Feature/ssl sendto (#190)

SSL Send to option

Author: Juliya Smith

CHANGELOG.md

@@ -8,6 +8,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 The intended audience of this file is for py42 consumers -- as such, changes that don't affect
 how a consumer would use the library (e.g. adding unit tests, updating documentation, etc) are not captured here.
 
+## Unreleased
+
+### Added
+
+- New choice `TLS-TCP` for `--protocol` option used by `send-to` commands:
+    - `code42 security-data send-to`
+    - `code42 alerts send-to`
+    - `code42 audit-logs send-to`
+    for more securely transporting data.
+
+- `--certs` option for `send-to` commands when using `--protocol TLS-TCP`.
+
 ## 1.2.0 - 2021-01-25
 
 ### Added

src/code42cli/click_ext/groups.py

@@ -14,6 +14,7 @@
 from code42cli.errors import LoggedCLIError
 from code42cli.errors import UserDoesNotExistError
 from code42cli.logger import get_main_cli_logger
+from code42cli.logger.handlers import SyslogServerNetworkConnectionError
 
 _DIFFLIB_CUT_OFF = 0.6
 
@@ -57,6 +58,7 @@ def invoke(self, ctx):
             Py42UserNotOnListError,
             Py42InvalidRuleOperationError,
             Py42LegalHoldNotFoundOrPermissionDeniedError,
+            SyslogServerNetworkConnectionError,
         ) as err:
             self.logger.log_error(err)
             raise Code42CLIError(str(err))

src/code42cli/cmds/alerts.py

@@ -1,5 +1,3 @@
-from _collections import OrderedDict
-
 import click
 import py42.sdk.queries.alerts.filters as f
 from c42eventextractor.extractors import AlertExtractor
@@ -12,26 +10,18 @@
 import code42cli.cmds.search.options as searchopt
 import code42cli.errors as errors
 import code42cli.options as opt
+from code42cli.cmds.search import SendToCommand
 from code42cli.cmds.search.cursor_store import AlertCursorStore
 from code42cli.cmds.search.extraction import handle_no_events
+from code42cli.cmds.search.options import server_options
 from code42cli.date_helper import convert_datetime_to_timestamp
 from code42cli.date_helper import limit_date_range
-from code42cli.logger import get_logger_for_server
 from code42cli.options import format_option
-from code42cli.options import server_options
 from code42cli.output_formats import JsonOutputFormat
 from code42cli.output_formats import OutputFormatter
 
-ALERTS_KEYWORD = "alerts"
-SEARCH_DEFAULT_HEADER = OrderedDict()
-SEARCH_DEFAULT_HEADER["name"] = "RuleName"
-SEARCH_DEFAULT_HEADER["actor"] = "Username"
-SEARCH_DEFAULT_HEADER["createdAt"] = "ObservedDate"
-SEARCH_DEFAULT_HEADER["state"] = "Status"
-SEARCH_DEFAULT_HEADER["severity"] = "Severity"
-SEARCH_DEFAULT_HEADER["description"] = "Description"
-
 
+ALERTS_KEYWORD = "alerts"
 begin = opt.begin_option(
     ALERTS_KEYWORD,
     callback=lambda ctx, param, arg: convert_datetime_to_timestamp(
@@ -41,16 +31,6 @@
 end = opt.end_option(ALERTS_KEYWORD)
 checkpoint = opt.checkpoint_option(ALERTS_KEYWORD)
 advanced_query = searchopt.advanced_query_option(ALERTS_KEYWORD)
-
-
-def search_options(f):
-    f = checkpoint(f)
-    f = advanced_query(f)
-    f = end(f)
-    f = begin(f)
-    return f
-
-
 severity_option = click.option(
     "--severity",
     multiple=True,
@@ -147,16 +127,34 @@ def search_options(f):
     callback=searchopt.contains_filter(f.Description),
     help="Filter alerts by description. Does fuzzy search by default.",
 )
-
 send_to_format_options = click.option(
     "-f",
     "--format",
     type=click.Choice(JsonOutputFormat(), case_sensitive=False),
     help="The output format of the result. Defaults to json format.",
-    default=JsonOutputFormat.JSON,
+    default=JsonOutputFormat.RAW,
 )
 
 
+def _get_search_default_header():
+    return {
+        "name": "RuleName",
+        "actor": "Username",
+        "createdAt": "ObservedDate",
+        "state": "Status",
+        "severity": "Severity",
+        "description": "Description",
+    }
+
+
+def search_options(f):
+    f = checkpoint(f)
+    f = advanced_query(f)
+    f = end(f)
+    f = begin(f)
+    return f
+
+
 def alert_options(f):
     f = actor_option(f)
     f = actor_contains_option(f)
@@ -231,7 +229,7 @@ def search(
 ):
     """Search for alerts."""
     output_header = ext.try_get_default_header(
-        include_all, SEARCH_DEFAULT_HEADER, format
+        include_all, _get_search_default_header(), format
     )
     formatter = OutputFormatter(format, output_header)
     cursor = _get_alert_cursor_store(cli_state.profile.name) if use_checkpoint else None
@@ -247,7 +245,7 @@ def search(
     handle_no_events(not handlers.TOTAL_EVENTS and not errors.ERRORED)
 
