From 03d7cf7e4180c4cb4aea952a9893f2b24a8e3c78 Mon Sep 17 00:00:00 2001 From: Runar Ask Johannessen <89020325+equinor-ruaj@users.noreply.github.com> Date: Mon, 27 Nov 2023 14:01:12 +0100 Subject: [PATCH] add contributing.md and security.md (#178) --- CONTRIBUTING.md | 28 ++++++++++++ README.md | 113 ++---------------------------------------------- SECURITY.md | 18 ++++++++ 3 files changed, 50 insertions(+), 109 deletions(-) create mode 100644 CONTRIBUTING.md create mode 100644 SECURITY.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..3f65b73 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,28 @@ +# How to contribute to this repo + +We love your input! We want to make contributing to this project as easy and transparent as possible, whether it's: + +- Reporting a bug +- Proposing new features +- Discussing the current state of the code +- Submitting a fix + +This is how you should do it: + +Use our [issue list](../../issues) to report a **bug** or **propose a new feature**, including + +### Reporting a **bug report** +- A quick summary and/or background +- Steps to reproduce +- What actually happens + +### Adding a **feature request** +- Brief description of the feature +- What problem/issue will this solve +- A sort of Definition of Done - "How should it look when finished" + +### When submitting a fix using a Pull Request (PR) +- Fork this repository from GitHub +- After you have made the changes, create a pull request (PR) + +We will review the pull request and if it is appropriate and there are no clashes or vulnerabilities, it will be merged to the main code. \ No newline at end of file diff --git a/README.md b/README.md index 1162550..e0c28cd 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,8 @@ Python wrappers for Sumo APIs +Want to contribute? Read our [contributing](./CONTRIBUTING.md) guidelines + ## Install: pip install sumo-wrapper-python @@ -22,20 +24,10 @@ distribution. - [`token` logic](#token-logic) - [Methods](#methods) - [get(path, \*\*params)](#getpath-params) - - [post(path, json, blob)](#postpath-json-blob) + - [post(path, json, blob, params)](#postpath-json-blob-params) - [put(path, json, blob)](#putpath-json-blob) - [delete(path)](#deletepath) - [Async methods](#async-methods) -- [CallSumoApi (deprecated)](#callsumoapi-deprecated) - - [Initialization](#initialization-1) - - [Parameters](#parameters-1) - - [Examples](#examples) - - [search()](#search) - - [Parameters](#parameters-2) - - [Usage](#usage) - - [searchroot()](#searchroot) - - [Parameters](#parameters-3) - - [Usage](#usage-1) # SumoClient @@ -115,7 +107,7 @@ object_id = "159405ba-0046-b321-55ce-542f383ba5c7" obj = sumo.get(f"/objects('{object_id}')") ``` -### post(path, json, blob) +### post(path, json, blob, params) Performs a POST-request to sumo-core. Accepts json and blob, but not both at the same time. @@ -166,100 +158,3 @@ These accept the same parameters as their synchronous counterparts, but have to # Retrieve userdata user_data = await sumo.get_async("/userdata") ``` - -# CallSumoApi (deprecated) - -Predefined methods for various sumo operations. I.e uploading, searching for and -deleting metadata and blobs. - -### Initialization - -```python -from sumo.wrapper import CallSumoApi - -sumo = CallSumoApi() -``` - -### Parameters - -```python -class CallSumoApi: - def __init__( - self, - env="dev", - resource_id=None, - client_id=None, - outside_token=False, - writeback=False, - ): -``` - -## Examples - -All `CallSumoApi` methods accept a `bearer` argument which lets the user use an -existing access token instead of generating a new one. - -### search() - -Search all objects in sumo. - -#### Parameters - -```python -def search( - self, - query, - select=None, - buckets=None, - search_from=0, - search_size="100", - search_after=None, - bearer=None, -): -``` - -#### Usage - -```python -# Find objects where class = surface -search_results = sumo.search(query="class:surface", search_size="10") - -# Get child objects for a specific object -parent_id = "1234" -children = sumo.search(query=f"_sumo.parent_object:{parent_id}") - -# Get buckets for child object classes (i.e surface, table, polygon) -# This will return a count for every class value -buckets = sumo.search( - query=f"_sumo.parent_object:{parent_id}", - buckets=["class.keyword"] -) -``` - -### searchroot() - -Search for parent objects (object without parent) - -#### Parameters - -```python -def searchroot( - self, - query, - select=None, - buckets=None, - search_from=0, - search_size="100", - bearer=None, -): -``` - -#### Usage - -```python -# Get 3 top level objects for a specific user -peesv_objects = sumo.searchroot( - query="fmu.case.user.id:peesv", - search_size=3 -) -``` diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..ef9aa6f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,18 @@ +# Security + +If you discover a security vulnerability in this project, please follow these steps to responsibly disclose it: + +1. **Do not** create a public GitHub issue for the vulnerability. +2. Follow our guideline for Responsible Disclosure Policy at [https://www.equinor.com/about-us/csirt](https://www.equinor.com/about-us/csirt) to report the issue + +The following information will help us triage your report more quickly: + +- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) +- Full paths of source file(s) related to the manifestation of the issue +- The location of the affected source code (tag/branch/commit or direct URL) +- Any special configuration required to reproduce the issue +- Step-by-step instructions to reproduce the issue +- Proof-of-concept or exploit code (if possible) +- Impact of the issue, including how an attacker might exploit the issue + +We prefer all communications to be in English. \ No newline at end of file