Working with new v2 deepsecurity-py SDK. Test all logical branches. Ready for AWS Lambda

Author: marknca

lib/deepsecurity/computers.py

@@ -192,7 +192,7 @@ def get(self, name=None, group_id=None):
 class Computer(core.CoreObject):
   def __init__(self, manager=None, api_response=None, log_func=None):
     self.manager = manager
-    self.recommened_rules = None
+    self.recommended_rules = None
     if api_response: self._set_properties(api_response, log_func)
 
   def send_events(self):
@@ -235,8 +235,8 @@ def get_recommended_rules(self):
     """
     Recommend a set of rules to apply to the computer
     """
-    self.recommened_rules = self.manager.get_rule_recommendations_for_computer(self.id)
-    return self.recommened_rules['total_recommedations']
+    self.recommended_rules = self.manager.get_rule_recommendations_for_computer(self.id)
+    return self.recommended_rules['total_recommedations']
 
 class ComputerGroup(core.CoreObject):
   def __init__(self, manager=None, api_response=None, log_func=None):

lib/deepsecurity/core.py

@@ -256,8 +256,9 @@ def _request(self, request, auth_required=True):
           if result['raw']:
             result['data'] = json.loads(result['raw'])
         except Exception, json_err:
-          self.log("Could not convert response from call {} to JSON".format(request['call']), err=json_err)
-
+          # report the exception as 'info' because it's not fatal and the data is 
+          # still captured in result['raw']
+          self.log("Could not convert response from call {} to JSON. Threw exception:\n\t{}".format(request['call'], json_err), level='info')
     return result
 
   def _prefix_keys(self, prefix, d):

lib/deepsecurity/dsm.py

@@ -357,6 +357,7 @@ def get_rule_recommendations_for_computer(self, computer_id):
       if response and response['status'] == 200:
         # response contains the internal rule ID
         for internal_rule_id in response['data']:
+          if internal_rule_id == u'@xmlns': continue
           results[rule_key].append(internal_rule_id)
           results['total_recommedations'] += 1
 

lib/sqli.py

@@ -220,11 +220,12 @@ def get_deep_security_info(self):
     """
     self._log("Requesting information from Deep Security about your deployment", priority=True)
     if self.dsm:
-      self.dsm.get_all()
+      self.dsm.policies.get()
+      self.dsm.computer_groups.get()
       self._log("Requesting rules from the Deep Security manager. This will take a few seconds...")
-      self.dsm.get_all_rules()
+      self.dsm.rules.get()
       self._log("Requesting computers from the Deep Security manager. This will take a few seconds...")
-      self.dsm.get_computers_with_details()
+      self.dsm.computers.get()
       self._log("Requested information from the Deep Security manager cached locally")
 
   def compare_ec2_to_deep_security(self):
@@ -236,7 +237,7 @@ def compare_ec2_to_deep_security(self):
     recommendations = {}
     if self.dsm and self.dsm.computers and self.instances:
       for computer_id, computer_details in self.dsm.computers.items():
-        ds_instance_map[computer_details.cloud_object_instance_id] = computer_id
+        ds_instance_map[computer_details.cloud_instance_id] = computer_id
 
     for instance_id, instance_details in self.instances.items():
       if ds_instance_map.has_key(instance_id):
@@ -258,8 +259,8 @@ def does_rule_match_sqli(self, rule):
       sqli_recommended = True
 
     if 'application_type_id' in dir(rule):
-      if self.dsm.application_types.has_key(rule.application_type_id):
-        if self.dsm.application_types[rule.application_type_id].tbuid in self.tbuids:
+      if self.dsm.rules['application_types'].has_key(rule.application_type_id):
+        if self.dsm.rules['application_types'][rule.application_type_id].tbuid in self.tbuids:
           sqli_recommended = True
 
