praetorian-cli 2.2.3__tar.gz → 2.2.5__tar.gz

{praetorian_cli-2.2.3/praetorian_cli.egg-info → praetorian_cli-2.2.5}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: praetorian-cli
-Version: 2.2.3
+Version: 2.2.5
 Summary: For interacting with the Chariot API
 Home-page: https://github.com/praetorian-inc/praetorian-cli
 Author: Praetorian

{praetorian_cli-2.2.3 → praetorian_cli-2.2.5}/praetorian_cli/handlers/add.py

@@ -5,7 +5,7 @@ import click
 
 from praetorian_cli.handlers.chariot import chariot
 from praetorian_cli.handlers.cli_decorators import cli_handler, praetorian_only
-from praetorian_cli.handlers.utils import error
+from praetorian_cli.handlers.utils import error, parse_configuration_value
 from praetorian_cli.sdk.model.globals import AddRisk, Asset, Seed, Kind
 
 
@@ -29,6 +29,9 @@ def asset(sdk, name, dns, asset_type, status, surface):
     Add an asset to the Chariot database. This command requires a DNS name for the asset.
     Optionally, a name can be provided to give the asset more specific information,
     such as IP address. If no name is provided, the DNS name will be used as the name.
+    The DNS is the group and the name is the specific identifier. This is for legacy reasons.
+
+    The type can be one of the following: asset, addomain, repository, webapplication.
 
     \b
     Example assets:
@@ -41,6 +44,7 @@ def asset(sdk, name, dns, asset_type, status, surface):
         - praetorian chariot add asset --dns example.com
         - praetorian chariot add asset --dns example.com --name 1.2.3.4
         - praetorian chariot add asset --dns internal.example.com --name 10.2.3.4 --surface internal
+        - praetorian chariot add asset --dns https://example.com --name 'Example Web Application' --type webapplication
     """
     if not name:
         name = dns
@@ -270,40 +274,33 @@ def setting(sdk, name, value):
 @add.command()
 @cli_handler
 @click.option('-n', '--name', required=True, help='Name of the configuration')
-@click.option('-e', '--entry', required=True, multiple=True, help='Key-value pair in format key=value. Can be specified multiple times to set multiple values.')
+@click.option('-e', '--entry', required=False, multiple=True,
+              help='Key-value pair in format key=value. Can be specified multiple times to set multiple values.')
+@click.option('--string', 'string_value', required=False,
+              help='Set the configuration value to a string')
+@click.option('--integer', 'integer_value', required=False,
+              help='Set the configuration value to an integer')
+@click.option('--float', 'float_value', required=False,
+              help='Set the configuration value to a floating point number')
 @praetorian_only
-def configuration(sdk, name, entry):
+def configuration(sdk, name, entry, string_value, integer_value, float_value):
     """ Add a configuration
 
-    This command adds, or overwrites if exists, a name-value configuration.
+    This command adds, or overwrites if exists, a configuration value.
+
+    Configuration values can be provided as a mapping of key-value pairs using
+    ``--entry`` (the previous behavior), or as primitive values using
+    ``--string``, ``--integer``, or ``--float``.
 
     \b
     Example usages:
         - praetorian chariot add configuration --name "nuclei" --entry extra-tags=http,sql --entry something=else
+        - praetorian chariot add configuration --name "billing-status" --string PAID_MS
+        - praetorian chariot add configuration --name "request-timeout" --integer 60
+        - praetorian chariot add configuration --name "scoring-threshold" --float 0.85
     """
-    config_dict = {}
-    for item in entry:
-        if '=' not in item:
-            click.echo(f"Error: Entry '{item}' is not in the format key=value")
-            return
-
-        if item.count('=') > 1:
-            click.echo(f"Error: Entry '{item}' contains multiple '=' characters. Format should be key=value")
-            return
-
-        key, value = item.split('=', 1)
-
-        if not key:
-            click.echo("Error: Key cannot be empty")
-            return
-
-        if not value:
-            click.echo("Error: Value cannot be empty")
-            return
-
-        config_dict[key] = value
-
-    sdk.configurations.add(name, config_dict)
+    config_value = parse_configuration_value(entry, string_value, integer_value, float_value)
+    sdk.configurations.add(name, config_value)
 
