binalyze-air-sdk 1.0.1__py3-none-any.whl

binalyze_air/queries/evidence.py

@@ -0,0 +1,140 @@
+"""
+Evidence-related queries for the Binalyze AIR SDK.
+"""
+
+from ..base import Query
+from ..models.evidence import EvidencePPC, EvidenceReportFileInfo, EvidenceReport
+from ..http_client import HTTPClient
+
+
+class GetEvidencePPCQuery(Query[EvidencePPC]):
+    """Query to get case evidence PPC."""
+    
+    def __init__(self, http_client: HTTPClient, endpoint_id: str, task_id: str):
+        self.http_client = http_client
+        self.endpoint_id = endpoint_id
+        self.task_id = task_id
+    
+    def execute(self) -> EvidencePPC:
+        """Execute the get evidence PPC query."""
+        try:
+            # Use binary HTTP client for file downloads
+            response = self.http_client.get_binary(f"evidence/case/ppc/{self.endpoint_id}/{self.task_id}")
+            
+            # Extract content information
+            content_type = response.headers.get('Content-Type', 'application/octet-stream')
+            filename = response.headers.get('Content-Disposition')
+            if filename and 'filename=' in filename:
+                filename = filename.split('filename=')[1].strip('"')
+            else:
+                filename = f"ppc_{self.endpoint_id}_{self.task_id}.zip"
+            
+            return EvidencePPC(
+                endpoint_id=self.endpoint_id,
+                task_id=self.task_id,
+                content=response.content,
+                content_type=content_type,
+                content_length=len(response.content) if response.content else 0,
+                filename=filename
+            )
+            
+        except Exception as e:
+            # Re-raise with more specific error information
+            error_str = str(e)
+            if "404" in error_str or "not found" in error_str.lower():
+                raise Exception(f"Evidence PPC not found (HTTP 404): No task(s) found by provided id(s)")
+            else:
+                raise Exception(f"Evidence PPC not found for endpoint {self.endpoint_id}, task {self.task_id}: {error_str}")
+
+
+class GetEvidenceReportFileInfoQuery(Query[EvidenceReportFileInfo]):
+    """Query to get case evidence report file info."""
+    
+    def __init__(self, http_client: HTTPClient, endpoint_id: str, task_id: str):
+        self.http_client = http_client
+        self.endpoint_id = endpoint_id
+        self.task_id = task_id
+    
+    def execute(self) -> EvidenceReportFileInfo:
+        """Execute the get evidence report file info query."""
+        try:
+            response = self.http_client.get(f"evidence/case/report-file-info/{self.endpoint_id}/{self.task_id}")
+            
+            if response.get("success"):
+                file_info_data = response.get("result", {})
+                
+                # Map API fields to SDK model fields
+                return EvidenceReportFileInfo(
+                    endpoint_id=self.endpoint_id,
+                    task_id=self.task_id,
+                    file_name=file_info_data.get("name"),
+                    file_size=file_info_data.get("size"),
+                    created_at=file_info_data.get("timestampResponse"),
+                    status="available" if not file_info_data.get("purged", False) else "purged",
+                    # Additional fields from API
+                    file_path=file_info_data.get("path"),
+                    encoding=file_info_data.get("encoding"),
+                    mime_type=file_info_data.get("mimeType"),
+                    file_hash=file_info_data.get("hash"),
+                    organization_id=file_info_data.get("organizationId"),
+                    is_purged=file_info_data.get("purged", False)
+                )
+            
+            # Handle error response with detailed information from API
+            errors = response.get("errors", [])
+            status_code = response.get("statusCode", "Unknown")
+            error_message = "; ".join(errors) if errors else "Unknown error"
+            
+            raise Exception(f"Evidence report file info not found (HTTP {status_code}): {error_message}")
+            
+        except Exception as e:
+            # Check if this is already our formatted exception
+            if "Evidence report file info not found" in str(e):
+                raise e
+            
+            # Handle HTTP client exceptions and format them consistently
+            error_str = str(e)
+            if "404" in error_str or "not found" in error_str.lower():
+                raise Exception(f"Evidence report file info not found (HTTP 404): No task(s) found by provided id(s)")
+            else:
+                raise Exception(f"Evidence report file info not found for endpoint {self.endpoint_id}, task {self.task_id}: {error_str}")
+
+
+class GetEvidenceReportQuery(Query[EvidenceReport]):
+    """Query to get case evidence report."""
