binalyze-air-sdk 1.0.1__py3-none-any.whl

binalyze_air/queries/params.py

@@ -0,0 +1,115 @@
+"""
+Params queries for the Binalyze AIR SDK.
+"""
+
+from typing import List, Dict, Any, Union
+
+from ..base import Query
+from ..models.params import (
+    AcquisitionArtifact, EDiscoveryPattern, AcquisitionEvidence, DroneAnalyzer,
+    AcquisitionArtifactsResponse, EDiscoveryCategory, AcquisitionEvidencesResponse
+)
+from ..http_client import HTTPClient
+
+
+class GetAcquisitionArtifactsQuery(Query[List[AcquisitionArtifact]]):
+    """Query to get acquisition artifacts."""
+    
+    def __init__(self, http_client: HTTPClient):
+        self.http_client = http_client
+    
+    def execute(self) -> List[AcquisitionArtifact]:
+        """Execute the query to get acquisition artifacts."""
+        response: Dict[str, Any] = self.http_client.get("params/acquisition/artifacts")
+        
+        # Parse using Pydantic models
+        artifacts_response = AcquisitionArtifactsResponse.model_validate(response)
+        
+        # Flatten the structure into a single list
+        all_artifacts = []
+        
+        # Process all platforms
+        for platform_name, groups in [
+            ("windows", artifacts_response.windows),
+            ("linux", artifacts_response.linux),
+            ("macos", artifacts_response.macos),
+            ("aix", artifacts_response.aix)
+        ]:
+            for group in groups:
+                for artifact in group.items:
+                    artifact.group = group.group
+                    artifact.platform = platform_name
+                    all_artifacts.append(artifact)
+        
+        return all_artifacts
+
+
+class GetEDiscoveryPatternsQuery(Query[List[EDiscoveryPattern]]):
+    """Query to get e-discovery patterns."""
+    
+    def __init__(self, http_client: HTTPClient):
+        self.http_client = http_client
+    
+    def execute(self) -> List[EDiscoveryPattern]:
+        """Execute the query to get e-discovery patterns."""
+        response = self.http_client.get("params/acquisition/e-discovery-patterns")
+        
+        # Parse using Pydantic models
+        categories = [EDiscoveryCategory.model_validate(item) for item in response]
+        
+        # Flatten the structure into a single list
+        all_patterns = []
+        for category in categories:
+            for pattern in category.applications:
+                pattern.category = category.category
+                all_patterns.append(pattern)
+        
+        return all_patterns
+
+
+class GetAcquisitionEvidencesQuery(Query[List[AcquisitionEvidence]]):
+    """Query to get acquisition evidences."""
+    
+    def __init__(self, http_client: HTTPClient):
+        self.http_client = http_client
+    
+    def execute(self) -> List[AcquisitionEvidence]:
+        """Execute the query to get acquisition evidences."""
+        response: Dict[str, Any] = self.http_client.get("params/acquisition/evidences")
+        
+        # Parse using Pydantic models
+        evidences_response = AcquisitionEvidencesResponse.model_validate(response)
+        
+        # Flatten the structure into a single list
+        all_evidences = []
+        
+        # Process all platforms
+        for platform_name, groups in [
+            ("windows", evidences_response.windows),
+            ("linux", evidences_response.linux),
+            ("macos", evidences_response.macos),
+            ("aix", evidences_response.aix)
+        ]:
+            for group in groups:
+                for evidence in group.items:
+                    evidence.group = group.group
+                    evidence.platform = platform_name
+                    all_evidences.append(evidence)
+        
+        return all_evidences
+
+
+class GetDroneAnalyzersQuery(Query[List[DroneAnalyzer]]):
+    """Query to get drone analyzers."""
+    
+    def __init__(self, http_client: HTTPClient):
+        self.http_client = http_client
+    
+    def execute(self) -> List[DroneAnalyzer]:
+        """Execute the query to get drone analyzers."""
+        response = self.http_client.get("params/drone/analyzers")
+        
+        # Parse using Pydantic models with automatic field mapping
+        analyzers = [DroneAnalyzer.model_validate(item) for item in response]
+        
+        return analyzers 