 
 @add.command()
@@ -328,3 +325,21 @@ def key(sdk, name, expires):
         return
     click.echo(f'API key created: {result.get("key", "N/A")}')
     click.echo(f'Secret (save this, it will not be shown again): {result["secret"]}')
+
+
+@add.command()
+@cli_handler
+@click.option('-u', '--url', required=True, help='The full URL of the page')
+@click.option('-p', '--parent', required=False, help='Optional key of the parent WebApplication')
+def webpage(sdk, url, parent):
+    """ Add a Webpage
+    
+    Add a web page to the Chariot database. Webpages can optionally be associated
+    with a parent WebApplication or exist independently.
+    
+    \b
+    Example usages:
+        - praetorian chariot add webpage --url https://app.example.com/login
+        - praetorian chariot add webpage --url https://app.example.com/admin --parent "#webapplication#https://app.example.com"
+    """
+    sdk.webpage.add(url, parent)

{praetorian_cli-2.2.3 → praetorian_cli-2.2.5}/praetorian_cli/handlers/agent.py

@@ -69,3 +69,32 @@ def tools(sdk, allowed):
     """
     for  tool in dict.keys(sdk.agents.list_mcp_tools(allowed)):
         click.echo(tool)
+
+@agent.command()
+@cli_handler
+def conversation(sdk):
+    """ Interactive conversation with Chariot AI assistant
+    
+    Start an interactive chat session with the Chariot AI assistant.
+    The AI can help you query security data, understand findings,
+    and provide insights about your attack surface.
+    
+    \b
+    Commands within conversation:
+        - help    Show available commands and query examples
+        - clear   Clear the screen  
+        - new     Start a new conversation
+        - quit    Exit the conversation
+    
+    \b
+    Example queries:
+        - "Find all active assets"
+        - "Show me critical risks"
+        - "What assets do we have for example.com?"
+        
+    \b
+    Usage:
+        praetorian chariot agent conversation
+    """
+    from praetorian_cli.ui.conversation import run_textual_conversation
+    run_textual_conversation(sdk)

{praetorian_cli-2.2.3 → praetorian_cli-2.2.5}/praetorian_cli/handlers/cli_decorators.py

@@ -68,7 +68,7 @@ def list_params(filter_by, has_details=True, has_filter=True, has_type=False):
 
 
 def pagination(func):
-    func = click.option('-o', '--offset', default='', help='List results from an offset')(func)
+    func = click.option('-o', '--offset', default=0, help='List results from an offset')(func)
     func = click.option('-p', '--page', type=click.Choice(('first', 'all')), default='first',
                         help='Pagination mode. "all" pages up to 10,000 pages.', show_default=True)(func)
     return func

{praetorian_cli-2.2.3 → praetorian_cli-2.2.5}/praetorian_cli/handlers/delete.py

@@ -182,3 +182,15 @@ def key(chariot, key):
         - praetorian chariot delete key "#key#550e8400-e29b-41d4-a716-446655440000"
     """
     chariot.keys.delete(key)
+
+@delete.command()
+@cli_handler
+@click.argument('key', required=True)
+def webpage(chariot, key):
+    """ Delete a webpage
+
+    \b
+    Arguments:
+        - KEY: the key of an existing webpage
+    """
+    chariot.webpage.delete(key)

{praetorian_cli-2.2.3 → praetorian_cli-2.2.5}/praetorian_cli/handlers/get.py

@@ -147,7 +147,8 @@ def file(chariot, name, path):
 @cli_handler
 @click.argument('name')
 @click.option('-path', '--path', default=os.getcwd(), help='Download path. Default: save to current directory')
-def definition(chariot, name, path):
+@click.option('--global', 'global_', is_flag=True, help='Fetch from global definitions instead of user-specific')
+def definition(chariot, name, path, global_):
     """ Download a definition using the risk name
 
