iriusrisk-cli 0.1.0__py3-none-any.whl

iriusrisk_cli/__init__.py

@@ -0,0 +1,3 @@
+"""IriusRisk CLI - A command line interface for IriusRisk API v2."""
+
+__version__ = "0.1.0"

iriusrisk_cli/api/__init__.py

@@ -0,0 +1,15 @@
+"""API client modules for IriusRisk API interactions."""
+
+from .base_client import BaseApiClient
+from .project_client import ProjectApiClient
+from .threat_client import ThreatApiClient
+from .countermeasure_client import CountermeasureApiClient
+from .report_client import ReportApiClient
+
+__all__ = [
+    'BaseApiClient',
+    'ProjectApiClient', 
+    'ThreatApiClient',
+    'CountermeasureApiClient',
+    'ReportApiClient'
+]

iriusrisk_cli/api/base_client.py

@@ -0,0 +1,467 @@
+"""Base API client with shared HTTP and authentication functionality."""
+
+import requests
+import json
+import os
+import re
+import time
+import logging
+from datetime import datetime
+from typing import Dict, Any, Optional
+from pathlib import Path
+from ..config import Config
+from ..utils.logging_config import log_api_request
+
+
+class BaseApiClient:
+    """Base API client providing shared HTTP and authentication functionality."""
+    
+    def __init__(self, config: Optional[Config] = None):
+        """Initialize the base API client with configuration.
+        
+        Args:
+            config: Configuration instance (creates new one if not provided)
+        """
+        if config is None:
+            config = Config()
+        
+        self._config = config
+        self.base_url = config.api_base_url
+        self.v1_base_url = config.api_v1_base_url
+        self.session = requests.Session()
+        self.session.headers.update({
+            'api-token': config.api_token,
+            'Content-Type': 'application/json',
+            'Accept': 'application/json, application/hal+json'
+        })
+        
+        # Set up logging
+        self.logger = logging.getLogger(f"iriusrisk_cli.api.{self.__class__.__name__}")
+        
+        # Set up response logging
+        self.log_responses = os.getenv('IRIUS_LOG_RESPONSES', '').lower() in ('true', '1', 'yes')
+        if self.log_responses:
+            self.log_dir = Path('captured_responses')
+            self.log_dir.mkdir(exist_ok=True)
+            self.logger.info(f"API Response logging enabled - saving to {self.log_dir}")
+    
+    def _sanitize_headers(self, headers: Dict[str, str]) -> Dict[str, str]:
+        """Sanitize headers for logging by masking sensitive values.
+        
+        Args:
+            headers: Dictionary of headers to sanitize
+            
+        Returns:
+            Dictionary with sensitive headers masked
+        """
+        sensitive_headers = {'api-token', 'authorization', 'cookie', 'set-cookie'}
+        sanitized = {}
+        
+        for key, value in headers.items():
+            if key.lower() in sensitive_headers:
+                sanitized[key] = '***MASKED***'
+            else:
+                sanitized[key] = value
+        
+        return sanitized
+    
+    def _should_retry(self, response: requests.Response, attempt: int, max_retries: int = 3) -> bool:
+        """Determine if a request should be retried based on response.
+        
+        Args:
+            response: HTTP response object
+            attempt: Current attempt number (1-based)
+            max_retries: Maximum number of retries allowed
+            
+        Returns:
+            True if request should be retried, False otherwise
+        """
+        if attempt >= max_retries:
+            return False
+        
+        # Retry on server errors (5xx) and rate limiting (429)
+        if response.status_code >= 500 or response.status_code == 429:
+            return True
+        
+        return False
+    
+    def _get_retry_delay(self, response: requests.Response, attempt: int) -> float:
+        """Calculate delay before retry.
+        
+        Args:
+            response: HTTP response object
+            attempt: Current attempt number (1-based)
+            
+        Returns:
+            Delay in seconds
+        """
+        # Check for Retry-After header
+        retry_after = response.headers.get('Retry-After')
+        if retry_after:
+            try:
+                return float(retry_after)
+            except ValueError:
+                pass
+        
+        # Exponential backoff: 1s, 2s, 4s, etc.
+        return min(2 ** (attempt - 1), 60)  # Cap at 60 seconds
+    
+    def _make_request_with_retry(self, method: str, endpoint: str, base_url: Optional[str] = None, max_retries: int = 3, **kwargs) -> requests.Response:
+        """Make a request with retry logic and logging.
+        
+        Args:
+            method: HTTP method
+            endpoint: API endpoint path
+            base_url: Base URL to use
+            max_retries: Maximum number of retries
+            **kwargs: Additional arguments for requests
+            
+        Returns:
+            Response object
+            
+        Raises:
+            requests.RequestException: If all retries fail
+        """
+        if base_url is None:
+            base_url = self.base_url
+        url = f"{base_url.rstrip('/')}/{endpoint.lstrip('/')}"
+        
+        last_exception = None
+        
+        for attempt in range(1, max_retries + 1):
+            try:
+                # Add default timeout if not specified
+                if 'timeout' not in kwargs:
+                    kwargs['timeout'] = 30
+                
+                if attempt > 1:
+                    self.logger.info(f"Retry attempt {attempt}/{max_retries} for {method} {endpoint}")
+                
+                response = self.session.request(method, url, **kwargs)
+                
+                # Check if we should retry
+                if not response.ok and self._should_retry(response, attempt, max_retries):
+                    delay = self._get_retry_delay(response, attempt)
+                    
+                    if response.status_code == 429:
+                        self.logger.warning(f"Rate limited (429) on {method} {endpoint}, retrying in {delay}s")
+                    elif response.status_code >= 500:
+                        self.logger.warning(f"Server error ({response.status_code}) on {method} {endpoint}, retrying in {delay}s")
