Merge pull request #96 from Worvast/master

[3.4.1]

Author: Worvast

CHANGELOG.md

@@ -5,7 +5,24 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 
-## [3.3.7] - 
+## [3.4.1] - 2020-11-03
+### Added
+ * Info about use custom CA for verify certificates in client
+ 
+### Fixed
+ * Client problems with default "From" key for queries
+ * Socket closes are more gently now, fixed problems with loss events
+ 
+### Changed
+ * Updated message when overwrite sec_level to show only when create Sender
+ * Updated test for bad credentials. Now api returns error in signature validation
+
+## [3.4.0] - 2020-08-06
+### Added
+ * Support to use in lookup fields lists: ints, booleans and floats. Not necessary send all with str type.
+ * More documentation in lookup readme
+ 
+## [3.3.7] - 2020-07-16
 ### Fixed
  * Problem in list_to_headers when pass key but not key_index
  * Count of sended events when zip=True
@@ -54,7 +71,6 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
  * Functions to change buffer size and compression_level of Sender
  * Support for zip, buffer and compression_level flags in Sender CLI
 
- 
 ### Changed
  * SSL Server support to adapt it from python 3.5 to python 3.8
  * SSL Send data tests 

README.md

@@ -1,7 +1,7 @@
 
 [![master Build Status](https://travis-ci.com/DevoInc/python-sdk.svg?branch=master)](https://travis-ci.com/DevoInc/python-sdk) [![LICENSE](https://img.shields.io/dub/l/vibe-d.svg)](https://github.com/DevoInc/python-sdk/blob/master/LICENSE)
 
-[![wheel](https://img.shields.io/badge/wheel-yes-brightgreen.svg)](https://pypi.org/project/devo-sdk/) [![version](https://img.shields.io/badge/version-3.3.7-blue.svg)](https://pypi.org/project/devo-sdk/) [![python](https://img.shields.io/badge/python-3.5%20%7C%203.6%20%7C%203.7%20%7C%203.8-blue.svg)](https://pypi.org/project/devo-sdk/)
+[![wheel](https://img.shields.io/badge/wheel-yes-brightgreen.svg)](https://pypi.org/project/devo-sdk/) [![version](https://img.shields.io/badge/version-3.4.1-blue.svg)](https://pypi.org/project/devo-sdk/) [![python](https://img.shields.io/badge/python-3.5%20%7C%203.6%20%7C%203.7%20%7C%203.8-blue.svg)](https://pypi.org/project/devo-sdk/)
 
 
 # Devo Python SDK

devo/__version__.py

@@ -1,6 +1,6 @@
 __description__ = 'Devo Python Library.'
 __url__ = 'http://www.devo.com'
-__version__ = "3.3.7"
+__version__ = "3.4.1"
 __author__ = 'Devo'
 __author_email__ = 'support@devo.com'
 __license__ = 'MIT'

devo/api/client.py

@@ -27,7 +27,9 @@
 ERROR_MSGS = {
     "no_query": "Error: Not query provided.",
     "no_auth": "Client dont have key&secret or auth token/jwt",
-    "no_endpoint": "Endpoint 'address' not found"
+    "no_endpoint": "Endpoint 'address' not found",
+    "to_but_no_from": "If you use end dates for the query 'to' it is "
+                      "necessary to use start date 'from'"
 }
 
 

devo/api/scripts/client_cli.py

@@ -74,13 +74,20 @@ def query(**kwargs):
             return
         exit()
 
-    dates = {}
-    if "to" in config.keys():
-        dates["from"] = config['from']
-    if "to" in config.keys():
-        dates["to"] = config['to']
-    if "timeZone" in config.keys():
-        dates['timeZone'] = config['timeZone']
+    if "from" in config.keys():
+        dates = {'from': config['from']}
+        if "to" in config.keys():
+            dates["to"] = config['to']
+        if "timeZone" in config.keys():
+            dates['timeZone'] = config['timeZone']
+    elif "to" in config.keys():
+        print_error(ERROR_MSGS['to_but_no_from'], show_help=True)
+        exit()
+    else:
+        if "timeZone" in config.keys():
+            dates = {'timeZone': config['timeZone']}
+        else:
+            dates = None
 
     reponse = api.query(query=config['query'], dates=dates)
 

devo/sender/data.py

@@ -89,6 +89,7 @@ def __init__(self, address=None):
         try:
             self.address = address
             self.hostname = socket.gethostname()
+            self.sec_level = None
         except Exception as error:
             raise DevoSenderException(
                 "DevoSenderConfigTCP|Can't create TCP config: "
@@ -131,8 +132,16 @@ def __init__(self, config=None, con_type=None,
             get_log(handler=get_stream_handler(
                 msg_format='%(asctime)s|%(levelname)s|Devo-Sender|%(message)s'))
 
