ai_root_shield 0.5.0 → 1.0.0

data/bindings/python/ai_root_shield.py

@@ -0,0 +1,438 @@
+#!/usr/bin/env python3
+"""
+AI Root Shield Python Bindings
+Enterprise-grade mobile security analysis library
+"""
+
+import json
+import subprocess
+import tempfile
+import os
+from typing import Dict, List, Optional, Union
+from dataclasses import dataclass
+from enum import Enum
+
+class SecurityLevel(Enum):
+    LOW = "low"
+    MEDIUM = "medium"
+    HIGH = "high"
+    CRITICAL = "critical"
+
+class Platform(Enum):
+    ANDROID = "android"
+    IOS = "ios"
+    CROSS_PLATFORM = "cross_platform"
+
+@dataclass
+class AnalysisResult:
+    risk_score: int
+    factors: List[str]
+    timestamp: str
+    version: str
+    platform: Optional[str] = None
+    compliance: Optional[Dict] = None
+    recommendations: Optional[List[str]] = None
+
+@dataclass
+class PolicyConfig:
+    industry_type: str
+    compliance_frameworks: List[str]
+    risk_thresholds: Dict[str, int]
+    requirements: Dict[str, Dict]
+
+class AIRootShield:
+    """Main AI Root Shield Python interface"""
+    
+    def __init__(self, config: Optional[Dict] = None):
+        self.config = config or {}
+        self.gem_available = self._check_gem_availability()
+        if not self.gem_available:
+            raise RuntimeError("AI Root Shield Ruby gem not found. Please install: gem install ai_root_shield")
+    
+    def _check_gem_availability(self) -> bool:
+        """Check if AI Root Shield gem is available"""
+        try:
+            result = subprocess.run(['gem', 'list', 'ai_root_shield'], 
+                                  capture_output=True, text=True, timeout=10)
+            return 'ai_root_shield' in result.stdout
+        except (subprocess.TimeoutExpired, FileNotFoundError):
+            return False
+    
+    def analyze_device(self, device_logs: Union[str, Dict], 
+                      platform: Optional[Platform] = None,
+                      config: Optional[Dict] = None) -> AnalysisResult:
+        """Analyze device security using AI Root Shield"""
+        
+        # Prepare device logs
+        if isinstance(device_logs, dict):
+            logs_file = self._write_temp_json(device_logs)
+        else:
+            logs_file = device_logs
+        
+        try:
+            # Build command
+            cmd = ['ai_root_shield']
+            
+            if platform:
+                cmd.extend(['--platform', platform.value])
+            
+            if config:
+                if config.get('verbose'):
+                    cmd.append('--verbose')
+                if config.get('format'):
+                    cmd.extend(['--format', config['format']])
+                if config.get('unified_report'):
+                    cmd.append('--unified-report')
+            
+            cmd.append(logs_file)
+            
+            # Execute analysis
+            result = subprocess.run(cmd, capture_output=True, text=True, timeout=60)
+            
+            if result.returncode != 0:
+                raise RuntimeError(f"Analysis failed: {result.stderr}")
+            
+            # Parse result
+            analysis_data = json.loads(result.stdout)
+            return self._parse_analysis_result(analysis_data)
+            
+        finally:
+            # Clean up temp file if created
+            if isinstance(device_logs, dict) and os.path.exists(logs_file):
+                os.unlink(logs_file)
+    
+    def analyze_android_device(self, device_logs: Union[str, Dict],
+                             safetynet_api_key: Optional[str] = None,
+                             package_name: Optional[str] = None) -> AnalysisResult:
+        """Analyze Android device with SafetyNet integration"""
+        config = {}
+        if safetynet_api_key:
+            config['safetynet_api_key'] = safetynet_api_key
+        if package_name:
+            config['package_name'] = package_name
+            
+        return self.analyze_device(device_logs, Platform.ANDROID, config)
+    
+    def analyze_ios_device(self, device_logs: Union[str, Dict]) -> AnalysisResult:
+        """Analyze iOS device with jailbreak detection"""
+        return self.analyze_device(device_logs, Platform.IOS)
+    
+    def run_ci_cd_analysis(self, device_logs: Union[str, Dict],
+                          artifacts_path: str = './security_test_artifacts') -> Dict:
+        """Run CI/CD security analysis"""
+        
+        if isinstance(device_logs, dict):
+            logs_file = self._write_temp_json(device_logs)
+        else:
+            logs_file = device_logs
