binalyze-air-sdk 1.0.2__py3-none-any.whl → 1.0.3__py3-none-any.whl

binalyze_air/queries/cloud_forensics.py

@@ -0,0 +1,137 @@
+"""
+Cloud Forensics queries for the Binalyze AIR SDK.
+"""
+
+from typing import Optional, Dict, Any
+
+from ..base import Query
+from ..models.cloud_forensics import (
+    CloudAccount, CloudAccountsPaginatedResponse, CloudAccountFilter,
+    CloudAccountSyncResult, CloudVendorSyncResult, CloudVendor
+)
+from ..http_client import HTTPClient
+
+
+class ListCloudAccountsQuery(Query[CloudAccountsPaginatedResponse]):
+    """Query to list cloud accounts with optional filtering."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[CloudAccountFilter] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params or CloudAccountFilter()
+    
+    def execute(self) -> CloudAccountsPaginatedResponse:
+        """Execute the query."""
+        params = {}
+        
+        # Add pagination parameters
+        if self.filter_params.page_size is not None:
+            params["pageSize"] = self.filter_params.page_size
+        if self.filter_params.page_number is not None:
+            params["pageNumber"] = self.filter_params.page_number
+        if self.filter_params.sort_type is not None:
+            params["sortType"] = self.filter_params.sort_type
+        if self.filter_params.sort_by is not None:
+            params["sortBy"] = self.filter_params.sort_by
+        
+        # Add required filter parameters (API requires these)
+        # Default to AWS and organization ID 0 if not specified
+        cloud_vendor = self.filter_params.cloud_vendor or CloudVendor.AWS
+        # Handle both enum and string values - FIXED
+        if hasattr(cloud_vendor, 'value'):
+            params["filter[cloudVendor]"] = cloud_vendor.value
+        else:
+            params["filter[cloudVendor]"] = cloud_vendor
+        
+        organization_ids = self.filter_params.organization_ids or [0]
+        params["filter[organizationIds]"] = ",".join(map(str, organization_ids))
+        
+        # Add optional filter parameters
+        if self.filter_params.search_term is not None:
+            params["filter[searchTerm]"] = self.filter_params.search_term
+        if self.filter_params.status is not None:
+            # Handle both enum and string values - FIXED
+            if hasattr(self.filter_params.status, 'value'):
+                params["filter[status]"] = self.filter_params.status.value
+            else:
+                params["filter[status]"] = self.filter_params.status
+        
+        response = self.http_client.get("cloud-forensics/accounts", params=params)
+        return CloudAccountsPaginatedResponse(**response["result"])
+
+
+class GetCloudAccountQuery(Query[CloudAccount]):
+    """Query to get a specific cloud account by ID."""
+    
+    def __init__(self, http_client: HTTPClient, account_id: str):
+        self.http_client = http_client
+        self.account_id = account_id
+    
+    def execute(self) -> CloudAccount:
+        """Execute the query."""
+        response = self.http_client.get(f"cloud-forensics/accounts/{self.account_id}")
+        return CloudAccount(**response["result"])
+
+
+class ExportCloudAccountsQuery(Query[Dict[str, Any]]):
+    """Query to export cloud accounts data."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[CloudAccountFilter] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params or CloudAccountFilter()
+    
+    def execute(self) -> Dict[str, Any]:
+        """Execute the query."""
+        params = {}
+        
+        # Add required filter parameters (API requires these)
+        # Default to AWS and organization ID 0 if not specified
+        cloud_vendor = self.filter_params.cloud_vendor or CloudVendor.AWS
+        # Handle both enum and string values - FIXED
+        if hasattr(cloud_vendor, 'value'):
+            params["filter[cloudVendor]"] = cloud_vendor.value
+        else:
+            params["filter[cloudVendor]"] = cloud_vendor
+        
+        organization_ids = self.filter_params.organization_ids or [0]
+        params["filter[organizationIds]"] = ",".join(map(str, organization_ids))
+        
+        # Add optional filter parameters for export
+        if self.filter_params.search_term is not None:
+            params["filter[searchTerm]"] = self.filter_params.search_term
+        if self.filter_params.status is not None:
+            # Handle both enum and string values - FIXED
+            if hasattr(self.filter_params.status, 'value'):
+                params["filter[status]"] = self.filter_params.status.value
+            else:
+                params["filter[status]"] = self.filter_params.status
+        
+        response = self.http_client.get("cloud-forensics/accounts/export", params=params)
+        return response
+
+
+class SyncCloudAccountQuery(Query[CloudAccountSyncResult]):
+    """Query to sync a specific cloud account by ID."""