+    
+    def __init__(self, http_client: HTTPClient, endpoint_id: str, task_id: str):
+        self.http_client = http_client
+        self.endpoint_id = endpoint_id
+        self.task_id = task_id
+    
+    def execute(self) -> EvidenceReport:
+        """Execute the get evidence report query."""
+        try:
+            # Use binary HTTP client for file downloads
+            response = self.http_client.get_binary(f"evidence/case/report/{self.endpoint_id}/{self.task_id}")
+            
+            # Extract content information
+            content_type = response.headers.get('Content-Type', 'application/octet-stream')
+            filename = response.headers.get('Content-Disposition')
+            if filename and 'filename=' in filename:
+                filename = filename.split('filename=')[1].strip('"')
+            else:
+                filename = f"report_{self.endpoint_id}_{self.task_id}"
+            
+            return EvidenceReport(
+                endpoint_id=self.endpoint_id,
+                task_id=self.task_id,
+                content=response.content,
+                content_type=content_type,
+                content_length=len(response.content) if response.content else 0,
+                filename=filename
+            )
+            
+        except Exception as e:
+            # Re-raise with more specific error information
+            error_str = str(e)
+            if "404" in error_str or "not found" in error_str.lower():
+                raise Exception(f"Evidence report not found (HTTP 404): No task(s) found by provided id(s)")
+            else:
+                raise Exception(f"Evidence report not found for endpoint {self.endpoint_id}, task {self.task_id}: {error_str}") 

binalyze_air/queries/evidences.py

@@ -0,0 +1,280 @@
+"""
+Evidences/Repositories-related queries for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional
+
+from ..base import Query
+from ..models.evidences import (
+    EvidenceRepository, AmazonS3Repository, AzureStorageRepository,
+    FTPSRepository, SFTPRepository, SMBRepository, RepositoryFilter
+)
+from ..http_client import HTTPClient
+
+
+class ListRepositoriesQuery(Query[List[EvidenceRepository]]):
+    """Query to list evidence repositories."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[RepositoryFilter] = None, organization_ids: Optional[List[int]] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params
+        self.organization_ids = organization_ids or [0]
+    
+    def execute(self) -> List[EvidenceRepository]:
+        """Execute the list repositories query."""
+        params = {}
+        if self.filter_params:
+            params = self.filter_params.to_params()
+        else:
+            # Add required organization IDs filter if no filter provided
+            params["filter[organizationIds]"] = ",".join(map(str, self.organization_ids))
+        
+        # Ensure consistent sorting to match API defaults
+        if "sortBy" not in params:
+            params["sortBy"] = "createdAt"
+        if "sortType" not in params:
+            params["sortType"] = "ASC"
+        
+        response = self.http_client.get("evidences/repositories", params=params)
+        
+        if response.get("success"):
+            repositories_data = response.get("result", {}).get("entities", [])
+            
+            # Use Pydantic parsing with proper field aliasing
+            repositories = []
+            for repo_data in repositories_data:
+                repositories.append(EvidenceRepository.model_validate(repo_data))
+            
+            return repositories
+        
+        return []
+
+
+class GetRepositoryQuery(Query[EvidenceRepository]):
+    """Query to get evidence repository by ID."""
+    
+    def __init__(self, http_client: HTTPClient, repository_id: str):
+        self.http_client = http_client
+        self.repository_id = repository_id
+    
+    def execute(self) -> EvidenceRepository:
+        """Execute the get repository query."""
