Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ENG-44960: Resource provider for session identification response rule #27

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

ENG-44960: Resource provider for session identification response rule #27

wants to merge 4 commits into from

Conversation

meghana-pedduri
Copy link
Contributor

Example usage:

resource "traceable_session_identification_response_rule" "example" {
  name             = "example-session-rule"
  description      = "This is an example session identification rule"
  environment_names = ["dev", "prod"]
  service_names     = ["service1", "service2"]
  url_match_regexes = ["^/api/.*$", "^/internal/.*$"]

  token_extraction_condition_list {
    condition_response_header {
      key      = "X-Example-Header"
      operator = "EQUALS"
      value    = "example-value"
    }
  }

  session_token_details {
    token_response_header {
      token_key = "Authorization"
      operator  = "MATCHES_REGEX"
    }
  }

  obfuscation       = true
  expiration_type   = "JWT"

  token_value_transformation_list {
    json_path             = "$.token"
  }
}

Schema:

Required:
name: (string) name of the rule
service_names: (list of string) list of all the services the rule would be applicable for
environment_names: (list of string) list of all the env the rule would be applicable for
session_token_details: (list of objects - atmost one allowed): Details of the session token of type request
obfuscation: (boolean) If the obfuscation strategy of HASH to be used
Optional:
description: (string) description of the rule
url_match_regexes: (list of strings) the regex values of the url indicating its segment values that we would choose to redact
token_extraction_condition_list: (list of objects) the conditions to satisfy token extraction
expiration_type: (string) expiration is jwt based or not applicable
token_value_transformation_list: (list of objects) conditions for value transformations

prisma-cloud-devsecops[bot]
prisma-cloud-devsecops bot reviewed Jun 21, 2024
View reviewed changes
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prisma Cloud has found errors in this PR ⬇️

provider/resource_session_identification_response_rule.go

sessionTokenRules := ruleDetails["sessionTokenRules"].([]interface{})
if len(sessionTokenRules) > 0 {
sessionTokenRule := sessionTokenRules[0].(map[string]interface{})
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOW  Random High Entropy String detected in code
    Resource: 7195595776a225335a8d5f1413649a0c003a9ad2 | Checkov ID: CKV_SECRET_80

Description

Entropy checks help detect unstructured secrets by measuring the entropy level of a single string. Entropy is a concept used to assign a numerical score to how unpredictable a password is or the likelihood of highly random data in a string of characters. Strings with a high entropy score are flagged as suspected secrets.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prisma-cloud-devsecops prisma-cloud-devsecops[bot] prisma-cloud-devsecops[bot] left review comments

@murari54 murari54 Awaiting requested review from murari54

@adityaKumar9006 adityaKumar9006 Awaiting requested review from adityaKumar9006

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@meghana-pedduri