+                    
+                    time.sleep(delay)
+                    continue
+                
+                # Success or non-retryable error
+                return response
+                
+            except requests.RequestException as e:
+                last_exception = e
+                if attempt < max_retries:
+                    delay = self._get_retry_delay(None, attempt) if hasattr(e, 'response') and e.response else 2 ** (attempt - 1)
+                    self.logger.warning(f"Request failed on attempt {attempt}/{max_retries}: {e}, retrying in {delay}s")
+                    time.sleep(delay)
+                else:
+                    self.logger.error(f"Request failed after {max_retries} attempts: {e}")
+                    raise
+        
+        # This shouldn't be reached, but just in case
+        if last_exception:
+            raise last_exception
+        else:
+            raise requests.RequestException(f"Request failed after {max_retries} attempts")
+    
+    def _log_response(self, method: str, url: str, request_kwargs: Dict[str, Any], response: requests.Response):
+        """Log API request and response to file."""
+        if not self.log_responses:
+            return
+            
+        try:
+            # Extract endpoint info
+            if '/api/v1' in url:
+                path = url.split('/api/v1')[1]
+                api_version = 'v1'
+            elif '/api/v2' in url:
+                path = url.split('/api/v2')[1]
+                api_version = 'v2'
+            else:
+                return  # Skip non-API URLs
+            
+            # Replace UUIDs with placeholders
+            uuid_pattern = r'[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'
+            pattern = re.sub(uuid_pattern, '{id}', path, flags=re.IGNORECASE)
+            
+            # Prepare response data
+            response_data = None
+            if response.text:
+                try:
+                    response_data = response.json()
+                except json.JSONDecodeError:
+                    response_data = response.text
+            
+            # Prepare request data
+            request_data = None
+            if 'json' in request_kwargs:
+                request_data = request_kwargs['json']
+            elif 'data' in request_kwargs:
+                request_data = request_kwargs['data']
+            
+            # Create capture record
+            capture_record = {
+                'timestamp': datetime.now().isoformat(),
+                'method': method,
+                'url': url,
+                'endpoint_pattern': pattern,
+                'api_version': api_version,
+                'request': {
+                    'headers': dict(response.request.headers) if response.request else {},
+                    'body': request_data
+                },
+                'response': {
+                    'status_code': response.status_code,
+                    'headers': dict(response.headers),
+                    'body': response_data
+                }
+            }
+            
+            # Generate filename
+            method_lower = method.lower()
+            pattern_clean = pattern.replace('/', '_').replace('{id}', 'id').strip('_')
+            if not pattern_clean:
+                pattern_clean = 'root'
+            
+            timestamp = datetime.now().strftime('%H%M%S')
+            filename = f"{api_version}_{method_lower}_{pattern_clean}_{response.status_code}_{timestamp}.json"
+            
+            # Save to file
+            filepath = self.log_dir / filename
+            with open(filepath, 'w', encoding='utf-8') as f:
+                json.dump(capture_record, f, indent=2, ensure_ascii=False)
+            
+            self.logger.info(f"Response captured: {method} {pattern} -> {filename}")
+            
+        except Exception as e:
+            self.logger.error(f"Error logging response: {e}")
+    
+    def _make_request(self, method: str, endpoint: str, base_url: Optional[str] = None, **kwargs) -> Dict[str, Any]:
+        """Make a request to the API.
+        
+        Args:
+            method: HTTP method (GET, POST, etc.)
+            endpoint: API endpoint path
+            base_url: Base URL to use (defaults to v2 API)
+            **kwargs: Additional arguments for requests
+            
+        Returns:
+            JSON response data
+            
+        Raises:
+            requests.RequestException: If the request fails
+        """
+        if base_url is None:
+            base_url = self.base_url
+        url = f"{base_url.rstrip('/')}/{endpoint.lstrip('/')}"
+        
+        # Log request start
+        self.logger.debug(f"API request: {method} {endpoint}")
+        
+        # Merge any additional headers with session headers
+        if 'headers' in kwargs:
+            headers = self.session.headers.copy()
+            headers.update(kwargs['headers'])
+            kwargs['headers'] = headers
+        
+        # Log request details (sanitized)
+        if self.logger.isEnabledFor(logging.DEBUG):
+            sanitized_headers = self._sanitize_headers(kwargs.get('headers', self.session.headers))
+            self.logger.debug(f"Request headers: {sanitized_headers}")
+            
+            # Log request body if present
+            if 'json' in kwargs:
+                self.logger.debug(f"Request body (JSON): {kwargs['json']}")
+            elif 'data' in kwargs:
+                self.logger.debug(f"Request body (data): {kwargs['data']}")
+        
+        start_time = time.time()
+        response = None
+        
+        try:
+            # Add default timeout if not specified
+            if 'timeout' not in kwargs:
+                kwargs['timeout'] = 30
+            response = self.session.request(method, url, **kwargs)
+            response_time = time.time() - start_time
+            
+            # Log successful response
+            log_api_request(
+                self.logger,
+                method=method,
+                url=url,
+                status_code=response.status_code,
+                response_time=response_time
+            )
+            
+            # Log response details
+            if self.logger.isEnabledFor(logging.DEBUG):
