souleyez 2.43.28__py3-none-any.whl → 2.43.32__py3-none-any.whl

souleyez/ui/splunk_vulns_view.py

@@ -15,10 +15,10 @@ console = Console()
 
 # Severity colors
 SEVERITY_COLORS = {
-    'Critical': 'red',
-    'High': 'yellow',
-    'Medium': 'white',
-    'Low': 'bright_black'
+    "Critical": "red",
+    "High": "yellow",
+    "Medium": "white",
+    "Low": "bright_black",
 }
 
 
@@ -45,15 +45,29 @@ def show_splunk_vulns_view(engagement_id: int, engagement_name: str = "") -> Non
 
         # Header
         click.echo("\n┌" + "─" * (width - 2) + "┐")
-        click.echo("│" + click.style(" SPLUNK VULNERABILITIES ".center(width - 2), bold=True, fg='cyan') + "│")
+        click.echo(
+            "│"
+            + click.style(
+                " SPLUNK VULNERABILITIES ".center(width - 2), bold=True, fg="cyan"
+            )
+            + "│"
+        )
         click.echo("└" + "─" * (width - 2) + "┘")
         click.echo()
 
         # Check if Splunk is configured
         config = WazuhConfig.get_config(engagement_id)
 
-        if not config or config.get('siem_type') != 'splunk' or not config.get('enabled'):
-            click.echo(click.style("  Splunk is not configured for this engagement.", fg='yellow'))
+        if (
+            not config
+            or config.get("siem_type") != "splunk"
+            or not config.get("enabled")
+        ):
+            click.echo(
+                click.style(
+                    "  Splunk is not configured for this engagement.", fg="yellow"
+                )
+            )
             click.echo()
             click.echo("  Configure Splunk in Settings -> SIEM Integration")
             click.echo()
@@ -62,7 +76,7 @@ def show_splunk_vulns_view(engagement_id: int, engagement_name: str = "") -> Non
             click.echo("  [q] Back")
             click.echo()
             try:
-                if click.getchar().lower() == 'q':
+                if click.getchar().lower() == "q":
                     return
             except (KeyboardInterrupt, EOFError):
                 return
@@ -71,15 +85,18 @@ def show_splunk_vulns_view(engagement_id: int, engagement_name: str = "") -> Non
         # Get Splunk client
         try:
             from souleyez.integrations.siem.splunk import SplunkSIEMClient
-            client = SplunkSIEMClient.from_config({
-                'api_url': config.get('api_url', ''),
-                'username': config.get('username', ''),
-                'password': config.get('password', ''),
-                'verify_ssl': config.get('verify_ssl', False),
-                'default_index': config.get('default_index', 'main'),
-            })
+
+            client = SplunkSIEMClient.from_config(
+                {
+                    "api_url": config.get("api_url", ""),
+                    "username": config.get("username", ""),
+                    "password": config.get("password", ""),
+                    "verify_ssl": config.get("verify_ssl", False),
+                    "default_index": config.get("default_index", "main"),
+                }
+            )
         except Exception as e:
-            click.echo(click.style(f"  Error connecting to Splunk: {e}", fg='red'))
+            click.echo(click.style(f"  Error connecting to Splunk: {e}", fg="red"))
             click.echo()
             click.pause("  Press any key to return...")
             return
@@ -88,23 +105,30 @@ def show_splunk_vulns_view(engagement_id: int, engagement_name: str = "") -> Non
         try:
             summary = client.get_vulnerability_summary()
             vulns = client.get_vulnerabilities(
-                severity=severity_filter,
-                agent_name=host_filter,
-                limit=1000
+                severity=severity_filter, agent_name=host_filter, limit=1000
             )
         except Exception as e:
-            click.echo(click.style(f"  Error querying Splunk: {e}", fg='red'))
+            click.echo(click.style(f"  Error querying Splunk: {e}", fg="red"))
             click.echo()
             click.echo("  Make sure the wazuh_vulns index exists and has data.")
-            click.echo("  Run the vuln sync script: python3 scripts/wazuh_vuln_to_splunk.py --all")
+            click.echo(
+                "  Run the vuln sync script: python3 scripts/wazuh_vuln_to_splunk.py --all"
+            )
             click.echo()
             click.pause("  Press any key to return...")
             return
 
         # Display table with summary
         page, total_pages = _display_vulns_table(
-            console, vulns, page, page_size, view_all,
-            severity_filter, host_filter, width, summary
+            console,
+            vulns,
+            page,
+            page_size,
+            view_all,
+            severity_filter,
+            host_filter,
+            width,
+            summary,
         )
 
         # Menu
@@ -123,27 +147,27 @@ def show_splunk_vulns_view(engagement_id: int, engagement_name: str = "") -> Non
         try:
             choice = input("  Select option: ").strip().lower()
 
-            if choice == 'q':
+            if choice == "q":
                 return
-            elif choice == 'r':
+            elif choice == "r":
                 continue  # Refresh
-            elif choice == 'i':
+            elif choice == "i":
                 _interactive_vulns_mode(vulns)
-            elif choice == 't':
+            elif choice == "t":
                 view_all = not view_all
                 if not view_all:
                     page = 0
-            elif choice == 'n' and not view_all and page < total_pages - 1:
+            elif choice == "n" and not view_all and page < total_pages - 1:
                 page += 1
-            elif choice == 'p' and not view_all and page > 0:
+            elif choice == "p" and not view_all and page > 0:
                 page -= 1
-            elif choice == 'f':
+            elif choice == "f":
                 severity_filter = _select_severity_filter()
                 page = 0
-            elif choice == 'h':
+            elif choice == "h":
                 host_filter = _select_host_filter()
                 page = 0
-            elif choice == 'c':
+            elif choice == "c":
                 severity_filter = None
                 host_filter = None
                 page = 0
@@ -152,10 +176,10 @@ def show_splunk_vulns_view(engagement_id: int, engagement_name: str = "") -> Non
                 if 0 <= vuln_idx < len(vulns):
                     _show_vuln_detail(vulns[vuln_idx])
                 else:
-                    click.echo(click.style("  Invalid number", fg='red'))
+                    click.echo(click.style("  Invalid number", fg="red"))
                     click.pause()
             else:
-                click.echo(click.style("Invalid option", fg='red'))
+                click.echo(click.style("Invalid option", fg="red"))
                 click.pause()
 
         except (KeyboardInterrupt, EOFError):
@@ -163,19 +187,31 @@ def show_splunk_vulns_view(engagement_id: int, engagement_name: str = "") -> Non
 
 
 def _display_vulns_table(
-    console: Console, vulns: List[Dict], page: int, page_size: int,
-    view_all: bool, severity_filter: Optional[str], host_filter: Optional[str],
-    width: int, summary: Dict
+    console: Console,
+    vulns: List[Dict],
+    page: int,
+    page_size: int,
+    view_all: bool,
+    severity_filter: Optional[str],
+    host_filter: Optional[str],
+    width: int,
+    summary: Dict,
 ) -> tuple:
     """Display vulnerabilities table with summary header.
 
     Returns: (current_page, total_pages)
     """
-    by_sev = summary.get('by_severity', {})
+    by_sev = summary.get("by_severity", {})
 
     # Summary header
     click.echo("═" * width)
-    click.echo(click.style(f" SPLUNK VULNERABILITIES ({summary.get('total', 0)} total, {summary.get('unique_cves', 0)} unique CVEs)", bold=True, fg='yellow'))
+    click.echo(
+        click.style(
+            f" SPLUNK VULNERABILITIES ({summary.get('total', 0)} total, {summary.get('unique_cves', 0)} unique CVEs)",
+            bold=True,
+            fg="yellow",
+        )
+    )
 
     # Severity breakdown
     sev_line = (
@@ -187,7 +223,11 @@ def _display_vulns_table(
     click.echo(sev_line)
 
     # Agents line
-    click.echo(click.style(f"  Agents affected: {summary.get('agents_affected', 0)}", fg='bright_black'))
+    click.echo(
+        click.style(
+            f"  Agents affected: {summary.get('agents_affected', 0)}", fg="bright_black"
+        )
+    )
 
