Make changes for a public release

.github/workflows/publish.yml

@@ -0,0 +1,82 @@
+name: Publish Python 🐍 distribution 📦 to PyPI
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  tests:
+    name: Linting and running tests
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Install poetry
+      run: pip install poetry
+    - name: Install dependencies
+      run: poetry install
+    - name: Run Pylint
+      run: |
+        poetry run pylint --fail-under=9 --rcfile=.pylintrc aikido_firewall/
+        pylint_exit_code=$?
+        if [ $pylint_exit_code -ne 0 ]; then
+          echo "Pylint check failed. Please fix the issues."
+          exit 1
+        fi
+
+    - name: Run Black Check
+      run: |
+        poetry run black --check --diff aikido_firewall/
+        black_exit_code=$?
+        if [ $black_exit_code -ne 0 ]; then
+          echo "Black check failed. Please run 'black .' to format the code."
+          exit 1
+        fi
+    - name: Run tests
+      run: |
+        make test
+  build:
+    name: Build distribution 📦
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Install poetry
+      run: pip install poetry
+    - name: Install dependencies
+      run: poetry install
+
+    - name: Build distribution packages
+      run: poetry build
+
+    - name: Store the distribution packages
+      uses: actions/upload-artifact@v3
+      with:
+        name: python-package-distributions
+        path: dist/
+  publish-to-pypi:
+    name: Publish Python 🐍 distribution 📦 to PyPI
+    needs:
+    - build
+    - tests
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
+
+    steps:
+    - name: Download all the dists
+      uses: actions/download-artifact@v3
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install setuptools wheel twine
+
+    - name: Publish to PyPI
+      env:
+        TWINE_USERNAME: __token__
+        TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
+      run: |
+        twine upload dist/*

aikido_firewall/background_process/aikido_background_process.py

@@ -63,7 +63,7 @@ def reporting_thread(self):
         )  # Create an event scheduler
         self.send_to_reporter(event_scheduler)
 
-        api = ReportingApiHTTP("http://app.local.aikido.io/")
+        api = ReportingApiHTTP("https://guard.aikido.dev/")
         # We need to pass along the scheduler so that the heartbeat also gets sent
         self.reporter = Reporter(
             block=check_env_for_blocking(),
@@ -84,7 +84,6 @@ def send_to_reporter(self, event_scheduler):
         event_scheduler.enter(
             EMPTY_QUEUE_INTERVAL, 1, self.send_to_reporter, (event_scheduler,)
         )
-        logger.debug("Checking queue")
         while not self.queue.empty():
             queue_attack_item = self.queue.get()
             self.reporter.on_detected_attack(

aikido_firewall/background_process/commands/__init__.py

@@ -37,4 +37,4 @@ def process_incoming_command(bg_process, obj, conn):
     if action in commands_map:
         commands_map[action](bg_process, data, conn)
     else:
-        logger.info("Command : `%s` not found, aborting", action)
+        logger.debug("Command : `%s` not found, aborting", action)

aikido_firewall/background_process/comms.py

@@ -102,8 +102,8 @@ def target(address, key, receive, data, result_obj):
         t.start()
         t.join(timeout=0.1)
         if not result_obj[0]:
-            logger.info(
-                "Communication returned None between background process and threads"
+            logger.debug(
+                " Failure in communication to background process, %s(%s)", action, obj
             )
             return {"success": False, "error": "timeout"}
 

aikido_firewall/background_process/packages.py

@@ -12,7 +12,7 @@ def add_wrapped_package(pkg_name):
     try:
         pkg_version = metadata.version(pkg_name)
     except metadata.PackageNotFoundError:
-        logger.info(
+        logger.debug(
             "Package `%s` was wrapped but could not find a version, aborting", pkg_name
         )
         return

aikido_firewall/background_process/realtime/__init__.py

@@ -25,9 +25,7 @@ def get_config(token):
     }
     response = requests.get(url, headers=headers, timeout=3)  # timeout in 3 seconds
     if response.status_code != 200:
-        logger.info(
-            "Invalid response from api (Status Code : %s)", response.status_code
-        )
+        logger.info("Invalid response from api : %s", response.status_code)
 
     return response.json()  # Parse and return the JSON response
 
@@ -42,9 +40,6 @@ def get_config_last_updated_at(token):
     }
     response = requests.get(url, headers=headers, timeout=0.5)  # timeout in 500ms
     if response.status_code != 200:
-        logger.info(
-            "Invalid response from realtime api (Status Code : %s)",
-            response.status_code,
-        )
+        logger.info("Invalid response from realtime api : %s", response.status_code)
 
     return int(response.json()["configUpdatedAt"])  #  Return configUpdatedAt time

aikido_firewall/background_process/reporter/on_detected_attack.py

@@ -46,4 +46,4 @@ def on_detected_attack(reporter, attack, context, blocked, stack):
         logger.debug("Result : %s", result)
     except Exception as e:
         logger.debug(e)
-        logger.info("Failed to report attack")
+        logger.info("Failed to report an attack")

aikido_firewall/background_process/reporter/on_detected_attack_test.py

@@ -83,7 +83,7 @@ def test_on_detected_attack_exception_handling(mock_reporter, mock_context, capl
 
     on_detected_attack(mock_reporter, attack, mock_context, blocked=False, stack=None)
 
