binalyze-air-sdk 1.0.2__py3-none-any.whl → 1.0.3__py3-none-any.whl

binalyze_air/queries/params.py

@@ -1,115 +1,154 @@
-"""
-Params queries for the Binalyze AIR SDK.
-"""
-
-from typing import List, Dict, Any, Union
-
-from ..base import Query
-from ..models.params import (
-    AcquisitionArtifact, EDiscoveryPattern, AcquisitionEvidence, DroneAnalyzer,
-    AcquisitionArtifactsResponse, EDiscoveryCategory, AcquisitionEvidencesResponse
-)
-from ..http_client import HTTPClient
-
-
-class GetAcquisitionArtifactsQuery(Query[List[AcquisitionArtifact]]):
-    """Query to get acquisition artifacts."""
-    
-    def __init__(self, http_client: HTTPClient):
-        self.http_client = http_client
-    
-    def execute(self) -> List[AcquisitionArtifact]:
-        """Execute the query to get acquisition artifacts."""
-        response: Dict[str, Any] = self.http_client.get("params/acquisition/artifacts")
-        
-        # Parse using Pydantic models
-        artifacts_response = AcquisitionArtifactsResponse.model_validate(response)
-        
-        # Flatten the structure into a single list
-        all_artifacts = []
-        
-        # Process all platforms
-        for platform_name, groups in [
-            ("windows", artifacts_response.windows),
-            ("linux", artifacts_response.linux),
-            ("macos", artifacts_response.macos),
-            ("aix", artifacts_response.aix)
-        ]:
-            for group in groups:
-                for artifact in group.items:
-                    artifact.group = group.group
-                    artifact.platform = platform_name
-                    all_artifacts.append(artifact)
-        
-        return all_artifacts
-
-
-class GetEDiscoveryPatternsQuery(Query[List[EDiscoveryPattern]]):
-    """Query to get e-discovery patterns."""
-    
-    def __init__(self, http_client: HTTPClient):
-        self.http_client = http_client
-    
-    def execute(self) -> List[EDiscoveryPattern]:
-        """Execute the query to get e-discovery patterns."""
-        response = self.http_client.get("params/acquisition/e-discovery-patterns")
-        
-        # Parse using Pydantic models
-        categories = [EDiscoveryCategory.model_validate(item) for item in response]
-        
-        # Flatten the structure into a single list
-        all_patterns = []
-        for category in categories:
-            for pattern in category.applications:
-                pattern.category = category.category
-                all_patterns.append(pattern)
-        
-        return all_patterns
-
-
-class GetAcquisitionEvidencesQuery(Query[List[AcquisitionEvidence]]):
-    """Query to get acquisition evidences."""
-    
-    def __init__(self, http_client: HTTPClient):
-        self.http_client = http_client
-    
-    def execute(self) -> List[AcquisitionEvidence]:
-        """Execute the query to get acquisition evidences."""
-        response: Dict[str, Any] = self.http_client.get("params/acquisition/evidences")
-        
-        # Parse using Pydantic models
-        evidences_response = AcquisitionEvidencesResponse.model_validate(response)
-        
-        # Flatten the structure into a single list
-        all_evidences = []
-        
-        # Process all platforms
-        for platform_name, groups in [
-            ("windows", evidences_response.windows),
-            ("linux", evidences_response.linux),
-            ("macos", evidences_response.macos),
-            ("aix", evidences_response.aix)
-        ]:
-            for group in groups:
-                for evidence in group.items:
-                    evidence.group = group.group
-                    evidence.platform = platform_name
-                    all_evidences.append(evidence)
-        
-        return all_evidences
-
-
-class GetDroneAnalyzersQuery(Query[List[DroneAnalyzer]]):
-    """Query to get drone analyzers."""
-    
-    def __init__(self, http_client: HTTPClient):
-        self.http_client = http_client
-    
-    def execute(self) -> List[DroneAnalyzer]:
-        """Execute the query to get drone analyzers."""
-        response = self.http_client.get("params/drone/analyzers")
-        
-        # Parse using Pydantic models with automatic field mapping
-        analyzers = [DroneAnalyzer.model_validate(item) for item in response]
-        
-        return analyzers 
+"""
+Params queries for the Binalyze AIR SDK.
