praetorian-cli 2.2.12__py3-none-any.whl → 2.2.14__py3-none-any.whl

praetorian_cli/handlers/add.py

@@ -1,4 +1,5 @@
 import datetime
+import json
 import os.path
 
 import click
@@ -163,7 +164,8 @@ def risk(sdk, name, asset, status, comment, capability):
 @click.option('-c', '--capability', 'capabilities', multiple=True,
               help='Capabilities to run (can be specified multiple times)')
 @click.option('-g', '--config', help='JSON configuration string')
-def job(sdk, key, capabilities, config):
+@click.option('-s', '--credential', 'credentials', help='Credential ID to use with the job', multiple=True)
+def job(sdk, key, capabilities, config, credentials):
     """ Schedule scan jobs for an asset or an attribute
 
     This command schedules the relevant discovery and vulnerability scans for
@@ -176,8 +178,9 @@ def job(sdk, key, capabilities, config):
         - praetorian chariot add job --key "#asset#example.com#1.2.3.4" -c subdomain -c portscan
         - praetorian chariot add job --key "#attribute#ssh#22#asset#api.www.example.com#1.2.3.4"
         - praetorian chariot add job --key "#asset#example.com#1.2.3.4" --config '{"run-type":"login"}'
+        - praetorian chariot add job --key "#asset#example.com#1.2.3.4" --config '{"run-type":"login"} --credential "E4644F37-6985-40B4-8D07-5311516D98F1"'
     """
-    sdk.jobs.add(key, capabilities, config)
+    sdk.jobs.add(key, capabilities, config, credentials)
 
 
 @add.command()
@@ -333,13 +336,52 @@ def key(sdk, name, expires):
 @click.option('-p', '--parent', required=False, help='Optional key of the parent WebApplication')
 def webpage(sdk, url, parent):
     """ Add a Webpage
-    
+
     Add a web page to the Chariot database. Webpages can optionally be associated
     with a parent WebApplication or exist independently.
-    
+
     \b
     Example usages:
         - praetorian chariot add webpage --url https://app.example.com/login
         - praetorian chariot add webpage --url https://app.example.com/admin --parent "#webapplication#https://app.example.com"
     """
     sdk.webpage.add(url, parent)
+
+
+@add.command()
+@cli_handler
+@click.option('-r', '--resource-key', required=True, help='The resource key for the credential (e.g., account key)')
+@click.option('-c', '--category', required=True,
+              type=click.Choice(['integration', 'cloud', 'env-integration']),
+              help='The category of the credential')
+@click.option('-t', '--type', 'cred_type', required=True,
+              help='The type of credential (aws, gcp, azure, static, ssh_key, json, active-directory, default)')
+@click.option('-l', '--label', required=True, help='A human-readable label for the credential')
+@click.option('-p', '--param', 'parameters', multiple=True,
+              help='Parameter in format key=value (can be specified multiple times)')
+def credential(sdk, resource_key, category, cred_type, label, parameters):
+    """ Add a credential
+
+    This command adds a credential to the credential broker. Credentials can be used
+    for authentication with various cloud providers, integrations, and environment services.
+
+    \b
+    Example usages:
+        - praetorian chariot add credential --resource-key "C.0c6cf7104f516b08-OGMPG" --category env-integration --type active-directory --label "Robb Stark" --param username=robb.stark --param password=sexywolfy --param domain=north.sevenkingdoms.local
+        - praetorian chariot add credential -r "C.example-key" -c cloud -t aws --label "AWS Production" -p region=us-east-1 -p role_arn=arn:aws:iam::123456789012:role/MyRole
+        - praetorian chariot add credential -r "C.example-key" -c integration -t static --label "API Token" -p token=abc123xyz
+    """
+    # Parse parameters from key=value format
+    params = {}
+    for param in parameters:
+        if '=' not in param:
+            error(f"Parameter '{param}' is not in the format key=value")
+            return
+        key, value = param.split('=', 1)
+        params[key] = value
+
+    try:
+        result = sdk.credentials.add(resource_key, category, cred_type, label, params)
+        click.echo(json.dumps(result, indent=2))
+    except Exception as e:
+        error(f'Unable to add credential. Error: {e}')

praetorian_cli/sdk/chariot.py

@@ -64,25 +64,19 @@ class Chariot:
             import urllib3
             urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 
-    def chariot_request(self, method: str, url: str, **kwargs) -> requests.Response:
+    def chariot_request(self, method: str, url: str, headers: dict = {}, **kwargs) -> requests.Response:
         """
-        Centralized method to make HTTP requests to the Chariot API with all global headers/parameters set.
+        Centralized wrapper around requests.request. Take care of proxy, beta flag, and 
+        supplies the authentication headers
         """
-        
         self.add_beta_url_param(kwargs)
 
