binalyze-air-sdk 1.0.2__py3-none-any.whl → 1.0.3__py3-none-any.whl

binalyze_air/queries/interact.py

@@ -1,28 +1,140 @@
-"""
-Interact queries for the Binalyze AIR SDK.
-"""
-
-from typing import List, Optional
-
-from ..base import Query
-from ..models.interact import ShellInteraction
-from ..http_client import HTTPClient
-
-
-class GetShellInteractionQuery(Query[ShellInteraction]):
-    """Query to get a specific shell interaction."""
-    
-    def __init__(self, http_client: HTTPClient, interaction_id: str):
-        self.http_client = http_client
-        self.interaction_id = interaction_id
-    
-    def execute(self) -> ShellInteraction:
-        """Execute the query to get a specific shell interaction."""
-        response = self.http_client.get(f"interact/shell/{self.interaction_id}")
-        
-        if response.get("success"):
-            result_data = response.get("result", {})
-            # Use Pydantic parsing with proper field aliasing
-            return ShellInteraction.model_validate(result_data)
-        
-        raise Exception(f"Shell interaction not found: {self.interaction_id}") 
+"""
+Interact queries for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional, Dict, Any
+
+from ..base import Query
+from ..models.interact import (
+    ShellInteraction, LibraryFile, LibraryFileFilter, 
+    InteractCommand, CommandMessage, FileExistsResponse
+)
+from ..http_client import HTTPClient
+
+
+class GetShellInteractionQuery(Query[ShellInteraction]):
+    """Query to get a specific shell interaction."""
+    
+    def __init__(self, http_client: HTTPClient, interaction_id: str):
+        self.http_client = http_client
+        self.interaction_id = interaction_id
+    
+    def execute(self) -> ShellInteraction:
+        """Execute the query to get a specific shell interaction."""
+        response = self.http_client.get(f"interact/shell/{self.interaction_id}")
+        
+        if response.get("success"):
+            result_data = response.get("result", {})
+            # Use Pydantic parsing with proper field aliasing
+            return ShellInteraction.model_validate(result_data)
+        
+        raise Exception(f"Shell interaction not found: {self.interaction_id}")
+
+
+# LIBRARY FILE QUERIES
+
+class ListLibraryFilesQuery(Query[List[LibraryFile]]):
+    """Query to list library files."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[LibraryFileFilter] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params or LibraryFileFilter()
+    
+    def execute(self) -> List[LibraryFile]:
+        """Execute the query to get library files."""
+        params = self.filter_params.to_params()
+        response = self.http_client.get("interact/library/files", params=params)
+        
+        entities = response.get("result", {}).get("entities", [])
+        
+        # Use Pydantic parsing with proper field aliasing
+        files = []
+        for item in entities:
+            files.append(LibraryFile.model_validate(item))
+        
+        return files
+
+
+class DownloadLibraryFileQuery(Query[bytes]):
+    """Query to download a library file."""
+    
+    def __init__(self, http_client: HTTPClient, file_id: str):
+        self.http_client = http_client
+        self.file_id = file_id
+    
+    def execute(self) -> bytes:
+        """Execute the query to download a library file."""
+        params = {"fileId": self.file_id}
+        response = self.http_client.get("interact/library/download", params=params)
+        
+        # Return file content as bytes
+        if isinstance(response, bytes):
+            return response
+        
+        # If response is JSON, convert to bytes
+        return str(response).encode('utf-8')
+
+
+class CheckFileExistsQuery(Query[bool]):
+    """Query to check if a file exists in library."""
+    
+    def __init__(self, http_client: HTTPClient, name: str, sha256: Optional[str] = None, organization_ids: Optional[List[int]] = None):
+        self.http_client = http_client
+        self.name = name
+        self.sha256 = sha256
+        self.organization_ids = organization_ids or [0]  # Default to organization 0
+    
+    def execute(self) -> bool:
+        """Execute the query to check if file exists."""
+        import json
+        params = {"name": self.name}
+        if self.sha256:
+            params["sha256"] = self.sha256
+        
+        # API requires organizationIds as JSON string array
+        params["organizationIds"] = json.dumps(self.organization_ids)
+        
+        response = self.http_client.get("interact/library/check", params=params)
+        
+        # API returns simple boolean response, not object
+        return response.get("result", False)
+
+
+# SHELL SESSION QUERIES
+
+class GetCommandMessageQuery(Query[CommandMessage]):
+    """Query to get a command message from a session."""