 
-@alerts.command()
+@alerts.command(cls=SendToCommand)
 @alert_options
 @search_options
 @click.option(
@@ -262,31 +260,23 @@ def search(
     help="Display simple properties of the primary level of the nested response.",
 )
 @send_to_format_options
-def send_to(
-    cli_state,
-    format,
-    hostname,
-    protocol,
-    begin,
-    end,
-    advanced_query,
-    use_checkpoint,
-    or_query,
-    **kwargs
-):
+def send_to(cli_state, begin, end, advanced_query, use_checkpoint, or_query, **kwargs):
     """Send alerts to the given server address.
 
     HOSTNAME format: address:port where port is optional and defaults to 514.
     """
-    logger = get_logger_for_server(hostname, protocol, format)
-    cursor = _get_alert_cursor_store(cli_state.profile.name) if use_checkpoint else None
+    cursor = _get_cursor(cli_state, use_checkpoint)
     handlers = ext.create_send_to_handlers(
-        cli_state.sdk, AlertExtractor, cursor, use_checkpoint, logger,
+        cli_state.sdk, AlertExtractor, cursor, use_checkpoint, cli_state.logger,
     )
     _call_extractor(cli_state, handlers, begin, end, or_query, advanced_query, **kwargs)
     handle_no_events(not handlers.TOTAL_EVENTS and not errors.ERRORED)
 
 
+def _get_cursor(state, use_checkpoint):
+    return _get_alert_cursor_store(state.profile.name) if use_checkpoint else None
+
+
 def _get_alert_extractor(sdk, handlers):
     return AlertExtractor(sdk, handlers)
 

src/code42cli/cmds/auditlogs.py

@@ -1,18 +1,17 @@
-from collections import OrderedDict
 from datetime import datetime
 from datetime import timezone
 
 import click
 
 import code42cli.options as opt
 from code42cli.click_ext.groups import OrderedGroup
+from code42cli.cmds.search import SendToCommand
 from code42cli.cmds.search.cursor_store import AuditLogCursorStore
+from code42cli.cmds.search.options import server_options
 from code42cli.date_helper import convert_datetime_to_timestamp
-from code42cli.logger import get_logger_for_server
 from code42cli.options import checkpoint_option
 from code42cli.options import format_option
 from code42cli.options import sdk_options
-from code42cli.options import server_options
 from code42cli.output_formats import OutputFormatter
 from code42cli.util import hash_event
 from code42cli.util import warn_interrupt
@@ -21,13 +20,17 @@
 AUDIT_LOGS_KEYWORD = "audit-logs"
 AUDIT_LOG_TIMESTAMP_FORMAT = "%Y-%m-%dT%H:%M:%S.%f"
 
-AUDIT_LOGS_DEFAULT_HEADER = OrderedDict()
-AUDIT_LOGS_DEFAULT_HEADER["timestamp"] = "Timestamp"
-AUDIT_LOGS_DEFAULT_HEADER["type$"] = "Type"
-AUDIT_LOGS_DEFAULT_HEADER["actorName"] = "ActorName"
-AUDIT_LOGS_DEFAULT_HEADER["actorIpAddress"] = "ActorIpAddress"
-AUDIT_LOGS_DEFAULT_HEADER["userName"] = "AffectedUser"
-AUDIT_LOGS_DEFAULT_HEADER["userId"] = "AffectedUserUID"
+
+def _get_audit_logs_default_header():
+    return {
+        "timestamp": "Timestamp",
+        "type$": "Type",
+        "actorName": "ActorName",
+        "actorIpAddress": "ActorIpAddress",
+        "userName": "AffectedUser",
+        "userId": "AffectedUserUID",
+    }
+
 
 begin_option = opt.begin_option(
     AUDIT_LOGS_KEYWORD,
@@ -123,7 +126,7 @@ def search(
     use_checkpoint,
 ):
     """Search audit logs."""
-    formatter = OutputFormatter(format, AUDIT_LOGS_DEFAULT_HEADER)
+    formatter = OutputFormatter(format, _get_audit_logs_default_header())
     cursor = _get_audit_log_cursor_store(state.profile.name)
     if use_checkpoint:
         checkpoint_name = use_checkpoint
@@ -158,15 +161,13 @@ def search(
         formatter.echo_formatted_list(events)
 
 
-@audit_logs.command()
+@audit_logs.command(cls=SendToCommand)
 @filter_options
 @checkpoint_option(AUDIT_LOGS_KEYWORD)
 @server_options
 @sdk_options()
 def send_to(
     state,
-    hostname,
-    protocol,
     begin,
     end,
     event_type,
@@ -176,12 +177,12 @@ def send_to(
     affected_user_id,
     affected_username,
     use_checkpoint,
+    **kwargs,
 ):
     """Send audit logs to the given server address in JSON format.
 
