PyPI - kekkai-cli - Versions diffs - 1.1.0__py3-none-any.whl → 1.1.1__py3-none-any.whl - Mend

kekkai-cli 1.1.0py3-none-any.whl → 1.1.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

kekkai/cli.py +124 -33
kekkai/dojo_import.py +9 -1
kekkai/output.py +1 -1
kekkai/report/unified.py +226 -0
kekkai/triage/__init__.py +54 -1
kekkai/triage/loader.py +196 -0
{kekkai_cli-1.1.0.dist-info → kekkai_cli-1.1.1.dist-info}/METADATA +33 -13
{kekkai_cli-1.1.0.dist-info → kekkai_cli-1.1.1.dist-info}/RECORD +11 -27
{kekkai_cli-1.1.0.dist-info → kekkai_cli-1.1.1.dist-info}/entry_points.txt +0 -1
{kekkai_cli-1.1.0.dist-info → kekkai_cli-1.1.1.dist-info}/top_level.txt +0 -1
portal/__init__.py +0 -19
portal/api.py +0 -155
portal/auth.py +0 -103
portal/enterprise/__init__.py +0 -45
portal/enterprise/audit.py +0 -435
portal/enterprise/licensing.py +0 -408
portal/enterprise/rbac.py +0 -276
portal/enterprise/saml.py +0 -595
portal/ops/__init__.py +0 -53
portal/ops/backup.py +0 -553
portal/ops/log_shipper.py +0 -469
portal/ops/monitoring.py +0 -517
portal/ops/restore.py +0 -469
portal/ops/secrets.py +0 -408
portal/ops/upgrade.py +0 -591
portal/tenants.py +0 -340
portal/uploads.py +0 -259
portal/web.py +0 -393
{kekkai_cli-1.1.0.dist-info → kekkai_cli-1.1.1.dist-info}/WHEEL +0 -0