+        
+        try:
+            cmd = ['ai_root_shield', '--ci-mode', '--artifacts-path', artifacts_path, logs_file]
+            result = subprocess.run(cmd, capture_output=True, text=True, timeout=120)
+            
+            if result.returncode != 0:
+                raise RuntimeError(f"CI/CD analysis failed: {result.stderr}")
+            
+            return json.loads(result.stdout)
+            
+        finally:
+            if isinstance(device_logs, dict) and os.path.exists(logs_file):
+                os.unlink(logs_file)
+    
+    def generate_unified_report(self, android_results: Optional[Dict] = None,
+                              ios_results: Optional[Dict] = None) -> Dict:
+        """Generate unified cross-platform report"""
+        # This would require more complex integration with Ruby gem
+        # For now, use the CLI unified report feature
+        if android_results:
+            logs_file = self._write_temp_json(android_results)
+            try:
+                cmd = ['ai_root_shield', '--platform', 'android', '--unified-report', logs_file]
+                result = subprocess.run(cmd, capture_output=True, text=True, timeout=60)
+                
+                if result.returncode == 0:
+                    return json.loads(result.stdout)
+            finally:
+                os.unlink(logs_file)
+        
+        return {}
+    
+    def start_dashboard(self, port: int = 4567) -> bool:
+        """Start web dashboard server"""
+        try:
+            cmd = ['ai_root_shield', '--start-dashboard', '--dashboard-port', str(port)]
+            subprocess.Popen(cmd)
+            return True
+        except Exception:
+            return False
+    
+    def generate_ci_config(self, platform: str, output_path: Optional[str] = None) -> str:
+        """Generate CI/CD configuration"""
+        try:
+            cmd = ['ai_root_shield', '--generate-ci-config', platform]
+            result = subprocess.run(cmd, capture_output=True, text=True, timeout=30)
+            
+            if result.returncode == 0:
+                return result.stdout
+            else:
+                raise RuntimeError(f"CI config generation failed: {result.stderr}")
+        except Exception as e:
+            raise RuntimeError(f"Failed to generate CI config: {str(e)}")
+    
+    def _write_temp_json(self, data: Dict) -> str:
+        """Write data to temporary JSON file"""
+        with tempfile.NamedTemporaryFile(mode='w', suffix='.json', delete=False) as f:
+            json.dump(data, f, indent=2)
+            return f.name
+    
+    def _parse_analysis_result(self, data: Dict) -> AnalysisResult:
+        """Parse analysis result from JSON"""
+        return AnalysisResult(
+            risk_score=data.get('risk_score', 0),
+            factors=data.get('factors', []),
+            timestamp=data.get('timestamp', ''),
+            version=data.get('version', ''),
+            platform=data.get('platform'),
+            compliance=data.get('compliance'),
+            recommendations=data.get('recommendations', [])
+        )
+
+class EnterprisePolicy:
+    """Enterprise policy management"""
+    
+    def __init__(self, industry_type: str):
+        self.industry_type = industry_type
+        self.policy_config = self._load_policy_config()
+    
+    def _load_policy_config(self) -> PolicyConfig:
+        """Load policy configuration for industry"""
+        # This would integrate with the Ruby PolicyManager
+        # For now, return basic config
+        configs = {
+            'fintech': PolicyConfig(
+                industry_type='fintech',
+                compliance_frameworks=['pci_dss', 'sox', 'ffiec'],
+                risk_thresholds={'critical': 0, 'high': 10, 'medium': 30, 'low': 50},
+                requirements={}
+            ),
+            'healthcare': PolicyConfig(
+                industry_type='healthcare',
+                compliance_frameworks=['hipaa', 'hitech', 'gdpr'],
+                risk_thresholds={'critical': 0, 'high': 15, 'medium': 35, 'low': 60},
+                requirements={}
+            ),
+            'government': PolicyConfig(
+                industry_type='government',
+                compliance_frameworks=['fisma', 'nist_800_53', 'fedramp'],
+                risk_thresholds={'critical': 0, 'high': 5, 'medium': 20, 'low': 40},
+                requirements={}
+            ),
+            'corporate': PolicyConfig(
+                industry_type='corporate',
+                compliance_frameworks=['iso27001', 'gdpr', 'ccpa'],