binalyze_air/queries/policies.py

@@ -0,0 +1,150 @@
+"""
+Policy-related queries for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional
+
+from ..base import Query
+from ..models.policies import (
+    Policy, PolicyFilter, PolicyAssignment, PolicyExecution,
+    PolicyRule, PolicyCondition, PolicyAction,
+    PoliciesPaginatedResponse, PolicyMatchStats
+)
+from ..http_client import HTTPClient
+
+
+class ListPoliciesQuery(Query[PoliciesPaginatedResponse]):
+    """Query to list policies with optional filtering."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[PolicyFilter] = None, organization_ids: Optional[List[int]] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params or PolicyFilter()
+        
+        # Fix API-001: Ensure organizationIds are always provided to prevent 500 error
+        if organization_ids is None or len(organization_ids) == 0:
+            self.organization_ids = [0]  # Default to organization 0
+        else:
+            self.organization_ids = organization_ids
+    
+    def execute(self) -> PoliciesPaginatedResponse:
+        """Execute the query to list policies."""
+        # Validate organization_ids before making API call
+        if not self.organization_ids or len(self.organization_ids) == 0:
+            from ..exceptions import ValidationError
+            raise ValidationError(
+                "organizationIds parameter is required for listing policies. "
+                "Please provide at least one organization ID."
+            )
+        
+        params = self.filter_params.to_params()
+        
+        # Add organization IDs
+        params["filter[organizationIds]"] = ",".join(map(str, self.organization_ids))
+        
+        response = self.http_client.get("policies", params=params)
+        
+        # Parse using Pydantic models with automatic field mapping
+        return PoliciesPaginatedResponse.model_validate(response.get("result", {}))
+
+
+class GetPolicyQuery(Query[Policy]):
+    """Query to get a specific policy by ID."""
+    
+    def __init__(self, http_client: HTTPClient, policy_id: str):
+        self.http_client = http_client
+        self.policy_id = policy_id
+    
+    def execute(self) -> Policy:
+        """Execute the query to get policy details."""
+        response = self.http_client.get(f"policies/{self.policy_id}")
+        
+        # Parse using Pydantic models with automatic field mapping
+        return Policy.model_validate(response.get("result", {}))
+
+
+class GetPolicyAssignmentsQuery(Query[List[PolicyAssignment]]):
+    """Query to get policy assignments."""
+    
+    def __init__(self, http_client: HTTPClient, policy_id: str):
+        self.http_client = http_client
+        self.policy_id = policy_id
+    
+    def execute(self) -> List[PolicyAssignment]:
+        """Execute the query to get policy assignments."""
+        response = self.http_client.get(f"policies/{self.policy_id}/assignments")
+        
+        entities = response.get("result", {}).get("entities", [])
+        
+        assignments = []
+        for entity_data in entities:
+            mapped_data = {
+                "id": entity_data.get("_id"),
+                "policy_id": entity_data.get("policyId"),
+                "endpoint_id": entity_data.get("endpointId"),
+                "assigned_at": entity_data.get("assignedAt"),
+                "assigned_by": entity_data.get("assignedBy"),
+                "status": entity_data.get("status", "active"),
+            }
+            
+            # Remove None values
+            mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
+            
+            assignments.append(PolicyAssignment(**mapped_data))
+        
+        return assignments
+
+
+class GetPolicyExecutionsQuery(Query[List[PolicyExecution]]):
+    """Query to get policy execution history."""
+    
+    def __init__(self, http_client: HTTPClient, policy_id: str, limit: Optional[int] = None):
+        self.http_client = http_client
+        self.policy_id = policy_id
+        self.limit = limit
+    
+    def execute(self) -> List[PolicyExecution]:
+        """Execute the query to get policy executions."""
+        params = {}
+        if self.limit:
+            params["limit"] = str(self.limit)
+        
+        response = self.http_client.get(f"policies/{self.policy_id}/executions", params=params)
+        
+        entities = response.get("result", {}).get("entities", [])
+        
+        executions = []
+        for entity_data in entities:
+            mapped_data = {
+                "id": entity_data.get("_id"),
+                "policy_id": entity_data.get("policyId"),
+                "endpoint_id": entity_data.get("endpointId"),
+                "executed_at": entity_data.get("executedAt"),
+                "status": entity_data.get("status"),
+                "result": entity_data.get("result", {}),
+                "errors": entity_data.get("errors", []),
+                "duration": entity_data.get("duration"),
+            }
+            
+            # Remove None values
+            mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
+            
+            executions.append(PolicyExecution(**mapped_data))
+        
+        return executions
+
+
+class GetPolicyMatchStatsQuery(Query[PolicyMatchStats]):
+    """Query to get policy match statistics."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[PolicyFilter] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params or PolicyFilter()
+    
+    def execute(self) -> PolicyMatchStats:
+        """Execute the query to get policy match statistics."""
+        params = self.filter_params.to_params()
+        
+        response = self.http_client.get("policies/match-stats", params=params)
+        
+        # Parse using Pydantic models with automatic field mapping
+        return PolicyMatchStats.model_validate(response.get("result", {})) 