+    
+    def __init__(self, http_client: HTTPClient, session_id: str, message_id: str):
+        self.http_client = http_client
+        self.session_id = session_id
+        self.message_id = message_id
+    
+    def execute(self) -> CommandMessage:
+        """Execute the query to get a command message."""
+        response = self.http_client.get(
+            f"interact/shell/sessions/{self.session_id}/messages/{self.message_id}"
+        )
+        
+        result_data = response.get("result", {})
+        return CommandMessage.model_validate(result_data)
+
+
+class ListInteractCommandsQuery(Query[List[InteractCommand]]):
+    """Query to list available interact commands."""
+    
+    def __init__(self, http_client: HTTPClient):
+        self.http_client = http_client
+    
+    def execute(self) -> List[InteractCommand]:
+        """Execute the query to get available interact commands."""
+        response = self.http_client.get("interact/commands")
+        
+        commands_data = response.get("result", [])
+        
+        # Use Pydantic parsing with proper field aliasing
+        commands = []
+        for item in commands_data:
+            commands.append(InteractCommand.model_validate(item))
+        
+        return commands 

binalyze_air/queries/investigation_hub.py

@@ -0,0 +1,329 @@
+"""
+Investigation Hub queries for the Binalyze AIR SDK.
+"""
+
+from typing import Optional, List, Dict, Any
+
+from ..base import Query
+from ..models.investigation_hub import (
+    Investigation, InvestigationAsset, FlagSummary, EvidenceSection,
+    EvidenceStructure, SQLQueryResult, FindingsSummary, FindingsStructure,
+    FindingsResult, FindingsRequest, MitreMatch, InvestigationComment, 
+    InvestigationActivity, AdvancedFilter
+)
+from ..http_client import HTTPClient
+
+
+class GetInvestigationQuery(Query[Investigation]):
+    """Query to get a specific investigation by ID."""
+    
+    def __init__(self, http_client: HTTPClient, investigation_id: str):
+        self.http_client = http_client
+        self.investigation_id = investigation_id
+    
+    def execute(self) -> Investigation:
+        """Execute the query."""
+        response = self.http_client.get(f"investigation-hub/investigations/{self.investigation_id}")
+        return Investigation(**response["result"])
+
+
+class GetInvestigationAssetsQuery(Query[List[InvestigationAsset]]):
+    """Query to get assets for a specific investigation."""
+    
+    def __init__(self, http_client: HTTPClient, investigation_id: str):
+        self.http_client = http_client
+        self.investigation_id = investigation_id
+    
+    def execute(self) -> List[InvestigationAsset]:
+        """Execute the query."""
+        response = self.http_client.get(f"investigation-hub/investigations/{self.investigation_id}/assets")
+        return [InvestigationAsset(**asset) for asset in response["result"]]
+
+
+class GetInvestigationFlagSummaryQuery(Query[List[FlagSummary]]):
+    """Query to get flag summary for a specific investigation."""
+    
+    def __init__(self, http_client: HTTPClient, investigation_id: str):
+        self.http_client = http_client
+        self.investigation_id = investigation_id
+    
+    def execute(self) -> List[FlagSummary]:
+        """Execute the query."""
+        response = self.http_client.post(f"investigation-hub/investigations/{self.investigation_id}/flags-summary")
+        return [FlagSummary(**flag) for flag in response["result"]]
+
+
+class GetEvidenceSectionsQuery(Query[List[EvidenceSection]]):
+    """Query to get evidence sections for a specific investigation with task assignment IDs."""
+    
+    def __init__(self, http_client: HTTPClient, investigation_id: str, task_assignment_ids: List[str]):
+        self.http_client = http_client
+        self.investigation_id = investigation_id
+        self.task_assignment_ids = task_assignment_ids
+    
+    def execute(self) -> List[EvidenceSection]:
+        """Execute the query."""
+        payload = {"taskAssignmentIds": self.task_assignment_ids}
+        response = self.http_client.post(
+            f"investigation-hub/investigations/{self.investigation_id}/sections", 
+            json_data=payload
+        )
+        return [EvidenceSection(**section) for section in response["result"]]
+
+
+class GetEvidenceStructureQuery(Query[List[EvidenceStructure]]):
+    """Query to get evidence structure for a specific section."""