+                content_length = len(response.content) if response.content else 0
+                self.logger.debug(f"Response: {response.status_code} ({response_time:.3f}s, {content_length} bytes)")
+                
+                # Log response headers (sanitized)
+                sanitized_response_headers = self._sanitize_headers(dict(response.headers))
+                self.logger.debug(f"Response headers: {sanitized_response_headers}")
+            
+            response.raise_for_status()
+            
+            # Log the response if enabled
+            self._log_response(method, url, kwargs, response)
+            
+            # Handle empty responses
+            if not response.text.strip():
+                return {}
+            
+            return response.json()
+            
+        except requests.RequestException as e:
+            response_time = time.time() - start_time
+            
+            # Log failed request
+            status_code = response.status_code if response else None
+            log_api_request(
+                self.logger,
+                method=method,
+                url=url,
+                status_code=status_code,
+                response_time=response_time,
+                error=e
+            )
+            
+            # Let the original exceptions bubble up unchanged for better error handling
+            raise
+    
+    def _make_request_raw(self, method: str, endpoint: str, base_url: Optional[str] = None, **kwargs) -> str:
+        """Make a request to the API and return raw text response.
+        
+        Args:
+            method: HTTP method (GET, POST, etc.)
+            endpoint: API endpoint path
+            base_url: Base URL to use (defaults to v2 API)
+            **kwargs: Additional arguments for requests
+            
+        Returns:
+            Raw response text
+            
+        Raises:
+            requests.RequestException: If the request fails
+        """
+        if base_url is None:
+            base_url = self.base_url
+        url = f"{base_url.rstrip('/')}/{endpoint.lstrip('/')}"
+        
+        # Log request start
+        self.logger.debug(f"API request (raw): {method} {endpoint}")
+        start_time = time.time()
+        response = None
+        
+        try:
+            # Add default timeout if not specified
+            if 'timeout' not in kwargs:
+                kwargs['timeout'] = 30
+            response = self.session.request(method, url, **kwargs)
+            response_time = time.time() - start_time
+            
+            # Log successful response
+            log_api_request(
+                self.logger,
+                method=method,
+                url=url,
+                status_code=response.status_code,
+                response_time=response_time
+            )
+            
+            response.raise_for_status()
+            return response.text
+            
+        except requests.RequestException as e:
+            response_time = time.time() - start_time
+            status_code = response.status_code if response else None
+            
+            # Log failed request
+            log_api_request(
+                self.logger,
+                method=method,
+                url=url,
+                status_code=status_code,
+                response_time=response_time,
+                error=e
+            )
+            
+            # Re-raise the original exception without modifying it
+            # This preserves the original error information for proper handling
+            # by the error handling layer which will provide user-friendly messages
+            raise
+    
+    def _make_request_binary(self, method: str, endpoint: str, base_url: Optional[str] = None, **kwargs) -> bytes:
+        """Make a request to the API and return binary response.
+        
+        Args:
+            method: HTTP method (GET, POST, etc.)
+            endpoint: API endpoint path
+            base_url: Base URL to use (defaults to v2 API)
+            **kwargs: Additional arguments for requests
+            
+        Returns:
+            Binary response content
+            
+        Raises:
+            requests.RequestException: If the request fails
+        """
+        if base_url is None:
+            base_url = self.base_url
+        url = f"{base_url.rstrip('/')}/{endpoint.lstrip('/')}"
+        
+        # Log request start
+        self.logger.debug(f"API request (binary): {method} {endpoint}")
+        start_time = time.time()
+        response = None
+        
+        try:
+            # Add default timeout if not specified
+            if 'timeout' not in kwargs:
+                kwargs['timeout'] = 30
+            response = self.session.request(method, url, **kwargs)
+            response_time = time.time() - start_time
+            
+            # Log successful response
+            log_api_request(
+                self.logger,
+                method=method,
+                url=url,
+                status_code=response.status_code,
+                response_time=response_time
+            )
+            
+            # Log binary response size
+            if self.logger.isEnabledFor(logging.DEBUG):
+                content_length = len(response.content) if response.content else 0
+                self.logger.debug(f"Binary response: {response.status_code} ({response_time:.3f}s, {content_length} bytes)")
+            
+            response.raise_for_status()
+            return response.content
+            
+        except requests.RequestException as e:
+            response_time = time.time() - start_time
+            status_code = response.status_code if response else None
+            
+            # Log failed request
+            log_api_request(
+                self.logger,
+                method=method,
+                url=url,
+                status_code=status_code,
+                response_time=response_time,
+                error=e
+            )
+            
+            # Re-raise the original exception without modifying it
+            # This preserves the original error information for proper handling
+            # by the error handling layer which will provide user-friendly messages
+            raise

