splunk-malware-filter/build.py

109 lines
2.6 KiB
Python
Raw Normal View History

2023-01-27 09:47:59 +00:00
#!/usr/bin/env python
"""Build Splunk app package"""
import tarfile
from configparser import ConfigParser
from os import environ, path
from re import search, sub
from subprocess import check_call
from sys import executable
def version():
"""
Return version number from app.conf or commit hash if in CI
"""
commit_sha = (
(
# gitlab
environ.get("CI_COMMIT_TAG")
or environ.get("CI_COMMIT_SHORT_SHA")
# github
or (
environ.get("GITHUB_REF_NAME")
if environ.get("GITHUB_REF_TYPE") == "tag"
else None
)
or environ.get("GITHUB_SHA", "")[0:8]
)
if environ.get("CI") == "true"
else None
2023-01-27 09:47:59 +00:00
)
if commit_sha:
return commit_sha
app_conf_path = path.join(
"default",
"app.conf",
)
app_conf = ConfigParser()
app_conf.read(app_conf_path)
2023-02-04 22:31:02 +00:00
return app_conf["launcher"]["version"]
2023-01-27 09:47:59 +00:00
def exclusion(tarinfo):
"""Exclude dev files and cache, and reset file stats"""
# exclude certain folders/files
pathname = tarinfo.name
if search(
2023-02-04 09:46:23 +00:00
r"/\.|\\\.|__pycache__|pyproject.toml|requirements|build.py|tar.gz", pathname
2023-01-27 09:47:59 +00:00
):
return None
# rename parent folder as "malware_filter"
tarinfo.name = sub(r"^.", "malware_filter", pathname)
# reset file stats
# based on https://splunkbase.splunk.com/app/833
tarinfo.uid = 1001
tarinfo.gid = 123
tarinfo.uname = tarinfo.gname = ""
return tarinfo
print("Installing dependencies into './lib/'...")
check_call(
[
executable,
"-m",
"pip",
"install",
"--quiet",
"-r",
"requirements.txt",
"-t",
"lib",
"--upgrade",
]
)
pkg_file = f"malware_filter-{version()}.tar.gz"
print(f"Creating {pkg_file}...")
with tarfile.open(pkg_file, "w:gz") as tar:
tar.add(".", filter=exclusion)
2023-02-04 22:31:02 +00:00
# Splunk 8 workaround
# Splunk scheduler may not run scheduled searches (alert/report) without this workaround
commands_conf_path = path.join(
"default",
"commands.conf",
)
commands_conf = ConfigParser()
commands_conf.read(commands_conf_path)
commands_conf["default"]["chunked"] = "false"
with open(commands_conf_path, "w") as f:
commands_conf.write(f)
pkg_file_8 = f"malware_filter-{version()}-splunk8.tar.gz"
print(f"Creating {pkg_file_8}...")
with tarfile.open(pkg_file_8, "w:gz") as tar:
tar.add(".", filter=exclusion)
commands_conf["default"]["chunked"] = "true"
with open(commands_conf_path, "w") as f:
commands_conf.write(f)