+    
+    def __init__(self, http_client: HTTPClient, investigation_id: str, section: str):
+        self.http_client = http_client
+        self.investigation_id = investigation_id
+        self.section = section
+    
+    def execute(self) -> List[EvidenceStructure]:
+        """Execute the query."""
+        response = self.http_client.get(
+            f"investigation-hub/investigations/{self.investigation_id}/sections/{self.section}/structure"
+        )
+        return [EvidenceStructure(**structure) for structure in response["result"]]
+
+
+class ExecuteSQLQuery(Query[SQLQueryResult]):
+    """Query to execute SQL against investigation database."""
+    
+    def __init__(self, http_client: HTTPClient, investigation_id: str, query: str, 
+                 page_size: int = 10, page_number: int = 1):
+        self.http_client = http_client
+        self.investigation_id = investigation_id
+        self.query = query
+        self.page_size = page_size
+        self.page_number = page_number
+    
+    def execute(self) -> SQLQueryResult:
+        """Execute the query."""
+        payload = {
+            "query": self.query,
+            "pageSize": self.page_size,
+            "pageNumber": self.page_number
+        }
+        response = self.http_client.post(
+            f"investigation-hub/investigations/{self.investigation_id}/execute-sql-query",
+            json_data=payload
+        )
+        return SQLQueryResult(**response["result"])
+
+
+class GetFindingsSummaryQuery(Query[FindingsSummary]):
+    """Query to get findings summary for a specific investigation."""
+    
+    def __init__(self, http_client: HTTPClient, investigation_id: str):
+        self.http_client = http_client
+        self.investigation_id = investigation_id
+    
+    def execute(self) -> FindingsSummary:
+        """Execute the query."""
+        # Use default payload for findings summary
+        payload = {
+            "take": 50,
+            "skip": 0,
+            "filter": [],
+            "globalFilter": {
+                "assignmentIds": [],
+                "flagIds": [],
+                "verdictScores": [],
+                "createdBy": [],
+                "mitreTechniqueIds": [],
+                "mitreTacticIds": []
+            },
+            "sort": [{"column": "verdict_score", "order": "desc"}]
+        }
+        response = self.http_client.post(
+            f"investigation-hub/investigations/{self.investigation_id}/findings/summary",
+            json_data=payload
+        )
+        return FindingsSummary(**response["result"])
+
+
+class GetMitreMatchesQuery(Query[List[MitreMatch]]):
+    """Query to get MITRE ATT&CK matches for a specific investigation."""
+    
+    def __init__(self, http_client: HTTPClient, investigation_id: str):
+        self.http_client = http_client
+        self.investigation_id = investigation_id
+    
+    def execute(self) -> List[MitreMatch]:
+        """Execute the query."""
+        # Use default payload for MITRE matches
+        payload = {
+            "take": 50,
+            "skip": 0,
+            "filter": [],
+            "globalFilter": {
+                "assignmentIds": [],
+                "flagIds": [],
+                "verdictScores": [],
+                "createdBy": [],
+                "mitreTechniqueIds": [],
+                "mitreTacticIds": []
+            },
+            "sort": [{"column": "verdict_score", "order": "desc"}]
+        }
+        response = self.http_client.post(
+            f"investigation-hub/investigations/{self.investigation_id}/findings/mitre-matches",
+            json_data=payload
+        )
+        return [MitreMatch(**match) for match in response["result"]]
+
+
+class GetInvestigationCommentsQuery(Query[List[InvestigationComment]]):
+    """Query to get comments for a specific investigation evidence."""
+    
+    def __init__(self, http_client: HTTPClient, investigation_id: str, 
+                 evidence_id: Optional[str] = None):
+        self.http_client = http_client
+        self.investigation_id = investigation_id
+        self.evidence_id = evidence_id or "artifacts"  # Default to artifacts if not specified
+    
+    def execute(self) -> List[InvestigationComment]:
+        """Execute the query."""
