PyPI - scanner-client - Versions diffs - 0.1.0rc2__py3-none-any.whl - Mend

scanner-client 0.1.0rc2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (111) hide show

scanner_client/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ from .scanner import Scanner, AsyncScanner

scanner_client/detection_rule.py ADDED Viewed

@@ -0,0 +1,267 @@
+from typing import Optional
+from .http_err import get_body_and_handle_err
+from .raw_api.api.detection_rule import \
+    list_detection_rules, create_detection_rule, get_detection_rule, \
+        update_detection_rule, delete_detection_rule
+from .raw_api.models import ListDetectionRulesRequestData, CreateDetectionRuleRequestData, DeleteDetectionRuleResponseData,\
+    DetectionRule as DetectionRuleJson, \
+    DetectionRuleSummary, \
+    UpdateDetectionRuleRequestData, \
+    DetectionSeverityType0, DetectionSeverityType1, DetectionSeverityType2, DetectionSeverityType3, \
+    DetectionSeverityType4, DetectionSeverityType5, DetectionSeverityType6, DetectionSeverityType7, \
+    StartingPermissionsForRbacDetectionRulePermissionType, StartingPermissionsForRbacDetectionRulePermissionTypePermissionsByRole, \
+    RbacDetectionRulePermissionType
+from .raw_api.client import AuthenticatedClient
+from .raw_api.types import Unset, UNSET
+# TODO: this is currently kinda awkward to deal with. Ideally we can get the
+# openapi schema to just include a single DetectionSeverity enum, instead of a
+# union type across 7 enums each with one variant.
+DetectionSeverity = DetectionSeverityType0 \
+    | DetectionSeverityType1 \
+    | DetectionSeverityType2 \
+    | DetectionSeverityType3 \
+    | DetectionSeverityType4 \
+    | DetectionSeverityType5 \
+    | DetectionSeverityType6 \
+    | DetectionSeverityType7
+def starting_permissions_for_detection_rule(
+    starting_permissions: dict[str, list[RbacDetectionRulePermissionType]]
+) -> StartingPermissionsForRbacDetectionRulePermissionType:
+    return StartingPermissionsForRbacDetectionRulePermissionType(
+        permissions_by_role=StartingPermissionsForRbacDetectionRulePermissionTypePermissionsByRole.from_dict(starting_permissions),
+    )
+class DetectionRule():
+    _client: AuthenticatedClient
+    def __init__(self, client: AuthenticatedClient) -> None:
+        self._client = client
+    def list_all(self, tenant_id: str) -> list[DetectionRuleSummary]:
+        req_body = ListDetectionRulesRequestData(
+            tenant_id=tenant_id
+        )
+        resp = list_detection_rules.sync_detailed(
+            client=self._client,
+            body=req_body
+        )
+        resp_body = get_body_and_handle_err(resp)
+        return resp_body.detection_rules
+    def create(
+        self,
+        tenant_id: str,
+        name: str,
+        description: str,
+        time_range_s: int,
+        run_frequency_s: int,
+        enabled: bool,
+        severity: DetectionSeverity,
+        query_text: str,
+        event_sink_ids: list[str],
+        starting_permissions: Optional[StartingPermissionsForRbacDetectionRulePermissionType] | Unset = UNSET,
+        sync_key: Optional[str] | Unset = UNSET,
+    ) -> DetectionRuleJson:
+        req_body = CreateDetectionRuleRequestData(
+            tenant_id = tenant_id,
+            name = name,
+            description = description,
+            time_range_s = time_range_s,
+            run_frequency_s = run_frequency_s,
+            enabled = enabled,
+            severity = severity.value,
+            query_text = query_text,
+            event_sink_ids = event_sink_ids,
+            starting_permissions = starting_permissions,
+            sync_key = sync_key,
+        )
+        resp = create_detection_rule.sync_detailed(
+            client=self._client,
+            body=req_body
+        )
+        resp_body = get_body_and_handle_err(resp)
+        return resp_body.detection_rule
+    def get(self, detection_rule_id: str) -> DetectionRuleJson:
+        resp = get_detection_rule.sync_detailed(
+            detection_rule_id,
+            client=self._client
+        )
+        resp_body = get_body_and_handle_err(resp)
+        return resp_body.detection_rule
+    def update(
+        self,
+        detection_rule_id: str,
+        name: str | Unset = UNSET,
+        description: str | Unset = UNSET,
+        time_range_s: int | Unset = UNSET,
+        run_frequency_s: int | Unset = UNSET,
+        enabled: bool | Unset = UNSET,