portal/web.py DELETED Viewed

@@ -1,393 +0,0 @@
-"""Portal WSGI web application with Kekkai theming.
-Provides:
-- Upload API endpoint (POST /api/v1/upload)
-- Dashboard with Kekkai branding
-- Static asset serving
-"""
-from __future__ import annotations
-import json
-import logging
-import os
-import re
-from collections.abc import Callable, Iterable
-from pathlib import Path
-from typing import Any, BinaryIO, cast
-from jinja2 import Environment, FileSystemLoader, select_autoescape
-from .api import get_tenant_info, get_tenant_stats, list_uploads
-from .auth import authenticate_request
-from .tenants import Tenant, TenantStore
-from .uploads import process_upload, validate_upload
-try:
-    from .enterprise import ENTERPRISE_AVAILABLE
-    from .enterprise import rbac as enterprise_rbac
-    from .enterprise import saml as enterprise_saml
-except ImportError:
-    ENTERPRISE_AVAILABLE = False
-    enterprise_saml = None  # type: ignore[assignment]
-    enterprise_rbac = None  # type: ignore[assignment]
-logger = logging.getLogger(__name__)
-Environ = dict[str, Any]
-StartResponse = Callable[[str, list[tuple[str, str]]], Callable[[bytes], Any]]
-STATIC_DIR = Path(__file__).parent / "static"
-TEMPLATES_DIR = Path(__file__).parent / "templates"
-SECURE_HEADERS = [
-    ("X-Content-Type-Options", "nosniff"),
-    ("X-Frame-Options", "DENY"),
-    ("X-XSS-Protection", "1; mode=block"),
-    ("Referrer-Policy", "strict-origin-when-cross-origin"),
-    (
-        "Content-Security-Policy",
-        "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:",
-    ),
-]
-MULTIPART_BOUNDARY_PATTERN = re.compile(r"boundary=([^\s;]+)", re.IGNORECASE)
-class PortalApp:
-    """Kekkai Portal WSGI Application."""
-    def __init__(self, tenant_store: TenantStore) -> None:
-        self._tenant_store = tenant_store
-        self._jinja_env = Environment(
-            loader=FileSystemLoader(TEMPLATES_DIR),
-            autoescape=select_autoescape(["html", "xml"]),
-        )
-    def __call__(self, environ: Environ, start_response: StartResponse) -> Iterable[bytes]:
-        path = str(environ.get("PATH_INFO", "/"))
-        method = str(environ.get("REQUEST_METHOD", "GET"))
-        if path.startswith("/static/"):
-            return self._serve_static(path, start_response)
-        if path == "/api/v1/upload" and method == "POST":
-            return self._handle_upload(environ, start_response)
-        if path == "/api/v1/health":
-            return self._handle_health(start_response)
-        if path == "/api/v1/tenant/info" and method == "GET":
-            return self._handle_tenant_info(environ, start_response)
-        if path == "/api/v1/uploads" and method == "GET":
-            return self._handle_list_uploads(environ, start_response)
-        if path == "/api/v1/stats" and method == "GET":
-            return self._handle_stats(environ, start_response)
-        if path == "/" and method == "GET":
-            return self._serve_dashboard(environ, start_response)
-        return self._not_found(start_response)
-    def _handle_upload(self, environ: Environ, start_response: StartResponse) -> Iterable[bytes]:
-        """Handle file upload with authentication and validation."""
-        client_ip = str(environ.get("REMOTE_ADDR", "unknown"))
-        headers = _extract_headers(environ)
-        auth_result = authenticate_request(headers, self._tenant_store, client_ip)
-        if not auth_result.authenticated or not auth_result.tenant:
-            return self._unauthorized(start_response, auth_result.error or "Unauthorized")
-        tenant = auth_result.tenant
-        content_type = headers.get("content-type", "")
-        content_length = int(environ.get("CONTENT_LENGTH", 0) or 0)
-        if content_length > tenant.max_upload_size_mb * 1024 * 1024:
-            return self._error_response(
-                start_response,
-                413,
-                f"File too large. Maximum: {tenant.max_upload_size_mb}MB",
-            )
-        input_stream = environ.get("wsgi.input")
-        if not input_stream or content_length == 0:
-            return self._error_response(start_response, 400, "No file provided")
-        body = cast(BinaryIO, input_stream).read(content_length)
-        if "multipart/form-data" in content_type:
-            filename, file_content = _parse_multipart(body, content_type)
-        else:
-            filename = headers.get("x-filename", "upload.json")
-            file_content = body
-        if not filename or not file_content:
-            return self._error_response(start_response, 400, "Invalid upload")
-        validation = validate_upload(filename, content_type, file_content, tenant)
-        if not validation.success:
-            return self._error_response(
-                start_response, 400, validation.error or "Validation failed"
-            )
-        result = process_upload(filename, file_content, tenant)
-        if not result.success:
-            return self._error_response(start_response, 500, result.error or "Upload failed")
-        logger.info(
-            "upload.complete tenant=%s upload_id=%s",
-            tenant.id,
-            result.upload_id,
-        )
-        response_data = {
-            "success": True,
-            "upload_id": result.upload_id,
-            "file_hash": result.file_hash,
-            "tenant_id": tenant.id,
-            "dojo_product_id": tenant.dojo_product_id,
-            "dojo_engagement_id": tenant.dojo_engagement_id,
-        }
-        return self._json_response(start_response, 200, response_data)
-    def _handle_health(self, start_response: StartResponse) -> Iterable[bytes]:
-        """Health check endpoint."""
-        return self._json_response(start_response, 200, {"status": "healthy"})
-    def _handle_tenant_info(
-        self, environ: Environ, start_response: StartResponse
-    ) -> Iterable[bytes]:
-        """Get current tenant information."""
-        headers = _extract_headers(environ)
-        client_ip = str(environ.get("REMOTE_ADDR", "unknown"))
-        auth_result = authenticate_request(headers, self._tenant_store, client_ip)
-        if not auth_result.authenticated or not auth_result.tenant:
-            return self._unauthorized(start_response, auth_result.error or "Unauthorized")
-        tenant_info = get_tenant_info(auth_result.tenant)
-        return self._json_response(start_response, 200, tenant_info)
-    def _handle_list_uploads(
-        self, environ: Environ, start_response: StartResponse
-    ) -> Iterable[bytes]:
-        """List recent uploads for authenticated tenant."""
-        headers = _extract_headers(environ)
-        client_ip = str(environ.get("REMOTE_ADDR", "unknown"))
-        auth_result = authenticate_request(headers, self._tenant_store, client_ip)
-        if not auth_result.authenticated or not auth_result.tenant:
-            return self._unauthorized(start_response, auth_result.error or "Unauthorized")
-        # Parse limit parameter from query string
-        query_string = str(environ.get("QUERY_STRING", ""))
-        limit = 50
-        if "limit=" in query_string:
-            try:
-                limit_str = query_string.split("limit=")[1].split("&")[0]
-                limit = min(int(limit_str), 100)  # Cap at 100
-            except (ValueError, IndexError):
-                pass
-        uploads = list_uploads(auth_result.tenant, limit)
-        return self._json_response(start_response, 200, {"uploads": uploads})
-    def _handle_stats(self, environ: Environ, start_response: StartResponse) -> Iterable[bytes]:
-        """Get statistics for authenticated tenant."""
-        headers = _extract_headers(environ)
-        client_ip = str(environ.get("REMOTE_ADDR", "unknown"))
-        auth_result = authenticate_request(headers, self._tenant_store, client_ip)
-        if not auth_result.authenticated or not auth_result.tenant:
-            return self._unauthorized(start_response, auth_result.error or "Unauthorized")
-        stats = get_tenant_stats(auth_result.tenant)
-        return self._json_response(start_response, 200, stats)
-    def _serve_dashboard(self, environ: Environ, start_response: StartResponse) -> Iterable[bytes]:
-        """Serve the Kekkai-themed dashboard."""
-        headers = _extract_headers(environ)
-        client_ip = str(environ.get("REMOTE_ADDR", "unknown"))
-        auth_result = authenticate_request(headers, self._tenant_store, client_ip)
-        tenant = auth_result.tenant if auth_result.authenticated else None
-        content = self._render_template(tenant)
-        response_headers = [("Content-Type", "text/html; charset=utf-8")] + SECURE_HEADERS
-        start_response("200 OK", response_headers)
-        return [content.encode("utf-8")]
-    def _render_template(self, tenant: Tenant | None) -> str:
-        """Render dashboard or login template based on authentication."""
-        if tenant:
-            template = self._jinja_env.get_template("dashboard.html")
-            return str(template.render(tenant=tenant.to_dict()))
-        else:
-            template = self._jinja_env.get_template("login.html")
-            return str(template.render())
-    def _serve_static(self, path: str, start_response: StartResponse) -> Iterable[bytes]:
-        """Serve static assets with security checks."""
-        relative_path = path.removeprefix("/static/")
-        if ".." in relative_path or relative_path.startswith("/"):
-            return self._not_found(start_response)
-        file_path = STATIC_DIR / relative_path
-        try:
-            resolved = file_path.resolve()
-            if not resolved.is_relative_to(STATIC_DIR.resolve()):
-                return self._not_found(start_response)
-        except (ValueError, OSError):
-            return self._not_found(start_response)
-        if not file_path.exists() or not file_path.is_file():
-            return self._not_found(start_response)
