确保 App Engine 应用程序强制执行 HTTPS 连接

问题描述 投票:0回答:1

我必须验证控制应用程序的 app.yaml 文件是否包含强制执行的行 安全连接。例如

handlers:
- url: /.*
 secure: always
 redirect_http_response_code: 301
 script: auto

我创建了一个Python,它获取GCP中的所有项目列表并检查应用程序部署的版本,然后检查app.yaml,例如。 处理者:

  • 网址:/.* 安全:始终 重定向http响应代码:301 脚本:自动

我得到了带有版本 ID 的输出,但没有找到 app.yaml 文件。

Code Here

import subprocess
import csv
import re

# Get a list of all Google Cloud projects
projects = subprocess.run(["gcloud", "projects", "list", "--format=value(projectId)"], capture_output=True, text=True)
project_ids = projects.stdout.splitlines()

results = []

for project_id in project_ids:
    # Get versions for App Engine services within each project
    app_versions_command = f"gcloud app versions list --format='table(version.id)' --project={project_id} --service=default"
    app_versions_output = subprocess.run(app_versions_command, shell=True, capture_output=True, text=True)

    if app_versions_output.returncode == 0:
        versions = app_versions_output.stdout.splitlines()[1:]  # Skip header
        for version in versions:
            version = version.strip()
            # Get app.yaml content for each version
            app_yaml_command = f"gcloud app versions describe {version} --project={project_id} --service=default --format='get(config.appYaml)'"
            app_yaml_content = subprocess.run(app_yaml_command, shell=True, capture_output=True, text=True)

            if app_yaml_content.returncode == 0:
                yaml_content = app_yaml_content.stdout
                # Check if the app.yaml file contains the specific configuration
                if re.search(r'handlers:\s*- url: /.*\s*  secure: always\s*  redirect_http_response_code: 301\s*  script: auto', yaml_content):
                    results.append({"Project ID": project_id, "Version ID": version, "Secure Connection": "Enforced"})
                else:
                    results.append({"Project ID": project_id, "Version ID": version, "Secure Connection": "Not Enforced"})
            else:
                results.append({"Project ID": project_id, "Version ID": version, "Secure Connection": "No app.yaml found"})
    else:
        results.append({"Project ID": project_id, "Version ID": "N/A", "Secure Connection": "Error fetching versions"})

# Export results to a CSV file
with open('secure_connections_all_versions.csv', 'w', newline='') as csvfile:
    fieldnames = ['Project ID', 'Version ID', 'Secure Connection']
    writer = csv.DictWriter(csvfile, fieldnames=fieldnames)

    writer.writeheader()
    writer.writerows(results)

print("Results exported to secure_connections_all_versions.csv")

如果找到 app.yaml,请检查 app.yaml 中的以下代码

handlers:
- url: /.*
 secure: always
 redirect_http_response_code: 301
 script: auto
python security google-cloud-platform google-app-engine cloud-security
1个回答
0
投票

将此作为社区维基共享以造福他人

正如@Puteri 和@Touhid Alam 所讨论的那样

这个命令有效吗? gcloud 应用程序版本描述 {version} --project={project_id} --service=default --format='get(config.appYaml)'。另一方面,最好使用 GCP 库,而不是使用 python 运行 gcloud 命令并解析输出

此命令适用于 gcloud 应用程序版本描述 {version} --project={project_id} --service=default

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.