+        severity: DetectionSeverity | Unset = UNSET,
+        query_text: str | Unset = UNSET,
+        event_sink_ids: list[str] | Unset = UNSET,
+        sync_key: Optional[str] | Unset = UNSET,
+    ) -> DetectionRuleJson:
+        req_body = UpdateDetectionRuleRequestData(
+            id=detection_rule_id,
+            name=name,
+            description=description,
+            time_range_s=time_range_s,
+            run_frequency_s=run_frequency_s,
+            enabled=enabled,
+            severity=severity,
+            query_text=query_text,
+            event_sink_ids=event_sink_ids,
+            sync_key=sync_key
+        )
+        resp = update_detection_rule.sync_detailed(
+            detection_rule_id,
+            client=self._client,
+            body=req_body
+        )
+        resp_body = get_body_and_handle_err(resp)
+        return resp_body.detection_rule
+    def delete(self, detection_rule_id: str) -> DeleteDetectionRuleResponseData:
+        resp = delete_detection_rule.sync_detailed(
+            detection_rule_id,
+            client=self._client
+        )
+        return get_body_and_handle_err(resp)
+class AsyncDetectionRule():
+    _client: AuthenticatedClient
+    def __init__(self, client: AuthenticatedClient) -> None:
+        self._client = client
+    async def list_all(self, tenant_id: str) -> list[DetectionRuleSummary]:
+        req_body = ListDetectionRulesRequestData(
+            tenant_id=tenant_id
+        )
+        resp = await list_detection_rules.asyncio_detailed(
+            client=self._client,
+            body=req_body
+        )
+        resp_body = get_body_and_handle_err(resp)
+        return resp_body.detection_rules
+    async def create(
+        self,
+        tenant_id: str,
+        name: str,
+        description: str,
+        time_range_s: int,
+        run_frequency_s: int,
+        enabled: bool,
+        severity: DetectionSeverity,
+        query_text: str,
+        event_sink_ids: list[str],
+        sync_key: Optional[str] | Unset = UNSET,
+    ) -> DetectionRuleJson:
+        req_body = CreateDetectionRuleRequestData(
+            tenant_id = tenant_id,
+            name = name,
+            description = description,
+            time_range_s = time_range_s,
+            run_frequency_s = run_frequency_s,
+            enabled = enabled,
+            severity = severity.value,
+            query_text = query_text,
+            event_sink_ids = event_sink_ids,
+            sync_key = sync_key,
+        )
+        resp = await create_detection_rule.asyncio_detailed(
+            client=self._client,
+            body=req_body
+        )
+        resp_body = get_body_and_handle_err(resp)
+        return resp_body.detection_rule
+    async def get(self, detection_rule_id: str) -> DetectionRuleJson:
+        resp = await get_detection_rule.asyncio_detailed(
+            detection_rule_id,
+            client=self._client
+        )
+        resp_body = get_body_and_handle_err(resp)
+        return resp_body.detection_rule
+    async def update(
+        self,
+        detection_rule_id: str,
+        name: str | Unset = UNSET,
+        description: str | Unset = UNSET,
+        time_range_s: int | Unset = UNSET,
+        run_frequency_s: int | Unset = UNSET,
+        enabled: bool | Unset = UNSET,
+        severity: DetectionSeverity | Unset = UNSET,
+        query_text: str | Unset = UNSET,
+        event_sink_ids: list[str] | Unset = UNSET,
+        sync_key: Optional[str] | Unset = UNSET,
+    ) -> DetectionRuleJson:
+        req_body = UpdateDetectionRuleRequestData(
+            id=detection_rule_id,
+            name=name,
+            description=description,
+            time_range_s=time_range_s,
+            run_frequency_s=run_frequency_s,
+            enabled=enabled,
+            severity=severity,
+            query_text=query_text,
+            event_sink_ids=event_sink_ids,
+            sync_key=sync_key
+        )
+        resp = await update_detection_rule.asyncio_detailed(
+            detection_rule_id,
+            client=self._client,
+            body=req_body
+        )
+        resp_body = get_body_and_handle_err(resp)
+        return resp_body.detection_rule
+    async def delete(self, detection_rule_id: str) -> DeleteDetectionRuleResponseData:
+        resp = await delete_detection_rule.asyncio_detailed(
+            detection_rule_id,
+            client=self._client
+        )
+        return get_body_and_handle_err(resp)

