zscaler-sdk-python 1.0.0__py2.py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- zscaler/__init__.py +34 -0
- zscaler/cache/__init__.py +0 -0
- zscaler/cache/cache.py +105 -0
- zscaler/cache/no_op_cache.py +68 -0
- zscaler/cache/zscaler_cache.py +161 -0
- zscaler/constants.py +26 -0
- zscaler/errors/__init__.py +0 -0
- zscaler/errors/error.py +10 -0
- zscaler/errors/http_error.py +20 -0
- zscaler/errors/zscaler_api_error.py +24 -0
- zscaler/exceptions/__init__.py +1 -0
- zscaler/exceptions/exceptions.py +101 -0
- zscaler/logger.py +57 -0
- zscaler/ratelimiter/__init__.py +0 -0
- zscaler/ratelimiter/ratelimiter.py +39 -0
- zscaler/user_agent.py +23 -0
- zscaler/utils.py +577 -0
- zscaler/zia/__init__.py +657 -0
- zscaler/zia/activate.py +52 -0
- zscaler/zia/admin_and_role_management.py +344 -0
- zscaler/zia/apptotal.py +71 -0
- zscaler/zia/audit_logs.py +95 -0
- zscaler/zia/authentication_settings.py +98 -0
- zscaler/zia/client.py +88 -0
- zscaler/zia/cloud_apps.py +406 -0
- zscaler/zia/device_management.py +90 -0
- zscaler/zia/dlp.py +784 -0
- zscaler/zia/errors.py +37 -0
- zscaler/zia/firewall.py +1104 -0
- zscaler/zia/forwarding_control.py +271 -0
- zscaler/zia/isolation_profile.py +83 -0
- zscaler/zia/labels.py +180 -0
- zscaler/zia/locations.py +661 -0
- zscaler/zia/sandbox.py +180 -0
- zscaler/zia/security.py +236 -0
- zscaler/zia/ssl_inspection.py +175 -0
- zscaler/zia/traffic.py +853 -0
- zscaler/zia/url_categories.py +442 -0
- zscaler/zia/url_filtering.py +310 -0
- zscaler/zia/users.py +386 -0
- zscaler/zia/web_dlp.py +295 -0
- zscaler/zia/workload_groups.py +58 -0
- zscaler/zia/zpa_gateway.py +187 -0
- zscaler/zpa/__init__.py +683 -0
- zscaler/zpa/app_segments.py +331 -0
- zscaler/zpa/app_segments_inspection.py +311 -0
- zscaler/zpa/app_segments_pra.py +310 -0
- zscaler/zpa/certificates.py +234 -0
- zscaler/zpa/client.py +113 -0
- zscaler/zpa/cloud_connector_groups.py +75 -0
- zscaler/zpa/connectors.py +518 -0
- zscaler/zpa/emergency_access.py +178 -0
- zscaler/zpa/errors.py +37 -0
- zscaler/zpa/idp.py +83 -0
- zscaler/zpa/inspection.py +1012 -0
- zscaler/zpa/isolation_profile.py +85 -0
- zscaler/zpa/lss.py +568 -0
- zscaler/zpa/machine_groups.py +79 -0
- zscaler/zpa/policies.py +848 -0
- zscaler/zpa/posture_profiles.py +122 -0
- zscaler/zpa/privileged_remote_access.py +862 -0
- zscaler/zpa/provisioning.py +271 -0
- zscaler/zpa/saml_attributes.py +100 -0
- zscaler/zpa/scim_attributes.py +117 -0
- zscaler/zpa/scim_groups.py +146 -0
- zscaler/zpa/segment_groups.py +191 -0
- zscaler/zpa/server_groups.py +217 -0
- zscaler/zpa/servers.py +202 -0
- zscaler/zpa/service_edges.py +404 -0
- zscaler/zpa/trusted_networks.py +127 -0
- zscaler_sdk_python-1.0.0.dist-info/LICENSE.md +21 -0
- zscaler_sdk_python-1.0.0.dist-info/METADATA +59 -0
- zscaler_sdk_python-1.0.0.dist-info/RECORD +75 -0
- zscaler_sdk_python-1.0.0.dist-info/WHEEL +6 -0
- zscaler_sdk_python-1.0.0.dist-info/top_level.txt +1 -0
zscaler/zia/sandbox.py
ADDED
|
@@ -0,0 +1,180 @@
|
|
|
1
|
+
# -*- coding: utf-8 -*-
|
|
2
|
+
|
|