-        return self.request(method, url, self.keychain.headers(), **kwargs)
-    
-    def request(self, method: str, url: str, headers: dict = None, **kwargs) -> requests.Response:
-        """
-        Centralized wrapper around requests.request, ensuring the HTTP proxy is respected.
-        """
-
         if self.proxy:
             kwargs['proxies'] = {'http': self.proxy, 'https': self.proxy}
             kwargs['verify'] = False
 
-        return requests.request(method, url, headers=headers, **kwargs)
+        return requests.request(method, url, headers=(headers | self.keychain.headers()), **kwargs)
+
 
     def add_beta_url_param(self, kwargs: dict):
         if 'params' in kwargs:
@@ -206,8 +200,12 @@ class Chariot:
         return resp
 
     def _upload(self, chariot_filepath: str, content: str) -> dict:
-        # It is a two-step upload. The PUT request to the /file endpoint is to get a presigned URL for S3.
-        # There is no data transfer.
+        # Encrypted files have _encrypted/ prefix in the path. Encrypted files do not use presigned URLs.
+        # Instead, they use the /encrypted-file endpoint that directly gets and puts content.
+        if is_encrypted_partition(chariot_filepath):
+            return self.chariot_request('PUT', self.url('/encrypted-file'), params=dict(name=chariot_filepath), data=content)
+
+        # Regular files use presigned URLs
         presigned_url = self.chariot_request('PUT', self.url('/file'), params=dict(name=chariot_filepath))
         process_failure(presigned_url)
         resp = requests.put(presigned_url.json()['url'], data=content)
@@ -216,6 +214,15 @@ class Chariot:
 
     def download(self, name: str, global_=False) -> bytes:
         params = dict(name=name)
+        # Encrypted files have _encrypted/ prefix in the path. Encrypted files do not use presigned URLs.
+        # Instead, they use the /encrypted-file endpoint that directly gets and puts content.
+        if is_encrypted_partition(name):
+            accept_binary = {'Accept': 'application/octet-stream'}
+            resp = self.chariot_request('GET', self.url('/encrypted-file'), params=params, headers=accept_binary)
+            process_failure(resp)
+            return resp.content
+
+        # Regular files, use presigned URLs
         if global_:
             params |= GLOBAL_FLAG
 
@@ -228,7 +235,7 @@ class Chariot:
             message = f'Download request failed: response missing URL' + (f'\nBody: {resp.text}' if resp.text else '(empty)')
             raise Exception(message)
         
-        resp = self.request('GET', url)
+        resp = requests.request('GET', url)
         process_failure(resp)
         return resp.content
 
@@ -355,3 +362,7 @@ def extend(accumulate: dict, new: dict) -> dict:
             extend(accumulate[key], value)
 
     return accumulate
+
+
+def is_encrypted_partition(chariot_filepath: str) -> bool:
+    return chariot_filepath.startswith('_encrypted/')

praetorian_cli/sdk/entities/credentials.py

@@ -9,6 +9,32 @@ class Credentials:
     def __init__(self, api):
         self.api = api
 
+    def add(self, resource_key, category, type, label, parameters):
+        """
+        Add a new credential to the credential broker.
+
+        :param resource_key: The resource key for the credential (e.g., account key)
+        :type resource_key: str
+        :param category: The category of the credential ('integration', 'cloud', 'env-integration')
+        :type category: str
+        :param type: The type of credential ('aws', 'gcp', 'azure', 'static', 'ssh_key', 'json', 'active-directory', 'default')
+        :type type: str
+        :param label: A human-readable label for the credential
+        :type label: str
+        :param parameters: Additional parameters for the credential (e.g., username, password, domain)
+        :type parameters: dict
+        :return: The response from the broker API
+        :rtype: dict
+        """
+        request = {
+            'Operation': 'add',
+            'ResourceKey': resource_key,
+            'Category': category,
+            'Type': type,
+            'Parameters': parameters | {'label': label}
+        }
+        return self.api.post('broker', request)
+
     def list(self, offset=None, pages=100000):
         """
         List credentials available to the current principal.