     # Show active filters
     if severity_filter or host_filter:
@@ -196,13 +236,13 @@ def _display_vulns_table(
             filter_parts.append(f"Severity: {severity_filter}")
         if host_filter:
             filter_parts.append(f"Host: {host_filter}")
-        click.echo(click.style(f"  Filters: {', '.join(filter_parts)}", fg='cyan'))
+        click.echo(click.style(f"  Filters: {', '.join(filter_parts)}", fg="cyan"))
 
     click.echo("─" * width)
     click.echo()
 
     if not vulns:
-        click.echo("  " + click.style("No vulnerabilities found!", fg='green'))
+        click.echo("  " + click.style("No vulnerabilities found!", fg="green"))
         click.echo("  Make sure Wazuh vuln data is synced to Splunk.")
         click.echo()
         return 0, 1
@@ -224,7 +264,7 @@ def _display_vulns_table(
         header_style="bold cyan",
         box=DesignSystem.TABLE_BOX,
         padding=(0, 1),
-        expand=True
+        expand=True,
     )
 
     table.add_column("○", width=3, justify="center")
@@ -242,17 +282,17 @@ def _display_vulns_table(
         else:
             display_idx = (page * page_size) + idx + 1
 
-        cve = vuln.get('cve_id', '-')
-        severity = vuln.get('severity', 'Medium')
-        sev_color = SEVERITY_COLORS.get(severity, 'white')
+        cve = vuln.get("cve_id", "-")
+        severity = vuln.get("severity", "Medium")
+        sev_color = SEVERITY_COLORS.get(severity, "white")
         sev_display = f"[{sev_color}]{severity}[/{sev_color}]"
 
-        cvss = vuln.get('cvss_score')
+        cvss = vuln.get("cvss_score")
         cvss_display = f"{cvss:.1f}" if cvss else "-"
 
-        host = vuln.get('agent_name', '-')[:15]
-        package = vuln.get('package_name', '-')[:24]
-        os_name = vuln.get('os_name', '-')[:11]
+        host = vuln.get("agent_name", "-")[:15]
+        package = vuln.get("package_name", "-")[:24]
+        os_name = vuln.get("os_name", "-")[:11]
 
         table.add_row(
             "○",
@@ -262,7 +302,7 @@ def _display_vulns_table(
             cvss_display,
             host,
             package,
-            os_name
+            os_name,
         )
 
     console.print("  ", table)
@@ -291,9 +331,9 @@ def _select_severity_filter() -> Optional[str]:
     click.echo()
 
     key = click.getchar().lower()
-    severity_map = {'1': 'Critical', '2': 'High', '3': 'Medium', '4': 'Low'}
+    severity_map = {"1": "Critical", "2": "High", "3": "Medium", "4": "Low"}
 
-    if key == 'c':
+    if key == "c":
         return None
     return severity_map.get(key)
 
@@ -301,9 +341,11 @@ def _select_severity_filter() -> Optional[str]:
 def _select_host_filter() -> Optional[str]:
     """Show host filter prompt."""
     click.echo()
-    ip = click.prompt("  Enter host/agent name (partial match, or 'c' to clear)", default="")
+    ip = click.prompt(
+        "  Enter host/agent name (partial match, or 'c' to clear)", default=""
+    )
 
-    if ip.lower() == 'c' or not ip:
+    if ip.lower() == "c" or not ip:
         return None
     return ip
 
@@ -313,17 +355,22 @@ def _show_vuln_detail(vuln: Dict) -> None:
     DesignSystem.clear_screen()
     width = DesignSystem.get_terminal_width()
 
-    cve = vuln.get('cve_id', 'Unknown')
-    severity = vuln.get('severity', 'Medium')
-    sev_color = SEVERITY_COLORS.get(severity, 'white')
+    cve = vuln.get("cve_id", "Unknown")
+    severity = vuln.get("severity", "Medium")
+    sev_color = SEVERITY_COLORS.get(severity, "white")
 
     click.echo("\n" + "─" * (width - 2) + "┐")
-    click.echo("│" + click.style(f" {cve} ".center(width - 2), bold=True, fg='cyan') + "│")
+    click.echo(
+        "│" + click.style(f" {cve} ".center(width - 2), bold=True, fg="cyan") + "│"
+    )
     click.echo("└" + "─" * (width - 2) + "┘")
     click.echo()
 
