Merge pull request #5 from AikidoSec/AIK-3154

AIK-3154

Makefile

@@ -0,0 +1,7 @@
+.PHONY: build
+build:
+	poetry build
+
+.PHONY: clean
+clean:
+	poetry env remove python

aikido_firewall/__init__.py

@@ -0,0 +1,6 @@
+# Import sources
+import aikido_firewall.sources.django
+import aikido_firewall.sources.flask
+
+# Import middleware
+import aikido_firewall.middleware.django

aikido_firewall/middleware/django.py

@@ -0,0 +1,14 @@
+import logging
+class AikidoMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request, *args, **kwargs):
+        logging.critical("[AIK] Aikido middleware : call")
+        return self.get_response(request)
+
+    def process_exception(self, request, exception):
+        logging.critical("[AIK] Aikido middleware : exception")
+
+    def process_request(self, request):
+        logging.critical("[AIK] Aikido middleware : request")

aikido_firewall/sources/django.py

@@ -0,0 +1,16 @@
+import importhook
+import copy
+from importlib.metadata import version
+
+AIKIDO_MIDDLEWARE_ADDR = "aikido_firewall.middleware.django.AikidoMiddleware"
+
+# Hook 'n wrap on `django.conf`
+# Our goal here is to wrap the settings object and add our middleware into the list
+@importhook.on_import('django.conf')
+def on_django_import(django):
+    modified_django = importhook.copy_module(django)
+    new_middleware_array = [AIKIDO_MIDDLEWARE_ADDR] + django.settings.MIDDLEWARE
+
+    setattr(modified_django.settings, "MIDDLEWARE", new_middleware_array)
+    print("[AIK] Modified Django")
+    return modified_django

aikido_firewall/sources/flask.py

@@ -0,0 +1,31 @@
+import importhook
+import copy
+from importlib.metadata import version
+import logging
+
+class AikidoMiddleware(object):
+    def __init__(self, app):
+        self.app = app
+
+    def __call__(self, environ, start_response):
+        logging.critical("[AIK] Aikido middleware is working")
+        response = self.app(environ, start_response)
+        return response
+
+
+# Hook 'n wrap on `flask.app`
+# Our goal is to wrap the __init__ function of the "Flask" class, so we can insert our middleware
+@importhook.on_import('flask.app')
+def on_flask_import(flask):
+    modified_flask = importhook.copy_module(flask)
+
+    prev_flask_init = copy.deepcopy(flask.Flask.__init__)
+    def aikido_flask_init(_self, *args, **kwargs):
+        prev_flask_init(_self, *args, **kwargs)
+        print("[AIK] Flask version : ", version("flask"))
+        _self.wsgi_app = AikidoMiddleware(_self.wsgi_app)
+        print(_self)
+
+    setattr(modified_flask.Flask, "__init__", aikido_flask_init)
+    print("[AIK] Modified flask")
+    return modified_flask

docs/contributing/python.md

@@ -0,0 +1,10 @@
+# Python configuration
+
+To install and keep track of packages we use "pipenv", so installing packages goes as follows : 
+```bash
+pipenv shell
+```
+And from now on you can install all packages with :
+```
+pipenv install <your_package_name>
+```

pyproject.toml

@@ -1,3 +1,15 @@
+[tool.poetry]
+name = "aikido_firewall"
+version = "0.1.0"
+description = "Aikido RASP for Python"
+authors = ["Aikido"]
+readme = "README.md"
+
+[tool.poetry.dependencies]
+python = "^3.12"
+importhook = "^1.0.9"
+
+
 [build-system]
-requires = ['setuptools>=42']
-build-backend = 'setuptools.build_meta'
+requires = ["poetry-core"]
+build-backend = "poetry.core.masonry.api"

sample-apps/django-mysql/Dockerfile

@@ -1,20 +1,21 @@
 # Use an official Python runtime as a parent image
 FROM python:3
 
-ENV VIRTUAL_ENV=/opt/venv
-RUN python3 -m venv $VIRTUAL_ENV
-ENV PATH="$VIRTUAL_ENV/bin:$PATH"
-
-# Set environment variables
-ENV PYTHONDONTWRITEBYTECODE 1
-ENV PYTHONUNBUFFERED 1
+#Copy code base
+COPY ./ /tmp
 
 # Set the working directory
 WORKDIR /app
 
 # Install dependencies
-COPY Pipfile ./
-RUN pip install --no-cache-dir pipenv && pipenv install
+RUN mv /tmp/sample-apps/django-mysql/requirements.txt ./
+RUN pip install -r requirements.txt
+
+# Build and install aikido_firewall from source
+WORKDIR /tmp
+RUN pip install poetry
+RUN make build
+RUN pip install ./dist/aikido_firewall-0.1.0.tar.gz
+RUN pip list
 
-# Copy the project code into the container
-COPY . /app/
+WORKDIR /app

sample-apps/django-mysql/docker-compose.yml

@@ -20,8 +20,8 @@ services:
 
   backend:
     build: 
-      context: .
-      dockerfile: Dockerfile
+      context: ./../../
+      dockerfile: ./sample-apps/django-mysql/Dockerfile
     container_name: project_name_backend
     command: sh -c "python3 manage.py migrate --noinput && python manage.py runserver 0.0.0.0:8000"
     restart: always

sample-apps/django-mysql/manage.py

@@ -1,5 +1,6 @@
 #!/usr/bin/env python
 """Django's command-line utility for administrative tasks."""
+import aikido_firewall # Aikido module
 import os
 import sys
 

sample-apps/django-mysql/requirements.txt

@@ -0,0 +1,4 @@
+django
+pymysql
+python-decouple
+cryptography