+        response = self.http_client.get(f"evidences/repositories/{self.repository_id}")
+        
+        if response.get("success"):
+            repository_data = response.get("result", {})
+            
+            # Use Pydantic parsing with proper field aliasing
+            return EvidenceRepository.model_validate(repository_data)
+        
+        raise Exception(f"Evidence repository not found: {self.repository_id}")
+
+
+# Amazon S3 Repository Queries
+
+class ListAmazonS3RepositoriesQuery(Query[List[AmazonS3Repository]]):
+    """Query to list Amazon S3 repositories."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[RepositoryFilter] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params
+    
+    def execute(self) -> List[AmazonS3Repository]:
+        """Execute the list Amazon S3 repositories query."""
+        params = {}
+        if self.filter_params:
+            params = self.filter_params.model_dump(exclude_none=True)
+        
+        response = self.http_client.get("evidences/repositories/amazon-s3", params=params)
+        
+        if response.get("success"):
+            repositories_data = response.get("result", {}).get("entities", [])
+            return [AmazonS3Repository(**repo) for repo in repositories_data]
+        
+        return []
+
+
+class GetAmazonS3RepositoryQuery(Query[AmazonS3Repository]):
+    """Query to get Amazon S3 repository by ID."""
+    
+    def __init__(self, http_client: HTTPClient, repository_id: str):
+        self.http_client = http_client
+        self.repository_id = repository_id
+    
+    def execute(self) -> AmazonS3Repository:
+        """Execute the get Amazon S3 repository query."""
+        response = self.http_client.get(f"evidences/repositories/amazon-s3/{self.repository_id}")
+        
+        if response.get("success"):
+            repository_data = response.get("result", {})
+            return AmazonS3Repository(**repository_data)
+        
+        raise Exception(f"Amazon S3 repository not found: {self.repository_id}")
+
+
+# Azure Storage Repository Queries
+
+class ListAzureStorageRepositoriesQuery(Query[List[AzureStorageRepository]]):
+    """Query to list Azure Storage repositories."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[RepositoryFilter] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params
+    
+    def execute(self) -> List[AzureStorageRepository]:
+        """Execute the list Azure Storage repositories query."""
+        params = {}
+        if self.filter_params:
+            params = self.filter_params.model_dump(exclude_none=True)
+        
+        response = self.http_client.get("evidences/repositories/azure-storage", params=params)
+        
+        if response.get("success"):
+            repositories_data = response.get("result", {}).get("entities", [])
+            return [AzureStorageRepository(**repo) for repo in repositories_data]
+        
+        return []
+
+
+class GetAzureStorageRepositoryQuery(Query[AzureStorageRepository]):
+    """Query to get Azure Storage repository by ID."""
+    
+    def __init__(self, http_client: HTTPClient, repository_id: str):
+        self.http_client = http_client
+        self.repository_id = repository_id
+    
+    def execute(self) -> AzureStorageRepository:
+        """Execute the get Azure Storage repository query."""
+        response = self.http_client.get(f"evidences/repositories/azure-storage/{self.repository_id}")
+        
+        if response.get("success"):
+            repository_data = response.get("result", {})
+            return AzureStorageRepository(**repository_data)
+        
+        raise Exception(f"Azure Storage repository not found: {self.repository_id}")
+
+
+# FTPS Repository Queries
+
+class ListFTPSRepositoriesQuery(Query[List[FTPSRepository]]):
+    """Query to list FTPS repositories."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[RepositoryFilter] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params
+    
+    def execute(self) -> List[FTPSRepository]:
+        """Execute the list FTPS repositories query."""
+        params = {}
+        if self.filter_params:
+            params = self.filter_params.model_dump(exclude_none=True)
+        
+        response = self.http_client.get("evidences/repositories/ftps", params=params)
+        
+        if response.get("success"):
+            repositories_data = response.get("result", {}).get("entities", [])
+            return [FTPSRepository(**repo) for repo in repositories_data]
+        
+        return []
+
+
+class GetFTPSRepositoryQuery(Query[FTPSRepository]):
+    """Query to get FTPS repository by ID."""
+    
+    def __init__(self, http_client: HTTPClient, repository_id: str):
+        self.http_client = http_client
+        self.repository_id = repository_id
+    
+    def execute(self) -> FTPSRepository:
+        """Execute the get FTPS repository query."""