praetorian_cli/sdk/entities/jobs.py

@@ -8,7 +8,7 @@ class Jobs:
     def __init__(self, api):
         self.api = api
 
-    def add(self, target_key, capabilities=[], config=None):
+    def add(self, target_key, capabilities=[], config=None, credentials=[]):
         """
         Add a job to execute capabilities against an asset or attribute.
 
@@ -62,19 +62,22 @@ class Jobs:
             - crawler: Web application crawler
             - whois: Domain registration information lookup
         """
-        params = dict(key=target_key)
+        body = dict(key=target_key)
         if capabilities:
-            params = params | dict(capabilities=capabilities)
+            body = body | dict(capabilities=capabilities)
 
         if config:
             try:
-                params = params | dict(config=json.loads(config))
+                body = body | dict(config=json.loads(config))
             except json.JSONDecodeError as e:
                 raise Exception(f"Invalid JSON in configuration string: {e}")
             except Exception as e:
                 raise Exception(f"Error processing configuration string: {e}")
 
-        return self.api.force_add('job', params)
+        if credentials:
+            body = body | dict(credential_ids=credentials)
+
+        return self.api.force_add('job', body)
 
     def get(self, key):
         """

praetorian_cli/sdk/test/test_file.py

@@ -12,6 +12,7 @@ class TestFile:
         self.sdk = setup_chariot()
         micro = epoch_micro()
         self.chariot_filepath = f'home/test-file-{micro}.txt'
+        self.encrypted_chariot_filepath = f'_encrypted/test-file-{micro}.txt'
         self.sanitized_filepath = f'home_test-file-{micro}.txt'
         self.bogus_filepath = f'bogus-filepath-{micro}.txt'
         self.local_filepath = f'./test-file-{micro}.txt'
@@ -52,6 +53,21 @@ class TestFile:
             self.sdk.files.get(self.chariot_filepath)
         assert str(ex_info.value) == f'File {self.chariot_filepath} not found.'
 
+    def test_add_encrypted_file(self):
+        self.sdk.files.add(self.local_filepath, self.encrypted_chariot_filepath)
+        files, offset = self.sdk.files.list(self.encrypted_chariot_filepath)
+        assert files[0]['name'] == self.encrypted_chariot_filepath
+
+    def test_get_encrypted_file(self):
+        content = self.sdk.files.get_utf8(self.encrypted_chariot_filepath)
+        assert content == self.content
+
+    def test_delete_encrypted_file(self):
+        self.sdk.files.delete(self.encrypted_chariot_filepath)
+        with pytest.raises(Exception) as ex_info:
+            self.sdk.files.get(self.encrypted_chariot_filepath)
+        assert str(ex_info.value) == f'File {self.encrypted_chariot_filepath} not found.'
+
     def teardown_class(self):
         os.remove(self.local_filepath)
         os.remove(self.sanitized_filepath)

{praetorian_cli-2.2.12.dist-info → praetorian_cli-2.2.14.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: praetorian-cli
-Version: 2.2.12
+Version: 2.2.14
 Summary: For interacting with the Chariot API
 Home-page: https://github.com/praetorian-inc/praetorian-cli
 Author: Praetorian

{praetorian_cli-2.2.12.dist-info → praetorian_cli-2.2.14.dist-info}/RECORD

@@ -1,7 +1,7 @@
 praetorian_cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 praetorian_cli/main.py,sha256=AVrOCQgioLDKm-Y8-b3lLLdLtaO1WwOAzUfs0obe5Nw,1451
 praetorian_cli/handlers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-praetorian_cli/handlers/add.py,sha256=gJoV4WqQbbWL-O84jXZK7HF0kiFNp9RkpDWPpN6CXAg,13854
+praetorian_cli/handlers/add.py,sha256=q0lJlGroHx0dA6w7V35CHZoi8tqHdj8lv5wqqRu0ZIA,16266
 praetorian_cli/handlers/aegis.py,sha256=1259bNmoUOVhcs7GqI8TyTyCI_ZvKzEPvfUVvAHcTzU,3936
 praetorian_cli/handlers/agent.py,sha256=52_BcZF10VOuiwkySQpjeh07JdUKaMURo-RLVOINK1w,3165
 praetorian_cli/handlers/chariot.py,sha256=HClwYdsgFKlLY68RhV65W1Y4g-JgbBDdI4PdP4s8MgI,611
@@ -25,7 +25,7 @@ praetorian_cli/scripts/utils.py,sha256=lGCf4trEpsfECa9U42pDJ-f48EimlS-hG6AjnKjNt
 praetorian_cli/scripts/commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 praetorian_cli/scripts/commands/nmap-example.py,sha256=varKTkHKG4DAs9Ssf0c6SygP9GfuCG01aFxhfvixLM0,2727
 praetorian_cli/sdk/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-praetorian_cli/sdk/chariot.py,sha256=owN3nRg5Oh-p88PGOQ7DpHflkcMxBsE1xS1aAU_lOvA,13926
+praetorian_cli/sdk/chariot.py,sha256=amMgs7FxX9DY0tWNoizg7XfrVYWyLixbqqcaBQsuAKg,14626
 praetorian_cli/sdk/keychain.py,sha256=KCz2mOTv09jgg6mrZQooRg1VrnvF9W0_BjRlEQhbzqU,7468
 praetorian_cli/sdk/mcp_server.py,sha256=8UoTotD4UVl-tp1gqMjkOVpO__KeGCvy7mIpKXVc8Rg,8750
 praetorian_cli/sdk/entities/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -36,11 +36,11 @@ praetorian_cli/sdk/entities/assets.py,sha256=z8ErleQQ-BdnYkwPWOp2EQ8eJI4YB8qi45X
 praetorian_cli/sdk/entities/attributes.py,sha256=AyWsYyjUFNbHTCN7j-OYA7YD1Y0z_LmnlcME5y74je8,3573
 praetorian_cli/sdk/entities/capabilities.py,sha256=WeNlPrhVgLQPbpqYvS4nHmIX697ITpoZkJeLYxG5bmY,2808
 praetorian_cli/sdk/entities/configurations.py,sha256=y32_QYSS6MgGDyz0tEuJgG6jWCI4Vyzwyf0m4SVtVNw,4249
-praetorian_cli/sdk/entities/credentials.py,sha256=ndOqUJwk4FxO8vu85k9v34QmyoGTQeebhcJQd0NEcNU,5140
+praetorian_cli/sdk/entities/credentials.py,sha256=tl9NHUGygFkcTFiMzJwO-jjV_HOQH1WAiXBeWwP9Yxc,6247
 praetorian_cli/sdk/entities/definitions.py,sha256=rpuNLM3DZxMr5YINYDD6ePWG1TEI1biZ4IqnjpDAEh0,3125
 praetorian_cli/sdk/entities/files.py,sha256=Gw9Yt_Cm2xR-Vu8vjaekMHbGldhe930WJjjeaJrBLxg,5822
 praetorian_cli/sdk/entities/integrations.py,sha256=NVaW_dWbnMkMIs-EYr2W7QAeamPVwLhmM2ppdMJmsK0,3176
-praetorian_cli/sdk/entities/jobs.py,sha256=JBkNgFzQEtV0XJSuKtAzCHOYa9rcVxgTkp-tAuS6CP0,8181
+praetorian_cli/sdk/entities/jobs.py,sha256=k4QFw4qR5MdVyMAYstfnRIWr_ZH4q1PwDyUEGC-qBSM,8269