3
|
+
# Copyright (c) 2023, Zscaler Inc.
|
|
4
|
+
#
|
|
5
|
+
# Permission to use, copy, modify, and/or distribute this software for any
|
|
6
|
+
# purpose with or without fee is hereby granted, provided that the above
|
|
7
|
+
# copyright notice and this permission notice appear in all copies.
|
|
8
|
+
#
|
|
9
|
+
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
10
|
+
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
11
|
+
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
12
|
+
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
13
|
+
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
14
|
+
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
15
|
+
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
16
|
+
|
|
17
|
+
|
|
18
|
+
import mimetypes
|
|
19
|
+
|
|
20
|
+
from box import Box
|
|
21
|
+
|
|
22
|
+
from zscaler.zia import ZIAClient
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
class CloudSandboxAPI:
|
|
26
|
+
def __init__(self, client: ZIAClient):
|
|
27
|
+
self.rest = client
|
|
28
|
+
self.sandbox_token = client.sandbox_token
|
|
29
|
+
self.env_cloud = client.env_cloud
|
|
30
|
+
|
|
31
|
+
def submit_file(self, file: str, force: bool = False) -> Box:
|
|
32
|
+
"""
|
|
33
|
+
Submits a file to the ZIA Advanced Cloud Sandbox for analysis.
|
|
34
|
+
|
|
35
|
+
Args:
|
|
36
|
+
file (str): The filename that will be submitted for sandbox analysis.
|
|
37
|
+
force (bool): Force ZIA to analyse the file even if it has been submitted previously.
|
|
38
|
+
|
|
39
|
+
Returns:
|
|
40
|
+
:obj:`Box`: The Cloud Sandbox submission response information.
|
|
41
|
+
|
|
42
|
+
Examples:
|
|
43
|
+
Submit a file in the current directory called malware.exe to the cloud sandbox, forcing analysis.
|
|
44
|
+
|
|
45
|
+
>>> zia.sandbox.submit_file('malware.exe', force=True)
|
|
46
|
+
|
|
47
|
+
"""
|
|
48
|
+
with open(file, "rb") as f:
|
|
49
|
+
file_content = f.read()
|
|
50
|
+
|
|
51
|
+
content_type, _ = mimetypes.guess_type(file)
|
|
52
|
+
if not content_type:
|
|
53
|
+
content_type = "application/octet-stream"
|
|
54
|
+
params = {
|
|
55
|
+
"api_token": self.sandbox_token,
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
params = {
|
|
59
|
+
"api_token": self.sandbox_token,
|
|
60
|
+
"force": int(force), # convert boolean to int for ZIA
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
url = "/zscsb/submit"
|
|
64
|
+
|
|
65
|
+
return self.rest.post(
|
|
66
|
+
url,
|
|
67
|
+
data=file_content,
|
|
68
|
+
params=params,
|
|
69
|
+
)
|
|
70
|
+
|
|
71
|
+
def submit_file_for_inspection(self, file: str) -> Box:
|
|
72
|
+
"""
|
|
73
|
+
Submits raw or archive files to Zscaler service for out-of-band file inspection.
|
|
74
|
+
|
|
75
|
+
Args:
|
|
76
|
+
file (str): The filename that will be submitted for inspection.
|
|
77
|
+
|
|
78
|
+
Returns:
|
|
79
|
+
:obj:`Box`: The Cloud Sandbox inspection response information.
|
|
80
|
+
|
|
81
|
+
Examples:
|
|
82
|
+
Submit a file in the current directory called sample.zip for inspection.