scanner_client/event_sink.py ADDED Viewed

@@ -0,0 +1,233 @@
+from typing import Optional
+from .http_err import get_body_and_handle_err
+from .raw_api.api.event_sink import \
+    list_event_sinks, create_event_sink, get_event_sink, update_event_sink, delete_event_sink
+from .raw_api.models import ListEventSinksRequestData, CreateEventSinkRequestData, \
+    EventSink as EventSinkJson, UpdateEventSinkRequestData, CreateEventSinkArgsType0, \
+    CreateEventSinkArgsType1, CreateSlackEventSinkArgs, CreateWebhookEventSinkArgs, \
+    UpdateEventSinkArgsType0, UpdateEventSinkArgsType1, UpdateSlackEventSinkArgs, \
+    UpdateWebhookEventSinkArgs, DeleteEventSinkResponseData
+from .raw_api.client import AuthenticatedClient
+from .raw_api.types import Unset, UNSET
+CreateEventSinkArgs = CreateEventSinkArgsType0 | CreateEventSinkArgsType1
+UpdateEventSinkArgs = UpdateEventSinkArgsType0 | UpdateEventSinkArgsType1
+def create_slack_event_sink_args(
+    channel: str,
+    slack_oauth_code: str
+) -> CreateEventSinkArgsType0:
+    return CreateEventSinkArgsType0(
+        slack=CreateSlackEventSinkArgs(
+            channel=channel,
+            slack_oauth_code=slack_oauth_code
+        )
+    )
+def create_webhook_event_sink_args(url: str) -> CreateEventSinkArgsType1:
+    return CreateEventSinkArgsType1(
+        webhook=CreateWebhookEventSinkArgs(
+            url=url
+        )
+    )
+def update_slack_event_sink_args(channel: str) -> UpdateEventSinkArgsType0:
+    return UpdateEventSinkArgsType0(
+        slack=UpdateSlackEventSinkArgs(
+            channel=channel,
+        )
+    )
+def update_webhook_event_sink_args(url: str) -> UpdateEventSinkArgsType1:
+    return UpdateEventSinkArgsType1(
+        webhook=UpdateWebhookEventSinkArgs(
+            url=url
+        )
+    )
+class EventSink():
+    _client: AuthenticatedClient
+    def __init__(self, client: AuthenticatedClient) -> None:
+        self._client = client
+    def list_all(self, tenant_id: str) -> list[EventSinkJson]:
+        req_body = ListEventSinksRequestData(
+            tenant_id=tenant_id
+        )
+        resp = list_event_sinks.sync_detailed(
+            client=self._client,
+            body=req_body
+        )
+        resp_body = get_body_and_handle_err(resp)
+        return resp_body.event_sinks
+    def create(
+        self,
+        tenant_id: str,
+        name: str,
+        description: str,
+        event_sink_args: CreateEventSinkArgs
+    ) -> EventSinkJson:
+        req_body = CreateEventSinkRequestData(
+            tenant_id=tenant_id,
+            name=name,
+            description=description,
+            event_sink_args=event_sink_args
+        )
+        resp = create_event_sink.sync_detailed(
+            client=self._client,
+            body=req_body
+        )
+        resp_body = get_body_and_handle_err(resp)
+        return resp_body.event_sink
+    def get(self, event_sink_id: str) -> EventSinkJson:
+        resp = get_event_sink.sync_detailed(
+            event_sink_id,
+            client=self._client
+        )
+        resp_body = get_body_and_handle_err(resp)
+        return resp_body.event_sink
+    def update(
+        self,
+        event_sink_id: str,
+        name: str | Unset = UNSET,
+        description: str | Unset = UNSET,
+        event_sink_args: UpdateEventSinkArgs | Unset = UNSET
+    ) -> EventSinkJson:
+        req_body = UpdateEventSinkRequestData(
+            id=event_sink_id,
+            name=name,
+            description=description,
+            event_sink_args=event_sink_args
+        )
+        resp = update_event_sink.sync_detailed(
+            event_sink_id,
+            client=self._client,
+            body=req_body
+        )
+        resp_body = get_body_and_handle_err(resp)
+        return resp_body.event_sink
+    def delete(self, event_sink_id: str) -> DeleteEventSinkResponseData:
+        resp = delete_event_sink.sync_detailed(
+            event_sink_id,
+            client=self._client
+        )
+        return get_body_and_handle_err(resp)
+class AsyncEventSink():
+    _client: AuthenticatedClient
+    def __init__(self, client: AuthenticatedClient) -> None:
+        self._client = client
+    async def list_all(self, tenant_id: str) -> list[EventSinkJson]:
+        req_body = ListEventSinksRequestData(
+            tenant_id=tenant_id
+        )
+        resp = await list_event_sinks.asyncio_detailed(
+            client=self._client,
+            body=req_body
+        )
+        resp_body = get_body_and_handle_err(resp)
+        return resp_body.event_sinks
+    async def create(
+        self,
+        tenant_id: str,
+        name: str,
+        description: str,
+        event_sink_args: CreateEventSinkArgs
+    ) -> EventSinkJson:
+        req_body = CreateEventSinkRequestData(
+            tenant_id=tenant_id,
+            name=name,
+            description=description,
+            event_sink_args=event_sink_args
+        )
+        resp = await create_event_sink.asyncio_detailed(
+            client=self._client,
+            body=req_body
+        )
+        resp_body = get_body_and_handle_err(resp)
+        return resp_body.event_sink
+    async def get(self, event_sink_id: str) -> EventSinkJson:
+        resp = await get_event_sink.asyncio_detailed(
+            event_sink_id,
+            client=self._client
+        )
+        resp_body = get_body_and_handle_err(resp)
+        return resp_body.event_sink
+    async def update(
+        self,
+        event_sink_id: str,
+        name: str | Unset = UNSET,
+        description: str | Unset = UNSET,
+        event_sink_args: UpdateEventSinkArgs | Unset = UNSET
+    ) -> EventSinkJson:
+        req_body = UpdateEventSinkRequestData(
+            id=event_sink_id,
+            name=name,
+            description=description,
+            event_sink_args=event_sink_args
+        )
+        resp = await update_event_sink.asyncio_detailed(
+            event_sink_id,
+            client=self._client,
+            body=req_body
+        )
+        resp_body = get_body_and_handle_err(resp)
+        return resp_body.event_sink
+    async def delete(self, event_sink_id: str) -> DeleteEventSinkResponseData:
+        resp = await delete_event_sink.asyncio_detailed(
+            event_sink_id,
+            client=self._client
+        )
+        return get_body_and_handle_err(resp)