     \b
@@ -158,8 +159,9 @@ def definition(chariot, name, path):
     Example usage:
         - praetorian chariot get definition jira-unauthenticated-user-picker
         - praetorian chariot get definition CVE-2024-23049
+        - praetorian chariot get definition CVE-2024-23049 --global
      """
-    downloaded_path = chariot.definitions.get(name, path)
+    downloaded_path = chariot.definitions.get(name, path, global_=global_)
     click.echo(f'Saved definition at {downloaded_path}')
 
 
@@ -300,6 +302,23 @@ def scanner(chariot, key):
 
 @get.command()
 @cli_handler
+@click.argument('key', required=True)
+def webpage(chariot, key):
+    """ Get Webpage details
+
+    Retrieve detailed information about a specific web page, including
+    its URL, method, authentication requirements, and other metadata.
+
+    \b
+    Argument:
+        - KEY: the key of an existing Webpage
+
+    \b
+    Example usages:
+        - praetorian chariot get webpage "#webpage#https://app.example.com/dashboard"
+    """
+    print_json(chariot.webpage.get(key))
+        
 @click.option('-t', '--type', help='Optional specific entity type (e.g., asset, risk, attribute)')
 @click.option('-d', '--details', is_flag=True, help='Further retrieve the details of the schema')
 def schema(chariot, type, details):

praetorian_cli-2.2.5/praetorian_cli/handlers/link.py

@@ -0,0 +1,60 @@
+import click
+
+from praetorian_cli.handlers.chariot import chariot
+from praetorian_cli.handlers.cli_decorators import cli_handler
+
+
+@chariot.group()
+def link():
+    """  Link resources to other entities """
+    pass
+
+
+@link.command()
+@cli_handler
+@click.argument('username')
+def account(chariot, username):
+    """ Add a collaborator account to your account
+
+    This allows them to assume access into your account
+    and perform actions on your behalf.
+
+    \b
+    Arguments:
+        - NAME: their email address
+
+
+
+    \b
+    Example usages:
+        - praetorian chariot link account john@praetorian.com
+    """
+    chariot.accounts.add_collaborator(username)
+
+
+@link.command('webpage-source')
+@cli_handler
+@click.argument('webpage_key')
+@click.argument('entity_key')
+def webpage_source(chariot, webpage_key, entity_key):
+    """ Link a file or repository to a webpage as source code
+
+    This associates source code files or repositories with webpages
+    to track where webpage content originates from.
+
+    \b
+    Arguments:
+        - WEBPAGE_KEY: The webpage key in format #webpage#{url}
+        - ENTITY_KEY: The file or repository key to link
+                     Format: #file#{path} or #repository#{url}#{name}
+
+    \b
+    Example usages:
+        - praetorian chariot link webpage-source "#webpage#https://example.com" "#file#proofs/scan.txt"
+        - praetorian chariot link webpage-source "#webpage#https://example.com/login" "#repository#https://github.com/org/repo.git#repo.git"
+    """
+    result = chariot.webpage.link_source(webpage_key, entity_key)
+    if result:
+        click.echo(f"Successfully linked {entity_key} to {webpage_key}")
+        if 'artifacts' in result:
+            click.echo(f"Webpage now has {len(result['artifacts'])} linked artifacts")