+        response = self.http_client.get(f"evidences/repositories/ftps/{self.repository_id}")
+        
+        if response.get("success"):
+            repository_data = response.get("result", {})
+            return FTPSRepository(**repository_data)
+        
+        raise Exception(f"FTPS repository not found: {self.repository_id}")
+
+
+# SFTP Repository Queries
+
+class ListSFTPRepositoriesQuery(Query[List[SFTPRepository]]):
+    """Query to list SFTP repositories."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[RepositoryFilter] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params
+    
+    def execute(self) -> List[SFTPRepository]:
+        """Execute the list SFTP repositories query."""
+        params = {}
+        if self.filter_params:
+            params = self.filter_params.model_dump(exclude_none=True)
+        
+        response = self.http_client.get("evidences/repositories/sftp", params=params)
+        
+        if response.get("success"):
+            repositories_data = response.get("result", {}).get("entities", [])
+            return [SFTPRepository(**repo) for repo in repositories_data]
+        
+        return []
+
+
+class GetSFTPRepositoryQuery(Query[SFTPRepository]):
+    """Query to get SFTP repository by ID."""
+    
+    def __init__(self, http_client: HTTPClient, repository_id: str):
+        self.http_client = http_client
+        self.repository_id = repository_id
+    
+    def execute(self) -> SFTPRepository:
+        """Execute the get SFTP repository query."""
+        response = self.http_client.get(f"evidences/repositories/sftp/{self.repository_id}")
+        
+        if response.get("success"):
+            repository_data = response.get("result", {})
+            return SFTPRepository(**repository_data)
+        
+        raise Exception(f"SFTP repository not found: {self.repository_id}")
+
+
+# SMB Repository Queries
+
+class ListSMBRepositoriesQuery(Query[List[SMBRepository]]):
+    """Query to list SMB repositories."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[RepositoryFilter] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params
+    
+    def execute(self) -> List[SMBRepository]:
+        """Execute the list SMB repositories query."""
+        params = {}
+        if self.filter_params:
+            params = self.filter_params.model_dump(exclude_none=True)
+        
+        response = self.http_client.get("evidences/repositories/smb", params=params)
+        
+        if response.get("success"):
+            repositories_data = response.get("result", {}).get("entities", [])
+            return [SMBRepository(**repo) for repo in repositories_data]
+        
+        return []
+
+
+class GetSMBRepositoryQuery(Query[SMBRepository]):
+    """Query to get SMB repository by ID."""
+    
+    def __init__(self, http_client: HTTPClient, repository_id: str):
+        self.http_client = http_client
+        self.repository_id = repository_id
+    
+    def execute(self) -> SMBRepository:
+        """Execute the get SMB repository query."""
+        response = self.http_client.get(f"evidences/repositories/smb/{self.repository_id}")
+        
+        if response.get("success"):
+            repository_data = response.get("result", {})
+            return SMBRepository(**repository_data)
+        
+        raise Exception(f"SMB repository not found: {self.repository_id}") 

binalyze_air/queries/interact.py

@@ -0,0 +1,28 @@
+"""
+Interact queries for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional
+
+from ..base import Query
+from ..models.interact import ShellInteraction
+from ..http_client import HTTPClient
+
+
+class GetShellInteractionQuery(Query[ShellInteraction]):
+    """Query to get a specific shell interaction."""
+    
+    def __init__(self, http_client: HTTPClient, interaction_id: str):
+        self.http_client = http_client
+        self.interaction_id = interaction_id
+    
+    def execute(self) -> ShellInteraction:
+        """Execute the query to get a specific shell interaction."""
