added notes to settings.yaml

moved core app config (name, version) out of settings and into app/app_settings.py added ability to brand SneakyScope to any name added caching of cert information from crt.sh (cache enable and lenght is configurable in settings.yaml) streamlined header/footer loading to be more correct
2025-08-23 20:37:44 -05:00
parent 5af8513e14
commit b59bf67329
17 changed files with 317 additions and 56 deletions
--- a/app/rules/factory.py
+++ b/app/rules/factory.py
@@ -34,18 +34,33 @@ def build_rules_engine() -> RuleEngine:
    def add(rule: Rule):
        eng.add_rule(rule)

-    add(Rule("form_action_missing", "Form has no action attribute", "form", "function",
-             FunctionRuleAdapter(form_action_missing, category="form", adapter=adapter, rule_name="form_action_missing")))
-    add(Rule("form_http_on_https_page", "Form submits via HTTP from HTTPS page", "form", "function",
-             FunctionRuleAdapter(form_http_on_https_page, category="form", adapter=adapter, rule_name="form_http_on_https_page")))
-    add(Rule("form_submits_to_different_host", "Form submits to a different host", "form", "function",
-             FunctionRuleAdapter(form_submits_to_different_host, category="form", adapter=adapter, rule_name="form_submits_to_different_host")))
-    add(Rule("script_src_uses_data_or_blob", "Script src uses data:/blob: URL", "script", "function",
-             FunctionRuleAdapter(script_src_uses_data_or_blob, category="script", adapter=adapter, rule_name="script_src_uses_data_or_blob")))
-    add(Rule("script_src_has_dangerous_extension", "External script with dangerous extension", "script", "function",
-             FunctionRuleAdapter(script_src_has_dangerous_extension, category="script", adapter=adapter, rule_name="script_src_has_dangerous_extension")))
-    add(Rule("script_third_party_host", "Script is from a third-party host", "script", "function",
-             FunctionRuleAdapter(script_third_party_host, category="script", adapter=adapter, rule_name="script_third_party_host")))
+    # Form no action
+    add(Rule(
+    name="form_action_missing",
+    description="Form has no action attribute",
+    category="form",
+    rule_type="function",
+    function=FunctionRuleAdapter(form_action_missing, category="form", adapter=adapter, rule_name="form_action_missing"),
+    ))
+
+    # add(Rule(
+    # name="form_http_on_https_page",
+    # description="Form submits via HTTP from HTTPS page",
+    # category="form",
+    # rule_type="function",
+    # function=FunctionRuleAdapter(form_http_on_https_page, category="form", adapter=adapter, rule_name="form_http_on_https_page"),
+    # ))
+
+    # add(Rule("form_http_on_https_page", "Form submits via HTTP from HTTPS page", "form", "function",
+    #          FunctionRuleAdapter(form_http_on_https_page, category="form", adapter=adapter, rule_name="form_http_on_https_page")))
+    # add(Rule("form_submits_to_different_host", "Form submits to a different host", "form", "function",
+    #          FunctionRuleAdapter(form_submits_to_different_host, category="form", adapter=adapter, rule_name="form_submits_to_different_host")))
+    # add(Rule("script_src_uses_data_or_blob", "Script src uses data:/blob: URL", "script", "function",
+    #          FunctionRuleAdapter(script_src_uses_data_or_blob, category="script", adapter=adapter, rule_name="script_src_uses_data_or_blob")))
+    # add(Rule("script_src_has_dangerous_extension", "External script with dangerous extension", "script", "function",
+    #          FunctionRuleAdapter(script_src_has_dangerous_extension, category="script", adapter=adapter, rule_name="script_src_has_dangerous_extension")))
+    # add(Rule("script_third_party_host", "Script is from a third-party host", "script", "function",
+    #          FunctionRuleAdapter(script_third_party_host, category="script", adapter=adapter, rule_name="script_third_party_host")))

    log.info("Registered %d total rules (YAML + function)", len(eng.rules))
    return eng
--- a/app/rules/rules_engine.py
+++ b/app/rules/rules_engine.py
@@ -143,6 +143,13 @@ class Rule:
            return False, "No match"

        if self.rule_type == "function":
+            if not callable(self.function):
+                logger.warning(
+                    "[Rule] '%s' function is not callable (type=%s, value=%r)",
+                    self.name, type(self.function).__name__, self.function
+                )
+                return False, "Invalid rule configuration: function not callable"
+            
            if callable(self.function):
                try:
                    matched, reason = self.function(text)
@@ -255,7 +262,7 @@ class RuleEngine:
                    )
            return
        
-        if settings.app.log_rule_loads:
+        if settings.logconfig.log_rule_loads:
            logger.info(
                    "[engine] add_rule: %s/%s replace=%s -> count=%d",
                    rule.category, rule.name, bool(replace), len(self._rules)
@@ -308,7 +315,7 @@ class RuleEngine:
        """

        # --- dispatch visibility --- if set to true, we log applied categories
-        if getattr(settings.app, "log_rule_dispatch", False):
+        if getattr(settings.logconfig, "log_rule_dispatch", False):
            all_cats = [r.category for r in self._rules]
            cat_counts = Counter(all_cats)
            # Which categories are being applied this run?