 praetorian_cli/sdk/entities/keys.py,sha256=PgoGa3xyLMzWrIIQ8zgi7bfZiUFFumPtMDo64GjhdjE,6089
 praetorian_cli/sdk/entities/preseeds.py,sha256=SeSY4K6diJMQzsjCBxYK3N9Lz0fUz3B_LMBOAAcBSLg,8890
 praetorian_cli/sdk/entities/risks.py,sha256=7WcAGiehoGuLlugIujxQC2FcA1ndOh7s_ooEGERpWM4,6630
@@ -68,7 +68,7 @@ praetorian_cli/sdk/test/test_configuration.py,sha256=ysyWpt7iq_tNkdvLU8gULCuwbXV
 praetorian_cli/sdk/test/test_conversation.py,sha256=i1cBaRmFmtLcFLr85OtgE60DynUgWB7EqqjGU-NBWvc,6951
 praetorian_cli/sdk/test/test_definition.py,sha256=8ShZFXJYHJUPH5rfmF3LYk9NE8W4lJBNHE2DhyJgXaY,1016
 praetorian_cli/sdk/test/test_extend.py,sha256=bHTCwtW0jN1GvFocB_uMJcEj4_IXvCkr35yMWKESbTU,1778
-praetorian_cli/sdk/test/test_file.py,sha256=rRikM2ceMy5TEX7YOFMPB2dnCRqROE9w8qoqVeCs9HM,2133
+praetorian_cli/sdk/test/test_file.py,sha256=ZpFBSKbfq9kzfQdy_tmwCH8rwYxW6GB4NlhTQHEw87Y,2940
 praetorian_cli/sdk/test/test_job.py,sha256=J7VqnVxRfvbpxNnYN9Rt3LvxmbNvSKwVqsSZxFEW1xc,1916
 praetorian_cli/sdk/test/test_key.py,sha256=yDrR0-JLwMB3eDx-tI-ss8GGbiJaJijE4dAK8-FUuzc,1425
 praetorian_cli/sdk/test/test_mcp.py,sha256=Ltg283j4Q12dcfCgUgDMKk6neRdDaThcndyywZl5XWs,938
@@ -96,9 +96,9 @@ praetorian_cli/ui/aegis/commands/set.py,sha256=WJ0Qt30fBa_hyWEaawyA3h3rSeWHFPbJS
 praetorian_cli/ui/aegis/commands/ssh.py,sha256=KGsNlN0i-Cwp6gWyr-cjML9_L13oE7xFenysF2pC8Rc,3045
 praetorian_cli/ui/conversation/__init__.py,sha256=sNhNN_ZG1Va_7OLTaoXlIFL6ageKHWdufFVYw6F_aV8,90
 praetorian_cli/ui/conversation/textual_chat.py,sha256=gGgEs7HhNAto9rTVrGbz62mG10OqmtArI-aKxFLSfVs,24405
-praetorian_cli-2.2.12.dist-info/licenses/LICENSE,sha256=Zv97QripiVALv-WokW_Elsiz9vtOfbtNt1aLZhhk67I,1067
-praetorian_cli-2.2.12.dist-info/METADATA,sha256=aIbQ6Ja1jh4-tjOUg517OjA95Jr-r_7UVklzZOBBPpI,7752
-praetorian_cli-2.2.12.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-praetorian_cli-2.2.12.dist-info/entry_points.txt,sha256=uJbDvZdkYaLiCh2DMvXPUGKFm2p5ZfzJCizUK3-PUEE,56
-praetorian_cli-2.2.12.dist-info/top_level.txt,sha256=QbUdRPGEj_TyHO-E7AD5BxFfR8ore37i273jP4Gn43c,15
-praetorian_cli-2.2.12.dist-info/RECORD,,
+praetorian_cli-2.2.14.dist-info/licenses/LICENSE,sha256=Zv97QripiVALv-WokW_Elsiz9vtOfbtNt1aLZhhk67I,1067
+praetorian_cli-2.2.14.dist-info/METADATA,sha256=Nks5hBUNGyPMWrjo3B3PnexprHRYdxHBXH880UcBouY,7752
+praetorian_cli-2.2.14.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+praetorian_cli-2.2.14.dist-info/entry_points.txt,sha256=uJbDvZdkYaLiCh2DMvXPUGKFm2p5ZfzJCizUK3-PUEE,56
+praetorian_cli-2.2.14.dist-info/top_level.txt,sha256=QbUdRPGEj_TyHO-E7AD5BxFfR8ore37i273jP4Gn43c,15
+praetorian_cli-2.2.14.dist-info/RECORD,,