{praetorian_cli-2.2.3 → praetorian_cli-2.2.5}/praetorian_cli/handlers/list.py

@@ -368,3 +368,25 @@ def scanners(chariot, filter, details, offset, page):
         - praetorian chariot list scanners --page all
     """
     render_list_results(chariot.scanners.list(filter, offset, pagination_size(page)), details)
+
+
+@list.command()
+@click.option('--parent', required=False, help='Optional WebApp key to filter pages')
+@click.option('-f', '--filter', required=False, help='Optional URL to filter pages')
+@click.option('-d', '--details', is_flag=True, default=False, help='Show detailed information')
+@pagination
+@cli_handler
+def webpages(chariot, parent, filter, details, offset, page):
+    """ List WebPages
+
+    Retrieve and display a list of pages/URLs. Can optionally filter by specific WebApplication.
+
+    \b
+    Example usages:
+        - praetorian chariot list webpages
+        - praetorian chariot list webpages --parent "#webapplication#https://app.example.com"
+        - praetorian chariot list webpages --filter /login
+        - praetorian chariot list webpages --parent "#webapplication#https://app.example.com" --details
+        - praetorian chariot list webpages --page all
+    """
+    render_list_results(chariot.webpage.list(parent, filter, offset, pagination_size(page)), details)

praetorian_cli-2.2.5/praetorian_cli/handlers/unlink.py

@@ -0,0 +1,55 @@
+import click
+
+from praetorian_cli.handlers.chariot import chariot
+from praetorian_cli.handlers.cli_decorators import cli_handler
+
+
+@chariot.group()
+def unlink():
+    """ Remove links between resources """
+    pass
+
+
+@unlink.command()
+@cli_handler
+@click.argument('username')
+def account(chariot, username):
+    """ Remove a collaborator account from your account. This will
+    revoke their access to your account.
+
+    Arguments:
+        - NAME: Their email address.
+
+    \b
+    Example usages:
+        - praetorian chariot unlink account john@praetorian.com
+    """
+    chariot.accounts.delete_collaborator(username)
+
+
+@unlink.command('webpage-source')
+@cli_handler
+@click.argument('webpage_key')
+@click.argument('entity_key')
+def webpage_source(chariot, webpage_key, entity_key):
+    """ Unlink a file or repository from a webpage's source code
+
+    This removes the association between source code files or 
+    repositories and webpages.
+
+    \b
+    Arguments:
+        - WEBPAGE_KEY: The webpage key in format #webpage#{url}
+        - ENTITY_KEY: The file or repository key to unlink
+                     Format: #file#{path} or #repository#{url}#{name}
+
+    \b
+    Example usages:
+        - praetorian chariot unlink webpage-source "#webpage#https://example.com" "#file#proofs/scan.txt"
+        - praetorian chariot unlink webpage-source "#webpage#https://example.com/login" "#repository#https://github.com/org/repo.git#repo.git"
+    """
+    result = chariot.webpage.unlink_source(webpage_key, entity_key)
+    if result:
+        click.echo(f"Successfully unlinked {entity_key} from {webpage_key}")
+        if 'artifacts' in result:
+            click.echo(f"Webpage now has {len(result['artifacts'])} linked artifacts")