+"""
+
+from typing import List, Dict, Any, Union
+
+from ..base import Query
+from ..models.params import (
+    AcquisitionArtifact, EDiscoveryPattern, AcquisitionEvidence, DroneAnalyzer,
+    AcquisitionArtifactsResponse, EDiscoveryCategory, AcquisitionEvidencesResponse,
+    MitreAttackTactic, MitreAttackTechnique, MitreAttackResponse
+)
+from ..http_client import HTTPClient
+
+
+class GetAcquisitionArtifactsQuery(Query[List[AcquisitionArtifact]]):
+    """Query to get acquisition artifacts."""
+    
+    def __init__(self, http_client: HTTPClient):
+        self.http_client = http_client
+    
+    def execute(self) -> List[AcquisitionArtifact]:
+        """Execute the query to get acquisition artifacts."""
+        response: Dict[str, Any] = self.http_client.get("params/acquisition/artifacts")
+        
+        # Parse using Pydantic models
+        artifacts_response = AcquisitionArtifactsResponse.model_validate(response)
+        
+        # Flatten the structure into a single list
+        all_artifacts = []
+        
+        # Process all platforms
+        for platform_name, groups in [
+            ("windows", artifacts_response.windows),
+            ("linux", artifacts_response.linux),
+            ("macos", artifacts_response.macos),
+            ("aix", artifacts_response.aix)
+        ]:
+            for group in groups:
+                for artifact in group.items:
+                    artifact.group = group.group
+                    artifact.platform = platform_name
+                    all_artifacts.append(artifact)
+        
+        return all_artifacts
+
+
+class GetEDiscoveryPatternsQuery(Query[List[EDiscoveryPattern]]):
+    """Query to get e-discovery patterns."""
+    
+    def __init__(self, http_client: HTTPClient):
+        self.http_client = http_client
+    
+    def execute(self) -> List[EDiscoveryPattern]:
+        """Execute the query to get e-discovery patterns."""
+        response = self.http_client.get("params/acquisition/e-discovery-patterns")
+        
+        # Extract the result array from the API response
+        if isinstance(response, dict) and "result" in response:
+            categories_data = response["result"]
+        else:
+            # Fallback for direct array response
+            categories_data = response
+        
+        # Parse using Pydantic models
+        categories = [EDiscoveryCategory.model_validate(item) for item in categories_data]
+        
+        # Flatten the structure into a single list
+        all_patterns = []
+        for category in categories:
+            for pattern in category.applications:
+                pattern.category = category.category
+                all_patterns.append(pattern)
+        
+        return all_patterns
+
+
+class GetAcquisitionEvidencesQuery(Query[List[AcquisitionEvidence]]):
+    """Query to get acquisition evidences."""
+    
+    def __init__(self, http_client: HTTPClient):
+        self.http_client = http_client
+    
+    def execute(self) -> List[AcquisitionEvidence]:
+        """Execute the query to get acquisition evidences."""
+        response: Dict[str, Any] = self.http_client.get("params/acquisition/evidences")
+        
+        # Parse using Pydantic models
+        evidences_response = AcquisitionEvidencesResponse.model_validate(response)
+        
+        # Flatten the structure into a single list
+        all_evidences = []
+        
+        # Process all platforms
+        for platform_name, groups in [
+            ("windows", evidences_response.windows),
+            ("linux", evidences_response.linux),
+            ("macos", evidences_response.macos),
+            ("aix", evidences_response.aix)
+        ]:
+            for group in groups:
+                for evidence in group.items:
+                    evidence.group = group.group
+                    evidence.platform = platform_name
+                    all_evidences.append(evidence)
+        
+        return all_evidences
+
+
+class GetDroneAnalyzersQuery(Query[List[DroneAnalyzer]]):
+    """Query to get drone analyzers."""
+    
+    def __init__(self, http_client: HTTPClient):
+        self.http_client = http_client
+    
+    def execute(self) -> List[DroneAnalyzer]:
+        """Execute the query to get drone analyzers."""
+        response = self.http_client.get("params/drone/analyzers")
+        
+        # Extract the result array from the API response
+        if isinstance(response, dict) and "result" in response:
+            analyzers_data = response["result"]
+        else:
+            # Fallback for direct array response
+            analyzers_data = response
+        
+        # Parse using Pydantic models with automatic field mapping
+        analyzers = [DroneAnalyzer.model_validate(item) for item in analyzers_data]
+        
+        return analyzers
+
+
+class GetMitreAttackTacticsQuery(Query[List[MitreAttackTactic]]):
+    """Query to get MITRE ATT&CK tactics."""
+    
+    def __init__(self, http_client: HTTPClient):
+        self.http_client = http_client
+    
+    def execute(self) -> List[MitreAttackTactic]:
+        """Execute the query to get MITRE ATT&CK tactics."""
