PyPI - voidaccess - Versions diffs - 1.3.0__py3-none-any.whl - Mend

voidaccess 1.3.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (142) hide show

analysis/__init__.py +49 -0
analysis/opsec.py +454 -0
analysis/patterns.py +202 -0
analysis/temporal.py +201 -0
api/__init__.py +1 -0
api/auth.py +163 -0
api/main.py +509 -0
api/routes/__init__.py +1 -0
api/routes/admin.py +214 -0
api/routes/auth.py +157 -0
api/routes/entities.py +871 -0
api/routes/export.py +359 -0
api/routes/investigations.py +2567 -0
api/routes/monitors.py +405 -0
api/routes/search.py +157 -0
api/routes/settings.py +851 -0
auth/__init__.py +1 -0
auth/token_blacklist.py +108 -0
cli/__init__.py +3 -0
cli/adapters/__init__.py +1 -0
cli/adapters/sqlite.py +273 -0
cli/browser.py +376 -0
cli/commands/__init__.py +1 -0
cli/commands/configure.py +185 -0
cli/commands/enrich.py +154 -0
cli/commands/export.py +158 -0
cli/commands/investigate.py +601 -0
cli/commands/show.py +87 -0
cli/config.py +180 -0
cli/display.py +212 -0
cli/main.py +154 -0
cli/tor_detect.py +71 -0
config.py +180 -0
crawler/__init__.py +28 -0
crawler/dedup.py +97 -0
crawler/frontier.py +115 -0
crawler/spider.py +462 -0
crawler/utils.py +122 -0
db/__init__.py +47 -0
db/migrations/__init__.py +0 -0
db/migrations/env.py +80 -0
db/migrations/versions/0001_initial_schema.py +270 -0
db/migrations/versions/0002_add_investigation_status_column.py +27 -0
db/migrations/versions/0002_add_missing_tables.py +33 -0
db/migrations/versions/0003_add_canonical_value_and_entity_links.py +61 -0
db/migrations/versions/0004_add_page_posted_at.py +41 -0
db/migrations/versions/0005_add_extraction_method.py +32 -0
db/migrations/versions/0006_add_monitor_alerts.py +26 -0
db/migrations/versions/0007_add_actor_style_profiles.py +23 -0
db/migrations/versions/0008_add_users_table.py +47 -0
db/migrations/versions/0009_add_investigation_id_to_relationships.py +29 -0
db/migrations/versions/0010_add_composite_index_entity_relationships.py +22 -0
db/migrations/versions/0011_add_page_extraction_cache.py +52 -0
db/migrations/versions/0013_add_graph_status.py +31 -0
db/migrations/versions/0015_add_progress_fields.py +41 -0
db/migrations/versions/0016_backfill_graph_status.py +33 -0
db/migrations/versions/0017_add_user_api_keys.py +44 -0
db/migrations/versions/0018_add_user_id_to_investigations.py +33 -0
db/migrations/versions/0019_add_content_safety_log.py +46 -0
db/migrations/versions/0020_add_entity_source_tracking.py +50 -0
db/models.py +618 -0
db/queries.py +841 -0
db/session.py +270 -0
export/__init__.py +34 -0
export/misp.py +257 -0
export/sigma.py +342 -0
export/stix.py +418 -0
extractor/__init__.py +21 -0
extractor/llm_extract.py +372 -0
extractor/ner.py +512 -0
extractor/normalizer.py +638 -0
extractor/pipeline.py +401 -0
extractor/regex_patterns.py +325 -0
fingerprint/__init__.py +33 -0
fingerprint/profiler.py +240 -0
fingerprint/stylometry.py +249 -0
graph/__init__.py +73 -0
graph/builder.py +894 -0
graph/export.py +225 -0
graph/model.py +83 -0
graph/queries.py +297 -0
graph/visualize.py +178 -0
i18n/__init__.py +24 -0
i18n/detect.py +76 -0
i18n/query_expand.py +72 -0
i18n/translate.py +210 -0
monitor/__init__.py +27 -0
monitor/_db.py +74 -0
monitor/alerts.py +345 -0
monitor/config.py +118 -0
monitor/diff.py +75 -0
monitor/jobs.py +247 -0
monitor/scheduler.py +184 -0
scraper/__init__.py +0 -0
scraper/scrape.py +857 -0
scraper/scrape_js.py +272 -0
search/__init__.py +318 -0
search/circuit_breaker.py +240 -0
search/search.py +334 -0
sources/__init__.py +96 -0
sources/blockchain.py +444 -0
sources/cache.py +93 -0
sources/cisa.py +108 -0
sources/dns_enrichment.py +557 -0
sources/domain_reputation.py +643 -0
sources/email_reputation.py +635 -0
