109 lines
2.6 KiB
Python
109 lines
2.6 KiB
Python
#!/usr/bin/env python
|
|
|
|
"""Build Splunk app package"""
|
|
|
|
import tarfile
|
|
from configparser import ConfigParser
|
|
from os import environ, path
|
|
from re import search, sub
|
|
from subprocess import check_call
|
|
from sys import executable
|
|
|
|
|
|
def version():
|
|
"""
|
|
Return version number from app.conf or commit hash if in CI
|
|
"""
|
|
|
|
commit_sha = (
|
|
(
|
|
# gitlab
|
|
environ.get("CI_COMMIT_TAG")
|
|
or environ.get("CI_COMMIT_SHORT_SHA")
|
|
# github
|
|
or (
|
|
environ.get("GITHUB_REF_NAME")
|
|
if environ.get("GITHUB_REF_TYPE") == "tag"
|
|
else None
|
|
)
|
|
or environ.get("GITHUB_SHA", "")[0:8]
|
|
)
|
|
if environ.get("CI") == "true"
|
|
else None
|
|
)
|
|
if commit_sha:
|
|
return commit_sha
|
|
|
|
app_conf_path = path.join(
|
|
"default",
|
|
"app.conf",
|
|
)
|
|
app_conf = ConfigParser()
|
|
app_conf.read(app_conf_path)
|
|
return app_conf["launcher"]["version"]
|
|
|
|
|
|
def exclusion(tarinfo):
|
|
"""Exclude dev files and cache, and reset file stats"""
|
|
|
|
# exclude certain folders/files
|
|
pathname = tarinfo.name
|
|
if search(
|
|
r"/\.|\\\.|__pycache__|pyproject.toml|requirements|build.py|tar.gz", pathname
|
|
):
|
|
return None
|
|
|
|
# rename parent folder as "malware_filter"
|
|
tarinfo.name = sub(r"^.", "malware_filter", pathname)
|
|
|
|
# reset file stats
|
|
# based on https://splunkbase.splunk.com/app/833
|
|
tarinfo.uid = 1001
|
|
tarinfo.gid = 123
|
|
tarinfo.uname = tarinfo.gname = ""
|
|
|
|
return tarinfo
|
|
|
|
|
|
print("Installing dependencies into './lib/'...")
|
|
check_call(
|
|
[
|
|
executable,
|
|
"-m",
|
|
"pip",
|
|
"install",
|
|
"--quiet",
|
|
"-r",
|
|
"requirements.txt",
|
|
"-t",
|
|
"lib",
|
|
"--upgrade",
|
|
]
|
|
)
|
|
|
|
pkg_file = f"malware_filter-{version()}.tar.gz"
|
|
print(f"Creating {pkg_file}...")
|
|
with tarfile.open(pkg_file, "w:gz") as tar:
|
|
tar.add(".", filter=exclusion)
|
|
|
|
# Splunk 8 workaround
|
|
# Splunk scheduler may not run scheduled searches (alert/report) without this workaround
|
|
commands_conf_path = path.join(
|
|
"default",
|
|
"commands.conf",
|
|
)
|
|
commands_conf = ConfigParser()
|
|
commands_conf.read(commands_conf_path)
|
|
commands_conf["default"]["chunked"] = "false"
|
|
with open(commands_conf_path, "w") as f:
|
|
commands_conf.write(f)
|
|
|
|
pkg_file_8 = f"malware_filter-{version()}-splunk8.tar.gz"
|
|
print(f"Creating {pkg_file_8}...")
|
|
with tarfile.open(pkg_file_8, "w:gz") as tar:
|
|
tar.add(".", filter=exclusion)
|
|
|
|
commands_conf["default"]["chunked"] = "true"
|
|
with open(commands_conf_path, "w") as f:
|
|
commands_conf.write(f)
|