binalyze_air/queries/settings.py

@@ -0,0 +1,20 @@
+"""
+Settings queries for the Binalyze AIR SDK.
+"""
+
+from ..base import Query
+from ..models.settings import BannerSettings
+from ..http_client import HTTPClient
+
+
+class GetBannerSettingsQuery(Query[BannerSettings]):
+    """Query to get banner settings."""
+    
+    def __init__(self, http_client: HTTPClient):
+        self.http_client = http_client
+    
+    def execute(self) -> BannerSettings:
+        """Execute the query to get banner settings."""
+        response = self.http_client.get("settings/banner")
+        
+        return BannerSettings(**response.get("result", {})) 

binalyze_air/queries/tasks.py

@@ -0,0 +1,82 @@
+"""
+Task-related queries for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional
+
+from ..base import Query
+from ..models.tasks import Task, TaskFilter, TaskData, PlatformEvidenceConfig, TaskConfig, DroneConfig, TaskAssignment
+from ..http_client import HTTPClient
+
+
+class ListTasksQuery(Query[List[Task]]):
+    """Query to list tasks with optional filtering."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[TaskFilter] = None, organization_ids: Optional[List[int]] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params or TaskFilter()
+        self.organization_ids = organization_ids or [0]
+    
+    def execute(self) -> List[Task]:
+        """Execute the query to list tasks."""
+        params = self.filter_params.to_params()
+        
+        # Add organization IDs
+        params["filter[organizationIds]"] = ",".join(map(str, self.organization_ids))
+        
+        # Ensure consistent sorting to match API defaults
+        if "sortBy" not in params:
+            params["sortBy"] = "createdAt"
+        if "sortType" not in params:
+            params["sortType"] = "ASC"
+        
+        response = self.http_client.get("tasks", params=params)
+        
+        entities = response.get("result", {}).get("entities", [])
+        
+        # Use Pydantic parsing with proper field aliasing
+        tasks = []
+        for entity_data in entities:
+            task = Task.model_validate(entity_data)
+            tasks.append(task)
+        
+        return tasks
+
+
+class GetTaskQuery(Query[Task]):
+    """Query to get a specific task by ID."""
+    
+    def __init__(self, http_client: HTTPClient, task_id: str):
+        self.http_client = http_client
+        self.task_id = task_id
+    
+    def execute(self) -> Task:
+        """Execute the query to get a task."""
+        response = self.http_client.get(f"tasks/{self.task_id}")
+        
+        task_data = response.get("result", {})
+        
+        # Use Pydantic parsing with proper field aliasing
+        return Task.model_validate(task_data)
+
+
+class GetTaskAssignmentsQuery(Query[List[TaskAssignment]]):
+    """Query to get task assignments for a specific task."""
+    
+    def __init__(self, http_client: HTTPClient, task_id: str):
+        self.http_client = http_client
+        self.task_id = task_id
+    
+    def execute(self) -> List[TaskAssignment]:
+        """Execute the query to get task assignments."""
+        response = self.http_client.get(f"tasks/{self.task_id}/assignments")
+        
+        entities = response.get("result", {}).get("entities", [])
+        
+        # Use Pydantic parsing with proper field aliasing
+        assignments = []
+        for entity_data in entities:
+            assignment = TaskAssignment.model_validate(entity_data)
+            assignments.append(assignment)
+        
+        return assignments 