|
|
83
|
+
|
|
84
|
+
>>> zia.sandbox.submit_file_for_inspection('sample.zip')
|
|
85
|
+
|
|
86
|
+
"""
|
|
87
|
+
with open(file, "rb") as f:
|
|
88
|
+
file_content = f.read()
|
|
89
|
+
|
|
90
|
+
content_type, _ = mimetypes.guess_type(file)
|
|
91
|
+
if not content_type:
|
|
92
|
+
content_type = "application/octet-stream"
|
|
93
|
+
|
|
94
|
+
params = {
|
|
95
|
+
"api_token": self.sandbox_token,
|
|
96
|
+
}
|
|
97
|
+
|
|
98
|
+
return self.rest.post(
|
|
99
|
+
"/zscsb/discan",
|
|
100
|
+
params=params,
|
|
101
|
+
data=file_content,
|
|
102
|
+
headers={"Content-Type": content_type},
|
|
103
|
+
)
|
|
104
|
+
|
|
105
|
+
def get_quota(self) -> Box:
|
|
106
|
+
"""
|
|
107
|
+
Returns the Cloud Sandbox API quota information for the organisation.
|
|
108
|
+
|
|
109
|
+
Returns:
|
|
110
|
+
:obj:`Box`: The Cloud Sandbox quota report.
|
|
111
|
+
|
|
112
|
+
Examples:
|
|
113
|
+
>>> pprint(zia.sandbox.get_quota())
|
|
114
|
+
|
|
115
|
+
"""
|
|
116
|
+
return self.rest.get("sandbox/report/quota")[0]
|
|
117
|
+
|
|
118
|
+
def get_report(self, md5_hash: str, report_details: str = "summary") -> Box:
|
|
119
|
+
"""
|
|
120
|
+
Returns the Cloud Sandbox Report for the provided hash.
|
|
121
|
+
|
|
122
|
+
Args:
|
|
123
|
+
md5_hash (str):
|
|
124
|
+
The MD5 hash of the file that was analysed by Cloud Sandbox.
|
|
125
|
+
report_details (str):
|
|
126
|
+
The type of report. Accepted values are 'full' or 'summary'. Defaults to 'summary'.
|
|
127
|
+
|
|
128
|
+
Returns:
|
|
129
|
+
:obj:`Box`: The cloud sandbox report.
|
|
130
|
+
|
|
131
|
+
Examples:
|
|
132
|
+
Get a summary report:
|
|
133
|
+
|
|
134
|
+
>>> zia.sandbox.get_report('8350dED6D39DF158E51D6CFBE36FB012')
|
|
135
|
+
|
|
136
|
+
Get a full report:
|
|
137
|
+
|
|
138
|
+
>>> zia.sandbox.get_report('8350dED6D39DF158E51D6CFBE36FB012', 'full')
|
|
139
|
+
|
|
140
|
+
"""
|
|
141
|
+
|
|
142
|
+
return self.rest.get(f"sandbox/report/{md5_hash}?details={report_details}")
|
|
143
|
+
|
|
144
|
+
def get_behavioral_analysis(self) -> Box:
|
|
145
|
+
"""
|
|
146
|
+
Returns the custom list of MD5 file hashes that are blocked by Sandbox.
|
|
147
|
+
|
|
148
|
+
Returns:
|
|
149
|
+
:obj:`Box`: The custom list of MD5 file hashes that are blocked by Sandbox.
|
|
150
|
+
|
|
151
|
+
Examples:
|
|
152
|
+
>>> pprint(zia.sandbox.get_behavioral_analysis())
|
|
153
|
+
|
|
154
|
+
"""
|
|
155
|
+
return self.rest.get("behavioralAnalysisAdvancedSettings")
|
|
156
|
+
|
|
157
|
+
def add_hash_to_custom_list(self, file_hashes_to_be_blocked: list) -> Box:
|
|
158
|
+
"""
|
|
159
|
+
Updates the custom list of MD5 file hashes that are blocked by Sandbox.
|
|
160
|
+
|
|
161
|
+
Args:
|
|
162
|
+
file_hashes_to_be_blocked (:obj:`list` of :obj:`str`):
|
|
163
|
+
The list of MD5 Hashes to be added. Pass an empty list to clear the blocklist.
|
|
164
|
+
|
|
165
|
+
Returns:
|
|
166
|
+
:obj:`Box`: The updated custom list of MD5 Hashes.