+    
+    def __init__(self, http_client: HTTPClient, account_id: str):
+        self.http_client = http_client
+        self.account_id = account_id
+    
+    def execute(self) -> CloudAccountSyncResult:
+        """Execute the query."""
+        response = self.http_client.get(f"cloud-forensics/accounts/sync/{self.account_id}")
+        return CloudAccountSyncResult(**response["result"])
+
+
+class SyncCloudAccountsByVendorQuery(Query[CloudVendorSyncResult]):
+    """Query to sync all cloud accounts by vendor."""
+    
+    def __init__(self, http_client: HTTPClient, cloud_vendor: CloudVendor):
+        self.http_client = http_client
+        self.cloud_vendor = cloud_vendor
+    
+    def execute(self) -> CloudVendorSyncResult:
+        """Execute the query."""
+        response = self.http_client.get(f"cloud-forensics/accounts/sync/{self.cloud_vendor.value}/all")
+        # Handle case where result might be None
+        result_data = response.get("result") or {}
+        return CloudVendorSyncResult(**result_data) 

binalyze_air/queries/event_subscription.py

@@ -1,55 +1,55 @@
-"""
-Event Subscription queries for the Binalyze AIR SDK.
-"""
-
-from typing import List, Optional
-
-from ..base import Query
-from ..models.event_subscription import EventSubscription, EventSubscriptionFilter
-from ..http_client import HTTPClient
-
-
-class ListEventSubscriptionsQuery(Query[List[EventSubscription]]):
-    """Query to list event subscriptions."""
-    
-    def __init__(self, http_client: HTTPClient, filter_params: Optional[EventSubscriptionFilter] = None):
-        self.http_client = http_client
-        self.filter_params = filter_params or EventSubscriptionFilter()
-    
-    def execute(self) -> List[EventSubscription]:
-        """Execute the query to get event subscriptions."""
-        params = self.filter_params.to_params()
-        response = self.http_client.get("event-subscription", params=params)
-        
-        entities = response.get("result", {}).get("entities", [])
-        
-        # Use Pydantic parsing with proper field aliasing
-        subscriptions = []
-        for item in entities:
-            # Convert id to string as Pydantic expects
-            if "id" in item:
-                item["id"] = str(item["id"])
-            subscriptions.append(EventSubscription.model_validate(item))
-        
-        return subscriptions
-
-
-class GetEventSubscriptionQuery(Query[EventSubscription]):
-    """Query to get a specific event subscription."""
-    
-    def __init__(self, http_client: HTTPClient, subscription_id: str):
-        self.http_client = http_client
-        self.subscription_id = subscription_id
-    
-    def execute(self) -> EventSubscription:
-        """Execute the query to get a specific event subscription."""
-        response = self.http_client.get(f"event-subscription/{self.subscription_id}")
-        
-        entity_data = response.get("result", {})
-        
-        # Convert id to string as Pydantic expects
-        if "id" in entity_data:
-            entity_data["id"] = str(entity_data["id"])
-        
-        # Use Pydantic parsing with proper field aliasing
+"""
+Event Subscription queries for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional
+
+from ..base import Query
+from ..models.event_subscription import EventSubscription, EventSubscriptionFilter
+from ..http_client import HTTPClient
+
+
+class ListEventSubscriptionsQuery(Query[List[EventSubscription]]):
+    """Query to list event subscriptions."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[EventSubscriptionFilter] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params or EventSubscriptionFilter()
+    
+    def execute(self) -> List[EventSubscription]:
+        """Execute the query to get event subscriptions."""
