From abda9cf2f1213c77e09dcaa8f3be25351bb37611 Mon Sep 17 00:00:00 2001 From: Calvin Krzywiec Date: Tue, 2 Apr 2019 13:44:52 -0400 Subject: [PATCH] add strict providers option (#450) --- cif/store/__init__.py | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/cif/store/__init__.py b/cif/store/__init__.py index 8d5adc9d..d424b480 100644 --- a/cif/store/__init__.py +++ b/cif/store/__init__.py @@ -49,10 +49,21 @@ # queue max to flush before we hit CIF_STORE_QUEUE_FLUSH mark CREATE_QUEUE_MAX = os.environ.get('CIF_STORE_QUEUE_MAX', 1000) +# require provider to match the token username +STRICT_PROVIDERS = os.environ.get('CIF_STRICT_PROVIDERS', False) +# allow these users to override provider - csv list +STRICT_PROVIDERS_EXCEPTIONS = os.environ.get('CIF_STRICT_PROVIDERS_EXCEPTIONS','csirtg-smrt') +STRICT_PROVIDERS_EXCEPTIONS = STRICT_PROVIDERS_EXCEPTIONS.split(',') + +if STRICT_PROVIDERS in [1, '1']: + STRICT_PROVIDERS = True +else: + STRICT_PROVIDERS = False + MORE_DATA_NEEDED = -2 TRACE = os.environ.get('CIF_STORE_TRACE') - + logger = logging.getLogger(__name__) logger.setLevel(logging.ERROR) @@ -220,6 +231,10 @@ def _flush_create_queue(self): if not i.get('group'): i['group'] = 'everyone' + # optionally force provider to match username with exceptions + if i.get('provider') and STRICT_PROVIDERS and not _t['username'] in STRICT_PROVIDERS_EXCEPTIONS: + i['provider'] = _t['username'] + if not i.get('provider') or i['provider'] == '': i['provider'] = _t['username'] @@ -279,6 +294,10 @@ def handle_indicators_create(self, token, data, id=None, client_id=None, flush=F if not i.get('group'): i['group'] = 'everyone' + # optionally force provider to match username with exceptions + if i.get('provider') and STRICT_PROVIDERS and not t['username'] in STRICT_PROVIDERS_EXCEPTIONS: + i['provider'] = t['username'] + if not i.get('provider') or i['provider'] == '': i['provider'] = t['username']