|
|
167
|
+
|
|
168
|
+
Examples:
|
|
169
|
+
>>> zia.sandbox.add_hash_to_custom_list(['42914d6d213a20a2684064be5c80ffa9', 'c0202cf6aeab8437c638533d14563d35'])
|
|
170
|
+
>>> zia.sandbox.add_hash_to_custom_list([]) # Clear the list
|
|
171
|
+
|
|
172
|
+
"""
|
|
173
|
+
|
|
174
|
+
payload = {"fileHashesToBeBlocked": file_hashes_to_be_blocked}
|
|
175
|
+
|
|
176
|
+
# Update the custom list with the provided hashes
|
|
177
|
+
self.rest.put("behavioralAnalysisAdvancedSettings", json=payload)
|
|
178
|
+
|
|
179
|
+
# Return the most up-to-date list after the update
|
|
180
|
+
return self.get_behavioral_analysis()
|
zscaler/zia/security.py
ADDED
|
@@ -0,0 +1,236 @@
|
|
|
1
|
+
# -*- coding: utf-8 -*-
|
|
2
|
+
|
|
3
|
+
# Copyright (c) 2023, Zscaler Inc.
|
|
4
|
+
#
|
|
5
|
+
# Permission to use, copy, modify, and/or distribute this software for any
|
|
6
|
+
# purpose with or without fee is hereby granted, provided that the above
|
|
7
|
+
# copyright notice and this permission notice appear in all copies.
|
|
8
|
+
#
|
|
9
|
+
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
10
|
+
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
11
|
+
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
12
|
+
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
13
|
+
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
14
|
+
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
15
|
+
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
16
|
+
|
|
17
|
+
|
|
18
|
+
from box import BoxList
|
|
19
|
+
|
|
20
|
+
from zscaler.zia import ZIAClient
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
class SecurityPolicyAPI:
|
|
24
|
+
def __init__(self, client: ZIAClient):
|
|
25
|
+
self.rest = client
|
|
26
|
+
|
|
27
|
+
def get_whitelist(self) -> BoxList:
|
|
28
|
+
"""
|
|
29
|
+
Returns a list of whitelisted URLs.
|
|
30
|
+
|
|
31
|
+
Returns:
|
|
32
|
+
:obj:`BoxList`: A list of whitelisted URLs
|
|
33
|
+
|
|
34
|
+
Examples:
|
|
35
|
+
>>> for url in zia.security.get_whitelist():
|
|
36
|
+
... pprint(url)
|
|
37
|
+
|
|
38
|
+
"""
|
|
39
|
+
response = self.rest.get("security")
|
|
40
|
+
|
|
41
|
+
# ZIA removes the whitelistUrls key from the JSON response when it's empty.
|
|
42
|
+
if "whitelist_urls" in self.rest.get("security"):
|
|
43
|
+
return response.whitelist_urls
|
|
44
|
+
else:
|
|
45
|
+
return (
|
|
46
|
+
BoxList()
|
|
47
|
+
) # Return empty list so other methods in this class don't break
|
|
48
|
+
|
|
49
|
+
def get_blacklist(self) -> BoxList:
|
|
50
|
+
"""
|
|
51
|
+
Returns a list of blacklisted URLs.
|
|
52
|
+
|
|
53
|
+
Returns:
|
|
54
|
+
:obj:`BoxList`: A list of blacklisted URLs
|
|
55
|
+
|
|
56
|
+
Examples:
|
|
57
|
+
>>> for url in zia.security.get_blacklist():
|
|
58
|
+
... pprint(url)
|
|
59
|
+
|
|
60
|
+
"""
|
|
61
|
+
|
|
62
|
+
return self.rest.get("security/advanced").blacklist_urls
|
|
63
|
+
|
|
64
|
+
def erase_whitelist(self) -> int:
|
|
65
|
+
"""
|
|
66
|
+
Erases all URLs in the whitelist.
|
|
67
|
+
|
|
68
|
+
Returns:
|
|
69
|
+
:obj:`int`: The status code for the operation.
