Validated the region passed before instantiating the service class #16463
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nico-stefani
added
type/bug
8 tasks
fdalmaup
requested changes
Mar 27, 2023
I chose this behavior because the module can receive multiple regions for one execution. Then if one valid and one invalid region are passed, the execution can process the valid one. |
fdalmaup
requested changes
Mar 28, 2023
wodles/aws/aws_s3.py
Outdated
| try: | ||
| service_type.check_region(region) | ||
| except ValueError: | ||
| debug(f"+++ WARNING: The region '{region}' is not a valid one.", 1) |
There was a problem hiding this comment.
The warning message is only displayed when the module is manually executed but not when configured in the ossec.conf file. We should check this behavior so the users acknowledge the problem as soon as possible and do not need to set the debug level and reset the module.
There was a problem hiding this comment.
As we discuss, the best solution, for now, is to raise an exception and quit the execution. Until we have #16301.
I will do the changes.
Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
nico-stefani
force-pushed
the
fix/16301-explicit-messages-for-services-invalid-region
branch
from
9306286
to
d401ddf
Compare
davidjiglesias
deleted the
fix/16301-explicit-messages-for-services-invalid-region
branch
nico-stefani
added a commit
that referenced
this pull request
Apr 14, 2023
…16463) * Validated the region passed before instantiating the service class * Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Exit with error when receive and invalid region --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
nico-stefani
added a commit
that referenced
this pull request
Apr 18, 2023
…16463) * Validated the region passed before instantiating the service class * Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Exit with error when receive and invalid region --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
nico-stefani
added a commit
that referenced
this pull request
Apr 26, 2023
…16463) * Validated the region passed before instantiating the service class * Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Exit with error when receive and invalid region --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
nico-stefani
added a commit
that referenced
this pull request
May 9, 2023
…16463) * Validated the region passed before instantiating the service class * Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Exit with error when receive and invalid region --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
davidjiglesias
pushed a commit
that referenced
this pull request
May 10, 2023
* Validated the region passed before instantiating the service class (#16463) * Validated the region passed before instantiating the service class * Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Exit with error when receive and invalid region --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Show explicit messages when there aren't logs to process (#16365) * Improve filter aguments for custom buckets * Improve check for empty bucket in server access * Fix custom bucket markers (#16410) * Fix query paramters for CustomBucket.sql_find_last_key_processed * Show message when there aren't logs to process in custom buckets * Apply improvements to ServerAccessBucket.iter_files_in_bucket * Add missing counter for processed_logs * Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Fix method callbacks --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Improve VPCFlow and Config items iteration (#16325) * Implement basic changes * Use methods inherited from AWSBucket * Improve items iteration AWSVPCFlowBucket * Use methods inherited from AWSBucket in AWSVPCFlowBucket * Clean up unused methods and variables * Fix too many blank lines * Handle exception when an inexistent region was provided (#16332) * Handle exception when an inexistent region was provided * Get regions from constant * Use AWSBucket.empty_bucket_message_template in AWSLBBucket class * Add AWS parser validations (#16493) * Fix bucket and service empty messages * Fix bucket and service invalid value messages * Improve regex validation for bucket name * Improve regex validation for prefix and rename function * Improved regex validation for region and avoided repeated ones * Show error and exit for empty log group * Added function to validate aws_log_groups argument * Sorted regions after validation * Use AWSBucket.empty_bucket_message_template native guarduty case --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
mhamra
pushed a commit
that referenced
this pull request
May 24, 2023
* Validated the region passed before instantiating the service class (#16463) * Validated the region passed before instantiating the service class * Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Exit with error when receive and invalid region --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Show explicit messages when there aren't logs to process (#16365) * Improve filter aguments for custom buckets * Improve check for empty bucket in server access * Fix custom bucket markers (#16410) * Fix query paramters for CustomBucket.sql_find_last_key_processed * Show message when there aren't logs to process in custom buckets * Apply improvements to ServerAccessBucket.iter_files_in_bucket * Add missing counter for processed_logs * Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Fix method callbacks --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Improve VPCFlow and Config items iteration (#16325) * Implement basic changes * Use methods inherited from AWSBucket * Improve items iteration AWSVPCFlowBucket * Use methods inherited from AWSBucket in AWSVPCFlowBucket * Clean up unused methods and variables * Fix too many blank lines * Handle exception when an inexistent region was provided (#16332) * Handle exception when an inexistent region was provided * Get regions from constant * Use AWSBucket.empty_bucket_message_template in AWSLBBucket class * Add AWS parser validations (#16493) * Fix bucket and service empty messages * Fix bucket and service invalid value messages * Improve regex validation for bucket name * Improve regex validation for prefix and rename function * Improved regex validation for region and avoided repeated ones * Show error and exit for empty log group * Added function to validate aws_log_groups argument * Sorted regions after validation * Use AWSBucket.empty_bucket_message_template native guarduty case --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR closes #16301. Adds validation for the region passed to the service classes, in order to prevent requesting inexistent endpoints.
Tests