binalyze_air/queries/triage.py

@@ -0,0 +1,231 @@
+"""
+Triage-related queries for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional, Dict, Any
+
+from ..base import Query
+from ..models.triage import (
+    TriageRule, TriageTag, TriageFilter, TriageRuleType, TriageSeverity, TriageStatus
+)
+from ..http_client import HTTPClient
+
+
+class ListTriageRulesQuery(Query[List[TriageRule]]):
+    """Query to list triage rules with optional filtering."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[TriageFilter] = None, organization_ids: Optional[List[int]] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params or TriageFilter()
+        self.organization_ids = organization_ids or [0]
+    
+    def execute(self) -> List[TriageRule]:
+        """Execute the query to list triage rules."""
+        params = self.filter_params.to_params()
+        
+        # Add organization IDs
+        params["filter[organizationIds]"] = ",".join(map(str, self.organization_ids))
+        
+        response = self.http_client.get("triages/rules", params=params)
+        
+        entities = response.get("result", {}).get("entities", [])
+        
+        rules = []
+        for entity_data in entities:
+            mapped_data = {
+                "id": entity_data.get("_id"),
+                "name": entity_data.get("description", ""),  # Use description as name
+                "description": entity_data.get("description"),
+                "type": entity_data.get("engine", "yara"),  # Use engine as type
+                "rule_content": entity_data.get("rule", ""),  # Try "rule" field
+                "enabled": entity_data.get("enabled", True),
+                "severity": entity_data.get("severity", "medium"),
+                "tags": entity_data.get("tags", []),
+                "search_in": entity_data.get("searchIn"),  # Map searchIn field
+                "organization_id": entity_data.get("organizationId", 0),
+                "organization_ids": entity_data.get("organizationIds", []),  # Map organizationIds array
+                "created_at": entity_data.get("createdAt"),
+                "updated_at": entity_data.get("updatedAt"),
+                "created_by": entity_data.get("createdBy", "Unknown"),
+                "updated_by": entity_data.get("updatedBy"),
+                "match_count": entity_data.get("matchCount", 0),
+                "last_match": entity_data.get("lastMatch"),
+                "deletable": entity_data.get("deletable"),  # Map deletable field
+            }
+            
+            # Remove None values
+            mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
+            
+            rules.append(TriageRule(**mapped_data))
+        
+        return rules
+
+
+class GetTriageRuleQuery(Query[TriageRule]):
+    """Query to get a specific triage rule by ID."""
+    
+    def __init__(self, http_client: HTTPClient, rule_id: str):
+        self.http_client = http_client
+        self.rule_id = rule_id
+    
+    def execute(self) -> TriageRule:
+        """Execute the query to get triage rule details."""
+        response = self.http_client.get(f"triages/rules/{self.rule_id}")
+        
+        entity_data = response.get("result", {})
+        
+        mapped_data = {
+            "id": entity_data.get("_id"),
+            "name": entity_data.get("description", ""),  # Use description as name
+            "description": entity_data.get("description"),
+            "type": entity_data.get("engine", "yara"),  # Use engine as type
+            "rule_content": entity_data.get("rule", ""),  # Try "rule" field
+            "enabled": entity_data.get("enabled", True),
+            "severity": entity_data.get("severity", "medium"),
+            "tags": entity_data.get("tags", []),
+            "search_in": entity_data.get("searchIn"),  # Map searchIn field
+            "organization_id": entity_data.get("organizationId", 0),
+            "organization_ids": entity_data.get("organizationIds", []),  # Map organizationIds array
+            "created_at": entity_data.get("createdAt"),
+            "updated_at": entity_data.get("updatedAt"),
+            "created_by": entity_data.get("createdBy", "Unknown"),
+            "updated_by": entity_data.get("updatedBy"),
+            "match_count": entity_data.get("matchCount", 0),
+            "last_match": entity_data.get("lastMatch"),
+            "deletable": entity_data.get("deletable"),  # Map deletable field
+        }
+        
+        # Remove None values
+        mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
+        
+        return TriageRule(**mapped_data)
+
+
+class GetTriageResultsQuery(Query[Dict[str, Any]]):
+    """Query to get triage results for a specific task or rule."""
+    
+    def __init__(self, http_client: HTTPClient, task_id: Optional[str] = None, rule_id: Optional[str] = None):
+        self.http_client = http_client
+        self.task_id = task_id
+        self.rule_id = rule_id