+        response = self.http_client.get(f"interact/shell/{self.interaction_id}")
+        
+        if response.get("success"):
+            result_data = response.get("result", {})
+            # Use Pydantic parsing with proper field aliasing
+            return ShellInteraction.model_validate(result_data)
+        
+        raise Exception(f"Shell interaction not found: {self.interaction_id}") 

binalyze_air/queries/organizations.py

@@ -0,0 +1,223 @@
+"""
+Organization-related queries for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional
+
+from ..base import Query
+from ..models.organizations import (
+    Organization, OrganizationUser, OrganizationRole, OrganizationLicense,
+    OrganizationSettings, OrganizationFilter, OrganizationsPaginatedResponse,
+    FilterOption, OrganizationUsersPaginatedResponse, CheckOrganizationNameExistsResponse,
+    ShareableDeploymentInfoResponse
+)
+from ..http_client import HTTPClient
+
+
+class ListOrganizationsQuery(Query[OrganizationsPaginatedResponse]):
+    """Query to list organizations with optional filtering."""
+    
+    def __init__(self, http_client: HTTPClient, page: int = 1, page_size: int = 10, 
+                 sort_by: str = "name", order: str = "asc", filter_params: Optional[OrganizationFilter] = None):
+        self.http_client = http_client
+        self.page = page
+        self.page_size = page_size
+        self.sort_by = sort_by
+        self.order = order
+        self.filter_params = filter_params or OrganizationFilter()
+    
+    def execute(self) -> OrganizationsPaginatedResponse:
+        """Execute the query to list organizations with complete parameter support."""
+        # Build query parameters
+        params = {
+            "pageNumber": self.page,
+            "pageSize": self.page_size,
+            "sortBy": self.sort_by,
+            "sortType": self.order.upper(),  # ASC or DESC
+        }
+        
+        # Add filter parameters using proper API structure
+        filter_params = self.filter_params.to_params()
+        params.update(filter_params)
+        
+        response = self.http_client.get("organizations", params=params)
+        
+        result = response.get("result", {})
+        
+        # Use Pydantic model_validate for automatic field mapping
+        return OrganizationsPaginatedResponse.model_validate(result)
+
+
+class GetOrganizationQuery(Query[Organization]):
+    """Query to get a specific organization by ID."""
+    
+    def __init__(self, http_client: HTTPClient, organization_id: str):
+        self.http_client = http_client
+        self.organization_id = organization_id
+    
+    def execute(self) -> Organization:
+        """Execute the query to get organization details."""
+        response = self.http_client.get(f"organizations/{self.organization_id}")
+        
+        entity_data = response.get("result", {})
+        
+        # Use Pydantic model_validate for automatic field mapping via aliases
+        return Organization.model_validate(entity_data)
+
+
+class GetOrganizationUsersQuery(Query[OrganizationUsersPaginatedResponse]):
+    """Query to get users for a specific organization with complete field mapping."""
+    
+    def __init__(self, http_client: HTTPClient, organization_id: str, page: int = 1, page_size: int = 10):
+        self.http_client = http_client
+        self.organization_id = organization_id
+        self.page = page
+        self.page_size = page_size
+    
+    def execute(self) -> OrganizationUsersPaginatedResponse:
+        """Execute the query to get organization users with complete field mapping."""
+        # Add pagination parameters
+        params = {
+            "pageNumber": self.page,
+            "pageSize": self.page_size
+        }
+        
+        response = self.http_client.get(f"organizations/{self.organization_id}/users", params=params)
+        
+        result = response.get("result", {})
+        
+        # Use Pydantic model_validate for automatic field mapping
+        return OrganizationUsersPaginatedResponse.model_validate(result)
+
+
+class CheckOrganizationNameExistsQuery(Query[CheckOrganizationNameExistsResponse]):
+    """Query to check if an organization name exists."""
+    
+    def __init__(self, http_client: HTTPClient, name: str):
+        self.http_client = http_client
+        self.name = name
+    
+    def execute(self) -> CheckOrganizationNameExistsResponse:
+        """Execute the query to check organization name availability."""
+        params = {"name": self.name}
+        
+        response = self.http_client.get("organizations/check", params=params)
+        
+        # Use Pydantic model_validate for automatic field mapping
+        return CheckOrganizationNameExistsResponse.model_validate(response)
+
+
+class GetShareableDeploymentInfoQuery(Query[ShareableDeploymentInfoResponse]):
+    """Query to get shareable deployment information by token."""
