Created
June 12, 2019 15:47
-
-
Save ritesh/75c990026f725ee3e837e77a51f7957f to your computer and use it in GitHub Desktop.
Testing function-shield
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Source these to pretend you're running in AWS Lambda | |
| # Tested on Linux, might work on OSX | |
| AWS_EXECUTION_ENV=AWS_Lambda_python2.7 | |
| _HANDLER=handler | |
| FUNCTION_SHIELD_TOKEN='base64encoded token you can get from puresec' | |
| # you will also need to create a dir for the function code under /var | |
| # mkdir -p /var/task && ln <fullpath to your the file above> /var/task/handler.py |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import function_shield | |
| import subprocess | |
| function_shield.configure({ | |
| "policy": { | |
| "read_write_tmp": "alert", | |
| "create_child_process": "alert", | |
| "outbound_connectivity": "block", | |
| "read_handler": "block" | |
| }, | |
| "disable_analytics": True, | |
| "token": os.environ['FUNCTION_SHIELD_TOKEN'] | |
| }) | |
| def hello(event, context): | |
| print("started") | |
| with open('/tmp/python-alert', 'w'): | |
| pass | |
| with open('/var/task/handler.py', 'r'): | |
| pass | |
| subprocess.Popen('touch /tmp/hello', shell=True) | |
| os.system('curl 4.4.4.4') | |
| os.system('curl http://localhost:8000/') | |
| # os.system('cat /var/task/handler.py') | |
| return True | |
| if __name__ == '__main__': | |
| hello(1, 2) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment