pyattackforge 0.1.0__py3-none-any.whl → 0.1.1__py3-none-any.whl

pyattackforge/client.py

@@ -258,59 +258,101 @@ class PyAttackForgeClient:
 
     def create_vulnerability(
         self,
-        vulnerability_data: Dict[str, Any],
-        auto_create_assets: bool = False,
-        default_asset_type: str = "Placeholder",
-        default_asset_library_ids: Optional[List[str]] = None
+        project_id: str,
+        title: str,
+        affected_asset_name: str,
+        priority: str,
+        likelihood_of_exploitation: int,
+        description: str,
+        attack_scenario: str,
+        remediation_recommendation: str,
+        steps_to_reproduce: str,
+        tags: Optional[list] = None,
+        notes: Optional[list] = None,
+        is_zeroday: bool = False,
+        is_visible: bool = True,
+        import_to_library: Optional[str] = None,
+        import_source: Optional[str] = None,
+        import_source_id: Optional[str] = None,
+        custom_fields: Optional[list] = None,
+        linked_testcases: Optional[list] = None,
+        custom_tags: Optional[list] = None,
     ) -> Dict[str, Any]:
         """
-        Create a new vulnerability in AttackForge.
+        Create a new security finding (vulnerability) in AttackForge.
 
         Args:
-            vulnerability_data (dict): Vulnerability details (must include 'projectId').
-            auto_create_assets (bool, optional): If True, create missing assets automatically.
-            default_asset_type (str, optional): Asset type for auto-created assets.
-            default_asset_library_ids (list, optional): Library IDs for auto-created assets.
+            project_id (str): The project ID.
+            title (str): The title of the finding.
+            affected_asset_name (str): The name of the affected asset.
+            priority (str): The priority (e.g., "Critical").
+            likelihood_of_exploitation (int): Likelihood of exploitation (e.g., 10).
+            description (str): Description of the finding.
+            attack_scenario (str): Attack scenario details.
+            remediation_recommendation (str): Remediation recommendation.
+            steps_to_reproduce (str): Steps to reproduce the finding.
+            tags (list, optional): List of tags.
+            notes (list, optional): List of notes.
+            is_zeroday (bool, optional): Whether this is a zero-day finding.
+            is_visible (bool, optional): Whether the finding is visible.
+            import_to_library (str, optional): Library to import to.
+            import_source (str, optional): Source of import.
+            import_source_id (str, optional): Source ID for import.
+            custom_fields (list, optional): List of custom fields.
+            linked_testcases (list, optional): List of linked testcases.
+            custom_tags (list, optional): List of custom tags.
 
         Returns:
             dict: Created vulnerability details.
 
         Raises:
-            ValueError: If 'projectId' is missing.
+            ValueError: If any required field is missing.
             RuntimeError: If vulnerability creation fails.
         """
-        affected_assets = vulnerability_data.get("affected_assets", [])
-        project_id = vulnerability_data.get("projectId")
-        if not project_id:
-            raise ValueError("vulnerability_data must include 'projectId'")
-
-        new_asset_names = []
-
-        if auto_create_assets:
-            for asset_ref in affected_assets:
-                asset_name = asset_ref.get("assetName")
-                if not asset_name:
-                    continue
-                if not self.get_asset_by_name(asset_name):
-                    logger.info("Asset '%s' not found. Creating it.", asset_name)
-                    asset_payload = {
-                        "name": asset_name,
-                        "type": default_asset_type,
-                        "external_id": asset_name,
-                        "details": "Auto-created by PyAttackForge",
-                        "groups": [],
-                        "custom_fields": [],
-                    }
-                    if default_asset_library_ids:
-                        asset_payload["asset_library_ids"] = default_asset_library_ids
-                    self.create_asset(asset_payload)
-                    new_asset_names.append(asset_name)
-
-        if new_asset_names:
-            logger.info("Adding %d new assets to project '%s' scope.", len(new_asset_names), project_id)
-            self.update_project_scope(project_id, new_asset_names)
-
-        resp = self._request("post", "/api/ss/vulnerability", json_data=vulnerability_data)
+        # Validate required fields
+        required_fields = [
+            ("project_id", project_id),
+            ("title", title),
+            ("affected_asset_name", affected_asset_name),
+            ("priority", priority),
+            ("likelihood_of_exploitation", likelihood_of_exploitation),
+            ("description", description),
+            ("attack_scenario", attack_scenario),
+            ("remediation_recommendation", remediation_recommendation),
+            ("steps_to_reproduce", steps_to_reproduce),
+        ]
+        for field_name, value in required_fields:
+            if value is None:
+                raise ValueError(f"Missing required field: {field_name}")
+
+        payload = {
+            "projectId": project_id,
+            "title": title,
+            "affected_asset_name": affected_asset_name,
+            "priority": priority,
+            "likelihood_of_exploitation": likelihood_of_exploitation,
+            "description": description,
+            "attack_scenario": attack_scenario,
+            "remediation_recommendation": remediation_recommendation,
+            "steps_to_reproduce": steps_to_reproduce,
+            "tags": tags or [],
+            "is_zeroday": is_zeroday,
+            "is_visible": is_visible,
+            "import_to_library": import_to_library,
+            "import_source": import_source,
+            "import_source_id": import_source_id,
+            "custom_fields": custom_fields or [],
+            "linked_testcases": linked_testcases or [],
+            "custom_tags": custom_tags or [],
+        }
+        # Only include notes if it is a non-empty list
+        if notes:
+            payload["notes"] = notes
+
+        # Remove None values (for optional fields)
+        payload = {k: v for k, v in payload.items() if v is not None}
+
+        resp = self._request("post", "/api/ss/vulnerability", json_data=payload)
         if resp.status_code in (200, 201):
             return resp.json()
         raise RuntimeError(f"Vulnerability creation failed: {resp.text}")
@@ -322,6 +364,7 @@ class DummyResponse:
     """
     def __init__(self) -> None:
         self.status_code = 200
+        self.text = "[DRY RUN] No real API call performed."
 
     def json(self) -> Dict[str, Any]:
         return {}

pyattackforge-0.1.1.dist-info/METADATA

@@ -0,0 +1,215 @@
+Metadata-Version: 2.4
+Name: pyattackforge
+Version: 0.1.1
+Summary: Python wrapper for the AttackForge API
+Home-page: https://github.com/Tantalum-Labs/PyAttackForge
+Author: Shane S
+License: AGPL-3.0
+Classifier: Programming Language :: Python :: 3
+Classifier: License :: OSI Approved :: GNU Affero General Public License v3 or later (AGPLv3+)
+Classifier: Operating System :: OS Independent
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.7
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: requests>=2.20.0
+Dynamic: author
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: license
+Dynamic: license-file
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+
+# PyAttackForge
+
+A lightweight Python library for interacting with the AttackForge API.
+
+---
+
+## Features
+
+- Create and fetch projects
+- Manage assets
+- Submit vulnerabilities
+- Dry-run mode for testing
+
+---
+
+## Install
+
+   ```bash
+   mkdir PyAttackForgeEnv
+   cd PyAttackForgeEnv
+   virtualenv venv
+   source ./venv/bin/activate
+   pip install git+https://github.com/Tantalum-Labs/PyAttackForge.git
+   ```
+
+## Use
+
+   ```python
+   from pyattackforge import PyAttackForgeClient
+
+   # Initialize client - Note: Make sure to set your AttackForge URL and API Key
+   client = PyAttackForgeClient(api_key="your-api-key", base_url="https://demo.attackforge.com", dry_run=False)
+
+   # Create a project
+   project = client.create_project("My Project", scope=["Asset1", "Asset2"])
+
+   ## Create a security finding (vulnerability)
+   client.create_vulnerability(
+       project_id="abc123",
+       title="Open SSH Port",
+       affected_asset_name="ssh-prod-1",
+       priority="High",
+       likelihood_of_exploitation=10,
+       description="SSH port 22 is open to the internet.",
+       attack_scenario="An attacker can brute-force SSH credentials.",
+       remediation_recommendation="Restrict SSH access to trusted IPs.",
+       steps_to_reproduce="1. Scan the host\n2. Observe port 22 is open",
+       tags=["ssh", "exposure"],
+       notes=["Observed on 2025-09-09"],
+       is_zeroday=False,
+       is_visible=True
+   )
+
+   ```
+
+---
+
+## Creating Security Findings
+
+To create a security finding (vulnerability) in AttackForge, use the `create_vulnerability` method:
+
+```python
+client.create_vulnerability(
+    project_id="abc123",
+    title="Open SSH Port",
+    affected_asset_name="ssh-prod-1",
+    priority="High",
+    likelihood_of_exploitation=10,
+    description="SSH port 22 is open to the internet.",
+    attack_scenario="An attacker can brute-force SSH credentials.",
+    remediation_recommendation="Restrict SSH access to trusted IPs.",
+    steps_to_reproduce="1. Scan the host\n2. Observe port 22 is open",
+    tags=["ssh", "exposure"],
+    notes=["Observed on 2025-09-09"],
+    is_zeroday=False,
+    is_visible=True
+)
+```
+
+**Parameters:**
+- `project_id` (str): The project ID.
+- `title` (str): The title of the finding.
+- `affected_asset_name` (str): The name of the affected asset.
+- `priority` (str): The priority (e.g., "Critical", "High", "Medium", "Low").
+- `likelihood_of_exploitation` (int): Likelihood of exploitation (e.g., 10).
+- `description` (str): Description of the finding.
+- `attack_scenario` (str): Attack scenario details.
+- `remediation_recommendation` (str): Remediation recommendation.
+- `steps_to_reproduce` (str): Steps to reproduce the finding.
+- `tags` (list, optional): List of tags.
+- `notes` (list, optional): List of notes.
+- `is_zeroday` (bool, optional): Whether this is a zero-day finding.
+- `is_visible` (bool, optional): Whether the finding is visible.
+- `import_to_library` (str, optional): Library to import to.
+- `import_source` (str, optional): Source of import.
+- `import_source_id` (str, optional): Source ID for import.
+- `custom_fields` (list, optional): List of custom fields.
+- `linked_testcases` (list, optional): List of linked testcases.
+- `custom_tags` (list, optional): List of custom tags.
+
+See the source code for full details and docstrings.
+
+---
+
+## API Reference
+
+### `PyAttackForgeClient`
+
+- `__init__(api_key: str, base_url: str = ..., dry_run: bool = False)`
+- `get_assets() -> dict`
+- `get_asset_by_name(name: str) -> dict or None`
+- `create_asset(asset_data: dict) -> dict`
+- `get_project_by_name(name: str) -> dict or None`
+- `get_project_scope(project_id: str) -> set`
+- `update_project_scope(project_id: str, new_assets: list) -> dict`
+- `create_project(name: str, **kwargs) -> dict`
+- `update_project(project_id: str, update_fields: dict) -> dict`
+- `create_vulnerability(
+      project_id: str,
+      title: str,
+      affected_asset_name: str,
+      priority: str,
+      likelihood_of_exploitation: int,
+      description: str,
+      attack_scenario: str,
+      remediation_recommendation: str,
+      steps_to_reproduce: str,
+      tags: Optional[list] = None,
+      notes: Optional[list] = None,
+      is_zeroday: bool = False,
+      is_visible: bool = True,
+      import_to_library: Optional[str] = None,
+      import_source: Optional[str] = None,
+      import_source_id: Optional[str] = None,
+      custom_fields: Optional[list] = None,
+      linked_testcases: Optional[list] = None,
+      custom_tags: Optional[list] = None,
+  ) -> dict`
+
+See the source code for full details and docstrings.
+
+---
+- `create_vulnerability(
+      project_id: str,
+      title: str,
+      affected_asset_name: str,
+      priority: str,
+      likelihood_of_exploitation: int,
+      description: str,
+      attack_scenario: str,
+      remediation_recommendation: str,
+      steps_to_reproduce: str,
+      tags: Optional[list] = None,
+      notes: Optional[list] = None,
+      is_zeroday: bool = False,
+      is_visible: bool = True,
+      import_to_library: Optional[str] = None,
+      import_source: Optional[str] = None,
+      import_source_id: Optional[str] = None,
+      custom_fields: Optional[list] = None,
+      linked_testcases: Optional[list] = None,
+      custom_tags: Optional[list] = None,
+  ) -> dict`
+
+See the source code for full details and docstrings.
+
+---
+
+## Contributing
+
+Contributions are welcome! Please open issues or submit pull requests via GitHub.
+
+- Ensure code is PEP8-compliant and includes docstrings and type hints.
+- Add or update tests for new features or bugfixes.
+- Do **not** commit API keys or other secrets.
+
+---
+
+## Security
+
+**Never commit your API keys or other sensitive information to version control.**
+
+---
+
+## License
+
+This project is licensed under the [GNU Affero General Public License v3.0 (AGPL-3.0)](https://www.gnu.org/licenses/agpl-3.0.html).

pyattackforge-0.1.1.dist-info/RECORD

@@ -0,0 +1,7 @@
+pyattackforge/__init__.py,sha256=xZxubdjv_Fc1bRqfVRMR4j9SCTLXg9TfckWn9CQHH_E,839
+pyattackforge/client.py,sha256=0Ki2MhHd-H6ybw3pMazs7vCABMbzjzxGN50LD6Ufb_s,14652
+pyattackforge-0.1.1.dist-info/licenses/LICENSE,sha256=bx5iLIKjgAdYQ7sISn7DsfHRKkoCUm1154sJJKhgqnU,35184
+pyattackforge-0.1.1.dist-info/METADATA,sha256=yYfGjLUdJ27Nkg-TDIj3Mk_RriVd8bTgxmxeOSGRsCw,6732
+pyattackforge-0.1.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+pyattackforge-0.1.1.dist-info/top_level.txt,sha256=1rDeMkWvFWuX3MS8V65no7KuybYyvtfIgbYSt5m_uPU,14
+pyattackforge-0.1.1.dist-info/RECORD,,

pyattackforge-0.1.0.dist-info/METADATA

@@ -1,120 +0,0 @@
-Metadata-Version: 2.4
-Name: pyattackforge
-Version: 0.1.0
-Summary: Python wrapper for the AttackForge API
-Home-page: https://github.com/Tantalum-Labs/PyAttackForge
-Author: Shane S
-License: AGPL-3.0
-Classifier: Programming Language :: Python :: 3
-Classifier: License :: OSI Approved :: GNU Affero General Public License v3 or later (AGPLv3+)
-Classifier: Operating System :: OS Independent
-Classifier: Development Status :: 3 - Alpha
-Classifier: Intended Audience :: Developers
-Classifier: Topic :: Software Development :: Libraries :: Python Modules
-Requires-Python: >=3.7
-Description-Content-Type: text/markdown
-License-File: LICENSE
-Requires-Dist: requests>=2.20.0
-Dynamic: author
-Dynamic: classifier
-Dynamic: description
-Dynamic: description-content-type
-Dynamic: home-page
-Dynamic: license
-Dynamic: license-file
-Dynamic: requires-dist
-Dynamic: requires-python
-Dynamic: summary
-
-# PyAttackForge
-
-A lightweight Python library for interacting with the AttackForge API.
-
----
-
-## Features
-
-- Create and fetch projects
-- Manage assets
-- Submit vulnerabilities
-- Dry-run mode for testing
-
----
-
-## Install
-
-   ```bash
-   mkdir PyAttackForgeEnv
-   cd PyAttackForgeEnv
-   virtualenv venv
-   source ./venv/bin/activate
-   pip install git+https://github.com/Tantalum-Labs/PyAttackForge.git
-   ```
-
-## Use
-
-   ```python
-   from pyattackforge import PyAttackForgeClient
-
-   # Initialize client - Note: Make sure to set your AttackForge URL and API Key
-   client = PyAttackForgeClient(api_key="your-api-key", base_url="https://demo.attackforge.com", dry_run=False)
-
-   # Create a project
-   project = client.create_project("My Project", scope=["Asset1", "Asset2"])
-
-   ## Create a vulnerability with auto-created assets
-   client.create_vulnerability(
-       vulnerability_data={
-           "projectId": "abc123",
-           "title": "Open SSH Port",
-           "affected_assets": [{"assetName": "ssh-prod-1"}],
-           "priority": "High",
-           "likelihood_of_exploitation": 10,
-       },
-       auto_create_assets=True,
-       default_asset_type="Cloud",
-       default_asset_library_ids=["your-lib-id"]
-   )
-
-   ```
-
----
-
-## API Reference
-
-### `PyAttackForgeClient`
-
-- `__init__(api_key: str, base_url: str = ..., dry_run: bool = False)`
-- `get_assets() -> dict`
-- `get_asset_by_name(name: str) -> dict or None`
-- `create_asset(asset_data: dict) -> dict`
-- `get_project_by_name(name: str) -> dict or None`
-- `get_project_scope(project_id: str) -> set`
-- `update_project_scope(project_id: str, new_assets: list) -> dict`
-- `create_project(name: str, **kwargs) -> dict`
-- `update_project(project_id: str, update_fields: dict) -> dict`
-- `create_vulnerability(vulnerability_data: dict, auto_create_assets: bool = False, ...) -> dict`
-
-See the source code for full details and docstrings.
-
----
-
-## Contributing
-
-Contributions are welcome! Please open issues or submit pull requests via GitHub.
-
-- Ensure code is PEP8-compliant and includes docstrings and type hints.
-- Add or update tests for new features or bugfixes.
-- Do **not** commit API keys or other secrets.
-
----
-
-## Security
-
-**Never commit your API keys or other sensitive information to version control.**
-
----
-
-## License
-
-This project is licensed under the [GNU Affero General Public License v3.0 (AGPL-3.0)](https://www.gnu.org/licenses/agpl-3.0.html).

pyattackforge-0.1.0.dist-info/RECORD

@@ -1,7 +0,0 @@
-pyattackforge/__init__.py,sha256=xZxubdjv_Fc1bRqfVRMR4j9SCTLXg9TfckWn9CQHH_E,839
-pyattackforge/client.py,sha256=wYyWCscQGYlysBgvxhnQlZnEdhTT8555RmSJ8FH9lrw,12784
-pyattackforge-0.1.0.dist-info/licenses/LICENSE,sha256=bx5iLIKjgAdYQ7sISn7DsfHRKkoCUm1154sJJKhgqnU,35184
-pyattackforge-0.1.0.dist-info/METADATA,sha256=Xm1YpRAVkEKp5KeQqS2JM5zvfrCYEX90qmfNI9B6FtA,3311
-pyattackforge-0.1.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-pyattackforge-0.1.0.dist-info/top_level.txt,sha256=1rDeMkWvFWuX3MS8V65no7KuybYyvtfIgbYSt5m_uPU,14
-pyattackforge-0.1.0.dist-info/RECORD,,