No project description provided

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for 0xh0b0 from gravatar.com 0xh0b0 Avatar for avishulman from gravatar.com avishulman Avatar for functionshieldci from gravatar.com functionshieldci Avatar for orysegal from gravatar.com orysegal

Unverified details

These details have not been verified by PyPI

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

Author: PureSec

Project description

FunctionShield

Serverless Security Library for Developers. Regain Control over Your Serverless Runtime.

How FunctionShield helps With Serverless Security?

  • By monitoring (or blocking) outbound network traffic from your function, you can be certain that your data is never leaked

  • By disabling read/write operations on the /tmp/ directory, you can make your function truly ephemeral

  • By disabling the ability to launch child processes, you can make sure that no rogue processes are spawned without your knowledge by potentially malicious packages

  • By disabling the ability to read the function’s (handler) source code through the file system, you can prevent handler source code leakage, which is oftentimes the first step in a serverless attack

Supports AWS Lambda and Google Cloud Functions

Get a free token

Please visit: https://www.puresec.io/function-shield-token-form

Install

$ pip install function-shield

Super simple to use

import function_shield

function_shield.configure({
    "policy": {
        # 'block' mode => active blocking
        # 'alert' mode => log only
        # 'allow' mode => allowed, implicitly occurs if key does not exist
        "outbound_connectivity": "block",
        "read_write_tmp": "block",
        "create_child_process": "block",
        "read_handler": "block"
    },
    "token": os.environ['FUNCTION_SHIELD_TOKEN']
})

def handler(event, context):
    # Your Code Here #

Logging & Security Visibility

FunctionShield logs are sent directly to your function’s AWS CloudWatch log group. Here are a few sample logs, demonstrating the log format you should expect:

// Log example #1:
{
    "function_shield": true,
    "policy": "outbound_connectivity",
    "details": {
        "host": "google.com"
    },
    "mode": "alert"
}

// Log example #2:
{
    "function_shield": true,
    "policy": "read_write_tmp",
    "details": {
        "path": "/tmp/node-alert"
    },
    "mode": "alert"
}

// Log example #3:
{
    "function_shield": true,
    "policy": "create_child_process",
    "details": {
        "path": "/bin/sh"
    },
    "mode": "block"
}

// Log example #4:
{
   "function_shield": true,
   "policy": "read_handler",
   "details": {
       "path": "/var/task/handler.js"
   },
   "mode": "alert"
}

Custom Security Policy (whitelisting)

Custom security policy is only supported with the PureSec SSRE full product.

Get PureSec

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for 0xh0b0 from gravatar.com 0xh0b0 Avatar for avishulman from gravatar.com avishulman Avatar for functionshieldci from gravatar.com functionshieldci Avatar for orysegal from gravatar.com orysegal

Unverified details

These details have not been verified by PyPI

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

Author: PureSec


Release history Release notifications | RSS feed

2.0.16

2.0.15

2.0.14

2.0.12

2.0.11

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

1.2.7

This version

1.2.4

1.2.0

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.7

1.0.6

1.0.5

1.0.4

1.0.3

1.0.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

function-shield-1.2.4.tar.gz (72.6 kB view hashes)

Uploaded Source

Built Distribution

function_shield-1.2.4-py2.py3-none-any.whl (73.7 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page