iriusrisk_cli/api/countermeasure_client.py

@@ -0,0 +1,169 @@
+"""Countermeasure-specific API client for IriusRisk API."""
+
+from typing import Dict, Any, Optional
+
+from .base_client import BaseApiClient
+from ..config import Config
+
+
+class CountermeasureApiClient(BaseApiClient):
+    """API client for countermeasure-specific operations."""
+    
+    def __init__(self, config: Optional[Config] = None):
+        """Initialize the countermeasure API client.
+        
+        Args:
+            config: Configuration instance (creates new one if not provided)
+        """
+        super().__init__(config)
+    
+    def get_countermeasures(self,
+                           project_id: str,
+                           page: int = 0,
+                           size: int = 20,
+                           filter_expression: Optional[str] = None) -> Dict[str, Any]:
+        """Get countermeasures for a specific project with optional filtering and pagination."""
+        # Log operation start
+        self.logger.info(f"Retrieving countermeasures for project {project_id} (page={page}, size={size})")
+        if filter_expression:
+            self.logger.debug(f"Using filter expression: {filter_expression}")
+        
+        params = {
+            'page': page,
+            'size': size
+        }
+
+        # Use V2 API countermeasures query endpoint (POST with filter body)
+        filter_body = {
+            "filters": {
+                "all": {
+                    "testResults": [],
+                    "states": [],
+                    "priorities": [],
+                    "testExpiryDateStates": [],
+                    "issueStates": [],
+                    "owners": [],
+                    "tags": [],
+                    "customFieldValues": []
+                },
+                "any": {
+                    "components": [],
+                    "threats": [],
+                    "useCases": []
+                }
+            }
+        }
+
+        result = self._make_request('POST', f'/projects/{project_id}/countermeasures/query', params=params, json=filter_body)
+        
+        # Log results
+        if result and '_embedded' in result and 'countermeasures' in result['_embedded']:
+            countermeasure_count = len(result['_embedded']['countermeasures'])
+            total_elements = result.get('page', {}).get('totalElements', 'unknown')
+            self.logger.info(f"Retrieved {countermeasure_count} countermeasures (total: {total_elements})")
+        
+        return result
+
+    def get_countermeasure(self, project_id: str, countermeasure_id: str) -> Dict[str, Any]:
+        """Get a specific countermeasure by ID within a project."""
+        # Use V2 API for countermeasures endpoint - individual countermeasures use direct path without project-id
+        return self._make_request('GET', f'/projects/countermeasures/{countermeasure_id}')
+    
+    def update_countermeasure_state(self, countermeasure_id: str, state_transition: str, reason: Optional[str] = None, comment: Optional[str] = None) -> Dict[str, Any]:
+        """Update the state of a countermeasure.
+        
+        Args:
+            countermeasure_id: Countermeasure ID (UUID)
+            state_transition: New state transition (e.g., 'required', 'recommended', 'implemented', 'rejected', 'not-applicable')
+            reason: Optional reason for the state change
+            comment: Optional detailed comment with implementation details
+            
+        Returns:
+            Response data from the API
+        """
+        # Log operation start
+        self.logger.info(f"Updating countermeasure {countermeasure_id} state to '{state_transition}'")
+        if reason:
+            self.logger.debug(f"Update reason: {reason}")
+        if comment:
+            self.logger.debug(f"Update comment provided (length: {len(comment)} chars)")
+        
+        endpoint = f"/projects/countermeasures/{countermeasure_id}/state"
+        
+        # Prepare request body - countermeasures only support stateTransition
+        body = {"stateTransition": state_transition}
+        