+    
+    def execute(self) -> Dict[str, Any]:
+        """Execute the query to get triage results."""
+        params = {}
+        
+        if self.task_id:
+            params["taskId"] = self.task_id
+        if self.rule_id:
+            params["ruleId"] = self.rule_id
+        
+        response = self.http_client.get("triages/results", params=params)
+        return response.get("result", {})
+
+
+class GetTriageMatchesQuery(Query[Dict[str, Any]]):
+    """Query to get triage matches for analysis."""
+    
+    def __init__(self, http_client: HTTPClient, endpoint_id: str, task_id: str):
+        self.http_client = http_client
+        self.endpoint_id = endpoint_id
+        self.task_id = task_id
+    
+    def execute(self) -> Dict[str, Any]:
+        """Execute the query to get triage matches."""
+        params = {
+            "endpointId": self.endpoint_id,
+            "taskId": self.task_id
+        }
+        
+        response = self.http_client.get("triages/matches", params=params)
+        return response.get("result", {})
+
+
+class ListTriageTagsQuery(Query[List[TriageTag]]):
+    """Query to list triage tags."""
+    
+    def __init__(self, http_client: HTTPClient, organization_id: Optional[int] = None):
+        self.http_client = http_client
+        self.organization_id = organization_id or 0
+    
+    def execute(self) -> List[TriageTag]:
+        """Execute the query to list triage tags."""
+        # Use singular organizationId as per API documentation
+        params = {"filter[organizationId]": str(self.organization_id)}
+        
+        response = self.http_client.get("triages/tags", params=params)
+        
+        # Handle different response formats: direct list or wrapped in result
+        if isinstance(response, list):
+            # Direct list response format
+            entities = response
+        elif isinstance(response, dict):
+            # Wrapped response format - check if result is list or dict
+            result_data = response.get("result", [])
+            if isinstance(result_data, list):
+                # result is a direct list of entities
+                entities = result_data
+            elif isinstance(result_data, dict):
+                # result is a dict with entities inside
+                entities = result_data.get("entities", [])
+            else:
+                entities = []
+                
+            # Fallback: if no entities found, try direct entities field
+            if not entities and "entities" in response:
+                entities = response.get("entities", [])
+        else:
+            # Unknown format
+            entities = []
+        
+        tags = []
+        for entity_data in entities:
+            # Ensure entity_data is a dictionary
+            if not isinstance(entity_data, dict):
+                continue
+                
+            mapped_data = {
+                "id": entity_data.get("id") or entity_data.get("_id"),  # Handle both id and _id
+                "name": entity_data.get("name"),
+                "description": entity_data.get("description"),
+                "color": entity_data.get("color", "#3498db"),
+                "created_at": entity_data.get("createdAt"),
+                "created_by": entity_data.get("createdBy", "Unknown"),  # Provide default for required field
+                "organization_id": entity_data.get("organizationId", 0),
+                "usage_count": entity_data.get("usageCount") or entity_data.get("count", 0),  # Handle both count and usageCount
+            }
+            
+            # Remove None values but keep defaults for required fields
+            mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
+            
+            tags.append(TriageTag(**mapped_data))
+        
+        return tags
+
+
+class ListTriageProfilesQuery(Query[List[Dict[str, Any]]]):
+    """Query to list triage profiles."""
+    
+    def __init__(self, http_client: HTTPClient, organization_id: Optional[int] = None):
+        self.http_client = http_client
+        self.organization_id = organization_id or 0
+    
+    def execute(self) -> List[Dict[str, Any]]:
+        """Execute the query to list triage profiles."""
+        params = {"filter[organizationId]": str(self.organization_id)}
+        
+        response = self.http_client.get("triages/profiles", params=params)
+        return response.get("result", {}).get("entities", [])
+
+
+class GetTriageProfileQuery(Query[Dict[str, Any]]):
+    """Query to get a specific triage profile by ID."""
+    
+    def __init__(self, http_client: HTTPClient, profile_id: str):
+        self.http_client = http_client
+        self.profile_id = profile_id
+    
+    def execute(self) -> Dict[str, Any]:
+        """Execute the query to get triage profile details."""
+        response = self.http_client.get(f"triages/profiles/{self.profile_id}")
+        return response.get("result", {}) 