+                risk_thresholds={'critical': 5, 'high': 25, 'medium': 50, 'low': 75},
+                requirements={}
+            )
+        }
+        
+        return configs.get(self.industry_type, configs['corporate'])
+    
+    def evaluate_compliance(self, analysis_result: AnalysisResult) -> Dict:
+        """Evaluate compliance against policy"""
+        violations = []
+        
+        # Basic compliance evaluation
+        if analysis_result.risk_score > self.policy_config.risk_thresholds['critical']:
+            violations.append({
+                'severity': 'critical',
+                'message': f'Risk score {analysis_result.risk_score} exceeds critical threshold'
+            })
+        
+        return {
+            'compliant': len(violations) == 0,
+            'violations': violations,
+            'policy_version': '1.0',
+            'industry_type': self.industry_type,
+            'compliance_score': max(0, 100 - len(violations) * 25)
+        }
+
+class AlertManager:
+    """Alert and notification management"""
+    
+    def __init__(self, config: Optional[Dict] = None):
+        self.config = config or {}
+        self.channels = []
+    
+    def add_webhook_channel(self, url: str, headers: Optional[Dict] = None):
+        """Add webhook notification channel"""
+        self.channels.append({
+            'type': 'webhook',
+            'url': url,
+            'headers': headers or {}
+        })
+    
+    def add_slack_channel(self, webhook_url: str):
+        """Add Slack notification channel"""
+        self.channels.append({
+            'type': 'slack',
+            'webhook_url': webhook_url
+        })
+    
+    def send_security_alert(self, analysis_result: AnalysisResult, severity: str = 'warning'):
+        """Send security alert"""
+        alert_data = {
+            'type': 'security_incident',
+            'severity': severity,
+            'title': 'Security Threat Detected',
+            'message': f'Risk score: {analysis_result.risk_score}/100',
+            'data': {
+                'risk_score': analysis_result.risk_score,
+                'factors': analysis_result.factors,
+                'timestamp': analysis_result.timestamp
+            }
+        }
+        
+        return self._send_alert(alert_data)
+    
+    def send_compliance_alert(self, compliance_result: Dict, policy_type: str):
+        """Send compliance alert"""
+        severity = 'info' if compliance_result['compliant'] else 'critical'
+        
+        alert_data = {
+            'type': 'compliance_violation',
+            'severity': severity,
+            'title': 'Compliance Status Update',
+            'message': f"Policy: {policy_type}, Status: {'COMPLIANT' if compliance_result['compliant'] else 'NON-COMPLIANT'}",
+            'data': compliance_result
+        }
+        
+        return self._send_alert(alert_data)
+    
+    def _send_alert(self, alert_data: Dict) -> Dict:
+        """Send alert through configured channels"""
+        results = {}
+        
+        for channel in self.channels:
+            try:
+                if channel['type'] == 'webhook':
+                    result = self._send_webhook(channel, alert_data)
+                elif channel['type'] == 'slack':
+                    result = self._send_slack(channel, alert_data)
+                else:
+                    result = {'success': False, 'error': 'Unknown channel type'}
+                
+                results[f"{channel['type']}_{len(results)}"] = result
+                
+            except Exception as e:
+                results[f"{channel['type']}_{len(results)}"] = {
+                    'success': False,
+                    'error': str(e)
+                }
+        
+        return results
+    
+    def _send_webhook(self, channel: Dict, alert_data: Dict) -> Dict:
+        """Send webhook notification"""
+        import requests
+        
+        try:
+            response = requests.post(
+                channel['url'],
+                json=alert_data,
+                headers=channel.get('headers', {}),
+                timeout=30
+            )
+            
+            return {
+                'success': response.status_code < 400,
+                'status_code': response.status_code,
+                'response': response.text[:200]  # Truncate response
+            }
+        except Exception as e:
+            return {'success': False, 'error': str(e)}
+    
+    def _send_slack(self, channel: Dict, alert_data: Dict) -> Dict:
+        """Send Slack notification"""
