ai_root_shield 0.3.0 → 0.5.0

data/exe/ai_root_shield

@@ -3,6 +3,7 @@
 
 require "optparse"
 require "json"
+require "fileutils"
 require_relative "../lib/ai_root_shield"
 
 # Command line interface for AI Root Shield
@@ -19,13 +20,42 @@ class AiRootShieldCLI
       enable_network_analysis: true,
       enable_ai_behavioral_analysis: true,
       enable_rasp_protection: false,
-      rasp_monitoring_time: 5
+      rasp_monitoring_time: 5,
+      policy_file: nil,
+      enable_certificate_pinning: false,
+      enable_proxy_detection: false,
+      target_ip: nil,
+      target_url: nil,
+      # v0.5.0 new options
+      platform: nil,
+      safetynet_api_key: nil,
+      package_name: nil,
+      ci_mode: false,
+      artifacts_path: './security_test_artifacts',
+      siem_platform: nil,
+      siem_endpoint: nil,
+      siem_token: nil,
+      start_dashboard: false,
+      dashboard_port: 4567,
+      generate_ci_config: nil,
+      enable_unified_reporting: false
     }
   end
 
   def run(args)
     parse_options(args)
     
+    # Handle special commands first
+    if @options[:start_dashboard]
+      start_dashboard
+      return
+    end
+    
+    if @options[:generate_ci_config]
+      generate_ci_config
+      return
+    end
+    
     if args.empty?
       puts "Error: Please provide a device logs file path"
       puts "Usage: ai_root_shield [options] <device_logs.json>"
@@ -40,6 +70,33 @@ class AiRootShieldCLI
     end
 
     begin
+      # Configure SIEM if provided
+      if @options[:siem_platform] && @options[:siem_endpoint] && @options[:siem_token]
+        puts "Configuring SIEM integration (#{@options[:siem_platform]})..." if @options[:verbose]
+        AiRootShield.configure_siem(@options[:siem_platform].to_sym, {
+          api_endpoint: @options[:siem_endpoint],
+          api_key: @options[:siem_token]
+        })
+      end
+      
+      # Configure enterprise policy if provided
+      if @options[:policy_file]
+        puts "Loading enterprise policy from #{@options[:policy_file]}..." if @options[:verbose]
+        AiRootShield.configure_policy(@options[:policy_file])
+      end
+      
+      # Configure certificate pinning if enabled
+      if @options[:enable_certificate_pinning]
+        puts "Configuring certificate pinning..." if @options[:verbose]
+        AiRootShield.configure_certificate_pinning
+      end
+      
+      # Configure proxy detection if enabled
+      if @options[:enable_proxy_detection]
+        puts "Configuring proxy detection..." if @options[:verbose]
+        AiRootShield.configure_proxy_detection
+      end
+      
       # Start RASP protection if enabled
       if @options[:enable_rasp_protection]
         puts "Starting RASP protection..." if @options[:verbose]
@@ -60,13 +117,34 @@ class AiRootShieldCLI
         sleep(@options[:rasp_monitoring_time])
       end
       
-      result = AiRootShield.scan_device_with_config(device_logs_path, @options)
+      # Run analysis based on mode
+      if @options[:ci_mode]
+        result = run_ci_cd_analysis(device_logs_path)
+      elsif @options[:platform]
+        result = run_platform_specific_analysis(device_logs_path)
+      else
+        result = AiRootShield.scan_device_with_config(device_logs_path, @options)
+      end
+      
+      # Send to SIEM if configured
+      if @options[:siem_platform]
+        puts "Sending results to SIEM..." if @options[:verbose]
+        AiRootShield.send_to_siem(result, {
+          cli_version: AiRootShield::VERSION,
+          scan_timestamp: Time.now.utc.iso8601
+        })
+      end
       
       # Add RASP status to result if enabled
       if @options[:enable_rasp_protection] && AiRootShield.rasp_active?
         result[:rasp_status] = AiRootShield.rasp_protection.protection_status
       end
       
+      # Add security status if verbose
+      if @options[:verbose]
+        result[:security_status] = AiRootShield.security_status
+      end
+      
       output_result(result)
       
     rescue AiRootShield::Error => e
@@ -136,6 +214,90 @@ class AiRootShieldCLI
         @options[:rasp_monitoring_time] = time
       end
 
