forked from Netflix/security_monkey
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathutil.py
More file actions
126 lines (99 loc) · 3.52 KB
/
Copy pathutil.py
File metadata and controls
126 lines (99 loc) · 3.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
# Copyright 2017 Netflix
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
.. module: security_monkey.common.github.util
:platform: Unix
:synopsis: Utility functions for Security Monkey's GitHub Organization Plugin.
.. version:: $$VERSION$$
.. moduleauthor:: Mike Grima <mgrima@netflix.com>
"""
import json
from functools import wraps
from security_monkey import app
from security_monkey.datastore import Account
from security_monkey.exceptions import GitHubCredsError
def get_github_creds(account_names):
"""
Grab GitHub credentials from a JSON file on disk.
The dict looks like this:
{
"Organization-Name": "API KEY",
"Organization-Name-2": "API KEY 2",
...
}
:param account_names: list of account names
:type account_names: ``list``
"""
# The name of the field as defined in the GitHub Account Manager.
creds_field = 'access_token_file'
org_creds = {}
accounts = Account.query.filter(Account.name.in_(account_names)).all()
for account in accounts:
try:
if not org_creds.get(account.identifier):
creds_file = account.getCustom(creds_field)
if creds_file:
with open(creds_file, "r") as file:
creds_dict = json.loads(file.read())
org_creds.update(creds_dict)
else:
org_creds.update(app.config.get("GITHUB_CREDENTIALS"))
except Exception as _:
raise GitHubCredsError(account.identifier)
return org_creds
def iter_org(orgs):
"""
Decorator for looping over many GitHub organizations.
This will pass in the exception map properly.
:param orgs:
:return:
"""
def decorator(func):
@wraps(func)
def decorated_function(*args, **kwargs):
item_list = []
if not kwargs.get("exception_map"):
kwargs["exception_map"] = {}
for org in orgs:
kwargs["account_name"] = org
item, exc = func(*args, **kwargs)
item_list.extend(item)
return item_list, kwargs["exception_map"]
return decorated_function
return decorator
def strip_url_fields(blob):
"""
Utility function to strip out the "_url" fields returned from GitHub, since
they aren't really useful for the purposes of Security Monkey, and add in
bloat to the record.
This will recursively remove them from nested dictionaries.
:param blob:
:return:
"""
keys_to_delete = []
if isinstance(blob, list):
for item in blob:
strip_url_fields(item)
if not isinstance(blob, dict):
return blob
for k in blob:
# Is the field a dictionary or list of dicts?
if isinstance(blob[k], dict) or isinstance(blob[k], list):
strip_url_fields(blob[k])
if "_url" in k:
keys_to_delete.append(k)
# Delete them:
for k in keys_to_delete:
del blob[k]
return blob