aiptx 2.0.7__py3-none-any.whl

aipt_v2/tools/browser/tab_manager.py

@@ -0,0 +1,344 @@
+from __future__ import annotations
+
+import atexit
+import contextlib
+import signal
+import sys
+import threading
+from typing import Any
+
+from .browser_instance import BrowserInstance
+
+
+class BrowserTabManager:
+    def __init__(self) -> None:
+        self.browser_instance: BrowserInstance | None = None
+        self._lock = threading.Lock()
+
+        self._register_cleanup_handlers()
+
+    def launch_browser(self, url: str | None = None) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is not None:
+                raise ValueError("Browser is already launched")
+
+            try:
+                self.browser_instance = BrowserInstance()
+                result = self.browser_instance.launch(url)
+                result["message"] = "Browser launched successfully"
+            except (OSError, ValueError, RuntimeError) as e:
+                if self.browser_instance:
+                    self.browser_instance = None
+                raise RuntimeError(f"Failed to launch browser: {e}") from e
+            else:
+                return result
+
+    def goto_url(self, url: str, tab_id: str | None = None) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.goto(url, tab_id)
+            result["message"] = f"Navigated to {url}"
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to navigate to URL: {e}") from e
+        else:
+            return result
+
+    def click(self, coordinate: str, tab_id: str | None = None) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.click(coordinate, tab_id)
+            result["message"] = f"Clicked at {coordinate}"
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to click: {e}") from e
+        else:
+            return result
+
+    def type_text(self, text: str, tab_id: str | None = None) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.type_text(text, tab_id)
+            result["message"] = f"Typed text: {text[:50]}{'...' if len(text) > 50 else ''}"
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to type text: {e}") from e
+        else:
+            return result
+
+    def scroll(self, direction: str, tab_id: str | None = None) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.scroll(direction, tab_id)
+            result["message"] = f"Scrolled {direction}"
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to scroll: {e}") from e
+        else:
+            return result
+
+    def back(self, tab_id: str | None = None) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.back(tab_id)
+            result["message"] = "Navigated back"
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to go back: {e}") from e
+        else:
+            return result
+
+    def forward(self, tab_id: str | None = None) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.forward(tab_id)
+            result["message"] = "Navigated forward"
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to go forward: {e}") from e
+        else:
+            return result
+
+    def new_tab(self, url: str | None = None) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.new_tab(url)
+            result["message"] = f"Created new tab {result.get('tab_id', '')}"
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to create new tab: {e}") from e
+        else:
+            return result
+
+    def switch_tab(self, tab_id: str) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.switch_tab(tab_id)
+            result["message"] = f"Switched to tab {tab_id}"
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to switch tab: {e}") from e
+        else:
+            return result
+
+    def close_tab(self, tab_id: str) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.close_tab(tab_id)
+            result["message"] = f"Closed tab {tab_id}"
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to close tab: {e}") from e
+        else:
+            return result
+
+    def wait_browser(self, duration: float, tab_id: str | None = None) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.wait(duration, tab_id)
+            result["message"] = f"Waited {duration}s"
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to wait: {e}") from e
+        else:
+            return result
+
+    def execute_js(self, js_code: str, tab_id: str | None = None) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.execute_js(js_code, tab_id)
+            result["message"] = "JavaScript executed successfully"
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to execute JavaScript: {e}") from e
+        else:
+            return result
+
+    def double_click(self, coordinate: str, tab_id: str | None = None) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.double_click(coordinate, tab_id)
+            result["message"] = f"Double clicked at {coordinate}"
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to double click: {e}") from e
+        else:
+            return result
+
+    def hover(self, coordinate: str, tab_id: str | None = None) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.hover(coordinate, tab_id)
+            result["message"] = f"Hovered at {coordinate}"
