add best practices for envs

fkie-cad · Apr 8, 2024 · ef0bf58 · ef0bf58
1 parent 9b61618
commit ef0bf58
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 6 deletions.
diff --git a/doc/source/custom_extensions/security_best_practices.py b/doc/source/custom_extensions/security_best_practices.py
@@ -31,7 +31,7 @@ def visit_best_practice_node(self, node):
     self.visit_admonition(node)
 
 
-def depart_best_practice_node_node(self, node):
+def depart_best_practice_node(self, node):
     self.depart_admonition(node)
 
 
@@ -125,12 +125,11 @@ def create_back_reference(app, fromdocname, node_info):
 
 def setup(app: Sphinx):
     """Initializer for the Security Best Practices Extension"""
-    app.add_node(SecurityBestPracticesLists)
     app.add_node(
         SecurityBestPractice,
-        html=(visit_best_practice_node, depart_best_practice_node_node),
-        latex=(visit_best_practice_node, depart_best_practice_node_node),
-        text=(visit_best_practice_node, depart_best_practice_node_node),
+        html=(visit_best_practice_node, depart_best_practice_node),
+        latex=(visit_best_practice_node, depart_best_practice_node),
+        text=(visit_best_practice_node, depart_best_practice_node),
     )
     app.add_directive("security-best-practice", BestPracticeDirective)
     app.add_directive("security-best-practices-list", BestPracticeListDirective)

diff --git a/doc/source/user_manual/configuration/input.rst b/doc/source/user_manual/configuration/input.rst
@@ -12,7 +12,7 @@ Input
    The connectors :code:`DummyInput`, :code:`JsonInput` and :code:`JsonlInput` are mainly designed
    for debugging purposes.
 
-   Furthermore, it is suggested to enable the :code:`HMAC` preprocessor to ensure no temparing of
+   Furthermore, it is suggested to enable the :code:`HMAC` preprocessor to ensure no tempering of
    processed events.
 
    .. code:: yaml

diff --git a/logprep/util/configuration.py b/logprep/util/configuration.py
@@ -129,6 +129,16 @@
 :code:`CI_`. Lowercase variables are ignored. Forbidden
 variable names are: :code:`["LOGPREP_LIST"]`, as it is already used internally.
 
+.. security-best-practice::
+   :title: Configuration Environment Variables
+
+   As it is possible to replace all configuration options with environment variables it is
+   recommended to use these especially for sensitive information like usernames, password, secrets
+   or hash salts.
+   Examples where this could be useful would be the :code:`key` for the hmac calculation (see
+   `input` > `preprocessing`) or the :code:`user`/:code:`secret` for the elastic-/opensearch
+   connectors.
+
 The following config file will be valid by setting the given environment variables:
 
 ..  code-block:: yaml