55dbcf536d
|
||
|---|---|---|
| .. | ||
| .gitignore | ||
| README.md | ||
| linux-package-job-submission.md | ||
| msrd.py | ||
| msrd_azure_upload.py | ||
| requirements.txt | ||
README.md
MSRD Job Submission with Python 3
- Uses package-based job submission
- Requires Python 3
- Assumes a Linux environment
Summary
This project is an example of package-based job submission on Linux using the Microsoft Security Risk Detection REST API and Python 3. It exposes several API endpoints via a command line script. It also demonstrates how the MSRD Files API can be used to upload files that will only be available to fuzzing jobs.
Setup
- Ensure you have Python 3 installed.
- Create a new virtualenv named
venvwithpython3 -m venv venv. - Activate the virtualenv with
. venv/bin/activate. - Install dependencies with
pip install -r requirements.txt.
You are now ready to run the scripts.
The msrd.py Script parameters
The msrd.py script has three common parameters.
Each parameter has an associated environment variable.
-
MSRD Account ID: set via the
a/--accountoption or theMSRD_ACCOUNTenvironment variable. -
MSRD API Token: set via the
-t/--tokenoption or theMSRD_TOKENenvironment variable. You can generate API tokens via the Settings page of the MSRD customer portal. -
MSRD URL (optional): set via the
-u/--urloption or theMSRD_URLenvironment variable. Defaults tohttps://microsoftsecurityriskdetection.com.
The Account ID and API Token are a bit long for interactive use, so you may find
it most convenient to create a script that exports the parameters as environment
variables. For example, you may choose to define a file msrd-env.sh like so:
export MSRD_ACCOUNT='your-account-id-goes-here'
export MSRD_TOKEN='your-api-token-goes-here'
You can then pull this into a shell session via . msrd-env.sh. If you do this,
consider adding a .gitignore entry to make sure you don't commit a file like
this to version control!
Example usage: Demofuzz
To help you get up and running, we've provided a job JSON file for use with the
DemofuzzLinux target in SampleFuzzingJobs. This file can be found in the
SampleFuzzingJobs/DemofuzzLinux directory, alongside an install-demofuzz.sh script.
First, ensure you have followed the instructions in the Setup section above. You
can validate that the msrd.py script is correctly configured by running the
command ./msrd.py account-info.
Then, to submit a job, invoke the script like so:
./msrd.py submit \
-j ../SampleFuzzingJobs/DemofuzzLinux/demofuzz-redhat.json \
../SampleFuzzingJobs/DemofuzzLinux/install-demofuzz.sh \
../SampleFuzzingJobs/DemofuzzLinux/demofuzz.exe \
../SampleFuzzingJobs/DemofuzzLinux/seeds/data.bin
This will upload the three files passed as positional arguments,
load demofuzz-redhat.json and update it to include the newly-created URLs
from the File API, and submit the job for fuzzing.
Note that the above assumes that msrd.py has executable permissions, and that
you've made the common script parameters available through environment
variables.
The msrd_azure_upload.py Script parameters
The msrd_azure_upload.py script has three common parameters.
Each parameter has an associated environment variable.
-
Microsoft Azure Storage Account ID: set via the
a/--accountoption or theAZURE_STORAGE_ACCOUNTenvironment variable. You can get this using your Azure customer portal. -
Microsoft Azure Storage Key: set via the
-k/--keyoption or theAZURE_STORAGE_KEYenvironment variable. You can get this using your Azure customer portal. -
Microsoft Azure Container Name: set via the
-c/--containeroption or theAZURE_CONTAINER_NAMEenvironment variable. You can get this using your Azure customer portal.
The Azure credentials are a bit long for interactive use, so you may find
it most convenient to create a script that exports the parameters as environment
variables. For example, you may choose to define a file azure-msrd-env.sh like so:
export AZURE_STORAGE_ACCOUNT='your-storage-account-id-goes-here'
export AZURE_STORAGE_KEY='your-storage-key-goes-here'
export AZURE_CONTAINER_NAME='your-container-name-goes-here'
You can then pull this into a shell session via . azure-msrd-env.sh. If you do this,
consider adding a .gitignore entry to make sure you don't commit a file like
this to version control!
Example usage: Single File Upload
To upload a single file invoke the script like so:
./msrd_azure_upload.py -a <azure_storage_account> -k <azure_storage_key> -c <azure_container_name> upload-file -f <single_file>
This will upload a single file to azure and print out the URL that was generated for it. This will also show that your script is correctly configured.
Example usage: Upload multiple files and output the correct job json.
You can also use this script to take a MSRD job file formated in JSON as input and automatically generate a separate job file that includes the correct file actions, urls, and names added to its setup.package.fileInformations path.
This can be used for a build system, such as a CI/CD pipeline.
The default will only print the newly generated JSON object that uses the input file as its template:
./msrd_azure_upload.py -a <azure_storage_account> -k <azure_storage_key> -c <azure_container_name> update-job-file -i ../job.json <file1> <file2> <fileN>
If you want to output a file you must use the -o flag:
./msrd_azure_upload.py -a <azure_storage_account> -k <azure_storage_key> -c <azure_container_name> update-job-file -i ../job.json -o out_job.json <file1> <file2> <file3>
This will upload the files (Three in the example above) passed as the last positional arguments,
load ../job.json and update it in memory to include the newly-created file information, then save the new json file as out_job.json.
Note: The above assumes that msrd_azure_upload.py has executable permissions.
Note: You can also make all required script parameters available through environment variables. The optional -o script parameter is explicitly not included in this.