Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Whitelisting Features to allow some external conntections #4

Merged
merged 3 commits into from
Sep 12, 2023
Merged

Add Whitelisting Features to allow some external conntections #4

merged 3 commits into from
Sep 12, 2023

Conversation

sva-mk
Copy link
Contributor

@sva-mk sva-mk commented Sep 11, 2023

Dear MISP-Guard maintainers,

I would like to submit a pull request addressing the need to allow external MISP feed connections while maintaining MISP-Guard's security posture.

Motivation

MISP-Guard currently blocks all connections to and from unknown sources by default, which is an important security measure. However, many users rely on external MISP feeds to improve their threat intelligence. Therefore, it should be possible to whitelist URLs and domains so that feeds and MISPGuard can be used at the same time.

Proposed Changes

I have added a new feature to MISP-Guard that allows users to define a whitelist of trusted external MISP feed URLs and domains. Any connection request from a server configured in instances_host_mapping to one of the entries in this whitelist will be allowed, while connections from unknown sources will still be blocked.

The changes include:

  1. Configuration Option: Added a new configuration option in the config.schema.json file to specify a list of trusted external urls and domains. With the help of json arrays, users can add their MISP-Feeds to this list for whitelisting.
  2. Enhanced testing: The test suite has been extended to thoroughly cover the new whitelisting feature. Extended pytest suite to ensure correctness and security of changes.
  3. Documentation: Updated the project documentation to explain how to configure and use the new whitelisting feature effectively.

Conclusion

I believe this feature will enhance the usability of MISP-Guard for users who rely on external MISP feeds. It strikes a balance between security and flexibility, allowing connections to known and trusted sources while maintaining the default security level.

I look forward to your feedback and am open to making any necessary adjustments based on your review. Thanks for considering this pull request.

Sincerely,
sva-mk

@adulau adulau requested a review from righel September 12, 2023 04:51
@righel righel self-assigned this Sep 12, 2023
@righel
Copy link
Collaborator

righel commented Sep 12, 2023

Hello @sva-mk ,
The code and tests look good to me. Could you please change the term whitelisting to allowlist, both in the code and docs.
Thanks a lot for your contribution, indeed it would make the tool way more usable in real life scenarios.

righel
righel reviewed Sep 12, 2023
View reviewed changes
righel
righel reviewed Sep 12, 2023
View reviewed changes
righel
righel reviewed Sep 12, 2023
View reviewed changes
righel
righel reviewed Sep 12, 2023
View reviewed changes
@righel righel merged commit 8e68231 into MISP:main Sep 12, 2023
@righel
Copy link
Collaborator

righel commented Sep 12, 2023

Thanks a lot! Great work.

@sva-mk
Copy link
Contributor Author

sva-mk commented Sep 12, 2023

Thank you for your feedback and positive assessment of the code and tests! I appreciate your suggestion to use the term "allowlist" instead of "whitelist" in the code and documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@righel righel righel left review comments

Assignees

@righel righel

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sva-mk @righel