praetorian_cli-2.2.5/praetorian_cli/handlers/utils.py

@@ -0,0 +1,97 @@
+import json
+
+import click
+
+
+def parse_configuration_value(
+    entries = [], s_val=None, i_val=None, f_val=None):
+    """Return a configuration value derived from CLI inputs."""
+    has_entries = len(entries) > 0
+    typed_values = {
+        'string': s_val,
+        'integer': i_val,
+        'float': f_val,
+    }
+
+    if has_entries and any(value is not None for value in typed_values.values()):
+        error('--entry cannot be combined with --string, --integer, or --float')
+
+    if has_entries:
+        return _parse_entry_dict(entries)
+
+    provided = [(name, value) for name, value in typed_values.items() if value is not None]
+
+    if not provided:
+        error('Provide configuration data via --entry, --string, --integer, or --float')
+    if len(provided) > 1:
+        error('Specify only one of --string, --integer, or --float')
+
+    value_type, raw_value = provided[0]
+    return _cast_typed_value(value_type, raw_value)
+
+
+def _parse_entry_dict(entries):
+    parsed = {}
+
+    for item in entries:
+        key, value = _split_entry(item)
+        if not key:
+            error(f'Key cannot be empty: {item}')
+        if not value:
+            error(f'Value cannot be empty: {item}')
+        parsed[key] = value
+    return parsed
+
+
+def _split_entry(item):
+    if '=' not in item:
+        error(f"Entry '{item}' is not in the format key=value")
+    if item.count('=') > 1:
+        error(f"Entry '{item}' contains multiple '=' characters. Format should be key=value")
+    return item.split('=', 1)
+
+
+def _cast_typed_value(value_type, raw_value):
+    try:
+        if value_type == 'integer':
+            return int(raw_value)
+        if value_type == 'float':
+            return float(raw_value)
+    except ValueError:
+        error(f'{value_type} must be a valid {value_type}')
+    return raw_value
+
+
+def render_list_results(list_results, details):
+    list_data, offset = list_results
+    if details:
+        output = dict(data=list_data)
+        if offset:
+            output['offset'] = offset
+        print_json(output)
+    else:
+        for hit in list_data:
+            click.echo(hit['key'])
+    render_offset(offset)
+
+
+def render_offset(offset):
+    if offset:
+        click.echo('There are more results. Add the following argument to the command to view them:')
+        click.echo(f'--offset {json.dumps(offset)}')
+
+
+def pagination_size(page):
+    return 10000 if page == 'all' else 1
+
+
+def print_json(data):
+    if data:
+        click.echo(json.dumps(data, indent=2))
+
+
+def error(message, quit=True):
+    click.secho('ERROR: ', fg='red', nl=False, err=True)
+    click.echo(message, err=True)
+    if quit:
+        exit(1)

{praetorian_cli-2.2.3 → praetorian_cli-2.2.5}/praetorian_cli/sdk/chariot.py

@@ -21,6 +21,7 @@ from praetorian_cli.sdk.entities.search import Search
 from praetorian_cli.sdk.entities.seeds import Seeds
 from praetorian_cli.sdk.entities.settings import Settings
 from praetorian_cli.sdk.entities.statistics import Statistics
+from praetorian_cli.sdk.entities.webpage import Webpage
 from praetorian_cli.sdk.entities.webhook import Webhook
 from praetorian_cli.sdk.keychain import Keychain
 from praetorian_cli.sdk.model.globals import GLOBAL_FLAG
@@ -52,6 +53,7 @@ class Chariot:
         self.keys = Keys(self)
         self.capabilities = Capabilities(self)
         self.credentials = Credentials(self)
+        self.webpage = Webpage(self)
         self.schema = Schema(self)
         self.proxy = proxy
 

{praetorian_cli-2.2.3 → praetorian_cli-2.2.5}/praetorian_cli/sdk/entities/configurations.py

@@ -27,7 +27,7 @@ class Configurations:
                 "Please contact your Praetorian representative for assistance."
             )
 
-    def add(self, name, value: dict):
+    def add(self, name, value):
         """
         Add or update a configuration.
 

{praetorian_cli-2.2.3 → praetorian_cli-2.2.5}/praetorian_cli/sdk/entities/definitions.py

@@ -29,7 +29,7 @@ class Definitions:
             definition_name = os.path.basename(local_filepath)
         return self.api.files.add(local_filepath, f'definitions/{definition_name}')
 
-    def get(self, definition_name, download_directory=os.getcwd()):
+    def get(self, definition_name, download_directory=os.getcwd(), global_=False):
         """
         Download a risk definition file from the definitions folder.
 
@@ -37,15 +37,24 @@ class Definitions:
         :type definition_name: str
         :param download_directory: The directory to save the downloaded file (defaults to current working directory)
         :type download_directory: str
+        :param global_: If True, fetch from global definitions instead of user-specific
+        :type global_: bool
         :return: The local file path where the definition was saved
         :rtype: str
         """
-        content = self.api.files.get_utf8(f'definitions/{definition_name}')
+        try:
+            content = self.api.files.get_utf8(f'definitions/{definition_name}', _global=global_)
+        except Exception as e:
+            if global_:
+                raise Exception(f'Global definition {definition_name} not found or inaccessible.')
+            else:
+                raise
         download_path = os.path.join(download_directory, definition_name)
         with open(download_path, 'w') as file:
             file.write(content)
         return download_path
 
+
     def list(self, name_filter='', offset=None, pages=100000) -> tuple:
         """
         List the definition names, optionally prefix-filtered by a definition name.