sources/engines.py +244 -0
sources/enrichment.py +1244 -0
sources/github_scraper.py +589 -0
sources/gitlab_scraper.py +624 -0
sources/hash_reputation.py +856 -0
sources/historical_intel.py +253 -0
sources/ip_reputation.py +521 -0
sources/paste_scraper.py +484 -0
sources/pastes.py +278 -0
sources/rss_scraper.py +576 -0
sources/seed_manager.py +373 -0
sources/seeds.py +368 -0
sources/shodan.py +103 -0
sources/telegram.py +199 -0
sources/virustotal.py +113 -0
utils/__init__.py +0 -0
utils/async_utils.py +89 -0
utils/content_safety.py +193 -0
utils/defang.py +94 -0
utils/encryption.py +34 -0
utils/ioc_freshness.py +124 -0
utils/user_keys.py +33 -0
vector/__init__.py +39 -0
vector/embedder.py +100 -0
vector/model_singleton.py +49 -0
vector/search.py +87 -0
vector/store.py +514 -0
voidaccess/__init__.py +0 -0
voidaccess/llm.py +717 -0
voidaccess/llm_utils.py +696 -0
voidaccess-1.3.0.dist-info/METADATA +395 -0
voidaccess-1.3.0.dist-info/RECORD +142 -0
voidaccess-1.3.0.dist-info/WHEEL +5 -0
voidaccess-1.3.0.dist-info/entry_points.txt +2 -0
voidaccess-1.3.0.dist-info/licenses/LICENSE +21 -0
voidaccess-1.3.0.dist-info/top_level.txt +19 -0

api/routes/admin.py ADDED Viewed

@@ -0,0 +1,214 @@
+"""
+Admin routes for VoidAccess API.
+Provides administrative endpoints for monitoring and managing the system.
+"""
+import asyncio
+import logging
+import uuid
+from datetime import datetime, timedelta, timezone
+from typing import Optional
+from fastapi import APIRouter, Depends, HTTPException
+from pydantic import BaseModel, Field
+from api.auth import get_current_user
+from search.search import SEARCH_ENGINES
+from search.circuit_breaker import get_all_states, record_success, is_open, _engine_failures, _engine_last_success
+from sources.seed_manager import get_seed_manager
+logger = logging.getLogger(__name__)
+router = APIRouter(tags=["admin"])
+# In-memory registry of seed-validation jobs.  Persistence isn't required —
+# validation is best-effort and ephemeral.
+_seed_validation_jobs: dict[str, dict] = {}
+@router.get("/circuit-breakers")
+async def get_circuit_breakers(current_user=Depends(get_current_user)) -> dict:
+    """
+    Get the current state of all search engine circuit breakers.
+    Returns state, failure count, and last success timestamp for each engine.
+    """
+    engines = {}
+    for engine in SEARCH_ENGINES:
+        name = engine["name"]
+        failures = _engine_failures.get(name, 0)
+        open_state = await is_open(name)
+        engines[name] = {
+            "state": "open" if open_state else "closed",
+            "failure_count": failures,
+            "url": engine.get("url", "").split("{")[0]  # strip query param
+        }
+    return {"engines": engines}
+@router.post("/circuit-breakers/{engine_name}/reset", dependencies=[Depends(get_current_user)])
+async def reset_circuit_breaker(engine_name: str) -> dict:
+    """Reset a circuit breaker to closed state manually."""
+    await record_success(engine_name)
+    return {"engine": engine_name, "state": "closed", "message": "Circuit breaker reset"}
+@router.post("/circuit-breakers/reset-all", dependencies=[Depends(get_current_user)])
+async def reset_all_circuit_breakers() -> dict:
+    """Reset all circuit breakers to closed state."""
+    from search.search import SEARCH_ENGINES
+    for engine in SEARCH_ENGINES:
+        await record_success(engine["name"])
+    return {"reset_count": len(SEARCH_ENGINES), "state": "all closed"}
+@router.get("/content-safety/events", dependencies=[Depends(get_current_user)])
+async def get_content_safety_events() -> dict:
+    """
+    Return content safety block event counts for operator review.
+    Returns counts only — never the blocked content itself.
