Skip to content

Commit

Permalink
Merge branch 'main' into jof/public/dmz-multiple-tags
Browse files Browse the repository at this point in the history
  • Loading branch information
Evan Gibler authored Dec 12, 2023
2 parents 71b8d94 + 89b6a1f commit 239c2bc
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 12 deletions.
14 changes: 3 additions & 11 deletions global_helpers/panther_base_helpers.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
from functools import reduce
from ipaddress import ip_address, ip_network
from typing import Any, List, Optional, Sequence, Union
from panther_config import config

# # # # # # # # # # # # # #
# Exceptions #
Expand Down Expand Up @@ -35,25 +36,16 @@ def in_pci_scope_tags(resource):
return resource["Tags"].get(CDE_TAG_KEY) == CDE_TAG_VALUE


PCI_NETWORKS = config.PCI_NETWORKS
# Expects a string in cidr notation (e.g. '10.0.0.0/24') indicating the ip range being checked
# Returns True if any ip in the range is marked as in scope
PCI_NETWORKS = [
ip_network("10.0.0.0/24"),
]


def is_pci_scope_cidr(ip_range):
return any(ip_network(ip_range).overlaps(pci_network) for pci_network in PCI_NETWORKS)


DMZ_NETWORKS = config.DMZ_NETWORKS
# Expects a string in cidr notation (e.g. '10.0.0.0/24') indicating the ip range being checked
# Returns True if any ip in the range is marked as DMZ space.
DMZ_NETWORKS = [
ip_network("10.1.0.0/24"),
ip_network("100.1.0.0/24"),
]


def is_dmz_cidr(ip_range):
"""This function determines whether a given IP range is within the defined DMZ IP range."""
return any(ip_network(ip_range).overlaps(dmz_network) for dmz_network in DMZ_NETWORKS)
Expand Down
9 changes: 8 additions & 1 deletion global_helpers/panther_config_defaults.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,16 @@
MS_EXCHANGE_ALLOWED_FORWARDING_DESTINATION_EMAILS = ["postmaster@" + ORGANIZATION_DOMAINS[0]]
TELEPORT_ORGANIZATION_DOMAINS = ORGANIZATION_DOMAINS

# Key/value pairs of tags used to denote resources that are intentionally exposed
DMZ_NETWORKS = [
# ip_network("10.1.0.0/24"),
]

DMZ_TAGS = set(
[
("environment", "dmz"),
]
)

PCI_NETWORKS = [
# ip_network("10.0.0.0/24"),
]

0 comments on commit 239c2bc

Please sign in to comment.