     HOSTNAME format: address:port where port is optional and defaults to 514.
     """
-    logger = get_logger_for_server(hostname, protocol, "RAW-JSON")
     cursor = _get_audit_log_cursor_store(state.profile.name)
     if use_checkpoint:
         checkpoint_name = use_checkpoint
@@ -210,7 +211,7 @@ def send_to(
     with warn_interrupt():
         event = None
         for event in events:
-            logger.info(event)
+            state.logger.info(event)
         if event is None:  # generator was empty
             click.echo("No results found.")
 

src/code42cli/cmds/detectionlists/__init__.py

@@ -48,10 +48,10 @@ def update_user(sdk, username, cloud_alias=None, risk_tag=None, notes=None):
 
     Args:
         sdk (py42.sdk.SDKClient): py42 sdk.
-        username (str or unicode): The username of the user to update.
-        cloud_alias (str or unicode): A cloud alias to add to the user.
-        risk_tag (iter[str or unicode]): A list of risk tags associated with user.
-        notes (str or unicode): Notes about the user.
+        username (str): The username of the user to update.
+        cloud_alias (str): A cloud alias to add to the user.
+        risk_tag (iter[str]): A list of risk tags associated with user.
+        notes (str): Notes about the user.
     """
     user_id = get_user_id(sdk, username)
     _update_cloud_alias(sdk, user_id, cloud_alias)

src/code42cli/cmds/search/__init__.py

@@ -0,0 +1,30 @@
+import click
+
+from code42cli.errors import Code42CLIError
+from code42cli.logger import get_logger_for_server
+from code42cli.output_formats import OutputFormat
+
+
+def _try_get_logger_for_server(hostname, protocol, output_format, certs):
+    try:
+        return get_logger_for_server(hostname, protocol, output_format, certs)
+    except Exception as err:
+        raise Code42CLIError(
+            "Unable to connect to {}. Failed with error: {}.".format(hostname, str(err))
+        )
+
+
+class SendToCommand(click.Command):
+    def invoke(self, ctx):
+        certs = ctx.params.get("certs")
+        hostname = ctx.params.get("hostname")
+        protocol = ctx.params.get("protocol")
+        output_format = ctx.params.get("format", OutputFormat.RAW)
+        ignore_cert_validation = ctx.params.get("ignore_cert_validation")
+        if ignore_cert_validation:
+            certs = "ignore"
+
+        ctx.obj.logger = _try_get_logger_for_server(
+            hostname, protocol, output_format, certs
+        )
+        return super().invoke(ctx)

src/code42cli/cmds/search/enums.py

@@ -7,6 +7,8 @@
 
 from code42cli.click_ext.options import incompatible_with
 from code42cli.click_ext.types import FileOrString
+from code42cli.logger.enums import ServerProtocol
+from code42cli.output_formats import SendToFileEventsOutputFormat
 
 
 def is_in_filter(filter_cls):
@@ -140,3 +142,39 @@ def advanced_query_option(term, **kwargs):
     )
     defaults.update(kwargs)
     return click.option("--advanced-query", **defaults)
+
+
+def server_options(f):
+    hostname_arg = click.argument("hostname")
+    protocol_option = click.option(
+        "-p",
+        "--protocol",
+        type=click.Choice(ServerProtocol(), case_sensitive=False),
+        default=ServerProtocol.UDP,
+        help="Protocol used to send logs to server. "
+        "Use TLS for additional security. Defaults to UDP.",
+    )
+    certs_option = click.option(
+        "--certs", type=str, help="A CA certificates-chain file for the TLS protocol."
+    )
+    ignore_cert_validation = click.option(
+        "--ignore-cert-validation",
+        help="Set to skip CA certificate validation. "
+        "Incompatible with the 'certs' option.",
+        is_flag=True,
+        cls=incompatible_with(["certs"]),
+    )
+    f = hostname_arg(f)
+    f = protocol_option(f)
+    f = certs_option(f)
+    f = ignore_cert_validation(f)
+    return f
+
+
+send_to_format_options = click.option(
+    "-f",
+    "--format",
+    type=click.Choice(SendToFileEventsOutputFormat(), case_sensitive=False),
+    help="The output format of the result. Defaults to RAW-JSON format.",
+    default=SendToFileEventsOutputFormat.RAW,
+)