scanner_client/example.py ADDED Viewed

@@ -0,0 +1,75 @@
+import asyncio
+import os
+import time
+from .scanner import Scanner, AsyncScanner
+def query_example():
+    # Create Scanner client
+    scanner = Scanner(
+        api_url=os.environ["SCANNER_API_URL"],
+        api_key=os.environ["SCANNER_API_KEY"],
+    )
+    # Start query
+    qr_id = scanner.query.start_query(
+        query_text="* | count",
+        start_time="2024-04-05T23:47:11.575Z",
+        end_time="2024-04-06T00:02:11.575Z",
+    ).qr_id
+    # Check query progress
+    while True:
+        print("Checking query progress")
+        query_progress = scanner.query.query_progress(qr_id)
+        if query_progress.is_completed:
+            print(query_progress.results)
+            break
+        time.sleep(1)
+    # Run blocking query
+    response = scanner.query.blocking_query(
+        query_text="* | count",
+        start_time="2024-04-05T23:47:11.575Z",
+        end_time="2024-04-06T00:02:11.575Z",
+    )
+    print(response.results)
+async def async_query_example():
+    # Create AsyncScanner client
+    scanner = AsyncScanner(
+        api_url=os.environ["SCANNER_API_URL"],
+        api_key=os.environ["SCANNER_API_KEY"],
+    )
+    # Start query
+    qr_id = (await scanner.query.start_query(
+        query_text="* | count",
+        start_time="2024-04-05T23:47:11.575Z",
+        end_time="2024-04-06T00:02:11.575Z",
+    )).qr_id
+    # Check query progress
+    while True:
+        print("Checking query progress")
+        query_progress = await scanner.query.query_progress(qr_id)
+        if query_progress.is_completed:
+            print(query_progress.results)
+            break
+        time.sleep(1)
+    # Run blocking query
+    response = await scanner.query.blocking_query(
+        query_text="* | count",
+        start_time="2024-04-05T23:47:11.575Z",
+        end_time="2024-04-06T00:02:11.575Z",
+    )
+    print(response.results)
+#query_example()
+asyncio.run(async_query_example())

scanner_client/http_err.py ADDED Viewed

@@ -0,0 +1,12 @@
+from typing import TypeVar
+from .raw_api.types import Response
+T = TypeVar("T")
+def get_body_and_handle_err(response: Response[T]) -> T:
+    if response.status_code != 200:
+        raise Exception(f"Status code={response.status_code}, content={response.content.decode()}")
+    if response.parsed is None:
+        raise Exception(f"Error parsing response")
+    return response.parsed