+        # Add optional query parameters from API spec
+        params = {
+            "taskAssignmentId": "test_task_1",
+            "objectId": "1"
+        }
+        
+        response = self.http_client.get(
+            f"investigation-hub/investigations/{self.investigation_id}/evidence/{self.evidence_id}/comments",
+            params=params
+        )
+        return [InvestigationComment(**comment) for comment in response["result"]]
+
+
+class GetInvestigationActivitiesQuery(Query[List[InvestigationActivity]]):
+    """Query to get activities for a specific investigation."""
+    
+    def __init__(self, http_client: HTTPClient, investigation_id: str,
+                 page_size: int = 20, page_number: int = 1):
+        self.http_client = http_client
+        self.investigation_id = investigation_id
+        self.page_size = page_size
+        self.page_number = page_number
+    
+    def execute(self) -> List[InvestigationActivity]:
+        """Execute the query."""
+        params = {
+            "pageSize": self.page_size,
+            "pageNumber": self.page_number
+        }
+        response = self.http_client.get(
+            f"investigation-hub/investigations/{self.investigation_id}/activities",
+            params=params
+        )
+        return [InvestigationActivity(**activity) for activity in response["result"]]
+
+
+class GetAdvancedFiltersQuery(Query[List[AdvancedFilter]]):
+    """Query to get advanced filters (organization-wide, not investigation-specific)."""
+    
+    def __init__(self, http_client: HTTPClient, investigation_id: Optional[str] = None):
+        self.http_client = http_client
+        # Investigation ID is not needed for this endpoint but kept for compatibility
+        self.investigation_id = investigation_id
+    
+    def execute(self) -> List[AdvancedFilter]:
+        """Execute the query."""
+        # Add required query parameters from API validation
+        params = {
+            "organizationId": 0,  # Required parameter
+            "tableName": "artifacts"  # Required parameter
+        }
+        response = self.http_client.get("investigation-hub/advanced-filters", params=params)
+        return [AdvancedFilter(**filter_item) for filter_item in response["result"]["entities"]]
+
+
+class GetAdvancedFilterQuery(Query[AdvancedFilter]):
+    """Query to get a specific advanced filter by ID."""
+    
+    def __init__(self, http_client: HTTPClient, investigation_id: str, filter_id: int):
+        self.http_client = http_client
+        self.investigation_id = investigation_id
+        self.filter_id = filter_id
+    
+    def execute(self) -> AdvancedFilter:
+        """Execute the query."""
+        response = self.http_client.get(
+            f"investigation-hub/advanced-filters/{self.filter_id}"
+        )
+        return AdvancedFilter(**response["result"])
+
+
+class GetEvidenceRecordsQuery(Query[Dict[str, Any]]):
+    """Query to get evidence records with filtering."""
+    
+    def __init__(self, http_client: HTTPClient, investigation_id: str, section: str,
+                 filters: Optional[Dict[str, Any]] = None, page_size: int = 50, 
+                 page_number: int = 1):
+        self.http_client = http_client
+        self.investigation_id = investigation_id
+        self.section = section
+        self.filters = filters or {}
+        self.page_size = page_size
+        self.page_number = page_number
+    
+    def execute(self) -> Dict[str, Any]:
+        """Execute the query."""
+        payload = {
+            "take": self.page_size,
+            "skip": (self.page_number - 1) * self.page_size,
+            "filter": [],
+            "globalFilter": {
+                "assignmentIds": [],
+                "flagIds": [],
+                "verdictScores": [],
+                "createdBy": [],
+                "mitreTechniqueIds": [],
+                "mitreTacticIds": []
+            },
+            "sort": [{"column": "verdict_score", "order": "desc"}]
+        }
+        # Merge any additional filters provided
+        if self.filters:
+            payload.update(self.filters)
+        
+        response = self.http_client.post(
+            f"investigation-hub/investigations/{self.investigation_id}/sections/{self.section}",
+            json_data=payload
+        )
+        return response["result"]
+
+
+class GetFindingsStructureQuery(Query[FindingsStructure]):
+    """Query to get findings structure for a specific investigation."""
+    
+    def __init__(self, http_client: HTTPClient, investigation_id: str):
+        self.http_client = http_client
+        self.investigation_id = investigation_id
+    
+    def execute(self) -> FindingsStructure:
+        """Execute the query."""
+        response = self.http_client.get(
+            f"investigation-hub/investigations/{self.investigation_id}/findings/structure"
+        )
+        return FindingsStructure(**response["result"])
+
+
+class GetFindingsQuery(Query[FindingsResult]):
+    """Query to get findings for a specific investigation."""