|
|
70
|
+
|
|
71
|
+
Examples:
|
|
72
|
+
>>> zia.security.erase_whitelist()
|
|
73
|
+
|
|
74
|
+
"""
|
|
75
|
+
payload = {"whitelistUrls": []}
|
|
76
|
+
|
|
77
|
+
return self.rest.put("security", json=payload).status_code
|
|
78
|
+
|
|
79
|
+
def replace_whitelist(self, url_list: list) -> BoxList:
|
|
80
|
+
"""
|
|
81
|
+
Replaces the existing whitelist with the URLs provided.
|
|
82
|
+
|
|
83
|
+
Args:
|
|
84
|
+
url_list (:obj:`list` of :obj:`str`):
|
|
85
|
+
The list of URLs for the new whitelist.
|
|
86
|
+
|
|
87
|
+
Returns:
|
|
88
|
+
:obj:`BoxList`: The complete and updated whitelist.
|
|
89
|
+
|
|
90
|
+
Examples:
|
|
91
|
+
>>> zia.security.replace_whitelist(['example.com'])
|
|
92
|
+
|
|
93
|
+
"""
|
|
94
|
+
|
|
95
|
+
payload = {"whitelistUrls": url_list}
|
|
96
|
+
|
|
97
|
+
return self.rest.put("security", json=payload).whitelist_urls
|
|
98
|
+
|
|
99
|
+
def add_urls_to_whitelist(self, url_list: list) -> BoxList:
|
|
100
|
+
"""
|
|
101
|
+
Adds the provided URLs to the whitelist.
|
|
102
|
+
|
|
103
|
+
Args:
|
|
104
|
+
url_list (:obj:`list` of :obj:`str`):
|
|
105
|
+
The list of URLs to be added.
|
|
106
|
+
|
|
107
|
+
Returns:
|
|
108
|
+
:obj:`BoxList`: The complete and updated whitelist.
|
|
109
|
+
|
|
110
|
+
Examples:
|
|
111
|
+
>>> zia.security.add_urls_to_whitelist(['example.com', 'web.example.com'])
|
|
112
|
+
|
|
113
|
+
"""
|
|
114
|
+
|
|
115
|
+
# Get the current whitelist
|
|
116
|
+
whitelist = self.get_whitelist()
|
|
117
|
+
|
|
118
|
+
# Add existing URLs to whitelist
|
|
119
|
+
whitelist.extend(url for url in url_list if url not in whitelist)
|
|
120
|
+
|
|
121
|
+
payload = {"whitelistUrls": whitelist}
|
|
122
|
+
|
|
123
|
+
return self.rest.put("security", json=payload).whitelist_urls
|
|
124
|
+
|
|
125
|
+
def delete_urls_from_whitelist(self, url_list: list) -> BoxList:
|
|
126
|
+
"""
|
|
127
|
+
Deletes the provided URLs from the whitelist.
|
|
128
|
+
|
|
129
|
+
Args:
|
|
130
|
+
url_list (:obj:`list` of :obj:`str`):
|
|
131
|
+
The list of URLs to be deleted.
|
|
132
|
+
|
|
133
|
+
Returns:
|
|
134
|
+
:obj:`BoxList`: The complete and updated whitelist.
|
|
135
|
+
|
|
136
|
+
Examples:
|
|
137
|
+
>>> zia.security.delete_urls_from_whitelist(['example.com', 'web.example.com'])
|
|
138
|
+
|
|
139
|
+
"""
|
|
140
|
+
# Get the current whitelist
|
|
141
|
+
whitelist = self.get_whitelist()
|
|
142
|
+
|
|
143
|
+
# If URLs provided, create new whitelist without them
|
|
144
|
+
whitelist = [url for url in whitelist if url not in url_list]
|
|
145
|
+
|
|
146
|
+
payload = {"whitelistUrls": whitelist}
|
|
147
|
+
|
|
148
|
+
return self.rest.put("security", json=payload).whitelist_urls
|
|
149
|
+
|
|
150
|
+
def add_urls_to_blacklist(self, url_list: list) -> BoxList:
|
|
151
|
+
"""
|
|
152
|
+
Adds the provided URLs to the blacklist.
