Merge pull request #27 from passivetotal/v2.4

V2.4.0

Author: aeetos

CHANGELOG.md

@@ -0,0 +1,32 @@
+# Changelog
+
+## v2.4.0
+
+#### Enhancements:
+
+- Early implementation of exception handling for SSL properties; analyzer.
+  AnalyzerError now available as a base exception type.
+- SSL certs will now populate their own `ip` property, accessing the
+  SSL history API when needed to fill in the details.
+- New `iphistory` property of SSL certs to support the `ip` property and
+  give direct access to the historial results.
+- Used the `tldextract` Python library to expose useful properties on Hostname
+  objects such as `tld`, `registered_domain`, and `subdomain`
+- Change default days back for date-aware searches to 90 days (was 30)
+- Reject IPs as strings for Hostname objects
+- Ensure IPs are used when instantiating IPAddress objects
+- Defang hostnames (i.e. `analyzer.Hostname('api[.]riskiq[.]net')` )
+- Support for Articles as a property of Hostnames and IPs, with autoloading
+  for detailed fields including indicators, plus easy access to a list of all
+  articles directly from `analyzer.AllArticles()`
+- Support for Malware as a property of Hostnames and IPs
+- Better coverage of pretty printing and dictionary representation across
+  analyzer objects.
+
+
+#### Bug Fixes:
+
+- Exception handling when no details found for an SSL certificate.
+- Proper handling of None types that may have prevented result caching
+
+---

passivetotal/analyzer/__init__.py

@@ -3,8 +3,9 @@
 from collections import namedtuple
 from datetime import datetime, timezone, timedelta
 from passivetotal import *
+from passivetotal.analyzer._common import AnalyzerError, is_ip
 
-DEFAULT_DAYS_BACK = 30
+DEFAULT_DAYS_BACK = 90
 
 api_clients = {}
 config = {
@@ -67,6 +68,23 @@ def get_config(key=None):
         return config[key]
     return config
 
+def get_object(input, type=None):
+    """Get an Analyzer object for a given input and type. If no type is specified,
+    type will be autodetected based on the input.
+
+    Returns :class:`analyzer.Hostname` or :class:`analyzer.IPAddress`.
+    """
+    objs = {
+        'IPAddress': IPAddress,
+        'Hostname': Hostname
+    }
+    if type is None:
+        type = 'IPAddress' if is_ip(input) else 'Hostname'
+    elif type not in objs.keys():
+        raise AnalyzerError('type must be IPAddress or Hostname')
+    return objs[type](input)
+        
+
 def set_date_range(days_back=DEFAULT_DAYS_BACK, start=None, end=None):
     """Set a range of dates for all date-bounded API queries.
     
@@ -135,4 +153,5 @@ def set_dateorder_descending():
 
 from passivetotal.analyzer.hostname import Hostname
 from passivetotal.analyzer.ip import IPAddress
-from passivetotal.analyzer.ssl import CertificateField
+from passivetotal.analyzer.ssl import CertificateField
+from passivetotal.analyzer.articles import AllArticles

passivetotal/analyzer/_common.py

@@ -1,10 +1,19 @@
 """Base classes and common methods for the analyzer package."""
-
+import pprint
 
 
 from datetime import datetime
+import re
+
 
+def is_ip(test):
+    """Test to see if a string contains an IPv4 address."""
+    pattern = re.compile(r"(\d{1,3}(?:\.|\]\.\[|\[\.\]|\(\.\)|{\.})\d{1,3}(?:\.|\]\.\[|\[\.\]|\(\.\)|{\.})\d{1,3}(?:\.|\]\.\[|\[\.\]|\(\.\)|{\.})\d{1,3})")
+    return len(pattern.findall(test)) > 0
 
+def refang(hostname):
+    """Remove square braces around dots in a hostname."""
+    return re.sub(r'[\[\]]','', hostname)
 
 class RecordList:
 
@@ -221,3 +230,40 @@ def has_more_records(self):
         """
         return len(self) < self._totalrecords
 
+
+class PrettyRecord:
+    """A record that can pretty-print itself.
+
+    For best results, wrap this property in a print() statement.
+
+    Depends on a as_dict property on the base object.
+    """
+
+    @property
+    def pretty(self):
+        """Pretty printed version of this record."""
+        from passivetotal.analyzer import get_config
+        config = get_config('pprint')
+        return pprint.pformat(self.as_dict, **config)
+
+
+
+class PrettyList:
+    """A record list that can pretty-print itself.
+
+    Depends on an as_dict property each object in the list.
+    """
+
+    @property
+    def pretty(self):
+        """Pretty printed version of this record list."""
+        from passivetotal.analyzer import get_config
+        config = get_config('pprint')
+        return pprint.pformat([r.as_dict for r in self], **config)
+
+
+
+
+class AnalyzerError(Exception):
+    """Base error class for Analyzer objects."""
+    pass