+    
+    def __init__(self, http_client: HTTPClient, investigation_id: str, 
+                 request: FindingsRequest):
+        self.http_client = http_client
+        self.investigation_id = investigation_id
+        self.request = request
+    
+    def execute(self) -> FindingsResult:
+        """Execute the query."""
+        response = self.http_client.post(
+            f"investigation-hub/investigations/{self.investigation_id}/findings",
+            json_data=self.request.model_dump(by_alias=True, exclude_none=True)
+        )
+        return FindingsResult(**response["result"]) 

binalyze_air/queries/license.py

@@ -0,0 +1,85 @@
+"""License query classes for Binalyze AIR SDK."""
+
+from typing import Dict, Any, Optional
+from ..models.license import LicenseUpdateRequest
+
+
+class LicenseQuery:
+    """Base query class for license operations."""
+    
+    def __init__(self):
+        """Initialize base license query."""
+        self._params = {}
+
+    def build_params(self) -> Dict[str, Any]:
+        """Build query parameters.
+        
+        Returns:
+            Dictionary of query parameters
+        """
+        return self._params.copy()
+
+
+class GetLicenseQuery(LicenseQuery):
+    """Query for retrieving license information.
+    
+    This query retrieves current license details including:
+    - License key and activation status
+    - Expiration dates and remaining time
+    - Device and client usage limits
+    - Customer information
+    """
+    
+    def __init__(self):
+        """Initialize get license query."""
+        super().__init__()
+
+    def build_params(self) -> Dict[str, Any]:
+        """Build parameters for get license request.
+        
+        Returns:
+            Empty dictionary as GET license requires no parameters
+        """
+        return {}
+
+
+class SetLicenseQuery(LicenseQuery):
+    """Query for setting/updating license key.
+    
+    This query allows updating the license key for the system.
+    """
+    
+    def __init__(self, license_key: str):
+        """Initialize set license query.
+        
+        Args:
+            license_key: The new license key to set
+        """
+        super().__init__()
+        self._license_key = license_key
+
+    def build_body(self) -> Dict[str, Any]:
+        """Build request body for set license request.
+        
+        Returns:
+            Dictionary containing license key for API request
+        """
+        request = LicenseUpdateRequest(license_key=self._license_key)
+        return request.to_dict()
+
+    def build_params(self) -> Dict[str, Any]:
+        """Build parameters for set license request.
+        
+        Returns:
+            Empty dictionary as POST license uses body, not params
+        """
+        return {}
+
+    @property
+    def license_key(self) -> str:
+        """Get the license key.
+        
+        Returns:
+            The license key to be set
+        """
+        return self._license_key 

binalyze_air/queries/logger.py

@@ -0,0 +1,58 @@
+"""Logger query classes for Binalyze AIR SDK."""
+
+from typing import Dict, Any, Optional
+from ..models.logger import LogDownloadRequest
+
+
+class LoggerQuery:
+    """Base query class for logger operations."""
+    
+    def __init__(self):
+        """Initialize base logger query."""
+        self._params = {}
+
+    def build_params(self) -> Dict[str, Any]:
+        """Build query parameters.
+        
+        Returns:
+            Dictionary of query parameters
+        """
+        return self._params.copy()
+
+
+class DownloadLogsQuery(LoggerQuery):
+    """Query for downloading application logs as ZIP file.
+    
+    This query downloads system logs which can include:
+    - Application logs
+    - Error logs
+    - System diagnostic information
+    - Debug logs (if enabled)
+    """
+    
+    def __init__(self, latest_log_file: bool = False):
+        """Initialize download logs query.
+        
+        Args:
+            latest_log_file: Whether to download only the latest log file
+        """
+        super().__init__()
+        self._latest_log_file = latest_log_file
+
+    def build_params(self) -> Dict[str, Any]:
+        """Build parameters for download logs request.
+        
+        Returns:
+            Dictionary containing query parameters
+        """
+        request = LogDownloadRequest(latest_log_file=self._latest_log_file)
+        return request.to_dict()
+
+    @property
+    def latest_log_file(self) -> bool:
+        """Get the latest log file flag.
+        
+        Returns:
+            Whether to download only the latest log file
+        """
+        return self._latest_log_file