|
|
153
|
+
|
|
154
|
+
Args:
|
|
155
|
+
url_list (:obj:`list` of :obj:`str`):
|
|
156
|
+
The list of URLs to be added.
|
|
157
|
+
|
|
158
|
+
Returns:
|
|
159
|
+
:obj:`BoxList`: The complete and updated blacklist.
|
|
160
|
+
|
|
161
|
+
Examples:
|
|
162
|
+
>>> zia.security.add_urls_to_blacklist(['example.com', 'web.example.com'])
|
|
163
|
+
|
|
164
|
+
"""
|
|
165
|
+
|
|
166
|
+
payload = {"blacklistUrls": url_list}
|
|
167
|
+
|
|
168
|
+
resp = self.rest.post(
|
|
169
|
+
"security/advanced/blacklistUrls?action=ADD_TO_LIST", json=payload
|
|
170
|
+
).status_code
|
|
171
|
+
|
|
172
|
+
# Return the object if it was updated successfully
|
|
173
|
+
if resp == 204:
|
|
174
|
+
return self.get_blacklist()
|
|
175
|
+
|
|
176
|
+
def replace_blacklist(self, url_list: list) -> BoxList:
|
|
177
|
+
"""
|
|
178
|
+
Replaces the existing blacklist with the URLs provided.
|
|
179
|
+
|
|
180
|
+
Args:
|
|
181
|
+
url_list (:obj:`list` of :obj:`str`):
|
|
182
|
+
The list of URLs for the new blacklist.
|
|
183
|
+
|
|
184
|
+
Returns:
|
|
185
|
+
:obj:`BoxList`: The complete and updated blacklist.
|
|
186
|
+
|
|
187
|
+
Examples:
|
|
188
|
+
>>> zia.security.replace_blacklist(['example.com'])
|
|
189
|
+
|
|
190
|
+
"""
|
|
191
|
+
|
|
192
|
+
payload = {"blacklistUrls": url_list}
|
|
193
|
+
|
|
194
|
+
return self.rest.put("security/advanced", json=payload).blacklist_urls
|
|
195
|
+
|
|
196
|
+
def erase_blacklist(self) -> int:
|
|
197
|
+
"""
|
|
198
|
+
Erases all URLs in the blacklist.
|
|
199
|
+
|
|
200
|
+
Returns:
|
|
201
|
+
:obj:`int`: The status code for the operation.
|
|
202
|
+
|
|
203
|
+
Examples:
|
|
204
|
+
>>> zia.security.erase_blacklist()
|
|
205
|
+
|
|
206
|
+
"""
|
|
207
|
+
|
|
208
|
+
payload = {"blacklistUrls": []}
|
|
209
|
+
try:
|
|
210
|
+
self.rest.put("security/advanced", json=payload)
|
|
211
|
+
return "Blacklist successfully erased."
|
|
212
|
+
except Exception as e:
|
|
213
|
+
return f"An error occurred: {str(e)}"
|
|
214
|
+
|
|
215
|
+
def delete_urls_from_blacklist(self, url_list: list) -> int:
|
|
216
|
+
"""
|
|
217
|
+
Deletes the provided URLs from the blacklist.
|
|
218
|
+
|
|
219
|
+
Args:
|
|
220
|
+
url_list (:obj:`list` of :obj:`str`):
|
|
221
|
+
The list of URLs to be deleted.
|
|
222
|
+
|
|
223
|
+
Returns:
|
|
224
|
+
:obj:`int`: The status code for the operation.
|
|
225
|
+
|
|
226
|
+
Examples:
|
|
227
|
+
>>> zia.security.delete_urls_from_blacklist(['example.com', 'web.example.com'])
|
|
228
|
+
|
|
229
|
+
"""