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to hover: {e}") from e
+        else:
+            return result
+
+    def press_key(self, key: str, tab_id: str | None = None) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.press_key(key, tab_id)
+            result["message"] = f"Pressed key {key}"
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to press key: {e}") from e
+        else:
+            return result
+
+    def save_pdf(self, file_path: str, tab_id: str | None = None) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.save_pdf(file_path, tab_id)
+            result["message"] = f"Page saved as PDF: {file_path}"
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to save PDF: {e}") from e
+        else:
+            return result
+
+    def get_console_logs(self, tab_id: str | None = None, clear: bool = False) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.get_console_logs(tab_id, clear)
+            action_text = "cleared and retrieved" if clear else "retrieved"
+
+            logs = result.get("console_logs", [])
+            truncated = any(log.get("text", "").startswith("[TRUNCATED:") for log in logs)
+            truncated_text = " (truncated)" if truncated else ""
+
+            result["message"] = (
+                f"Console logs {action_text} for tab "
+                f"{result.get('tab_id', 'current')}{truncated_text}"
+            )
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to get console logs: {e}") from e
+        else:
+            return result
+
+    def view_source(self, tab_id: str | None = None) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+        try:
+            result = self.browser_instance.view_source(tab_id)
+            result["message"] = "Page source retrieved"
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to get page source: {e}") from e
+        else:
+            return result
+
+    def list_tabs(self) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                return {"tabs": {}, "total_count": 0, "current_tab": None}
+
+        try:
+            tab_info = {}
+            for tid, tab_page in self.browser_instance.pages.items():
+                try:
+                    tab_info[tid] = {
+                        "url": tab_page.url,
+                        "title": "Unknown" if tab_page.is_closed() else "Active",
+                        "is_current": tid == self.browser_instance.current_page_id,
+                    }
+                except (AttributeError, RuntimeError):
+                    tab_info[tid] = {
+                        "url": "Unknown",
+                        "title": "Closed",
+                        "is_current": False,
+                    }
+
+            return {
+                "tabs": tab_info,
+                "total_count": len(tab_info),
+                "current_tab": self.browser_instance.current_page_id,
+            }
+        except (OSError, ValueError, RuntimeError) as e:
+            raise RuntimeError(f"Failed to list tabs: {e}") from e
+
+    def close_browser(self) -> dict[str, Any]:
+        with self._lock:
+            if self.browser_instance is None:
+                raise ValueError("Browser not launched")
+
+            try:
+                self.browser_instance.close()
+                self.browser_instance = None
+            except (OSError, ValueError, RuntimeError) as e:
+                raise RuntimeError(f"Failed to close browser: {e}") from e
+            else:
+                return {
+                    "message": "Browser closed successfully",
+                    "screenshot": "",
+                    "is_running": False,
+                }
+
+    def cleanup_dead_browser(self) -> None:
+        with self._lock:
+            if self.browser_instance and not self.browser_instance.is_alive():
+                with contextlib.suppress(Exception):
+                    self.browser_instance.close()
+                self.browser_instance = None
+
+    def close_all(self) -> None:
+        with self._lock:
+            if self.browser_instance:
+                with contextlib.suppress(Exception):
+                    self.browser_instance.close()
+                self.browser_instance = None
+
+    def _register_cleanup_handlers(self) -> None:
+        atexit.register(self.close_all)
+
+        signal.signal(signal.SIGTERM, self._signal_handler)
+        signal.signal(signal.SIGINT, self._signal_handler)
+
+        if hasattr(signal, "SIGHUP"):
+            signal.signal(signal.SIGHUP, self._signal_handler)
+
+    def _signal_handler(self, _signum: int, _frame: Any) -> None:
+        self.close_all()
+        sys.exit(0)
+
+
+_browser_tab_manager = BrowserTabManager()
+
+
+def get_browser_tab_manager() -> BrowserTabManager:
+    return _browser_tab_manager

aipt_v2/tools/cloud/__init__.py

@@ -0,0 +1,70 @@
+"""
+AIPT Cloud Security Module - Multi-Cloud Vulnerability Scanning
+
+Provides comprehensive cloud security assessment for:
+- AWS (Amazon Web Services)
+- Azure (Microsoft Azure)
+- GCP (Google Cloud Platform)
+
+Tools integrated:
+- ScoutSuite: Multi-cloud security auditing
+- Prowler: AWS security best practices
+- Custom checks: IAM, S3, Security Groups, etc.