+        import requests
+        
+        # Format for Slack
+        color = {
+            'info': 'good',
+            'warning': 'warning',
+            'critical': 'danger',
+            'emergency': 'danger'
+        }.get(alert_data['severity'], 'good')
+        
+        payload = {
+            'text': alert_data['title'],
+            'attachments': [{
+                'color': color,
+                'fields': [
+                    {'title': 'Severity', 'value': alert_data['severity'].upper(), 'short': True},
+                    {'title': 'Type', 'value': alert_data['type'], 'short': True},
+                    {'title': 'Message', 'value': alert_data['message'], 'short': False}
+                ]
+            }]
+        }
+        
+        try:
+            response = requests.post(channel['webhook_url'], json=payload, timeout=30)
+            return {
+                'success': response.status_code == 200,
+                'status_code': response.status_code
+            }
+        except Exception as e:
+            return {'success': False, 'error': str(e)}
+
+# Example usage and testing functions
+def example_usage():
+    """Example usage of AI Root Shield Python bindings"""
+    
+    # Initialize AI Root Shield
+    ars = AIRootShield()
+    
+    # Example device logs
+    android_logs = {
+        "device_info": {
+            "platform": "Android",
+            "version": "11",
+            "model": "Pixel 5"
+        },
+        "security_checks": {
+            "root_detected": False,
+            "emulator_detected": False,
+            "debugging_enabled": False
+        },
+        "safetynet": {
+            "basicIntegrity": True,
+            "ctsProfileMatch": True
+        }
+    }
+    
+    try:
+        # Analyze Android device
+        result = ars.analyze_android_device(android_logs)
+        print(f"Risk Score: {result.risk_score}/100")
+        print(f"Factors: {result.factors}")
+        
+        # Enterprise policy evaluation
+        policy = EnterprisePolicy('fintech')
+        compliance = policy.evaluate_compliance(result)
+        print(f"Compliant: {compliance['compliant']}")
+        
+        # Alert management
+        alert_manager = AlertManager()
+        alert_manager.add_webhook_channel('https://example.com/webhook')
+        
+        if result.risk_score > 50:
+            alert_results = alert_manager.send_security_alert(result, 'warning')
+            print(f"Alert sent: {alert_results}")
+        
+        return True
+        
+    except Exception as e:
+        print(f"Error: {e}")
+        return False
+
+if __name__ == "__main__":
+    example_usage()

data/bindings/python/setup.py

@@ -0,0 +1,65 @@
+#!/usr/bin/env python3
+"""
+Setup script for AI Root Shield Python bindings
+"""
+
+from setuptools import setup, find_packages
+import os
+
+# Read README for long description
+def read_readme():
+    readme_path = os.path.join(os.path.dirname(__file__), 'README.md')
+    if os.path.exists(readme_path):
+        with open(readme_path, 'r', encoding='utf-8') as f:
+            return f.read()
+    return "AI Root Shield Python bindings for enterprise mobile security analysis"
+
+setup(
+    name="ai-root-shield",
+    version="1.0.0",
+    author="AI Root Shield Team",
+    author_email="support@airootshield.com",
+    description="Enterprise-grade mobile security analysis library - Python bindings",
+    long_description=read_readme(),
+    long_description_content_type="text/markdown",
+    url="https://github.com/ahmetxhero/ai-root-shield",
+    py_modules=["ai_root_shield"],
+    classifiers=[
+        "Development Status :: 5 - Production/Stable",
+        "Intended Audience :: Developers",
+        "Intended Audience :: Information Technology",
+        "License :: OSI Approved :: MIT License",
+        "Operating System :: OS Independent",
+        "Programming Language :: Python :: 3",
+        "Programming Language :: Python :: 3.7",
+        "Programming Language :: Python :: 3.8",
+        "Programming Language :: Python :: 3.9",
+        "Programming Language :: Python :: 3.10",
+        "Programming Language :: Python :: 3.11",
+        "Topic :: Security",
+        "Topic :: Software Development :: Libraries :: Python Modules",
+    ],
+    python_requires=">=3.7",
+    install_requires=[
+        "requests>=2.25.0",
+    ],
+    extras_require={
+        "dev": [
+            "pytest>=6.0",
+            "pytest-cov>=2.0",
+            "black>=21.0",
+            "flake8>=3.8",
+        ],
+    },
+    entry_points={
+        "console_scripts": [