|
|
230
|
+
|
|
231
|
+
payload = {"blacklistUrls": url_list}
|
|
232
|
+
|
|
233
|
+
return self.rest.post(
|
|
234
|
+
"security/advanced/blacklistUrls?action=REMOVE_FROM_LIST",
|
|
235
|
+
json=payload,
|
|
236
|
+
).status_code
|
|
@@ -0,0 +1,175 @@
|
|
|
1
|
+
# -*- coding: utf-8 -*-
|
|
2
|
+
|
|
3
|
+
# Copyright (c) 2023, Zscaler Inc.
|
|
4
|
+
#
|
|
5
|
+
# Permission to use, copy, modify, and/or distribute this software for any
|
|
6
|
+
# purpose with or without fee is hereby granted, provided that the above
|
|
7
|
+
# copyright notice and this permission notice appear in all copies.
|
|
8
|
+
#
|
|
9
|
+
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
10
|
+
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
11
|
+
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
12
|
+
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
13
|
+
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
14
|
+
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
15
|
+
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
16
|
+
|
|
17
|
+
|
|
18
|
+
from box import Box
|
|
19
|
+
|
|
20
|
+
from zscaler.zia import ZIAClient
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
class SSLInspectionAPI:
|
|
24
|
+
def __init__(self, client: ZIAClient):
|
|
25
|
+
self.rest = client
|
|
26
|
+
|
|
27
|
+
def get_csr(self) -> str:
|
|
28
|
+
"""
|
|
29
|
+
Downloads a CSR after it has been generated.
|
|
30
|
+
|
|
31
|
+
Returns:
|
|
32
|
+
:obj:`str`: Base64 encoded PKCS#10 CSR text.
|
|
33
|
+
|
|
34
|
+
Examples:
|
|
35
|
+
Retrieve the CSR for use in another function.
|
|
36
|
+
|
|
37
|
+
>>> csr = zia.ssl.get_csr()
|
|
38
|
+
|
|
39
|
+
"""
|
|
40
|
+
return self.rest.get("sslSettings/downloadcsr").text
|
|
41
|
+
|
|
42
|
+
def get_intermediate_ca(self) -> Box:
|
|
43
|
+
"""
|
|
44
|
+
Returns information on the signed Intermediate Root CA certificate.
|
|
45
|
+
|
|
46
|
+
Returns:
|
|
47
|
+
:obj:`Box`: The Intermediate Root CA resource record.
|
|
48
|
+
|
|
49
|
+
Examples:
|
|
50
|
+
>>> pprint(zia.ssl.get_intermediate_ca())
|
|
51
|
+
|
|
52
|
+
"""
|
|
53
|
+
return self.rest.get("sslSettings/showcert")
|
|
54
|
+
|
|
55
|
+
def generate_csr(
|
|
56
|
+
self,
|
|
57
|
+
cert_name: str,
|
|
58
|
+
cn: str,
|
|
59
|
+
org: str,
|
|
60
|
+
dept: str,
|
|
61
|
+
city: str,
|
|
62
|
+
state: str,
|
|
63
|
+
country: str,
|
|
64
|
+
signature: str,
|
|
65
|
+
) -> int:
|
|
66
|
+
"""
|
|
67
|
+
Generates a Certificate Signing Request.
|
|
68
|
+
|
|
69
|
+
Args:
|
|
70
|
+
cert_name (str): Certificate Name
|
|
71
|
+
cn (str): Common Name
|
|
72
|
+
org (str): Organisation
|
|
73
|
+
dept (str): Department
|
|
74
|
+
city (str): City
|
|
75
|
+
state (str): State
|
|
76
|
+
country (str): Country. Must be in the two-letter country code (ISO 3166-1 alpha-2) format and prefixed by
|
|
77
|
+
`COUNTRY`. E.g.::
|
|
78
|
+
|
|
79
|
+
United States = US = COUNTRY_US
|
|
80
|
+
Australia = AU = COUNTRY_AU
|
|
81
|
+
|
|
82
|
+
signature (str): Certificate signature algorithm. Accepted values are `SHA_1` and `SHA_256`.
|
|
83
|
+
|
|
84
|
+
Returns:
|
|
85
|
+
:obj:`int`: The response code for the operation.