+        # Note: Based on API testing, countermeasures don't support reason/comment fields
+        # The comments are stored in our local tracking but not sent to IriusRisk
+        # This is a limitation of the IriusRisk countermeasure API
+        
+        try:
+            result = self._make_request("PUT", endpoint, json=body)
+            self.logger.info(f"Successfully updated countermeasure {countermeasure_id} state to '{state_transition}'")
+            return result
+        except Exception as e:
+            if hasattr(e, 'response') and e.response is not None:
+                if e.response.status_code == 404:
+                    error_msg = f"Countermeasure '{countermeasure_id}' not found"
+                elif e.response.status_code == 400:
+                    error_msg = f"Invalid state transition '{state_transition}' for countermeasure '{countermeasure_id}'"
+                else:
+                    error_msg = f"HTTP {e.response.status_code}: {e.response.text}"
+            else:
+                error_msg = str(e)
+            raise Exception(f"Failed to update countermeasure state: {error_msg}")
+    
+    def create_countermeasure_comment(self, countermeasure_id: str, comment: str) -> Dict[str, Any]:
+        """Create a comment for a countermeasure.
+        
+        Args:
+            countermeasure_id: Countermeasure ID (UUID)
+            comment: Comment text (can include HTML)
+            
+        Returns:
+            Response data from the API
+        """
+        endpoint = "/projects/countermeasures/comments"
+        
+        body = {
+            "countermeasure": {
+                "id": countermeasure_id
+            },
+            "comment": comment
+        }
+        
+        try:
+            return self._make_request("POST", endpoint, json=body)
+        except Exception as e:
+            if hasattr(e, 'response') and e.response is not None:
+                if e.response.status_code == 404:
+                    error_msg = f"Countermeasure '{countermeasure_id}' not found"
+                else:
+                    error_msg = f"HTTP {e.response.status_code}: {e.response.text}"
+            else:
+                error_msg = str(e)
+            raise Exception(f"Failed to create countermeasure comment: {error_msg}")
+    
+    def create_countermeasure_issue(self, project_id: str, countermeasure_id: str, issue_tracker_id: Optional[str] = None) -> Dict[str, Any]:
+        """Create an issue in the configured issue tracker for a countermeasure.
+        
+        Args:
+            project_id: Project UUID
+            countermeasure_id: Countermeasure UUID
+            issue_tracker_id: Optional issue tracker ID to use
+            
+        Returns:
+            Issue creation response (may be empty if successful)
+        """
+        if issue_tracker_id:
+            # Use bulk API to specify issue tracker (async operation)
+            data = {
+                'countermeasureIds': [countermeasure_id],
+                'issueTrackerProfileId': issue_tracker_id
+            }
+            headers = {'X-Irius-Async': 'true'}  # This is an async operation
+            return self._make_request('POST', f'/projects/{project_id}/countermeasures/create-issues/bulk', 
+                                    json=data, headers=headers)
+        else:
+            # Use single countermeasure API (uses project's default issue tracker)
+            return self._make_request('POST', f'/projects/countermeasures/{countermeasure_id}/create-issue', json={})

iriusrisk_cli/api/health_client.py

@@ -0,0 +1,23 @@
+"""Health API client for IriusRisk CLI."""
+
+from .base_client import BaseApiClient
+
+
+class HealthApiClient(BaseApiClient):
+    """API client for health-related endpoints."""
+    
+    def get_health(self):
+        """Get health status from IriusRisk.
+        
+        Returns:
+            dict: Health status response
+        """
+        return self._make_request('GET', '/health')
+    
+    def get_info(self):
+        """Get instance info from IriusRisk.
+        
+        Returns:
+            dict: Instance info response
+        """
+        return self._make_request('GET', '/info')