+            "ai-root-shield=ai_root_shield:main",
+        ],
+    },
+    keywords="security mobile android ios enterprise compliance fintech healthcare",
+    project_urls={
+        "Bug Reports": "https://github.com/ahmetxhero/ai-root-shield/issues",
+        "Source": "https://github.com/ahmetxhero/ai-root-shield",
+        "Documentation": "https://github.com/ahmetxhero/ai-root-shield/blob/main/README.md",
+    },
+)

data/examples/device_logs/android_safetynet_device.json

@@ -0,0 +1,148 @@
+{
+  "platform": "android",
+  "timestamp": 1640995200,
+  "device_info": {
+    "model": "Pixel 6",
+    "manufacturer": "Google",
+    "os_version": "13",
+    "api_level": 33,
+    "build_fingerprint": "google/raven/raven:13/TQ3A.230805.001/10316531:user/release-keys"
+  },
+  "safetynet": {
+    "basicIntegrity": true,
+    "ctsProfileMatch": true,
+    "evaluationType": "BASIC",
+    "nonce": "R2Rra24fVm5xa2Mg",
+    "timestampMs": 1640995200000,
+    "advice": ["LOCK_SCREEN_SECURED"]
+  },
+  "play_integrity": {
+    "deviceIntegrity": {
+      "deviceRecognitionVerdict": ["MEETS_DEVICE_INTEGRITY", "MEETS_BASIC_INTEGRITY"]
+    },
+    "appIntegrity": {
+      "verdict": "PLAY_RECOGNIZED",
+      "appLicensingVerdict": "LICENSED"
+    },
+    "accountDetails": {
+      "verdict": "LICENSED"
+    },
+    "environmentDetails": {
+      "verdict": "MEETS_BASIC_INTEGRITY"
+    }
+  },
+  "hardware_security": {
+    "tee": {
+      "available": true,
+      "implementation": "trustzone",
+      "version": "1.1",
+      "secureStorage": true,
+      "keyAttestation": true,
+      "biometricSupport": true,
+      "strongboxAvailable": true,
+      "secureBootVerified": true,
+      "attestationKeys": ["rsa2048", "ec256"]
+    },
+    "secure_element": {
+      "available": true,
+      "type": "embedded_se",
+      "appletsInstalled": ["payment", "identity"],
+      "nfcSecureElement": true,
+      "embeddedSecureElement": true,
+      "tamperResistance": true,
+      "certificationLevel": "cc_eal5_plus"
+    },
+    "biometrics": {
+      "fingerprintAvailable": true,
+      "faceAvailable": false,
+      "fingerprintEnrolled": true,
+      "hardwareLevel": "strong",
+      "template_security": {
+        "hardwareProtected": true,
+        "encryptedStorage": true,
+        "templateIsolation": true,
+        "secureMatching": true
+      },
+      "liveness_detection": {
+        "activeLiveness": true,
+        "passiveLiveness": true,
+        "depthSensing": false
+      },
+      "consistency": {
+        "enrollmentChangesDetected": false,
+        "templateModifications": false
+      }
+    },
+    "crypto": {
+      "hardwareRng": true,
+      "aesHardwareAcceleration": true,
+      "eccSupport": true,
+      "rsaSupport": true,
+      "keyDerivationHardware": true,
+      "secureKeyStorage": true,
+      "cryptoCoprocessor": true,
+      "supportedAlgorithms": ["AES-256", "RSA-2048", "ECDSA-P256", "SHA-256"]
+    },
+    "attestation": {
+      "keyAttestationSupported": true,
+      "attestationSecurityLevel": "trusted_environment",
+      "deviceIdAttestation": true,
+      "verifiedBootKey": "308201a2300d06092a864886f70d01010105000382018f003082018a0282018100...",
+      "rootOfTrust": {
+        "verifiedBootKey": "308201a2300d06092a864886f70d01010105000382018f003082018a0282018100...",
+        "deviceLocked": true,
+        "verifiedBootState": "verified",
+        "verifiedBootHash": "4f4adce36cf2e9c51349d1e77b067b2b8b5c5b5c5b5c5b5c5b5c5b5c5b5c5b5c"
+      }
+    }
+  },
+  "system_integrity": {
+    "selinuxEnforcing": true,
+    "verifiedBootState": "green",
+    "bootloaderLocked": true,
+    "systemPartitionVerified": true,
+    "vendorPartitionVerified": true,
+    "buildTags": "release-keys",
+    "adbEnabled": false,
+    "developerOptionsEnabled": false,
+    "dmVerityEnabled": true
+  },
+  "file_system": {
+    "files": [
+      {
+        "path": "/system/bin/sh",
+        "permissions": "755",
+        "owner": "root",
+        "exists": true
+      },
+      {
+        "path": "/system/xbin/su",
+        "exists": false
+      },
+      {
+        "path": "/system/bin/su",
+        "exists": false
+      }
+    ]
+  },
+  "running_processes": [
+    {
+      "name": "system_server",
+      "pid": 1234,
+      "uid": 1000
+    },
+    {
+      "name": "zygote64",
+      "pid": 567,
+      "uid": 0
+    }
+  ],
+  "network": {
+    "proxy_enabled": false,
+    "vpn_active": false,
+    "custom_certificates": [],
+    "tls_version": "1.3"
+  },
+  "risk_score": 15,
+  "factors": []
+}