|
|
86
|
+
|
|
87
|
+
Examples:
|
|
88
|
+
>>> zia.ssl.generate_csr(cert_name='Example.com Intermediate CA 2',
|
|
89
|
+
... cn='Example.com Intermediate CA 2',
|
|
90
|
+
... org='Example.com',
|
|
91
|
+
... dept='IT',
|
|
92
|
+
... city='Sydney',
|
|
93
|
+
... state='NSW',
|
|
94
|
+
... country='COUNTRY_AU',
|
|
95
|
+
... signature='SHA_256')
|
|
96
|
+
|
|
97
|
+
"""
|
|
98
|
+
payload = {
|
|
99
|
+
"certName": cert_name,
|
|
100
|
+
"commName": cn,
|
|
101
|
+
"orgName": org,
|
|
102
|
+
"deptName": dept,
|
|
103
|
+
"city": city,
|
|
104
|
+
"state": state,
|
|
105
|
+
"country": country,
|
|
106
|
+
"signatureAlgorithm": signature,
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
return self.rest.post(
|
|
110
|
+
"sslSettings/generatecsr", json=payload, box=False
|
|
111
|
+
).status_code
|
|
112
|
+
|
|
113
|
+
def upload_int_ca_cert(self, cert: tuple) -> int:
|
|
114
|
+
"""
|
|
115
|
+
Uploads a signed Intermediate Root CA certificate.
|
|
116
|
+
|
|
117
|
+
Args:
|
|
118
|
+
cert (tuple): The Intermediate Root CA certificate tuple in the following format, where `int_ca_pem` is a
|
|
119
|
+
``File Object`` representation of the Intermediate Root CA certificate PEM file::
|
|
120
|
+
|
|
121
|
+
('filename.pem', int_ca_pem)
|
|
122
|
+
|
|
123
|
+
Returns:
|
|
124
|
+
:obj:`int`: The status code for the operation.
|
|
125
|
+
|
|
126
|
+
Examples:
|
|
127
|
+
Upload an Intermediate Root CA certificate from a file:
|
|
128
|
+
|
|
129
|
+
>>> zia.ssl.upload_int_ca_cert(('int_ca.pem', open('int_ca.pem', 'rb')))
|
|
130
|
+
|
|
131
|
+
"""
|
|
132
|
+
|
|
133
|
+
payload = {"fileUpload": cert}
|
|
134
|
+
|
|
135
|
+
return self.rest.post(
|
|
136
|
+
"sslSettings/uploadcert/text", files=payload, box=False
|
|
137
|
+
).status_code
|
|
138
|
+
|
|
139
|
+
def upload_int_ca_chain(self, cert: tuple) -> int:
|
|
140
|
+
"""
|
|
141
|
+
Uploads the Intermediate Root CA certificate chain.
|
|
142
|
+
|
|
143
|
+
Args:
|
|
144
|
+
cert (tuple): The Intermediate Root CA chain certificate tuple in the following format, where
|
|
145
|
+
`int_ca_chain_pem` is a ``File Object`` representation of the Intermediate Root CA certificate chain
|
|
146
|
+
PEM file::
|
|
147
|
+
|
|
148
|
+
('filename.pem', int_ca_chain_pem)
|
|
149
|
+
|
|
150
|
+
|
|
151
|
+
Returns:
|
|
152
|
+
:obj:`int`: The status code for the operation
|
|
153
|
+
|
|
154
|
+
Examples:
|
|
155
|
+
Upload an Intermediate Root CA chain from a file:
|
|
156
|
+
|
|
157
|
+
>>> zia.ssl.upload_int_ca_chain(('int_ca_chain.pem', open('int_ca_chain.pem', 'rb')))
|
|
158
|
+
|
|
159
|
+
"""
|
|
160
|
+
|
|
161
|
+
payload = {"fileUpload": cert}
|
|
162
|
+
|
|
163
|
+
return self.rest.post(
|
|
164
|
+
"sslSettings/uploadcertchain/text", files=payload, box=False
|
|
165
|
+
).status_code
|
|
166
|
+
|
|
167
|
+
def delete_int_chain(self) -> int:
|
|
168
|
+
"""
|
|
169
|
+
Deletes the Intermediate Root CA certificate chain.
|
|
170
|
+
|
|
171
|
+
Returns:
|
|
172
|
+
:obj:`int`: The status code for the operation.
|
|
173
|
+
|
|
174
|
+
"""
|
|
175
|
+
return self.rest.delete("sslSettings/certchain", box=False).status_code
|