pangea-sdk 3.8.0b4__py3-none-any.whl → 4.0.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pangea/__init__.py +1 -2
- pangea/asyncio/request.py +17 -22
- pangea/asyncio/services/__init__.py +0 -2
- pangea/asyncio/services/audit.py +188 -23
- pangea/asyncio/services/authn.py +167 -108
- pangea/asyncio/services/authz.py +36 -45
- pangea/asyncio/services/embargo.py +2 -2
- pangea/asyncio/services/file_scan.py +3 -3
- pangea/asyncio/services/intel.py +44 -26
- pangea/asyncio/services/redact.py +60 -4
- pangea/asyncio/services/vault.py +145 -30
- pangea/dump_audit.py +1 -1
- pangea/request.py +30 -24
- pangea/response.py +34 -42
- pangea/services/__init__.py +0 -2
- pangea/services/audit/audit.py +202 -34
- pangea/services/audit/models.py +56 -8
- pangea/services/audit/util.py +3 -3
- pangea/services/authn/authn.py +116 -65
- pangea/services/authn/models.py +88 -4
- pangea/services/authz.py +51 -56
- pangea/services/base.py +23 -6
- pangea/services/embargo.py +2 -2
- pangea/services/file_scan.py +3 -2
- pangea/services/intel.py +25 -23
- pangea/services/redact.py +124 -4
- pangea/services/vault/models/common.py +121 -6
- pangea/services/vault/models/symmetric.py +2 -2
- pangea/services/vault/vault.py +143 -32
- pangea/utils.py +20 -109
- pangea/verify_audit.py +267 -83
- {pangea_sdk-3.8.0b4.dist-info → pangea_sdk-4.0.0.dist-info}/METADATA +12 -20
- pangea_sdk-4.0.0.dist-info/RECORD +46 -0
- {pangea_sdk-3.8.0b4.dist-info → pangea_sdk-4.0.0.dist-info}/WHEEL +1 -1
- pangea/asyncio/__init__.py +0 -1
- pangea/asyncio/file_uploader.py +0 -39
- pangea/asyncio/services/sanitize.py +0 -185
- pangea/asyncio/services/share.py +0 -573
- pangea/file_uploader.py +0 -35
- pangea/services/sanitize.py +0 -275
- pangea/services/share/file_format.py +0 -170
- pangea/services/share/share.py +0 -877
- pangea_sdk-3.8.0b4.dist-info/RECORD +0 -54
pangea/services/redact.py
CHANGED
@@ -1,9 +1,11 @@
|
|
1
1
|
# Copyright 2022 Pangea Cyber Corporation
|
2
2
|
# Author: Pangea Cyber Corporation
|
3
|
+
from __future__ import annotations
|
3
4
|
|
4
5
|
import enum
|
5
6
|
from typing import Dict, List, Optional, Union
|
6
7
|
|
8
|
+
from pangea.config import PangeaConfig
|
7
9
|
from pangea.response import APIRequestModel, APIResponseModel, PangeaResponse, PangeaResponseResult
|
8
10
|
from pangea.services.base import ServiceBase
|
9
11
|
|
@@ -15,6 +17,44 @@ class RedactFormat(str, enum.Enum):
|
|
15
17
|
"""JSON format."""
|
16
18
|
|
17
19
|
|
20
|
+
class RedactType(str, enum.Enum):
|
21
|
+
MASK = "mask"
|
22
|
+
PARTIAL_MASKING = "partial_masking"
|
23
|
+
REPLACEMENT = "replacement"
|
24
|
+
DETECT_ONLY = "detect_only"
|
25
|
+
HASH = "hash"
|
26
|
+
FPE = "fpe"
|
27
|
+
|
28
|
+
|
29
|
+
class FPEAlphabet(str, enum.Enum):
|
30
|
+
NUMERIC = "numeric"
|
31
|
+
ALPHANUMERICLOWER = "alphanumericlower"
|
32
|
+
ALPHANUMERIC = "alphanumeric"
|
33
|
+
|
34
|
+
|
35
|
+
class MaskingType(str, enum.Enum):
|
36
|
+
MASK = "mask"
|
37
|
+
UNMASK = "unmask"
|
38
|
+
|
39
|
+
|
40
|
+
class PartialMasking(APIRequestModel):
|
41
|
+
masking_type: Optional[MaskingType] = None
|
42
|
+
unmasked_from_left: Optional[int] = None
|
43
|
+
unmasked_from_right: Optional[int] = None
|
44
|
+
masked_from_left: Optional[int] = None
|
45
|
+
masked_from_right: Optional[int] = None
|
46
|
+
chars_to_ignore: Optional[List[str]] = None
|
47
|
+
masking_char: Optional[List[str]] = None
|
48
|
+
|
49
|
+
|
50
|
+
class RedactionMethodOverrides(APIRequestModel):
|
51
|
+
redaction_type: RedactType
|
52
|
+
hash: Optional[Dict] = None
|
53
|
+
fpe_alphabet: Optional[FPEAlphabet] = None
|
54
|
+
partial_masking: Optional[PartialMasking] = None
|
55
|
+
redaction_value: Optional[str] = None
|
56
|
+
|
57
|
+
|
18
58
|
class RedactRequest(APIRequestModel):
|
19
59
|
"""
|
20
60
|
Input class to make a redact request
|
@@ -25,6 +65,7 @@ class RedactRequest(APIRequestModel):
|
|
25
65
|
rules: Optional[List[str]] = None
|
26
66
|
rulesets: Optional[List[str]] = None
|
27
67
|
return_result: Optional[bool] = None
|
68
|
+
redaction_method_overrides: Optional[RedactionMethodOverrides] = None
|
28
69
|
|
29
70
|
|
30
71
|
class RecognizerResult(APIResponseModel):
|
@@ -92,6 +133,7 @@ class StructuredRequest(APIRequestModel):
|
|
92
133
|
rules: Optional[List[str]] = None
|
93
134
|
rulesets: Optional[List[str]] = None
|
94
135
|
return_result: Optional[bool] = None
|
136
|
+
redaction_method_overrides: Optional[RedactionMethodOverrides] = None
|
95
137
|
|
96
138
|
|
97
139
|
class StructuredResult(PangeaResponseResult):
|
@@ -105,6 +147,32 @@ class StructuredResult(PangeaResponseResult):
|
|
105
147
|
report: Optional[DebugReport] = None
|
106
148
|
|
107
149
|
|
150
|
+
class UnredactRequest(APIRequestModel):
|
151
|
+
"""
|
152
|
+
Class input to unredact data request
|
153
|
+
|
154
|
+
Arguments:
|
155
|
+
redacted_data: Data to unredact
|
156
|
+
fpe_context (base64): FPE context used to decrypt and unredact data
|
157
|
+
|
158
|
+
"""
|
159
|
+
|
160
|
+
redacted_data: RedactedData
|
161
|
+
fpe_context: str
|
162
|
+
|
163
|
+
|
164
|
+
RedactedData = Union[str, Dict]
|
165
|
+
|
166
|
+
|
167
|
+
class UnredactResult(PangeaResponseResult):
|
168
|
+
"""
|
169
|
+
Result class after an unredact request
|
170
|
+
|
171
|
+
"""
|
172
|
+
|
173
|
+
data: RedactedData
|
174
|
+
|
175
|
+
|
108
176
|
class Redact(ServiceBase):
|
109
177
|
"""Redact service client.
|
110
178
|
|
@@ -132,7 +200,24 @@ class Redact(ServiceBase):
|
|
132
200
|
|
133
201
|
service_name = "redact"
|
134
202
|
|
135
|
-
def __init__(
|
203
|
+
def __init__(
|
204
|
+
self, token: str, config: PangeaConfig | None = None, logger_name: str = "pangea", config_id: str | None = None
|
205
|
+
) -> None:
|
206
|
+
"""
|
207
|
+
Redact client
|
208
|
+
|
209
|
+
Initializes a new Redact client.
|
210
|
+
|
211
|
+
Args:
|
212
|
+
token: Pangea API token.
|
213
|
+
config: Configuration.
|
214
|
+
logger_name: Logger name.
|
215
|
+
config_id: Configuration ID.
|
216
|
+
|
217
|
+
Examples:
|
218
|
+
config = PangeaConfig(domain="pangea_domain")
|
219
|
+
redact = Redact(token="pangea_token", config=config)
|
220
|
+
"""
|
136
221
|
super().__init__(token, config, logger_name, config_id=config_id)
|
137
222
|
|
138
223
|
def redact(
|
@@ -142,6 +227,7 @@ class Redact(ServiceBase):
|
|
142
227
|
rules: Optional[List[str]] = None,
|
143
228
|
rulesets: Optional[List[str]] = None,
|
144
229
|
return_result: Optional[bool] = None,
|
230
|
+
redaction_method_overrides: Optional[RedactionMethodOverrides] = None,
|
145
231
|
) -> PangeaResponse[RedactResult]:
|
146
232
|
"""
|
147
233
|
Redact
|
@@ -157,6 +243,7 @@ class Redact(ServiceBase):
|
|
157
243
|
rules (list[str], optional): An array of redact rule short names
|
158
244
|
rulesets (list[str], optional): An array of redact rulesets short names
|
159
245
|
return_result(bool, optional): Setting this value to false will omit the redacted result only returning count
|
246
|
+
redaction_method_overrides: A set of redaction method overrides for any enabled rule. These methods override the config declared methods
|
160
247
|
|
161
248
|
Raises:
|
162
249
|
PangeaAPIException: If an API Error happens
|
@@ -170,8 +257,15 @@ class Redact(ServiceBase):
|
|
170
257
|
response = redact.redact(text="Jenny Jenny... 555-867-5309")
|
171
258
|
"""
|
172
259
|
|
173
|
-
input = RedactRequest(
|
174
|
-
|
260
|
+
input = RedactRequest(
|
261
|
+
text=text,
|
262
|
+
debug=debug,
|
263
|
+
rules=rules,
|
264
|
+
rulesets=rulesets,
|
265
|
+
return_result=return_result,
|
266
|
+
redaction_method_overrides=redaction_method_overrides,
|
267
|
+
)
|
268
|
+
return self.request.post("v1/redact", RedactResult, data=input.model_dump(exclude_none=True))
|
175
269
|
|
176
270
|
def redact_structured(
|
177
271
|
self,
|
@@ -182,6 +276,7 @@ class Redact(ServiceBase):
|
|
182
276
|
rules: Optional[List[str]] = None,
|
183
277
|
rulesets: Optional[List[str]] = None,
|
184
278
|
return_result: Optional[bool] = None,
|
279
|
+
redaction_method_overrides: Optional[RedactionMethodOverrides] = None,
|
185
280
|
) -> PangeaResponse[StructuredResult]:
|
186
281
|
"""
|
187
282
|
Redact structured
|
@@ -201,6 +296,7 @@ class Redact(ServiceBase):
|
|
201
296
|
rules (list[str], optional): An array of redact rule short names
|
202
297
|
rulesets (list[str], optional): An array of redact rulesets short names
|
203
298
|
return_result(bool, optional): Setting this value to false will omit the redacted result only returning count
|
299
|
+
redaction_method_overrides: A set of redaction method overrides for any enabled rule. These methods override the config declared methods
|
204
300
|
|
205
301
|
Raises:
|
206
302
|
PangeaAPIException: If an API Error happens
|
@@ -227,5 +323,29 @@ class Redact(ServiceBase):
|
|
227
323
|
rules=rules,
|
228
324
|
rulesets=rulesets,
|
229
325
|
return_result=return_result,
|
326
|
+
redaction_method_overrides=redaction_method_overrides,
|
230
327
|
)
|
231
|
-
return self.request.post("v1/redact_structured", StructuredResult, data=input.
|
328
|
+
return self.request.post("v1/redact_structured", StructuredResult, data=input.model_dump(exclude_none=True))
|
329
|
+
|
330
|
+
def unredact(self, redacted_data: RedactedData, fpe_context: str) -> PangeaResponse[UnredactResult]:
|
331
|
+
"""
|
332
|
+
Unredact
|
333
|
+
|
334
|
+
Decrypt or unredact fpe redactions
|
335
|
+
|
336
|
+
OperationId: redact_post_v1_unredact
|
337
|
+
|
338
|
+
Args:
|
339
|
+
redacted_data: Data to unredact
|
340
|
+
fpe_context (base64): FPE context used to decrypt and unredact data
|
341
|
+
|
342
|
+
Raises:
|
343
|
+
PangeaAPIException: If an API Error happens
|
344
|
+
|
345
|
+
Returns:
|
346
|
+
Pangea Response with redacted data in the response.result field,
|
347
|
+
available response fields can be found in our
|
348
|
+
[API Documentation](https://pangea.cloud/docs/api/redact#unredact)
|
349
|
+
"""
|
350
|
+
input = UnredactRequest(redacted_data=redacted_data, fpe_context=fpe_context)
|
351
|
+
return self.request.post("v1/unredact", UnredactResult, data=input.model_dump(exclude_none=True))
|
@@ -1,10 +1,10 @@
|
|
1
1
|
# Copyright 2022 Pangea Cyber Corporation
|
2
2
|
# Author: Pangea Cyber Corporation
|
3
|
-
|
3
|
+
|
4
4
|
import enum
|
5
5
|
from typing import Dict, Generic, List, NewType, Optional, TypeVar, Union
|
6
6
|
|
7
|
-
from pangea.response import APIRequestModel, PangeaResponseResult
|
7
|
+
from pangea.response import APIRequestModel, PangeaDateTime, PangeaResponseResult
|
8
8
|
|
9
9
|
# EncodedPublicKey is a PEM public key, with no further encoding (i.e. no base64)
|
10
10
|
# It may be used for example in openssh with no further processing
|
@@ -22,6 +22,8 @@ class KeyPurpose(str, enum.Enum):
|
|
22
22
|
SIGNING = "signing"
|
23
23
|
ENCRYPTION = "encryption"
|
24
24
|
JWT = "jwt"
|
25
|
+
FPE = "fpe"
|
26
|
+
"""Format-preserving encryption."""