+        response = self.http_client.get("params/mitre-attack/tactics")
+        
+        # Extract the result from the API response
+        if isinstance(response, dict) and "result" in response:
+            mitre_data = response["result"]
+        else:
+            # Fallback for direct response
+            mitre_data = response
+        
+        # Parse using Pydantic models
+        mitre_response = MitreAttackResponse.model_validate(mitre_data)
+        
+        # Return only the tactics as a list
+        return list(mitre_response.tactics.values()) 

binalyze_air/queries/policies.py

@@ -1,150 +1,150 @@
-"""
-Policy-related queries for the Binalyze AIR SDK.
-"""
-
-from typing import List, Optional
-
-from ..base import Query
-from ..models.policies import (
-    Policy, PolicyFilter, PolicyAssignment, PolicyExecution,
-    PolicyRule, PolicyCondition, PolicyAction,
-    PoliciesPaginatedResponse, PolicyMatchStats
-)
-from ..http_client import HTTPClient
-
-
-class ListPoliciesQuery(Query[PoliciesPaginatedResponse]):
-    """Query to list policies with optional filtering."""
-    
-    def __init__(self, http_client: HTTPClient, filter_params: Optional[PolicyFilter] = None, organization_ids: Optional[List[int]] = None):
-        self.http_client = http_client
-        self.filter_params = filter_params or PolicyFilter()
-        
-        # Fix API-001: Ensure organizationIds are always provided to prevent 500 error
-        if organization_ids is None or len(organization_ids) == 0:
-            self.organization_ids = [0]  # Default to organization 0
-        else:
-            self.organization_ids = organization_ids
-    
-    def execute(self) -> PoliciesPaginatedResponse:
-        """Execute the query to list policies."""
-        # Validate organization_ids before making API call
-        if not self.organization_ids or len(self.organization_ids) == 0:
-            from ..exceptions import ValidationError
-            raise ValidationError(
-                "organizationIds parameter is required for listing policies. "
-                "Please provide at least one organization ID."
-            )
-        
-        params = self.filter_params.to_params()
-        
-        # Add organization IDs
-        params["filter[organizationIds]"] = ",".join(map(str, self.organization_ids))
-        
-        response = self.http_client.get("policies", params=params)
-        
-        # Parse using Pydantic models with automatic field mapping
-        return PoliciesPaginatedResponse.model_validate(response.get("result", {}))
-
-
-class GetPolicyQuery(Query[Policy]):
-    """Query to get a specific policy by ID."""
-    
-    def __init__(self, http_client: HTTPClient, policy_id: str):
-        self.http_client = http_client
-        self.policy_id = policy_id
-    
-    def execute(self) -> Policy:
-        """Execute the query to get policy details."""
-        response = self.http_client.get(f"policies/{self.policy_id}")
-        
-        # Parse using Pydantic models with automatic field mapping
-        return Policy.model_validate(response.get("result", {}))
-
-
-class GetPolicyAssignmentsQuery(Query[List[PolicyAssignment]]):
-    """Query to get policy assignments."""
-    
-    def __init__(self, http_client: HTTPClient, policy_id: str):
-        self.http_client = http_client
-        self.policy_id = policy_id
-    
-    def execute(self) -> List[PolicyAssignment]:
-        """Execute the query to get policy assignments."""
-        response = self.http_client.get(f"policies/{self.policy_id}/assignments")
-        
-        entities = response.get("result", {}).get("entities", [])
-        
-        assignments = []
-        for entity_data in entities:
-            mapped_data = {
-                "id": entity_data.get("_id"),
-                "policy_id": entity_data.get("policyId"),
-                "endpoint_id": entity_data.get("endpointId"),
-                "assigned_at": entity_data.get("assignedAt"),
-                "assigned_by": entity_data.get("assignedBy"),
-                "status": entity_data.get("status", "active"),
-            }
-            
-            # Remove None values
-            mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
-            
-            assignments.append(PolicyAssignment(**mapped_data))
-        
-        return assignments
-
-
-class GetPolicyExecutionsQuery(Query[List[PolicyExecution]]):
-    """Query to get policy execution history."""
-    
-    def __init__(self, http_client: HTTPClient, policy_id: str, limit: Optional[int] = None):
-        self.http_client = http_client
-        self.policy_id = policy_id
-        self.limit = limit
-    
-    def execute(self) -> List[PolicyExecution]:
-        """Execute the query to get policy executions."""