+
+Usage:
+    from aipt_v2.tools.cloud import CloudScanner, get_cloud_scanner
+
+    scanner = get_cloud_scanner(provider="aws", profile="default")
+    findings = await scanner.scan()
+"""
+
+from aipt_v2.tools.cloud.cloud_config import (
+    CloudConfig,
+    AWSConfig,
+    AzureConfig,
+    GCPConfig,
+    get_cloud_config,
+)
+
+from aipt_v2.tools.cloud.cloud_scanner import (
+    CloudScanner,
+    CloudFinding,
+    CloudSeverity,
+    get_cloud_scanner,
+    scan_cloud,
+)
+
+from aipt_v2.tools.cloud.scoutsuite_tool import (
+    ScoutSuiteTool,
+    ScoutSuiteConfig,
+    run_scoutsuite,
+)
+
+from aipt_v2.tools.cloud.prowler_tool import (
+    ProwlerTool,
+    ProwlerConfig,
+    run_prowler,
+)
+
+__all__ = [
+    # Configuration
+    "CloudConfig",
+    "AWSConfig",
+    "AzureConfig",
+    "GCPConfig",
+    "get_cloud_config",
+    # Scanner
+    "CloudScanner",
+    "CloudFinding",
+    "CloudSeverity",
+    "get_cloud_scanner",
+    "scan_cloud",
+    # ScoutSuite
+    "ScoutSuiteTool",
+    "ScoutSuiteConfig",
+    "run_scoutsuite",
+    # Prowler
+    "ProwlerTool",
+    "ProwlerConfig",
+    "run_prowler",
+]

aipt_v2/tools/cloud/cloud_config.py

@@ -0,0 +1,273 @@
+"""
+Cloud Configuration Management
+
+Handles credentials and configuration for multi-cloud security scanning.
+Supports AWS profiles, Azure subscriptions, and GCP projects.
+"""
+
+import os
+from dataclasses import dataclass, field
+from typing import Optional, List, Dict, Any
+from pathlib import Path
+
+
+@dataclass
+class AWSConfig:
+    """AWS-specific configuration."""
+    profile: str = "default"
+    region: str = "us-east-1"
+    access_key_id: Optional[str] = None
+    secret_access_key: Optional[str] = None
+    session_token: Optional[str] = None
+
+    # Scanning options
+    services: List[str] = field(default_factory=lambda: [
+        "iam", "s3", "ec2", "rds", "lambda", "cloudtrail",
+        "cloudwatch", "kms", "sns", "sqs", "vpc", "elb"
+    ])
+    skip_services: List[str] = field(default_factory=list)
+
+    def __post_init__(self):
+        # Load from environment if not provided
+        if not self.access_key_id:
+            self.access_key_id = os.getenv("AWS_ACCESS_KEY_ID")
+        if not self.secret_access_key:
+            self.secret_access_key = os.getenv("AWS_SECRET_ACCESS_KEY")
+        if not self.session_token:
+            self.session_token = os.getenv("AWS_SESSION_TOKEN")
+        if self.region == "us-east-1":
+            self.region = os.getenv("AWS_DEFAULT_REGION", "us-east-1")
+
+    def is_configured(self) -> bool:
+        """Check if AWS credentials are available."""
+        # Either profile-based or key-based auth
+        if self.profile:
+            # Check if credentials file exists
+            creds_file = Path.home() / ".aws" / "credentials"
+            return creds_file.exists()
+        return bool(self.access_key_id and self.secret_access_key)
+
+    def to_env_dict(self) -> Dict[str, str]:
+        """Convert to environment variables dict."""