+        params = self.filter_params.to_params()
+        response = self.http_client.get("event-subscription", params=params)
+        
+        entities = response.get("result", {}).get("entities", [])
+        
+        # Use Pydantic parsing with proper field aliasing
+        subscriptions = []
+        for item in entities:
+            # Convert id to string as Pydantic expects
+            if "id" in item:
+                item["id"] = str(item["id"])
+            subscriptions.append(EventSubscription.model_validate(item))
+        
+        return subscriptions
+
+
+class GetEventSubscriptionQuery(Query[EventSubscription]):
+    """Query to get a specific event subscription."""
+    
+    def __init__(self, http_client: HTTPClient, subscription_id: str):
+        self.http_client = http_client
+        self.subscription_id = subscription_id
+    
+    def execute(self) -> EventSubscription:
+        """Execute the query to get a specific event subscription."""
+        response = self.http_client.get(f"event-subscription/{self.subscription_id}")
+        
+        entity_data = response.get("result", {})
+        
+        # Convert id to string as Pydantic expects
+        if "id" in entity_data:
+            entity_data["id"] = str(entity_data["id"])
+        
+        # Use Pydantic parsing with proper field aliasing
         return EventSubscription.model_validate(entity_data) 

binalyze_air/queries/evidence.py

@@ -1,140 +1,140 @@
-"""
-Evidence-related queries for the Binalyze AIR SDK.
-"""
-
-from ..base import Query
-from ..models.evidence import EvidencePPC, EvidenceReportFileInfo, EvidenceReport
-from ..http_client import HTTPClient
-
-
-class GetEvidencePPCQuery(Query[EvidencePPC]):
-    """Query to get case evidence PPC."""
-    
-    def __init__(self, http_client: HTTPClient, endpoint_id: str, task_id: str):
-        self.http_client = http_client
-        self.endpoint_id = endpoint_id
-        self.task_id = task_id
-    
-    def execute(self) -> EvidencePPC:
-        """Execute the get evidence PPC query."""
-        try:
-            # Use binary HTTP client for file downloads
-            response = self.http_client.get_binary(f"evidence/case/ppc/{self.endpoint_id}/{self.task_id}")
-            
-            # Extract content information
-            content_type = response.headers.get('Content-Type', 'application/octet-stream')
-            filename = response.headers.get('Content-Disposition')
-            if filename and 'filename=' in filename:
-                filename = filename.split('filename=')[1].strip('"')
-            else:
-                filename = f"ppc_{self.endpoint_id}_{self.task_id}.zip"
-            
-            return EvidencePPC(
-                endpoint_id=self.endpoint_id,
-                task_id=self.task_id,
-                content=response.content,
-                content_type=content_type,
-                content_length=len(response.content) if response.content else 0,
-                filename=filename
-            )
-            
-        except Exception as e:
-            # Re-raise with more specific error information
-            error_str = str(e)
-            if "404" in error_str or "not found" in error_str.lower():
-                raise Exception(f"Evidence PPC not found (HTTP 404): No task(s) found by provided id(s)")
-            else:
-                raise Exception(f"Evidence PPC not found for endpoint {self.endpoint_id}, task {self.task_id}: {error_str}")
-
-
-class GetEvidenceReportFileInfoQuery(Query[EvidenceReportFileInfo]):
-    """Query to get case evidence report file info."""
-    
-    def __init__(self, http_client: HTTPClient, endpoint_id: str, task_id: str):
-        self.http_client = http_client
-        self.endpoint_id = endpoint_id
-        self.task_id = task_id
-    
-    def execute(self) -> EvidenceReportFileInfo:
-        """Execute the get evidence report file info query."""