-        content_type = _get_content_type(file_path.suffix)
-        content = file_path.read_bytes()
-        response_headers = [("Content-Type", content_type)] + SECURE_HEADERS
-        start_response("200 OK", response_headers)
-        return [content]
-    def _json_response(
-        self,
-        start_response: StartResponse,
-        status_code: int,
-        data: dict[str, Any],
-    ) -> Iterable[bytes]:
-        """Send a JSON response."""
-        status = f"{status_code} {'OK' if status_code == 200 else 'Error'}"
-        response_headers = [("Content-Type", "application/json")] + SECURE_HEADERS
-        start_response(status, response_headers)
-        return [json.dumps(data).encode("utf-8")]
-    def _error_response(
-        self,
-        start_response: StartResponse,
-        status_code: int,
-        message: str,
-    ) -> Iterable[bytes]:
-        """Send an error response."""
-        return self._json_response(
-            start_response,
-            status_code,
-            {"success": False, "error": message},
-        )
-    def _unauthorized(self, start_response: StartResponse, message: str) -> Iterable[bytes]:
-        """Send 401 Unauthorized response."""
-        response_headers = [
-            ("Content-Type", "application/json"),
-            ("WWW-Authenticate", "Bearer"),
-        ] + SECURE_HEADERS
-        start_response("401 Unauthorized", response_headers)
-        return [json.dumps({"success": False, "error": message}).encode("utf-8")]
-    def _not_found(self, start_response: StartResponse) -> Iterable[bytes]:
-        """Send 404 Not Found response."""
-        return self._error_response(start_response, 404, "Not found")
-def create_app(tenant_store_path: Path | None = None) -> PortalApp:
-    """Create a configured PortalApp instance."""
-    store_path = tenant_store_path or Path(
-        os.environ.get("PORTAL_TENANT_STORE", "/var/lib/kekkai-portal/tenants.json")
-    )
-    tenant_store = TenantStore(store_path)
-    return PortalApp(tenant_store)
-def main() -> int:
-    """Run the portal development server."""
-    from wsgiref.simple_server import make_server
-    host = os.environ.get("PORTAL_HOST", "127.0.0.1")
-    port = int(os.environ.get("PORTAL_PORT", "8000"))
-    tenant_store = os.environ.get("PORTAL_TENANT_STORE")
-    store_path = Path(tenant_store) if tenant_store else None
-    app = create_app(store_path)
-    print(f"Starting Kekkai Portal on http://{host}:{port}")
-    print("Press Ctrl+C to stop")
-    with make_server(host, port, app) as httpd:
-        try:
-            httpd.serve_forever()
-        except KeyboardInterrupt:
-            print("\nShutting down...")
-    return 0
-if __name__ == "__main__":
-    import sys
-    sys.exit(main())
-def _extract_headers(environ: Environ) -> dict[str, str]:
-    """Extract HTTP headers from WSGI environ."""
-    headers: dict[str, str] = {}
-    for key, value in environ.items():
-        if key.startswith("HTTP_"):
-            header_name = key[5:].replace("_", "-").lower()
-            headers[header_name] = str(value)
-        elif key == "CONTENT_TYPE":
-            headers["content-type"] = str(value)
-        elif key == "CONTENT_LENGTH":
-            headers["content-length"] = str(value)
-    return headers
-def _parse_multipart(body: bytes, content_type: str) -> tuple[str | None, bytes | None]:
-    """Parse multipart form data to extract file."""
-    match = MULTIPART_BOUNDARY_PATTERN.search(content_type)
-    if not match:
-        return None, None
-    boundary = match.group(1).encode()
-    if boundary.startswith(b'"') and boundary.endswith(b'"'):
-        boundary = boundary[1:-1]
-    parts = body.split(b"--" + boundary)
-    for part in parts:
-        if b"Content-Disposition" not in part:
-            continue
-        header_end = part.find(b"\r\n\r\n")
-        if header_end == -1:
-            continue
-        headers_raw = part[:header_end].decode("utf-8", errors="replace")
-        content = part[header_end + 4 :]
-        if content.endswith(b"\r\n"):
-            content = content[:-2]
-        filename_match = re.search(r'filename="([^"]+)"', headers_raw)
-        if filename_match:
-            return filename_match.group(1), content
-    return None, None
-def _get_content_type(extension: str) -> str:
-    """Get MIME type for file extension."""
-    types = {
-        ".css": "text/css",
-        ".js": "application/javascript",
-        ".png": "image/png",
-        ".jpg": "image/jpeg",
-        ".jpeg": "image/jpeg",
-        ".svg": "image/svg+xml",
-        ".ico": "image/x-icon",
-        ".woff": "font/woff",
-        ".woff2": "font/woff2",
-    }
-    return types.get(extension.lower(), "application/octet-stream")

{kekkai_cli-1.1.0.dist-info → kekkai_cli-1.1.1.dist-info}/WHEEL RENAMED Viewed

File without changes

kekkai-cli 1.1.0__py3-none-any.whl → 1.1.1__py3-none-any.whl

kekkai-cli 1.1.0py3-none-any.whl → 1.1.1py3-none-any.whl