-        params = {}
-        if self.limit:
-            params["limit"] = str(self.limit)
-        
-        response = self.http_client.get(f"policies/{self.policy_id}/executions", params=params)
-        
-        entities = response.get("result", {}).get("entities", [])
-        
-        executions = []
-        for entity_data in entities:
-            mapped_data = {
-                "id": entity_data.get("_id"),
-                "policy_id": entity_data.get("policyId"),
-                "endpoint_id": entity_data.get("endpointId"),
-                "executed_at": entity_data.get("executedAt"),
-                "status": entity_data.get("status"),
-                "result": entity_data.get("result", {}),
-                "errors": entity_data.get("errors", []),
-                "duration": entity_data.get("duration"),
-            }
-            
-            # Remove None values
-            mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
-            
-            executions.append(PolicyExecution(**mapped_data))
-        
-        return executions
-
-
-class GetPolicyMatchStatsQuery(Query[PolicyMatchStats]):
-    """Query to get policy match statistics."""
-    
-    def __init__(self, http_client: HTTPClient, filter_params: Optional[PolicyFilter] = None):
-        self.http_client = http_client
-        self.filter_params = filter_params or PolicyFilter()
-    
-    def execute(self) -> PolicyMatchStats:
-        """Execute the query to get policy match statistics."""
-        params = self.filter_params.to_params()
-        
-        response = self.http_client.get("policies/match-stats", params=params)
-        
-        # Parse using Pydantic models with automatic field mapping
+"""
+Policy-related queries for the Binalyze AIR SDK.
+"""
+
+from typing import List, Optional
+
+from ..base import Query
+from ..models.policies import (
+    Policy, PolicyFilter, PolicyAssignment, PolicyExecution,
+    PolicyRule, PolicyCondition, PolicyAction,
+    PoliciesPaginatedResponse, PolicyMatchStats
+)
+from ..http_client import HTTPClient
+
+
+class ListPoliciesQuery(Query[PoliciesPaginatedResponse]):
+    """Query to list policies with optional filtering."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[PolicyFilter] = None, organization_ids: Optional[List[int]] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params or PolicyFilter()
+        
+        # Fix API-001: Ensure organizationIds are always provided to prevent 500 error
+        if organization_ids is None or len(organization_ids) == 0:
+            self.organization_ids = [0]  # Default to organization 0
+        else:
+            self.organization_ids = organization_ids
+    
+    def execute(self) -> PoliciesPaginatedResponse:
+        """Execute the query to list policies."""
+        # Validate organization_ids before making API call
+        if not self.organization_ids or len(self.organization_ids) == 0:
+            from ..exceptions import ValidationError
+            raise ValidationError(
+                "organizationIds parameter is required for listing policies. "
+                "Please provide at least one organization ID."
+            )
+        
+        params = self.filter_params.to_params()
+        
+        # Add organization IDs
+        params["filter[organizationIds]"] = ",".join(map(str, self.organization_ids))
+        
+        response = self.http_client.get("policies", params=params)
+        
+        # Parse using Pydantic models with automatic field mapping
+        return PoliciesPaginatedResponse.model_validate(response.get("result", {}))
+
+
+class GetPolicyQuery(Query[Policy]):
+    """Query to get a specific policy by ID."""
+    
+    def __init__(self, http_client: HTTPClient, policy_id: str):
+        self.http_client = http_client
+        self.policy_id = policy_id
+    
+    def execute(self) -> Policy:
+        """Execute the query to get policy details."""
+        response = self.http_client.get(f"policies/{self.policy_id}")
+        
+        # Parse using Pydantic models with automatic field mapping
+        return Policy.model_validate(response.get("result", {}))
+
+
+class GetPolicyAssignmentsQuery(Query[List[PolicyAssignment]]):
+    """Query to get policy assignments."""
+    
+    def __init__(self, http_client: HTTPClient, policy_id: str):
+        self.http_client = http_client
+        self.policy_id = policy_id
+    
+    def execute(self) -> List[PolicyAssignment]:
+        """Execute the query to get policy assignments."""
+        response = self.http_client.get(f"policies/{self.policy_id}/assignments")
+        
+        entities = response.get("result", {}).get("entities", [])
+        
+        assignments = []
+        for entity_data in entities:
+            mapped_data = {
+                "id": entity_data.get("_id"),
+                "policy_id": entity_data.get("policyId"),
+                "endpoint_id": entity_data.get("endpointId"),
+                "assigned_at": entity_data.get("assignedAt"),
+                "assigned_by": entity_data.get("assignedBy"),
+                "status": entity_data.get("status", "active"),
+            }
+            
+            # Remove None values
+            mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
+            
+            assignments.append(PolicyAssignment(**mapped_data))
+        
+        return assignments
+
+
+class GetPolicyExecutionsQuery(Query[List[PolicyExecution]]):
+    """Query to get policy execution history."""