+    """
+    try:
+        import os
+        if not os.getenv("DATABASE_URL"):
+            return {
+                "last_24h": {"query_blocked": 0, "url_blocked": 0, "content_blocked": 0},
+                "total": {"query_blocked": 0, "url_blocked": 0, "content_blocked": 0},
+            }
+        from db.session import get_session
+        from db.models import ContentSafetyEvent
+        from sqlalchemy import func
+        cutoff = datetime.now(timezone.utc) - timedelta(hours=24)
+        event_types = ["query_blocked", "url_blocked", "content_blocked"]
+        with get_session() as session:
+            last_24h: dict[str, int] = {}
+            total: dict[str, int] = {}
+            for et in event_types:
+                last_24h[et] = int(
+                    session.query(func.count(ContentSafetyEvent.id))
+                    .filter(
+                        ContentSafetyEvent.event_type == et,
+                        ContentSafetyEvent.timestamp >= cutoff,
+                    )
+                    .scalar()
+                    or 0
+                )
+                total[et] = int(
+                    session.query(func.count(ContentSafetyEvent.id))
+                    .filter(ContentSafetyEvent.event_type == et)
+                    .scalar()
+                    or 0
+                )
+        return {"last_24h": last_24h, "total": total}
+    except Exception as exc:
+        return {
+            "error": str(exc)[:200],
+            "last_24h": {"query_blocked": 0, "url_blocked": 0, "content_blocked": 0},
+            "total": {"query_blocked": 0, "url_blocked": 0, "content_blocked": 0},
+        }
+# ---------------------------------------------------------------------------
+# Seed list management
+# ---------------------------------------------------------------------------
+class AddSeedBody(BaseModel):
+    name: str = Field(..., min_length=1, max_length=200)
+    url: str = Field(..., min_length=8, max_length=500)
+    category: str = Field(default="discovered", max_length=80)
+    tags: list[str] = Field(default_factory=list)
+async def _run_seed_validation_job(job_id: str) -> None:
+    """Background coroutine: validate all seeds and record the result."""
+    job = _seed_validation_jobs.setdefault(job_id, {})
+    job["status"] = "running"
+    job["started_at"] = datetime.now(timezone.utc).isoformat()
+    try:
+        seed_manager = get_seed_manager()
+        results = await seed_manager.validate_seeds(concurrency=3)
+        job["status"] = "completed"
+        job["results"] = results
+    except Exception as exc:
+        logger.warning("Seed validation job %s failed: %s", job_id, exc)
+        job["status"] = "failed"
+        job["error"] = str(exc)[:300]
+    finally:
+        job["finished_at"] = datetime.now(timezone.utc).isoformat()
+@router.get("/seeds", dependencies=[Depends(get_current_user)])
+async def get_seeds_summary() -> dict:
+    """Return a summary of the seed list: counts by category and status."""
+    try:
+        seed_manager = get_seed_manager()
+        return seed_manager.summary()
+    except Exception as exc:
+        logger.warning("get_seeds_summary failed: %s", exc)
+        return {"total": 0, "by_category": {}, "by_status": {}, "last_validated": None}
+@router.get("/seeds/list", dependencies=[Depends(get_current_user)])
+async def list_all_seeds() -> dict:
+    """Return the full seed list (admin only)."""
+    try:
+        seed_manager = get_seed_manager()
+        return {"seeds": seed_manager.list_seeds()}
+    except Exception as exc:
+        logger.warning("list_all_seeds failed: %s", exc)
+        return {"seeds": []}
+@router.post("/seeds/validate", dependencies=[Depends(get_current_user)])
+async def trigger_seed_validation() -> dict:
+    """
+    Trigger a background validation of every seed over Tor.
+    Returns a job_id so callers can poll status.
+    """
+    seed_manager = get_seed_manager()
+    seed_count = len(seed_manager.list_seeds())
+    job_id = str(uuid.uuid4())
+    _seed_validation_jobs[job_id] = {
+        "status": "queued",
+        "queued_at": datetime.now(timezone.utc).isoformat(),
+        "seed_count": seed_count,
+    }
+    asyncio.create_task(_run_seed_validation_job(job_id))
+    return {
+        "job_id": job_id,
+        "message": f"Validation started for {seed_count} seeds",
+    }
+@router.get("/seeds/validate/{job_id}", dependencies=[Depends(get_current_user)])
+async def get_seed_validation_status(job_id: str) -> dict:
+    """Poll the status of a seed-validation job."""
+    job = _seed_validation_jobs.get(job_id)
+    if job is None:
+        raise HTTPException(status_code=404, detail="Validation job not found")
+    return {"job_id": job_id, **job}
+@router.post("/seeds/add", dependencies=[Depends(get_current_user)])
+async def add_seed(body: AddSeedBody) -> dict:
+    """Manually add a seed URL to the catalogue."""