binalyze_air/queries/user_management.py

@@ -0,0 +1,83 @@
+"""
+User Management-related queries for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional
+
+from ..base import Query
+from ..models.user_management import UserManagementUser, AIUser, APIUser, UserFilter
+from ..http_client import HTTPClient
+
+
+class ListUsersQuery(Query[List[UserManagementUser]]):
+    """Query to list users."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[UserFilter] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params
+    
+    def execute(self) -> List[UserManagementUser]:
+        """Execute the list users query."""
+        params = {}
+        if self.filter_params:
+            params = self.filter_params.model_dump(exclude_none=True)
+        
+        response = self.http_client.get("user-management/users", params=params)
+        
+        if response.get("success"):
+            users_data = response.get("result", {}).get("entities", [])
+            return [UserManagementUser(**user) for user in users_data]
+        
+        return []
+
+
+class GetUserQuery(Query[UserManagementUser]):
+    """Query to get user by ID."""
+    
+    def __init__(self, http_client: HTTPClient, user_id: str):
+        self.http_client = http_client
+        self.user_id = user_id
+    
+    def execute(self) -> UserManagementUser:
+        """Execute the get user query."""
+        response = self.http_client.get(f"user-management/users/{self.user_id}")
+        
+        if response.get("success"):
+            user_data = response.get("result", {})
+            return UserManagementUser(**user_data)
+        
+        raise Exception(f"User not found: {self.user_id}")
+
+
+class GetAIUserQuery(Query[AIUser]):
+    """Query to get AI user."""
+    
+    def __init__(self, http_client: HTTPClient):
+        self.http_client = http_client
+    
+    def execute(self) -> AIUser:
+        """Execute the get AI user query."""
+        response = self.http_client.get("user-management/users/ai-user")
+        
+        if response.get("success"):
+            ai_user_data = response.get("result", {})
+            return AIUser(**ai_user_data)
+        
+        raise Exception("AI user not found")
+
+
+class GetAPIUserQuery(Query[APIUser]):
+    """Query to get API user."""
+    
+    def __init__(self, http_client: HTTPClient):
+        self.http_client = http_client
+    
+    def execute(self) -> APIUser:
+        """Execute the get API user query."""
+        response = self.http_client.get("user-management/users/api-user")
+        
+        if response.get("success"):
+            api_user_data = response.get("result", {})
+            return APIUser(**api_user_data)
+        
+        raise Exception("API user not found")