|
25
27
|
|
26
28
|
def __str__(self):
|
27
29
|
return str(self.value)
|
@@ -84,6 +86,11 @@ class SymmetricAlgorithm(str, enum.Enum):
|
|
84
86
|
AES128_CBC = "AES-CBC-128"
|
85
87
|
AES256_CBC = "AES-CBC-256"
|
86
88
|
AES = "AES-CFB-128" # deprecated, use AES128_CFB instead
|
89
|
+
AES128_FF3_1_BETA = "AES-FF3-1-128-BETA"
|
90
|
+
"""128-bit encryption using the FF3-1 algorithm."""
|
91
|
+
|
92
|
+
AES256_FF3_1_BETA = "AES-FF3-1-256-BETA"
|
93
|
+
"""256-bit encryption using the FF3-1 algorithm."""
|
87
94
|
|
88
95
|
def __str__(self):
|
89
96
|
return str(self.value)
|
@@ -174,7 +181,7 @@ class CommonStoreRequest(APIRequestModel):
|
|
174
181
|
tags: Optional[Tags] = None
|
175
182
|
rotation_frequency: Optional[str] = None
|
176
183
|
rotation_state: Optional[ItemVersionState] = None
|
177
|
-
expiration: Optional[
|
184
|
+
expiration: Optional[PangeaDateTime] = None
|
178
185
|
|
179
186
|
|
180
187
|
class CommonStoreResult(PangeaResponseResult):
|
@@ -191,7 +198,7 @@ class CommonGenerateRequest(APIRequestModel):
|
|
191
198
|
tags: Optional[Tags] = None
|
192
199
|
rotation_frequency: Optional[str] = None
|
193
200
|
rotation_state: Optional[ItemVersionState] = None
|
194
|
-
expiration: Optional[
|
201
|
+
expiration: Optional[PangeaDateTime] = None
|
195
202
|
|
196
203
|
|
197
204
|
class CommonGenerateResult(PangeaResponseResult):
|
@@ -254,7 +261,7 @@ class ListItemData(ItemData):
|
|
254
261
|
class ListResult(PangeaResponseResult):
|
255
262
|
items: List[ListItemData] = []
|
256
263
|
count: int
|
257
|
-
last: Optional[str]
|
264
|
+
last: Optional[str] = None
|
258
265
|
|
259
266
|
|
260
267
|
class ListRequest(APIRequestModel):
|
@@ -305,7 +312,7 @@ class UpdateRequest(APIRequestModel):
|
|
305
312
|
rotation_frequency: Optional[str] = None
|
306
313
|
rotation_state: Optional[ItemVersionState] = None
|
307
314
|
rotation_grace_period: Optional[str] = None
|
308
|
-
expiration: Optional[
|
315
|
+
expiration: Optional[PangeaDateTime] = None
|
309
316
|
item_state: Optional[ItemState] = None
|
310
317
|
|
311
318
|
|
@@ -427,3 +434,111 @@ class EncryptStructuredResult(PangeaResponseResult, Generic[TDict]):
|
|
427
434
|
|
428
435
|
structured_data: TDict
|
429
436
|
"""Encrypted structured data."""
|
437
|
+
|
438
|
+
|
439
|
+
class TransformAlphabet(str, enum.Enum):
|
440
|
+
"""Set of characters to use for format-preserving encryption (FPE)."""
|
441
|
+
|
442
|
+
NUMERIC = "numeric"
|
443
|
+
"""Numeric (0-9)."""
|
444
|
+
|
445
|
+
ALPHA_LOWER = "alphalower"
|
446
|
+
"""Lowercase alphabet (a-z)."""
|
447
|
+
|
448
|
+
ALPHA_UPPER = "alphaupper"
|
449
|
+
"""Uppercase alphabet (A-Z)."""
|
450
|
+
|
451
|
+
ALPHANUMERIC_LOWER = "alphanumericlower"
|
452
|
+
"""Lowercase alphabet with numbers (a-z, 0-9)."""