+    
+    def __init__(self, http_client: HTTPClient, policy_id: str, limit: Optional[int] = None):
+        self.http_client = http_client
+        self.policy_id = policy_id
+        self.limit = limit
+    
+    def execute(self) -> List[PolicyExecution]:
+        """Execute the query to get policy executions."""
+        params = {}
+        if self.limit:
+            params["limit"] = str(self.limit)
+        
+        response = self.http_client.get(f"policies/{self.policy_id}/executions", params=params)
+        
+        entities = response.get("result", {}).get("entities", [])
+        
+        executions = []
+        for entity_data in entities:
+            mapped_data = {
+                "id": entity_data.get("_id"),
+                "policy_id": entity_data.get("policyId"),
+                "endpoint_id": entity_data.get("endpointId"),
+                "executed_at": entity_data.get("executedAt"),
+                "status": entity_data.get("status"),
+                "result": entity_data.get("result", {}),
+                "errors": entity_data.get("errors", []),
+                "duration": entity_data.get("duration"),
+            }
+            
+            # Remove None values
+            mapped_data = {k: v for k, v in mapped_data.items() if v is not None}
+            
+            executions.append(PolicyExecution(**mapped_data))
+        
+        return executions
+
+
+class GetPolicyMatchStatsQuery(Query[PolicyMatchStats]):
+    """Query to get policy match statistics."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[PolicyFilter] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params or PolicyFilter()
+    
+    def execute(self) -> PolicyMatchStats:
+        """Execute the query to get policy match statistics."""
+        params = self.filter_params.to_params()
+        
+        response = self.http_client.get("policies/match-stats", params=params)
+        
+        # Parse using Pydantic models with automatic field mapping
         return PolicyMatchStats.model_validate(response.get("result", {})) 

binalyze_air/queries/preset_filters.py

@@ -0,0 +1,60 @@
+"""
+Preset Filters queries for the Binalyze AIR SDK.
+"""
+
+from typing import Optional
+
+from ..base import Query
+from ..models.preset_filters import PresetFilter, PresetFiltersList, PresetFiltersFilter
+from ..http_client import HTTPClient
+
+
+class GetPresetFiltersQuery(Query[PresetFiltersList]):
+    """Query to get preset filters."""
+    
+    def __init__(self, http_client: HTTPClient, filter_params: Optional[PresetFiltersFilter] = None):
+        self.http_client = http_client
+        self.filter_params = filter_params or PresetFiltersFilter()
+    
+    def execute(self) -> PresetFiltersList:
+        """Execute the query to get preset filters."""
+        params = {}
+        
+        # Add filter parameters
+        if self.filter_params.organization_id is not None:
+            params['filter[organizationId]'] = str(self.filter_params.organization_id)
+        if self.filter_params.type:
+            params['filter[type]'] = self.filter_params.type
+        if self.filter_params.name:
+            params['filter[name]'] = self.filter_params.name
+        if self.filter_params.created_by:
+            params['filter[createdBy]'] = self.filter_params.created_by
+        
+        # Add pagination parameters
+        if self.filter_params.page_size:
+            params['pageSize'] = str(self.filter_params.page_size)
+        if self.filter_params.page_number:
+            params['pageNumber'] = str(self.filter_params.page_number)
+        if self.filter_params.sort_by:
+            params['sortBy'] = self.filter_params.sort_by
+        if self.filter_params.sort_type:
+            params['sortType'] = self.filter_params.sort_type
+        
+        response = self.http_client.get('/preset-filters', params=params)
+        return PresetFiltersList(**response['result'])
+
+
+class GetPresetFilterByIdQuery(Query[Optional[PresetFilter]]):
+    """Query to get a specific preset filter by ID."""
+    
+    def __init__(self, http_client: HTTPClient, filter_id: str):
+        self.http_client = http_client
+        self.filter_id = filter_id
+    
+    def execute(self) -> Optional[PresetFilter]:
+        """Execute the query to get a preset filter by ID."""
+        try:
+            response = self.http_client.get(f'/preset-filters/{self.filter_id}')
+            return PresetFilter(**response['result'])
+        except Exception:
+            return None