+    
+    def __init__(self, http_client: HTTPClient, token: str):
+        self.http_client = http_client
+        self.token = token
+    
+    def execute(self) -> ShareableDeploymentInfoResponse:
+        """Execute the query to get shareable deployment information."""
+        params = {"token": self.token}
+        
+        response = self.http_client.get("organizations/shareable-deployment", params=params)
+        
+        # Use Pydantic model_validate for automatic field mapping
+        return ShareableDeploymentInfoResponse.model_validate(response)
+
+
+class GetOrganizationRolesQuery(Query[List[OrganizationRole]]):
+    """Query to get roles for a specific organization."""
+    
+    def __init__(self, http_client: HTTPClient, organization_id: str):
+        self.http_client = http_client
+        self.organization_id = organization_id
+    
+    def execute(self) -> List[OrganizationRole]:
+        """Execute the query to get organization roles."""
+        response = self.http_client.get(f"organizations/{self.organization_id}/roles")
+        
+        entities = response.get("result", {}).get("entities", [])
+        
+        roles = []
+        for entity_data in entities:
+            mapped_data = {
+                "id": entity_data.get("_id"),
+                "name": entity_data.get("name"),
+                "description": entity_data.get("description"),
+                "organization_id": entity_data.get("organizationId"),
+                "permissions": entity_data.get("permissions", []),
+                "created_at": entity_data.get("createdAt"),
+                "updated_at": entity_data.get("updatedAt"),
+                "created_by": entity_data.get("createdBy"),
+                "is_system": entity_data.get("isSystem", False),
+                "user_count": entity_data.get("userCount", 0),
+            }
+            
+            # Remove None values
+            mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
+            
+            roles.append(OrganizationRole(**mapped_data))
+        
+        return roles
+
+
+class GetOrganizationLicensesQuery(Query[List[OrganizationLicense]]):
+    """Query to get licenses for a specific organization."""
+    
+    def __init__(self, http_client: HTTPClient, organization_id: str):
+        self.http_client = http_client
+        self.organization_id = organization_id
+    
+    def execute(self) -> List[OrganizationLicense]:
+        """Execute the query to get organization licenses."""
+        response = self.http_client.get(f"organizations/{self.organization_id}/licenses")
+        
+        entities = response.get("result", {}).get("entities", [])
+        
+        licenses = []
+        for entity_data in entities:
+            mapped_data = {
+                "id": entity_data.get("_id"),
+                "organization_id": entity_data.get("organizationId"),
+                "license_type": entity_data.get("licenseType"),
+                "total_licenses": entity_data.get("totalLicenses", 0),
+                "used_licenses": entity_data.get("usedLicenses", 0),
+                "valid_from": entity_data.get("validFrom"),
+                "valid_until": entity_data.get("validUntil"),
+                "features": entity_data.get("features", []),
+                "is_active": entity_data.get("isActive", True),
+            }
+            
+            # Remove None values
+            mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
+            
+            licenses.append(OrganizationLicense(**mapped_data))
+        
+        return licenses
+
+
+class GetOrganizationSettingsQuery(Query[OrganizationSettings]):
+    """Query to get settings for a specific organization."""
+    
+    def __init__(self, http_client: HTTPClient, organization_id: str):
+        self.http_client = http_client
+        self.organization_id = organization_id
+    
+    def execute(self) -> OrganizationSettings:
+        """Execute the query to get organization settings."""
+        response = self.http_client.get(f"organizations/{self.organization_id}/settings")
+        
+        entity_data = response.get("result", {})
+        
+        mapped_data = {
+            "organization_id": entity_data.get("organizationId"),
+            "retention_policy": entity_data.get("retentionPolicy", {}),
+            "security_settings": entity_data.get("securitySettings", {}),
+            "notification_settings": entity_data.get("notificationSettings", {}),
+            "api_settings": entity_data.get("apiSettings", {}),
+            "custom_settings": entity_data.get("customSettings", {}),
+        }
+        
+        # Remove None values
+        mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
+        
+        return OrganizationSettings(**mapped_data)