|
453
|
+
|
454
|
+
ALPHANUMERIC_UPPER = "alphanumericupper"
|
455
|
+
"""Uppercase alphabet with numbers (A-Z, 0-9)."""
|
456
|
+
|
457
|
+
ALPHANUMERIC = "alphanumeric"
|
458
|
+
"""Alphanumeric (a-z, A-Z, 0-9)."""
|
459
|
+
|
460
|
+
def __str__(self) -> str:
|
461
|
+
return str(self.value)
|
462
|
+
|
463
|
+
def __repr__(self) -> str:
|
464
|
+
return str(self.value)
|
465
|
+
|
466
|
+
|
467
|
+
class EncryptTransformRequest(APIRequestModel):
|
468
|
+
id: str
|
469
|
+
"""The item ID."""
|
470
|
+
|
471
|
+
plain_text: str
|
472
|
+
"""A message to be encrypted."""
|
473
|
+
|
474
|
+
alphabet: TransformAlphabet
|
475
|
+
"""Set of characters to use for format-preserving encryption (FPE)."""
|
476
|
+
|
477
|
+
tweak: Optional[str] = None
|
478
|
+
"""
|
479
|
+
User provided tweak string. If not provided, a random string will be
|
480
|
+
generated and returned. The user must securely store the tweak source which
|
481
|
+
will be needed to decrypt the data.
|
482
|
+
"""
|
483
|
+
|
484
|
+
version: Optional[int] = None
|
485
|
+
"""The item version."""
|
486
|
+
|
487
|
+
|
488
|
+
class EncryptTransformResult(PangeaResponseResult):
|
489
|
+
id: str
|
490
|
+
"""The item ID."""
|
491
|
+
|
492
|
+
version: int
|
493
|
+
"""The item version."""
|
494
|
+
|
495
|
+
algorithm: str
|
496
|
+
"""The algorithm of the key."""
|
497
|
+
|
498
|
+
cipher_text: str
|
499
|
+
"""The encrypted message."""
|
500
|
+
|
501
|
+
tweak: str
|
502
|
+
"""
|
503
|
+
User provided tweak string. If not provided, a random string will be
|
504
|
+
generated and returned. The user must securely store the tweak source which
|
505
|
+
will be needed to decrypt the data.
|
506
|
+
"""
|
507
|
+
|
508
|
+
alphabet: str
|
509
|
+
"""Set of characters to use for format-preserving encryption (FPE)."""
|
510
|
+
|
511
|
+
|
512
|
+
class DecryptTransformRequest(APIRequestModel):
|
513
|
+
id: str
|
514
|
+
"""The item ID."""
|
515
|
+
|
516
|
+
cipher_text: str
|
517
|
+
"""A message encrypted by Vault."""
|
518
|
+
|
519
|
+
tweak: str
|
520
|
+
"""
|
521
|
+
User provided tweak string. If not provided, a random string will be
|
522
|
+
generated and returned. The user must securely store the tweak source which
|
523
|
+
will be needed to decrypt the data.
|
524
|
+
"""
|
525
|
+
|
526
|
+
alphabet: TransformAlphabet
|
527
|
+
"""Set of characters to use for format-preserving encryption (FPE)."""
|
528
|
+
|
529
|
+
version: Optional[int] = None
|
530
|
+
"""The item version."""
|
531
|
+
|
532
|
+
|
533
|
+
class DecryptTransformResult(PangeaResponseResult):
|
534
|
+
id: str
|
535
|
+
"""The item ID."""
|
536
|
+
|
537
|
+
version: int
|
538
|
+
"""The item version."""
|
539
|
+
|
540
|
+
algorithm: str
|
541
|
+
"""The algorithm of the key."""
|
542
|
+
|
543
|
+
plain_text: str
|
544
|
+
"""Decrypted message."""
|
@@ -39,7 +39,7 @@ class EncryptRequest(APIRequestModel):
|
|
39
39
|
id: str
|
40
40
|
plain_text: str
|
41
41
|
version: Optional[int] = None
|
42
|
-
additional_data: Optional[str]
|
42
|
+
additional_data: Optional[str] = None
|
43
43
|
|
44
44
|
|
45
45
|
class EncryptResult(PangeaResponseResult):
|
@@ -53,7 +53,7 @@ class DecryptRequest(APIRequestModel):
|
|
53
53
|
id: str
|
54
54
|
cipher_text: str
|
55
55
|
version: Optional[int] = None
|
56
|
-
additional_data: Optional[str]
|
56
|
+
additional_data: Optional[str] = None
|
57
57
|
|
58
58
|
|
59
59
|
class DecryptResult(PangeaResponseResult):
|