+    seed_manager = get_seed_manager()
+    added = seed_manager.add_discovered_seed(
+        url=body.url,
+        name=body.name,
+        tags=body.tags,
+        category=body.category,
+    )
+    if not added:
+        raise HTTPException(
+            status_code=400,
+            detail="Seed not added (duplicate URL or blocked by content safety)",
+        )
+    return {"added": True, "url": body.url, "category": body.category}

api/routes/auth.py ADDED Viewed

@@ -0,0 +1,157 @@
+"""Auth endpoints: login, reset-password, me, logout."""
+import os
+from datetime import datetime, timezone
+from fastapi import APIRouter, HTTPException, Depends, status, Request
+from slowapi import Limiter
+from slowapi.util import get_remote_address
+from api.auth import (
+    LoginRequest, LoginResponse, ResetPasswordRequest,
+    verify_password, hash_password, create_access_token,
+    get_current_user, CurrentUser,
+)
+from auth.token_blacklist import revoke_token
+from db.models import User
+from db.session import get_session, get_db
+from sqlalchemy.orm import Session
+from config import REDIS_URL
+router = APIRouter(prefix="/auth", tags=["auth"])
+DISABLE_RATE_LIMIT = os.getenv("DISABLE_RATE_LIMIT", "false").lower() == "true"
+if DISABLE_RATE_LIMIT:
+    _limiter = None
+else:
+    _limiter = Limiter(key_func=get_remote_address)
+def _no_op_decorator(func):
+    return func
+login_limit = _limiter.limit("5/minute") if _limiter else _no_op_decorator
+reset_limit = _limiter.limit("3/minute") if _limiter else _no_op_decorator
+def validate_password_strength(password: str) -> None:
+    """
+    Validate password meets minimum requirements.
+    Raises ValueError with a user-friendly message.
+    """
+    if len(password) < 8:
+        raise ValueError(
+            "Password must be at least 8 characters"
+        )
+    if len(password) > 128:
+        raise ValueError(
+            "Password must be under 128 characters"
+        )
+    # Must have at least one letter and one number
+    has_letter = any(c.isalpha() for c in password)
+    has_digit = any(c.isdigit() for c in password)
+    if not has_letter or not has_digit:
+        raise ValueError(
+            "Password must contain at least one "
+            "letter and one number"
+        )
+@router.post("/login", response_model=LoginResponse)
+@login_limit
+async def login(request: Request, body: LoginRequest, db: Session = Depends(get_db)):
+    """
+    Authenticate with email + password.
+    Returns JWT token.
+    """
+    user = db.query(User).filter(
+        User.email == body.email.lower().strip(),
+        User.is_active == True,
+    ).first()
+    if not user or not verify_password(body.password, user.hashed_password):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid email or password",
+        )
+    user.last_login_at = datetime.now(timezone.utc)
+    db.commit()
+    token, jti = create_access_token(user.id, user.email)
+    return LoginResponse(
+        access_token=token,
+        must_reset_password=user.must_reset_password,
+    )
+@router.post("/reset-password")
+@reset_limit
+async def reset_password(
+    request: Request,
+    body: ResetPasswordRequest,
+    db: Session = Depends(get_db),
+    current: CurrentUser = Depends(get_current_user),
+):
+    """
+    Reset password. Requires valid JWT token.
+    Clears must_reset_password flag on success.
+    """
+    if body.new_password != body.confirm_password:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="New password and confirmation do not match",
+        )
+    try:
+        validate_password_strength(body.new_password)
+    except ValueError as e:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=str(e),
+        )
+    if not verify_password(body.current_password, current.user.hashed_password):
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Current password is incorrect",
+        )
+    current.user.hashed_password = hash_password(body.new_password)
+    current.user.must_reset_password = False
+    db.commit()
+    return {"message": "Password updated successfully"}
+@router.get("/me")
+async def get_me(current: CurrentUser = Depends(get_current_user)):
+    """Return current user info. Safe as user is bound to request session."""
+    return {
+        "id": current.user.id,
+        "email": current.user.email,
+        "must_reset_password": current.user.must_reset_password,
+        "last_login_at": current.user.last_login_at.isoformat() if current.user.last_login_at else None,
+    }
+@router.post("/logout")
+async def logout(
+    current: CurrentUser = Depends(get_current_user),
+):
+    """Logout: revoke the current token."""
+    if current.jti and current.exp:
+        now = datetime.now(timezone.utc)
+        exp = current.exp
+        if exp.tzinfo is None:
+            exp = exp.replace(tzinfo=timezone.utc)
+        remaining_seconds = int((exp - now).total_seconds())
+        if remaining_seconds > 0:
+            success = await revoke_token(current.jti, remaining_seconds)
+            if not success and REDIS_URL:
+                raise HTTPException(
+                    status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
+                    detail="Logout failed due to internal token store error",
+                )
+    return {"message": "Logged out successfully"}