+      opts.on("--policy FILE", "Enterprise policy file path") do |file|
+        @options[:policy_file] = file
+      end
+
+      opts.on("--enable-cert-pinning", "Enable certificate pinning validation") do
+        @options[:enable_certificate_pinning] = true
+      end
+
+      opts.on("--enable-proxy-detection", "Enable advanced proxy detection") do
+        @options[:enable_proxy_detection] = true
+      end
+
+      opts.on("--target-ip IP", "Target IP address for network analysis") do |ip|
+        @options[:target_ip] = ip
+      end
+
+      opts.on("--target-url URL", "Target URL for certificate pinning validation") do |url|
+        @options[:target_url] = url
+      end
+
+      # v0.5.0 Platform-specific options
+      opts.separator ""
+      opts.separator "Platform-specific Analysis (v0.5.0):"
+
+      opts.on("--platform PLATFORM", ["android", "ios"], "Platform-specific analysis (android, ios)") do |platform|
+        @options[:platform] = platform
+      end
+
+      opts.on("--safetynet-key KEY", "Google SafetyNet API key for Android analysis") do |key|
+        @options[:safetynet_api_key] = key
+      end
+
+      opts.on("--package-name NAME", "Android package name for analysis") do |name|
+        @options[:package_name] = name
+      end
+
+      opts.on("--unified-report", "Generate unified cross-platform report") do
+        @options[:enable_unified_reporting] = true
+      end
+
+      # CI/CD Integration options
+      opts.separator ""
+      opts.separator "CI/CD Integration (v0.5.0):"
+
+      opts.on("--ci-mode", "Run in CI/CD mode with test artifacts") do
+        @options[:ci_mode] = true
+      end
+
+      opts.on("--artifacts-path PATH", "Path for CI/CD test artifacts (default: ./security_test_artifacts)") do |path|
+        @options[:artifacts_path] = path
+      end
+
+      opts.on("--generate-ci-config PLATFORM", ["github", "gitlab", "jenkins", "azure"], "Generate CI config for platform") do |platform|
+        @options[:generate_ci_config] = platform
+      end
+
+      # SIEM Integration options
+      opts.separator ""
+      opts.separator "SIEM Integration (v0.5.0):"
+
+      opts.on("--siem-platform PLATFORM", ["splunk", "elastic", "qradar", "sentinel", "datadog", "chronicle", "arcsight"], "SIEM platform") do |platform|
+        @options[:siem_platform] = platform
+      end
+
+      opts.on("--siem-endpoint URL", "SIEM API endpoint URL") do |url|
+        @options[:siem_endpoint] = url
+      end
+
+      opts.on("--siem-token TOKEN", "SIEM API authentication token") do |token|
+        @options[:siem_token] = token
+      end
+
+      # Dashboard options
+      opts.separator ""
+      opts.separator "Dashboard (v0.5.0):"
+
+      opts.on("--start-dashboard", "Start web dashboard server") do
+        @options[:start_dashboard] = true
+      end
+
+      opts.on("--dashboard-port PORT", Integer, "Dashboard port (default: 4567)") do |port|
+        @options[:dashboard_port] = port
+      end
+
       opts.on("-h", "--help", "Show this help message") do
         puts opts
         exit
@@ -149,7 +311,7 @@ class AiRootShieldCLI
   end
 
   def output_result(result)
-    case @options[:output_format]
+    case @options[:format]
     when "json"
       puts JSON.pretty_generate(result)
     when "text"
@@ -167,6 +329,42 @@ class AiRootShieldCLI
     puts "Version: #{result[:version]}"
     puts ""
     
+    # Display compliance status if available
+    if result[:compliance]
+      puts "Policy Compliance:"
+      puts "  Status: #{result[:compliance][:compliant] ? 'COMPLIANT' : 'NON-COMPLIANT'}"
+      puts "  Policy Version: #{result[:compliance][:policy_version]}"
+      
+      if result[:compliance][:violations].any?
+        puts "  Violations:"
+        result[:compliance][:violations].each do |violation|
+          puts "    • #{violation[:message]} (#{violation[:severity]})"
+        end
+      end
+      puts ""
+    end
+    
+    # Display network analysis if available
+    if result[:network_analysis]
+      puts "Network Security Analysis:"
+      
+      if result[:network_analysis][:proxy_detection]
+        proxy = result[:network_analysis][:proxy_detection]
+        puts "  Proxy Detection: #{proxy[:proxy_detected] ? 'DETECTED' : 'Clean'}"
+        if proxy[:proxy_detected]
+          puts "    Types: #{proxy[:proxy_types].join(', ')}"
+          puts "    Confidence: #{(proxy[:confidence_score] * 100).round}%"
+        end
+      end
+      
+      if result[:network_analysis][:certificate_pinning]
+        pinning = result[:network_analysis][:certificate_pinning]
+        puts "  Certificate Pinning: #{pinning[:valid] ? 'VALID' : 'FAILED'}"
+        puts "    Reason: #{pinning[:reason]}" unless pinning[:valid]
+      end
+      puts ""
+    end
+    
     if result[:factors].any?
       puts "Detected Security Factors:"
       result[:factors].each do |factor|
@@ -184,17 +382,125 @@ class AiRootShieldCLI
     else
       puts "No security threats detected."
     end
+    
+    # Display RASP status if available
+    if result[:rasp_status]
+      puts ""
+      puts "RASP Protection Status:"
+      puts "  Active: #{result[:rasp_status][:active] ? 'YES' : 'NO'}"
+      puts "  Events Detected: #{result[:rasp_status][:events_detected] || 0}"
+      puts "  Protection Level: #{result[:rasp_status][:protection_level] || 'Standard'}"
+    end
   end
 