+        env = {"AWS_DEFAULT_REGION": self.region}
+        if self.profile:
+            env["AWS_PROFILE"] = self.profile
+        if self.access_key_id:
+            env["AWS_ACCESS_KEY_ID"] = self.access_key_id
+        if self.secret_access_key:
+            env["AWS_SECRET_ACCESS_KEY"] = self.secret_access_key
+        if self.session_token:
+            env["AWS_SESSION_TOKEN"] = self.session_token
+        return env
+
+
+@dataclass
+class AzureConfig:
+    """Azure-specific configuration."""
+    subscription_id: Optional[str] = None
+    tenant_id: Optional[str] = None
+    client_id: Optional[str] = None
+    client_secret: Optional[str] = None
+
+    # Use Azure CLI auth by default
+    use_cli_auth: bool = True
+
+    # Scanning options
+    resource_groups: List[str] = field(default_factory=list)  # Empty = all
+
+    def __post_init__(self):
+        # Load from environment if not provided
+        if not self.subscription_id:
+            self.subscription_id = os.getenv("AZURE_SUBSCRIPTION_ID")
+        if not self.tenant_id:
+            self.tenant_id = os.getenv("AZURE_TENANT_ID")
+        if not self.client_id:
+            self.client_id = os.getenv("AZURE_CLIENT_ID")
+        if not self.client_secret:
+            self.client_secret = os.getenv("AZURE_CLIENT_SECRET")
+
+    def is_configured(self) -> bool:
+        """Check if Azure credentials are available."""
+        if self.use_cli_auth:
+            # Check for Azure CLI
+            return Path.home().joinpath(".azure").exists()
+        return bool(self.subscription_id and self.tenant_id and
+                    self.client_id and self.client_secret)
+
+    def to_env_dict(self) -> Dict[str, str]:
+        """Convert to environment variables dict."""
+        env = {}
+        if self.subscription_id:
+            env["AZURE_SUBSCRIPTION_ID"] = self.subscription_id
+        if self.tenant_id:
+            env["AZURE_TENANT_ID"] = self.tenant_id
+        if self.client_id:
+            env["AZURE_CLIENT_ID"] = self.client_id
+        if self.client_secret:
+            env["AZURE_CLIENT_SECRET"] = self.client_secret
+        return env
+
+
+@dataclass
+class GCPConfig:
+    """GCP-specific configuration."""
+    project_id: Optional[str] = None
+    credentials_file: Optional[str] = None
+
+    # Use application default credentials
+    use_adc: bool = True
+
+    # Scanning options
+    regions: List[str] = field(default_factory=list)  # Empty = all
+
+    def __post_init__(self):
+        # Load from environment if not provided
+        if not self.project_id:
+            self.project_id = os.getenv("GOOGLE_CLOUD_PROJECT") or os.getenv("GCP_PROJECT")
+        if not self.credentials_file:
+            self.credentials_file = os.getenv("GOOGLE_APPLICATION_CREDENTIALS")
+
+    def is_configured(self) -> bool:
+        """Check if GCP credentials are available."""
+        if self.use_adc:
+            # Check for application default credentials
+            adc_path = Path.home() / ".config" / "gcloud" / "application_default_credentials.json"
+            return adc_path.exists() or bool(self.credentials_file)
+        return bool(self.project_id and self.credentials_file)
+
+    def to_env_dict(self) -> Dict[str, str]:
+        """Convert to environment variables dict."""
+        env = {}
+        if self.project_id:
+            env["GOOGLE_CLOUD_PROJECT"] = self.project_id
+        if self.credentials_file:
+            env["GOOGLE_APPLICATION_CREDENTIALS"] = self.credentials_file
+        return env
+
+
+@dataclass
+class CloudConfig:
+    """Unified cloud configuration."""