     for pattern in self.patterns:
@@ -278,43 +279,46 @@ def analyze_computer(self, ds_computer_id):
     Analyze the specified computer to determine if it should be 
     protected by SQLi rules
     """
-    self._log("Analyzing computer {}:{}".format(ds_computer_id, self.dsm.computers[ds_computer_id].hostname))
+    self._log("Analyzing computer {}:{}".format(ds_computer_id, self.dsm.computers[ds_computer_id].name))
     recommendation = False
-    self.dsm.get_recommended_rules_for_computer(ds_computer_id)
+    self.dsm.get_rule_recommendations_for_computer(ds_computer_id)
     computer = self.dsm.computers[ds_computer_id]
     sqli_recommendations = []
-      
-    # check at the policy level
-    if computer.policy_id:
-      self._log("Computer is protected by Deep Security. Checking rules")
-      for rule_type in [
-        'integrity_monitoring_rules',
-        'log_inspection_rules',
-        'intrusion_prevention_rules'
-        ]:
-        if self.dsm.policies.has_key(computer.policy_id):
-          rule_set = getattr(self.dsm.policies[computer.policy_id], rule_type)
-          if rule_set: # policy has these type of rules applied
-            for rule_id in getattr(self.dsm.policies[computer.policy_id], rule_type)[-1]:
-              rule = self.dsm.rules[rule_type.replace('_rules', '')][rule_id]
-              if self.does_rule_match_sqli(rule): sqli_recommendations.append(rule)
+
+    if 'cloud_instance_id' in dir(computer) and computer.cloud_instance_id and computer.cloud_instance_id.startswith('i-'):
+      # this is an AWS instance
+          
+      # check at the policy level
+      if computer.policy_id:
+        self._log("Computer is protected by Deep Security. Checking rules")
+        for rule_type in [
+          'integrity_monitoring_rule_ids',
+          'intrusion_prevention_rule_ids',
+          'log_inspection_rule_ids'
+          # application_types
+          ]:
+          if self.dsm.policies.has_key(computer.policy_id):
+            rule_set = getattr(self.dsm.policies[computer.policy_id], rule_type)
+            if rule_set and rule_set.has_key('item'): # policy has these type of rules applied
+              for rule_id in rule_set['item']:
+                rule = self.dsm.rules[rule_type.replace('_rule_ids', '')][rule_id]
+                if self.does_rule_match_sqli(rule): sqli_recommendations.append(rule)
+            else:
+              self._log("Instance {} has no rules of type {} applied".format(computer.cloud_instance_id, rule_type))
           else:
-            self._log("Instance {} has no rules of type {} applied".format(computer.cloud_object_instance_id, rule_type))
-        else:
-          self._log("Policy {} is not available for analysis".format(computer.policy_id))
-    else:
-      self._log("Deep Security is aware of the instance but is not protecting it with a policy")
-      recommendation = None
-
-    # now check for any recommendations to the computer
-    for rule_type, rules in computer.recommended_rules.items():
-      self._log("Checking for recommended {} rules".format(rule_type))
-      for rule_id, rule in rules.items():
-        if self.does_rule_match_sqli(rule): sqli_recommendations.append(rule)
-      
-      for application_type_id, application_type in computer.application_types.items():
-        if application_type.tbuid in self.tbuids:
-          sqli_recommendations.append(application_type)
+            self._log("Policy {} is not available for analysis".format(computer.policy_id))
+      else:
+        self._log("Deep Security is aware of the instance but is not protecting it with a policy")
+        recommendation = None
+
+      # now check for any recommendations to the computer
+      if computer.recommended_rules:
+        for rule_type, rules in computer.recommended_rules.items():
+          self._log("Checking for recommended {} rules".format(rule_type))
+          for rule_id, rule in rules.items():
+            if self.does_rule_match_sqli(rule): sqli_recommendations.append(rule)
+      else:
+        self._log("There are no rule recommendations for instance {}".format(computer.cloud_instance_id))
 
     if len(sqli_recommendations) > 1:
       recommendation = True if len(sqli_recommendations) > 0 else False