5. Cloud Operations
pyrasp is capable to operate in a 'cloud' environment:
Retrieve initial configuration and updates from remote server
Retrieve Blacklist from remote server at startup
Provide regular agent status to remote server
Provide basic telemetry (cpu & memory usage, number of requests)
Share new blacklisted entries
Update blacklist with new entries provided by remote server
Run
Flask & FastAPI
pyrasp instance creation requires 2 specific arguments:
cloud_url: URL to retrieve agent configuration fromkey: unique key to identify the agent
<rasp_class>(<framework_instance>, cloud_url = <configuration_url>, key = <agent_key>)
Those 2 parameters can be set as environment vaiables - see Environment Variables
from pyrasp.pyrasp import FastApiRASP
app = FastAPI()
rasp = FastApiRASP(app, cloud_url = 'https://pyrasp.my.org/config', key = '000000-1111-2222-3333-44444444' )Django
For cloud agents, PYRASP_CLOUD_URL and PYRASP_KEY variables must be added to the settings.py file of the Django application:
PYRASP_CLOUD_URLcontains the URL to retrieve agent configuration fromPYRASP_KEYis used by the server to uniquely identify the agent.
PYRASP_CLOUD_URL = 'https://pyrasp.my.org/config'
PYRASP_KEY = '000000-1111-2222-3333-44444444'
MIDDLEWARE = [
'pyrasp.pyrasp.DjangoRASP',
...
]AWS Lambda, Google Cloud Functions and Azure Function
pyrasp instance creation requires 2 specific arguments:
cloud_url: URL to retrieve agent configuration fromkey: unique key to identify the agent
@<rasp_class>(cloud_url = <configuration_url>, key = <agent_key>)
Those 2 parameters can be set as environment variables - see Environment Variables
@LambdaRASP(cloud_url = 'https://pyrasp.my.org/config', key = '000000-1111-2222-3333-44444444').register
def lambda_handler(event, context):
...@GcpRASP(cloud_url = 'https://pyrasp.my.org/config', key = '000000-1111-2222-3333-44444444').register
def lambda_handler(event, context):
...Environment Variables
cloud_url and key values can be set as environment variables:
PYRASP_CLOUD_URL: URL to retrieve agent configuration fromPYRASP_KEY: unique key to identify the agent
Connection
Upon connection the pyrasp agent sends a POST request to the specified PYRASP_CLOUD_URL. Format of the JSON content is provided below.
{
"key": "<PYRASP_KEY>",
"version": "<PYRASP_VERSION>",
"platform": "<RUNNING_PLATFORM>",
"routes": {
"<endpoint>": {
"methods": [ "<http_alowed_method>", ... ],
"path": "<path>"
}
}
}Configuration download
Overview
Configuration file and blacklist are retrieved by the agent through a GET request to the URL specified.
At agent startup the remote configuration URL is displayed.
### PyRASP v0.9.0 ##########
[+] Starting PyRASP
[+] Loading default configuration
[+] Loading configuration from http://pyrasp.my.org/config
[+] XSS model loaded
[+] SQLI model loaded
[+] Starting logging process
[+] Starting beacon process
[+] PyRASP succesfully started
############################Format
The response to the request MUST be an application/json body containing the configuration.
The data structure MUST be a dictionary ({})
The JSON configuration MUST be provided in the config key.
Optionaly an initial blacklist can be provided as a dictionary structure in the blacklist key of the response.
The blacklist structure MUST comply with the format detailed in the example below.
Configuration example
{
"config": {
"HOSTS" : ["mysite.mydomain.com"],
"APP_NAME" : "Web Server",
"GTFO_MSG" : "<html><head /><body><h1>You have been blocked</h1></body></html>",
"DENY_STATUS_CODE": 403,
...
},
"blacklist": {
"<ip_address>": <detection_epoch_time>,
...
}
}Last updated