diff --git a/README.md b/README.md
index 91ada2e..a602e83 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
# Python RASP
-
+
@@ -121,7 +121,7 @@ MIDDLEWARE = [
At startup of the application `pyrasp` loading information is displayed.
```
-### PyRASP v0.5.0 ##########
+### PyRASP v0.5.1 ##########
[+] Starting PyRASP
[+] Loading configuration from rasp.json
[+] XSS model loaded
@@ -389,10 +389,12 @@ Configuration is set from a JSON file.
`pyrasp` instance creation requires 2 specific arguments:
- `cloud_url`: URL to retrieve agent configuration from
-- `key`: unique key to identify the agent
+- `key`: unique key to identify the agent
`(, cloud_url = , key = )`
+> Those 2 parameters can be set as environment vaiables (see below)
+
```python
from pyrasp.pyrasp import FastApiRASP
@@ -417,6 +419,12 @@ MIDDLEWARE = [
]
```
+**Environment Variables**
+
+`cloud_url` and `key` values can be set as environment variables:
+- `PYRASP_CLOUD_URL`: URL to retrieve agent configuration from
+- `PYRASP_KEY`: unique key to identify the agent
+
### Configuration download
**Overview**
@@ -424,7 +432,7 @@ Configuration file and blacklist are retrieved by the agent through a `GET` requ
At agent startup the remote configuration URL is displayed.
```
-### PyRASP v0.5.0 ##########
+### PyRASP v0.5.1 ##########
[+] Starting PyRASP
[+] Loading default configuration
[+] Loading configuration from http://192.168.0.10/rasp/connect
diff --git a/pyproject.toml b/pyproject.toml
index 480f91b..1130eb6 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
[project]
name = "pyrasp"
-version = "0.5.0"
+version = "0.5.1"
authors = [
{ name = "Renaud Bidou", email = "renaud@paracyberbellum.io" }
]
diff --git a/pyrasp/pyrasp.py b/pyrasp/pyrasp.py
index c31ef7a..9968a6e 100644
--- a/pyrasp/pyrasp.py
+++ b/pyrasp/pyrasp.py
@@ -1,4 +1,4 @@
-VERSION = '0.5.0'
+VERSION = '0.5.1'
from pprint import pprint
import time
@@ -17,11 +17,13 @@
import sys
from functools import partial
import psutil
+import os
# Flask
try:
from flask import request
from flask import Response as FlaskResponse
+ from werkzeug.utils import import_string
except:
pass
@@ -247,6 +249,9 @@ class PyRASP():
# GLOBAL VARIABLES
####################################################
+ # ROUTES
+ ROUTES = []
+
# LOGGING
LOG_QUEUE = None
LOG_WORKER = None
@@ -299,6 +304,12 @@ def __init__(self, app = None, app_name = None, hosts = [], conf = None, key = N
self.print_screen(f'### PyRASP v{VERSION} ##########', init=True, new_line_up=True)
self.print_screen('[+] Starting PyRASP', init=True, new_line_up=False)
+ #
+ # Get Routes
+ #
+
+ self.get_routes(app)
+
#
# Configuration
#
@@ -308,7 +319,7 @@ def __init__(self, app = None, app_name = None, hosts = [], conf = None, key = N
setattr(self, config_key, DEFAULT_CONFIG[config_key])
# Load default configuration
- if conf == None and key == None:
+ if conf == None and cloud_url == None:
self.print_screen('[!] No configuration provided. Running default configuration', init=True, new_line_up = False)
# Load configuration file
@@ -316,12 +327,25 @@ def __init__(self, app = None, app_name = None, hosts = [], conf = None, key = N
self.load_file_config(conf)
# Load from server
- self.CLOUD_URL = cloud_url
+ ## Get cloud URL
+ if not cloud_url is None:
+ self.CLOUD_URL = cloud_url
+ else:
+ self.CLOUD_URL = os.environ.get('PYRASP_CLOUD_URL')
+
if not self.CLOUD_URL is None:
- if not self.load_cloud_config(key):
- self.print_screen('[!] Could not load configuration. Security NOT enabled.', init=True, new_line_up = True)
- return
- self.KEY = key
+
+ ## Get key
+ if key:
+ self.KEY = key
+ else:
+ self.KEY = os.environ.get('PYRASP_KEY')
+
+ if self.KEY is None:
+ self.print_screen('[!] Agent key could not be found. Running default configuration.', init=True, new_line_up = True)
+
+ if not self.load_cloud_config():
+ self.print_screen('[!] Could not load configuration from cloud server. Running default configuration.', init=True, new_line_up = True)
# Default config customization
if all([
@@ -664,18 +688,25 @@ def log_security_event(self, event_type, source_ip, user = None, details = {}):
else:
self.LOG_QUEUE.put(security_log)
+ ####################################################
+ # ROUTES
+ ####################################################
+
+ def get_routes(self, app):
+ pass
+
####################################################
# CONFIGURATION
####################################################
- def load_cloud_config(self, key):
+ def load_cloud_config(self):
result = False
self.print_screen(f'[+] Loading configuration from {self.CLOUD_URL}', init = True, new_line_up = False)
#config_url = f'{self.cloud_protocol}://{self.cloud_server}:{self.cloud_port}/rasp/connect'
- data = { 'key': key, 'version': VERSION, 'platform': self.PLATFORM }
+ data = { 'key': self.KEY, 'version': VERSION, 'platform': self.PLATFORM }
error = False
@@ -1610,15 +1641,16 @@ def __init__(self, app, app_name=None, hosts=[], conf=None, key=None, cloud_url=
if self.LOG_ENABLED or self.BEACON:
signal.signal(signal.SIGINT, partial(handle_kb_interrupt, self))
-
- def register_security_checks(self, app):
- self.set_before_security_checks(app)
- self.set_after_security_checks(app)
-
+
####################################################
# SECURITY CHECKS
####################################################
+ # Register
+ def register_security_checks(self, app):
+ self.set_before_security_checks(app)
+ self.set_after_security_checks(app)
+
# Incoming request
def set_before_security_checks(self, app):