-    click.echo(f"  Severity: " + click.style(severity, fg=sev_color, bold=True) +
-              f" | CVSS: {vuln.get('cvss_score', '-')}")
+    click.echo(
+        f"  Severity: "
+        + click.style(severity, fg=sev_color, bold=True)
+        + f" | CVSS: {vuln.get('cvss_score', '-')}"
+    )
     click.echo()
 
     click.echo(click.style("  Host/Agent:", bold=True))
@@ -342,7 +389,7 @@ def _show_vuln_detail(vuln: Dict) -> None:
     click.echo()
 
     # Description (truncated)
-    desc = vuln.get('description', '')
+    desc = vuln.get("description", "")
     if desc:
         click.echo(click.style("  Description:", bold=True))
         # Word wrap description
@@ -366,52 +413,58 @@ def _interactive_vulns_mode(vulns: List[Dict]) -> None:
     from souleyez.ui.interactive_selector import interactive_select
 
     if not vulns:
-        click.echo(click.style("  No vulnerabilities to select.", fg='yellow'))
+        click.echo(click.style("  No vulnerabilities to select.", fg="yellow"))
         click.pause()
         return
 
     # Prepare items for interactive selector
     vuln_items = []
     for vuln in vulns:
-        vuln_items.append({
-            'id': id(vuln),
-            'cve_id': vuln.get('cve_id', '-'),
-            'severity': vuln.get('severity', 'Medium'),
-            'cvss': f"{vuln.get('cvss_score', 0):.1f}" if vuln.get('cvss_score') else '-',
-            'host': vuln.get('agent_name', '-')[:15],
-            'package': vuln.get('package_name', '-')[:20],
-            'os': vuln.get('os_name', '-')[:12],
-            'raw': vuln
-        })
+        vuln_items.append(
+            {
+                "id": id(vuln),
+                "cve_id": vuln.get("cve_id", "-"),
+                "severity": vuln.get("severity", "Medium"),
+                "cvss": (
+                    f"{vuln.get('cvss_score', 0):.1f}"
+                    if vuln.get("cvss_score")
+                    else "-"
+                ),
+                "host": vuln.get("agent_name", "-")[:15],
+                "package": vuln.get("package_name", "-")[:20],
+                "os": vuln.get("os_name", "-")[:12],
+                "raw": vuln,
+            }
+        )
 
     columns = [
-        {'name': 'CVE', 'key': 'cve_id', 'width': 18},
-        {'name': 'Severity', 'key': 'severity', 'width': 10},
-        {'name': 'CVSS', 'key': 'cvss', 'width': 6},
-        {'name': 'Host', 'key': 'host', 'width': 15},
-        {'name': 'Package', 'key': 'package', 'width': 20}
+        {"name": "CVE", "key": "cve_id", "width": 18},
+        {"name": "Severity", "key": "severity", "width": 10},
+        {"name": "CVSS", "key": "cvss", "width": 6},
+        {"name": "Host", "key": "host", "width": 15},
+        {"name": "Package", "key": "package", "width": 20},
     ]
 
     def format_cell(item: Dict, key: str) -> str:
-        if key == 'severity':
-            sev = item.get('severity', 'Medium')
-            color = SEVERITY_COLORS.get(sev, 'white')
+        if key == "severity":
+            sev = item.get("severity", "Medium")
+            color = SEVERITY_COLORS.get(sev, "white")
             return f"[{color}]{sev}[/{color}]"
-        return str(item.get(key, '-'))
+        return str(item.get(key, "-"))
 
     selected_ids: set = set()
     interactive_select(
         items=vuln_items,
         columns=columns,
         selected_ids=selected_ids,
-        get_id=lambda v: v['id'],
+        get_id=lambda v: v["id"],
         title="SPLUNK VULNERABILITIES",
-        format_cell=format_cell
+        format_cell=format_cell,
     )
 
     # Show details of first selected
     if selected_ids:
         for item in vuln_items:
-            if item['id'] in selected_ids:
-                _show_vuln_detail(item['raw'])
+            if item["id"] in selected_ids:
+                _show_vuln_detail(item["raw"])
                 break