{praetorian_cli-2.2.3 → praetorian_cli-2.2.5}/praetorian_cli/sdk/entities/files.py

@@ -46,30 +46,35 @@ class Files:
 
         return download_path
 
-    def get(self, chariot_filepath) -> bytes:
+    def get(self, chariot_filepath, _global=False) -> bytes:
         """
         Download a file from Chariot storage into memory as bytes.
 
         :param chariot_filepath: Path of the file in Chariot storage to download
         :type chariot_filepath: str
+        :param _global: If True, fetch from global storage instead of user-specific
+        :type _global: bool
         :return: The file content as bytes
         :rtype: bytes
         :raises Exception: If the file does not exist in Chariot storage
         """
-        self.raise_if_missing(chariot_filepath)
-        return self.api.download(chariot_filepath)
+        if not _global:
+            self.raise_if_missing(chariot_filepath)
+        return self.api.download(chariot_filepath, global_=_global)
 
-    def get_utf8(self, chariot_filepath) -> str:
+    def get_utf8(self, chariot_filepath, _global=False) -> str:
         """
         Download a file from Chariot storage into memory as a UTF-8 string.
 
         :param chariot_filepath: Path of the file in Chariot storage to download
         :type chariot_filepath: str
+        :param _global: If True, fetch from global storage instead of user-specific
+        :type _global: bool
         :return: The file content as a UTF-8 decoded string
         :rtype: str
         :raises Exception: If the file does not exist in Chariot storage
         """
-        return self.get(chariot_filepath).decode('utf-8')
+        return self.get(chariot_filepath, _global=_global).decode('utf-8')
 
     def list(self, prefix_filter='', offset=None, pages=100000) -> tuple:
         """

{praetorian_cli-2.2.3 → praetorian_cli-2.2.5}/praetorian_cli/sdk/entities/search.py

@@ -1,6 +1,6 @@
 import json
 from praetorian_cli.sdk.model.query import Query
-from praetorian_cli.sdk.model.globals import EXACT_FLAG, DESCENDING_FLAG, GLOBAL_FLAG, Kind
+from praetorian_cli.sdk.model.globals import EXACT_FLAG, DESCENDING_FLAG, GLOBAL_FLAG, USER_FLAG, Kind
 class Search:
 
     def __init__(self, api):
@@ -17,7 +17,7 @@ class Search:
         """
         return self.api.count(dict(key=search_term))
 
-    def by_key_prefix(self, key_prefix, offset=None, pages=100000) -> tuple:
+    def by_key_prefix(self, key_prefix, offset=None, pages=100000, user=False) -> tuple:
         """
         Search for entities by key prefix. <mcp>If the response is too large, make your query more specific.<mcp>
 
@@ -30,7 +30,7 @@ class Search:
         :return: A tuple containing (list of matching entities, next page offset)
         :rtype: tuple
         """
-        return self.by_term(key_prefix, None, offset, pages)
+        return self.by_term(key_prefix, None, offset, pages, user=user)
 
     def by_exact_key(self, key, get_attributes=False) -> {}:
         """
@@ -119,7 +119,7 @@ class Search:
         return self.by_term(f'dns:{dns_prefix}', kind, offset, pages)
 
     def by_term(self, search_term, kind=None, offset=None, pages=100000, exact=False, descending=False,
-                global_=False) -> tuple:
+                global_=False, user=False) -> tuple:
         """
         Search for a given kind by term.
 
@@ -151,6 +151,8 @@ class Search:
             params |= DESCENDING_FLAG
         if global_:
             params |= GLOBAL_FLAG
+        if user:
+            params |= USER_FLAG
 
         results = self.api.my(params, pages)