-    assert "Failed to report attack" in caplog.text
+    assert "Failed to report an attack" in caplog.text
 
 
 def test_on_detected_attack_with_blocked_and_stack(mock_reporter, mock_context):

aikido_firewall/sinks/builtins.py

@@ -4,7 +4,6 @@
 
 import copy
 import importhook
-from aikido_firewall.helpers.logging import logger
 from aikido_firewall.vulnerabilities import run_vulnerability_scan
 
 
@@ -28,5 +27,4 @@ def aikido_new_open(*args, **kwargs):
 
     # pylint: disable=no-member
     setattr(builtins, "open", aikido_new_open)
-    logger.debug("Wrapped `builtins` module")
     return modified_builtins

aikido_firewall/sinks/http_client.py

@@ -20,13 +20,12 @@ def on_http_import(http):
     former_putrequest = copy.deepcopy(http.HTTPConnection.putrequest)
 
     def aik_new_putrequest(_self, method, url, *args, **kwargs):
-        logger.info("HTTP Request [%s] %s:%s %s", method, _self.host, _self.port, url)
+        logger.debug("HTTP Request [%s] %s:%s %s", method, _self.host, _self.port, url)
         run_vulnerability_scan(
             kind="ssrf", op="http.client.putrequest", args=(_self.host, _self.port)
         )
         return former_putrequest(_self, method, url, *args, **kwargs)
 
     # pylint: disable=no-member
     setattr(http.HTTPConnection, "putrequest", aik_new_putrequest)
-    logger.debug("Wrapped `http` module")
     return modified_http

aikido_firewall/sinks/os.py

@@ -4,7 +4,6 @@
 
 import copy
 import importhook
-from aikido_firewall.helpers.logging import logger
 from aikido_firewall.vulnerabilities import run_vulnerability_scan
 
 # File functions :
@@ -68,5 +67,4 @@ def on_os_import(os):
         # pylint: disable=no-member
         setattr(modified_os.path, op, aikido_new_func)
 
-    logger.debug("Wrapped `os` module")
     return modified_os

aikido_firewall/sinks/os_system.py

@@ -4,7 +4,6 @@
 
 import copy
 import importhook
-from aikido_firewall.helpers.logging import logger
 from aikido_firewall.vulnerabilities import run_vulnerability_scan
 
 
@@ -26,5 +25,4 @@ def aikido_new_system(*args, former_system_func=former_system_func, **kwargs):
     setattr(os, "system", aikido_new_system)
     setattr(modified_os, "system", aikido_new_system)
 
-    logger.debug("Wrapped `os` module")
     return modified_os

aikido_firewall/sinks/socket.py

@@ -40,13 +40,12 @@ def on_socket_import(socket):
       -  gethostbyname() -- map a hostname to its IP number
       -  gethostbyaddr() -- map an IP number or hostname to DNS info
     https://github.com/python/cpython/blob/8f19be47b6a50059924e1d7b64277ad3cef4dac7/Lib/socket.py#L10
-    Returns : Modified http.client object
+    Returns : Modified socket object
     """
     modified_socket = importhook.copy_module(socket)
     for op in SOCKET_OPERATIONS:
         former_func = copy.deepcopy(getattr(socket, op))
         setattr(modified_socket, op, generate_aikido_function(former_func, op))
         setattr(socket, op, generate_aikido_function(former_func, op))
 
-    logger.debug("Wrapped `http` module")
     return modified_socket

aikido_firewall/sinks/subprocess.py

@@ -47,5 +47,4 @@ def on_subprocess_import(subprocess):
             generate_aikido_function(op=op, former_func=former_func),
         )
 
-    logger.debug("Wrapped `subprocess` module")
     return modified_subprocess

aikido_firewall/sources/flask.py

@@ -60,7 +60,7 @@ def aikido___call__(flask_app, environ, start_response):
         context1.set_as_current_context()
         request_handler(stage="init")
     except Exception as e:
-        logger.info("Exception on aikido __call__ function : %s", e)
+        logger.debug("Exception on aikido __call__ function : %s", e)
     res = flask_app.wsgi_app(environ, start_response)
     return res
 

aikido_firewall/sources/functions/request_handler.py

@@ -34,7 +34,7 @@ def pre_response():
     context = get_current_context()
     comms = get_comms()
     if not context or not comms:
-        logger.info("Request was not complete, not running any pre_response code")
+        logger.debug("Request was not complete, not running any pre_response code")
         return
 
     # IP Allowlist:

pyproject.toml

@@ -1,7 +1,7 @@
 [tool.poetry]
 name = "aikido_firewall"
 version = "0.0.9"
-description = "Aikido RASP for Python"
+description = "Aikido Zen for Python"
 authors = ["Aikido"]
 readme = "README.md"
 

setup.cfg

@@ -3,7 +3,7 @@ name = aikido_firewall
 version = 1.0.0
 author = Aikido
 author_email = [email protected]
-description = Aikido RASP for Python
+description = Aikido Zen for Python
 long_description = file: README.md
 long_description_content_type = text/markdown
 url = https://github.com/AikidoSec/firewall-python