server - self.CLOUD_URL = cloud_url + ## Get cloud URL + if not cloud_url is None: + self.CLOUD_URL = cloud_url + else: + self.CLOUD_URL = os.environ.get('PYRASP_CLOUD_URL') + if not self.CLOUD_URL is None: - if not self.load_cloud_config(key): - self.print_screen('[!] Could not load configuration. Security NOT enabled.', init=True, new_line_up = True) - return - self.KEY = key + + ## Get key + if key: + self.KEY = key + else: + self.KEY = os.environ.get('PYRASP_KEY') + + if self.KEY is None: + self.print_screen('[!] Agent key could not be found. Running default configuration.', init=True, new_line_up = True) + + if not self.load_cloud_config(): + self.print_screen('[!] Could not load configuration from cloud server. Running default configuration.', init=True, new_line_up = True) # Default config customization if all([ @@ -664,18 +688,25 @@ def log_security_event(self, event_type, source_ip, user = None, details = {}): else: self.LOG_QUEUE.put(security_log) + #################################################### + # ROUTES + #################################################### + + def get_routes(self, app): + pass + #################################################### # CONFIGURATION #################################################### - def load_cloud_config(self, key): + def load_cloud_config(self): result = False self.print_screen(f'[+] Loading configuration from {self.CLOUD_URL}', init = True, new_line_up = False) #config_url = f'{self.cloud_protocol}://{self.cloud_server}:{self.cloud_port}/rasp/connect' - data = { 'key': key, 'version': VERSION, 'platform': self.PLATFORM } + data = { 'key': self.KEY, 'version': VERSION, 'platform': self.PLATFORM } error = False @@ -1610,15 +1641,16 @@ def __init__(self, app, app_name=None, hosts=[], conf=None, key=None, cloud_url= if self.LOG_ENABLED or self.BEACON: signal.signal(signal.SIGINT, partial(handle_kb_interrupt, self)) - - def register_security_checks(self, app): - self.set_before_security_checks(app) - self.set_after_security_checks(app) - + #################################################### # SECURITY CHECKS #################################################### + # Register + def register_security_checks(self, app): + self.set_before_security_checks(app) + self.set_after_security_checks(app) + # Incoming request def set_before_security_checks(self, app):