policies: add debug flag to PolicyRequest to prevent alerts from testing policies

This commit is contained in:
Jens Langhammer 2021-02-06 21:45:38 +01:00
parent 45963c2ffc
commit ec42869e00
4 changed files with 7 additions and 4 deletions

View File

@ -115,6 +115,7 @@ class PolicyTestView(LoginRequiredMixin, DetailView, PermissionRequiredMixin, Fo
user = form.cleaned_data.get("user")
p_request = PolicyRequest(user)
p_request.debug = True
p_request.http_request = self.request
p_request.context = form.cleaned_data.get("context", {})

View File

@ -67,7 +67,7 @@ def event_trigger_handler(event_uuid: str, trigger_name: str):
# Create the notification objects
for transport in trigger.transports.all():
for user in trigger.group.users.all():
LOGGER.debug("created notif")
LOGGER.debug("created notification")
notification = Notification.objects.create(
severity=trigger.severity, body=event.summary, event=event, user=user
)

View File

@ -80,7 +80,7 @@ class PolicyProcess(PROCESS_CLASS):
)
try:
policy_result = self.binding.policy.passes(self.request)
if self.binding.policy.execution_logging:
if self.binding.policy.execution_logging and not self.request.debug:
self.create_event(
EventAction.POLICY_EXECUTION,
message="Policy Execution",
@ -94,8 +94,9 @@ class PolicyProcess(PROCESS_CLASS):
+ "".join(format_tb(src_exc.__traceback__))
+ str(src_exc)
)
# Create policy exception event
self.create_event(EventAction.POLICY_EXCEPTION, message=error_string)
# Create policy exception event, only when we're not debugging
if not self.request.debug:
self.create_event(EventAction.POLICY_EXCEPTION, message=error_string)
LOGGER.debug("P_ENG(proc): error", exc=src_exc)
policy_result = PolicyResult(False, str(src_exc))
policy_result.source_policy = self.binding.policy

View File

@ -20,6 +20,7 @@ class PolicyRequest:
http_request: Optional[HttpRequest]
obj: Optional[Model]
context: dict[str, Any]
debug: bool = False
def __init__(self, user: User):
super().__init__()