+
+    # Provider configs
+    aws: AWSConfig = field(default_factory=AWSConfig)
+    azure: AzureConfig = field(default_factory=AzureConfig)
+    gcp: GCPConfig = field(default_factory=GCPConfig)
+
+    # General settings
+    providers: List[str] = field(default_factory=lambda: ["aws"])
+    output_dir: str = "./cloud_scan_results"
+    severity_threshold: str = "low"  # low, medium, high, critical
+
+    # Scanning options
+    parallel_scans: bool = True
+    max_workers: int = 5
+    timeout: int = 3600  # 1 hour default
+
+    def get_configured_providers(self) -> List[str]:
+        """Get list of providers with valid credentials."""
+        configured = []
+        if "aws" in self.providers and self.aws.is_configured():
+            configured.append("aws")
+        if "azure" in self.providers and self.azure.is_configured():
+            configured.append("azure")
+        if "gcp" in self.providers and self.gcp.is_configured():
+            configured.append("gcp")
+        return configured
+
+    def get_provider_config(self, provider: str) -> Any:
+        """Get configuration for a specific provider."""
+        provider_map = {
+            "aws": self.aws,
+            "azure": self.azure,
+            "gcp": self.gcp
+        }
+        return provider_map.get(provider.lower())
+
+
+def get_cloud_config(
+    providers: Optional[List[str]] = None,
+    aws_profile: Optional[str] = None,
+    azure_subscription: Optional[str] = None,
+    gcp_project: Optional[str] = None,
+    **kwargs
+) -> CloudConfig:
+    """
+    Create CloudConfig from parameters and environment.
+
+    Args:
+        providers: List of cloud providers to scan ("aws", "azure", "gcp")
+        aws_profile: AWS CLI profile name
+        azure_subscription: Azure subscription ID
+        gcp_project: GCP project ID
+        **kwargs: Additional configuration options
+
+    Returns:
+        CloudConfig instance
+    """
+    # Build AWS config
+    aws_config = AWSConfig(
+        profile=aws_profile or os.getenv("AWS_PROFILE", "default"),
+        region=kwargs.get("aws_region", os.getenv("AWS_DEFAULT_REGION", "us-east-1"))
+    )
+
+    # Build Azure config
+    azure_config = AzureConfig(
+        subscription_id=azure_subscription or os.getenv("AZURE_SUBSCRIPTION_ID")
+    )
+
+    # Build GCP config
+    gcp_config = GCPConfig(
+        project_id=gcp_project or os.getenv("GOOGLE_CLOUD_PROJECT")
+    )
+
+    # Determine providers
+    if providers is None:
+        providers = ["aws"]  # Default to AWS only
+
+    return CloudConfig(
+        aws=aws_config,
+        azure=azure_config,
+        gcp=gcp_config,
+        providers=providers,
+        output_dir=kwargs.get("output_dir", "./cloud_scan_results"),
+        severity_threshold=kwargs.get("severity_threshold", "low"),
+        timeout=kwargs.get("timeout", 3600)
+    )
+
+
+def validate_cloud_credentials() -> Dict[str, Dict[str, Any]]:
+    """
+    Validate credentials for all cloud providers.
+
+    Returns:
+        Dict with validation results per provider
+    """
+    results = {}
+
+    # Check AWS
+    aws_config = AWSConfig()
+    results["aws"] = {
+        "configured": aws_config.is_configured(),
+        "profile": aws_config.profile,
+        "region": aws_config.region,
+        "has_keys": bool(aws_config.access_key_id)
+    }
+
+    # Check Azure
+    azure_config = AzureConfig()
+    results["azure"] = {
+        "configured": azure_config.is_configured(),
+        "subscription": azure_config.subscription_id,
+        "use_cli": azure_config.use_cli_auth
+    }
+
+    # Check GCP
+    gcp_config = GCPConfig()
+    results["gcp"] = {
+        "configured": gcp_config.is_configured(),
+        "project": gcp_config.project_id,
+        "use_adc": gcp_config.use_adc
+    }
+
+    return results