-        try:
-            response = self.http_client.get(f"evidence/case/report-file-info/{self.endpoint_id}/{self.task_id}")
-            
-            if response.get("success"):
-                file_info_data = response.get("result", {})
-                
-                # Map API fields to SDK model fields
-                return EvidenceReportFileInfo(
-                    endpoint_id=self.endpoint_id,
-                    task_id=self.task_id,
-                    file_name=file_info_data.get("name"),
-                    file_size=file_info_data.get("size"),
-                    created_at=file_info_data.get("timestampResponse"),
-                    status="available" if not file_info_data.get("purged", False) else "purged",
-                    # Additional fields from API
-                    file_path=file_info_data.get("path"),
-                    encoding=file_info_data.get("encoding"),
-                    mime_type=file_info_data.get("mimeType"),
-                    file_hash=file_info_data.get("hash"),
-                    organization_id=file_info_data.get("organizationId"),
-                    is_purged=file_info_data.get("purged", False)
-                )
-            
-            # Handle error response with detailed information from API
-            errors = response.get("errors", [])
-            status_code = response.get("statusCode", "Unknown")
-            error_message = "; ".join(errors) if errors else "Unknown error"
-            
-            raise Exception(f"Evidence report file info not found (HTTP {status_code}): {error_message}")
-            
-        except Exception as e:
-            # Check if this is already our formatted exception
-            if "Evidence report file info not found" in str(e):
-                raise e
-            
-            # Handle HTTP client exceptions and format them consistently
-            error_str = str(e)
-            if "404" in error_str or "not found" in error_str.lower():
-                raise Exception(f"Evidence report file info not found (HTTP 404): No task(s) found by provided id(s)")
-            else:
-                raise Exception(f"Evidence report file info not found for endpoint {self.endpoint_id}, task {self.task_id}: {error_str}")
-
-
-class GetEvidenceReportQuery(Query[EvidenceReport]):
-    """Query to get case evidence report."""
-    
-    def __init__(self, http_client: HTTPClient, endpoint_id: str, task_id: str):
-        self.http_client = http_client
-        self.endpoint_id = endpoint_id
-        self.task_id = task_id
-    
-    def execute(self) -> EvidenceReport:
-        """Execute the get evidence report query."""
-        try:
-            # Use binary HTTP client for file downloads
-            response = self.http_client.get_binary(f"evidence/case/report/{self.endpoint_id}/{self.task_id}")
-            
-            # Extract content information
-            content_type = response.headers.get('Content-Type', 'application/octet-stream')
-            filename = response.headers.get('Content-Disposition')
-            if filename and 'filename=' in filename:
-                filename = filename.split('filename=')[1].strip('"')
-            else:
-                filename = f"report_{self.endpoint_id}_{self.task_id}"
-            
-            return EvidenceReport(
-                endpoint_id=self.endpoint_id,
-                task_id=self.task_id,
-                content=response.content,
-                content_type=content_type,
-                content_length=len(response.content) if response.content else 0,
-                filename=filename
-            )
-            
-        except Exception as e:
-            # Re-raise with more specific error information
-            error_str = str(e)
-            if "404" in error_str or "not found" in error_str.lower():
-                raise Exception(f"Evidence report not found (HTTP 404): No task(s) found by provided id(s)")
-            else:
+"""
+Evidence-related queries for the Binalyze AIR SDK.
+"""
+
+from ..base import Query
+from ..models.evidence import EvidencePPC, EvidenceReportFileInfo, EvidenceReport
+from ..http_client import HTTPClient
+
+
+class GetEvidencePPCQuery(Query[EvidencePPC]):
+    """Query to get case evidence PPC."""
+    
+    def __init__(self, http_client: HTTPClient, endpoint_id: str, task_id: str):
+        self.http_client = http_client
+        self.endpoint_id = endpoint_id
+        self.task_id = task_id
+    
+    def execute(self) -> EvidencePPC:
+        """Execute the get evidence PPC query."""
+        try:
+            # Use binary HTTP client for file downloads
+            response = self.http_client.get_binary(f"evidence/case/ppc/{self.endpoint_id}/{self.task_id}")
+            
+            # Extract content information
+            content_type = response.headers.get('Content-Type', 'application/octet-stream')
+            filename = response.headers.get('Content-Disposition')
+            if filename and 'filename=' in filename:
+                filename = filename.split('filename=')[1].strip('"')
+            else:
+                filename = f"ppc_{self.endpoint_id}_{self.task_id}.zip"
+            
+            return EvidencePPC(
+                endpoint_id=self.endpoint_id,
+                task_id=self.task_id,
+                content=response.content,
+                content_type=content_type,
+                content_length=len(response.content) if response.content else 0,
+                filename=filename
+            )
+            
+        except Exception as e:
+            # Re-raise with more specific error information
+            error_str = str(e)
+            if "404" in error_str or "not found" in error_str.lower():
+                raise Exception(f"Evidence PPC not found (HTTP 404): No task(s) found by provided id(s)")
+            else:
+                raise Exception(f"Evidence PPC not found for endpoint {self.endpoint_id}, task {self.task_id}: {error_str}")
+
+
+class GetEvidenceReportFileInfoQuery(Query[EvidenceReportFileInfo]):
+    """Query to get case evidence report file info."""
