Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Bug: Validation of datatypes is too strict

See original GitHub issue

Background

In current implementation it requires all types in the rule parameter datatypes to be defined in conf/types.json. For example, following rule will return false even normalized type command is defined. It is because the fetch_values_by_datatype helper will return an empty list due to code to validate datatypes at here .

"""This is sample rule to alert on any suspicious use of wget"""
import fnmatch
from helpers.base import fetch_values_by_datatype

@rule(datatypes=['command', 'not_exist_normalized_type'])
def alert_suspecious_wget(rec):
    results = fetch_values_by_datatype(rec, 'command')
    for result in results:
        if fnmatch(result, "wget *"):
            return true
    return false

Desired Change

Return value of normalized types if defined, and ignore normalized types which are not defined in conf/types.json.

Issue Analytics

State:
Created 6 years ago
Comments:6 (3 by maintainers)

Top GitHub Comments

1reaction

chunyong-lincommented, Oct 12, 2017

Yes, I have the fix already, will send PR soon.

1reaction

ghostcommented, Oct 12, 2017

After a use-case Javier raised, and giving it more thought, datatypes should be an OR vs. AND operation. @chunyong-lin - can you make the appropriate changes?