   def output_summary_format(result)
-    risk_level = AiRootShield::RiskCalculator.risk_level_description(result[:risk_score])
+    # Handle unified report format
+    if result[:executive_summary]
+      risk_level = result[:executive_summary][:overall_risk_level]
+      security_score = result[:executive_summary][:security_posture_score]
+      threat_count = result[:executive_summary][:critical_findings]&.length || 0
+      
+      puts "Risk Level: #{risk_level} (Security Score: #{security_score}/100)"
+      puts "Threats: #{threat_count} critical findings detected"
+      
+      if result[:executive_summary][:key_recommendations]&.any?
+        puts "Primary Concerns: #{result[:executive_summary][:key_recommendations].first(3).join(', ')}"
+      end
+    else
+      # Handle regular analysis format
+      risk_level = AiRootShield::RiskCalculator.risk_level_description(result[:risk_score])
+      
+      puts "Risk Level: #{risk_level} (#{result[:risk_score]}/100)"
+      puts "Threats: #{result[:factors]&.length || 0} detected"
+      
+      if result[:factors]&.any?
+        puts "Primary Concerns: #{result[:factors].first(3).join(', ')}"
+      end
+    end
+  end
+
+  # v0.5.0 New Methods
+  def run_platform_specific_analysis(device_logs_path)
+    puts "Running #{@options[:platform]} platform-specific analysis..." if @options[:verbose]
     
-    puts "Risk Level: #{risk_level} (#{result[:risk_score]}/100)"
-    puts "Threats: #{result[:factors].length} detected"
+    case @options[:platform]
+    when 'android'
+      config = {}
+      config[:safetynet_api_key] = @options[:safetynet_api_key] if @options[:safetynet_api_key]
+      config[:package_name] = @options[:package_name] if @options[:package_name]
+      
+      result = AiRootShield.analyze_android_device(device_logs_path, config)
+    when 'ios'
+      result = AiRootShield.analyze_ios_device(device_logs_path)
+    else
+      raise "Unsupported platform: #{@options[:platform]}"
+    end
     
-    if result[:factors].any?
-      puts "Primary Concerns: #{result[:factors].first(3).join(', ')}"
+    if @options[:enable_unified_reporting]
+      puts "Generating unified cross-platform report..." if @options[:verbose]
+      case @options[:platform]
+      when 'android'
+        unified_result = AiRootShield.generate_unified_report(android_results: result)
+      when 'ios'
+        unified_result = AiRootShield.generate_unified_report(ios_results: result)
+      end
+      return unified_result
     end
+    
+    result
+  end
+
+  def run_ci_cd_analysis(device_logs_path)
+    puts "Running CI/CD security analysis..." if @options[:verbose]
+    
+    # Create artifacts directory
+    Dir.mkdir(@options[:artifacts_path]) unless Dir.exist?(@options[:artifacts_path])
+    
+    # Run CI/CD tests
+    result = AiRootShield.run_ci_cd_tests(device_logs_path, {
+      artifacts_path: @options[:artifacts_path],
+      verbose: @options[:verbose]
+    })
+    
+    puts "CI/CD test artifacts saved to: #{@options[:artifacts_path]}" if @options[:verbose]
+    result
+  end
+
+  def start_dashboard
+    puts "Starting AI Root Shield Dashboard on port #{@options[:dashboard_port]}..."
+    puts "Dashboard will be available at: http://localhost:#{@options[:dashboard_port]}"
+    puts "Press Ctrl+C to stop the dashboard"
+    
+    begin
+      AiRootShield.start_dashboard(@options[:dashboard_port])
+    rescue Interrupt
+      puts "\nDashboard stopped."
+    end
+  end
+
+  def generate_ci_config
+    puts "Generating CI/CD configuration for #{@options[:generate_ci_config]}..."
+    
+    config_content = AiRootShield.generate_ci_config(@options[:generate_ci_config].to_sym)
+    
+    filename = case @options[:generate_ci_config]
+    when 'github'
+      '.github/workflows/security-scan.yml'
+    when 'gitlab'
+      '.gitlab-ci.yml'
+    when 'jenkins'
+      'Jenkinsfile'
+    when 'azure'
+      'azure-pipelines.yml'
+    end
+    
+    # Create directory if needed
+    dir = File.dirname(filename)
+    FileUtils.mkdir_p(dir) unless Dir.exist?(dir) || dir == '.'
+    
+    File.write(filename, config_content)
+    puts "CI/CD configuration saved to: #{filename}"
+    puts "Please review and customize the configuration as needed."
   end
 end