+    
+    def __init__(self, http_client: HTTPClient, endpoint_id: str, task_id: str):
+        self.http_client = http_client
+        self.endpoint_id = endpoint_id
+        self.task_id = task_id
+    
+    def execute(self) -> EvidenceReportFileInfo:
+        """Execute the get evidence report file info query."""
+        try:
+            response = self.http_client.get(f"evidence/case/report-file-info/{self.endpoint_id}/{self.task_id}")
+            
+            if response.get("success"):
+                file_info_data = response.get("result", {})
+                
+                # Map API fields to SDK model fields
+                return EvidenceReportFileInfo(
+                    endpoint_id=self.endpoint_id,
+                    task_id=self.task_id,
+                    file_name=file_info_data.get("name"),
+                    file_size=file_info_data.get("size"),
+                    created_at=file_info_data.get("timestampResponse"),
+                    status="available" if not file_info_data.get("purged", False) else "purged",
+                    # Additional fields from API
+                    file_path=file_info_data.get("path"),
+                    encoding=file_info_data.get("encoding"),
+                    mime_type=file_info_data.get("mimeType"),
+                    file_hash=file_info_data.get("hash"),
+                    organization_id=file_info_data.get("organizationId"),
+                    is_purged=file_info_data.get("purged", False)
+                )
+            
+            # Handle error response with detailed information from API
+            errors = response.get("errors", [])
+            status_code = response.get("statusCode", "Unknown")
+            error_message = "; ".join(errors) if errors else "Unknown error"
+            
+            raise Exception(f"Evidence report file info not found (HTTP {status_code}): {error_message}")
+            
+        except Exception as e:
+            # Check if this is already our formatted exception
+            if "Evidence report file info not found" in str(e):
+                raise e
+            
+            # Handle HTTP client exceptions and format them consistently
+            error_str = str(e)
+            if "404" in error_str or "not found" in error_str.lower():
+                raise Exception(f"Evidence report file info not found (HTTP 404): No task(s) found by provided id(s)")
+            else:
+                raise Exception(f"Evidence report file info not found for endpoint {self.endpoint_id}, task {self.task_id}: {error_str}")
+
+
+class GetEvidenceReportQuery(Query[EvidenceReport]):
+    """Query to get case evidence report."""
+    
+    def __init__(self, http_client: HTTPClient, endpoint_id: str, task_id: str):
+        self.http_client = http_client
+        self.endpoint_id = endpoint_id
+        self.task_id = task_id
+    
+    def execute(self) -> EvidenceReport:
+        """Execute the get evidence report query."""
+        try:
+            # Use binary HTTP client for file downloads
+            response = self.http_client.get_binary(f"evidence/case/report/{self.endpoint_id}/{self.task_id}")
+            
+            # Extract content information
+            content_type = response.headers.get('Content-Type', 'application/octet-stream')
+            filename = response.headers.get('Content-Disposition')
+            if filename and 'filename=' in filename:
+                filename = filename.split('filename=')[1].strip('"')
+            else:
+                filename = f"report_{self.endpoint_id}_{self.task_id}"
+            
+            return EvidenceReport(
+                endpoint_id=self.endpoint_id,
+                task_id=self.task_id,
+                content=response.content,
+                content_type=content_type,
+                content_length=len(response.content) if response.content else 0,
+                filename=filename
+            )
+            
+        except Exception as e:
+            # Re-raise with more specific error information
+            error_str = str(e)
+            if "404" in error_str or "not found" in error_str.lower():
+                raise Exception(f"Evidence report not found (HTTP 404): No task(s) found by provided id(s)")
+            else:
                 raise Exception(f"Evidence report not found for endpoint {self.endpoint_id}, task {self.task_id}: {error_str}")