-        self.socket = None
         self._sender_config = config
+
+        if self._sender_config.sec_level is not None:
+            self.logger.warning("Openssl's default security "
+                                "level has been overwritten to "
+                                "{}.".format(self.
+                                             _sender_config.
+                                             sec_level))
+
+        self.socket = None
         self.reconnection = 0
         self.debug = debug
         self.socket_timeout = timeout
@@ -201,11 +210,6 @@ def __connect_ssl(self):
                         cafile=self._sender_config.chain)
 
                     if self._sender_config.sec_level is not None:
-                        self.logger.warning("Openssl's default security "
-                                            "level has been overwritten to "
-                                            "{}.".format(self.
-                                                         _sender_config.
-                                                         sec_level))
                         context.set_ciphers(
                             "DEFAULT@SECLEVEL={!s}"
                             .format(self._sender_config.sec_level))
@@ -340,6 +344,7 @@ def close(self):
         Forces socket closure
         """
         if self.socket is not None:
+            self.socket.shutdown(2)
             self.socket.close()
             self.socket = None
 

devo/sender/lookup.py

@@ -260,7 +260,7 @@ def send_data(self, row='', delete=False):
 
         >>>row = Lookup.list_to_fields(fields, "23")
         >>>obj.send_data(row)
-        :param row: row to send
+        :param row: row t   o send
         :param delete: True or False. Its true, delete row with same key
         :return:
         """
@@ -404,10 +404,14 @@ def clean_field(field=None):
         :param str field: field for clean
         :return str: cleaned field
         """
+        if not isinstance(field, (str, bytes)):
+            return field
+
         field = field.strip()
-        if not Lookup.is_number(field):
-            field = '"%s"' % field
-        return field
+        if Lookup.is_number(field):
+            return field
+
+        return '"%s"' % field
 
     @staticmethod
     def is_number(text=""):

docs/api/api.md

@@ -164,6 +164,25 @@ You can revert it with:
 api.verify_certificates(True)
 ```  
 
+## Use custom CA to verify
+For customs servers, and custom certificates, you can use custom CA for verity that certificates. 
+You can put CA cert path instead of "False" or "True"
+
+```python
+from devo.api import Client, ClientConfig
+
+
+api = Client(auth= {"key":"myapikey", "secret":"myapisecret"}, 
+             address="https://apiv2-eu.devo.com/search/query")
+api.verify_certificates("/path/to/cafile.ca")
+```
+
+You can revert it with:
+
+```python
+api.verify_certificates(True)
+```  
+
 ## Processors flags:
 
 By default, you receive response in str/bytes (Depends of your python version) direct from Socket, and you need manipulate the data.

docs/api/destination_email.md

@@ -4,7 +4,9 @@ API have a email destination to send query results by email.
 
 ## How to use
 
-As any query you must to add 'query', 'from' and 'to' date params. But It's not necessary add mode.type parameter because all response format will be csv. In a future will have support for more format, **if you need more format please request us**.
+As any query you must to add 'query', 'from' and 'to' date params. But It's not necessary add mode.type parameter 
+because all response format will be csv. In a future will have support for more format, 
+**if you need more format please request us**.
 
 To use 'email' destination you must add destination parameter with type 'email' (see example).
 
@@ -29,29 +31,27 @@ To use 'email' destination you must add destination parameter with type 'email'
 
 ## Example
 
-```python
-from devo.api import Client
-
-api = Client(key="myapikey",
-              secret="myapisecret",
-              url="https://apiv2-eu.devo.com/search/query",
-              user="user@devo.com",
-              app_name="testing app")
-              
-              
-response = api.query("from siem.logtrust.web.activity select *", 
-                     dates={"from":"yesterday()", "to": "now()"}, 
-                     destination= { 
-                     "type":"email",
-                     "params":{
-                       "email.to":"email@domain.com",
-                       "email.subject":"Api v2 Test",
-                       "retention.time":300000,
-                       "format":"gzip",
-                       },
-                     })
+```pyton
+api = Client(auth={"key": "myapikey",
+                   "secret": "myapisecret"},
+             address="https://apiv2-eu.devo.com/search/query",
+             config=ClientConfig(response="json", stream=False, processor=JSON,
+                                 destination={
+                                     "type": "email",
+                                     "params": {
+                                         "email.to": "user@devo.com",
+                                         "email.subject": "Api v2 Test",
+                                         "format": "gzip",
+                                     },
+                                 }))
+
+
+response = api.query("from siem.logtrust.web.activity select * limit 10",
+                     dates={"from": "yesterday()", "to": "now()"})
+
 ```
 
+
 ## Result 
 
 Send a email with a zip/gzip file with the results.

docs/api/destination_redis.md

@@ -31,40 +31,39 @@ This destination have 2 modes:
 
 ### Example
 
-```python
-from devo.api import Client
-
-api = Client(key="myapikey",
-              secret="myapisecret",
-              url="https://apiv2-eu.devo.com/search/query",
-              user="user@devo.com",
-              app_name="testing app")
-              
-              
-response = api.query("from siem.logtrust.web.activity select *", 
-                     dates={"from":"yesterday()", "to": "now()"}, 
-                     destination= { 
-                     "type":"email",
-                     "params":{
-                          "friendlyName":"redis-rresino-154q", 
-                            "description": "description of task",
-                            "expireIn": 30000,
-                            "keyFields": [{
-                                "name": "domain",
-                                "type": "str"
-                            }, {
-                                "name": "username",
-                                "type": "str"
-                            }],
-                            "valueFields": [{
-                                "name": "domain",
-                                "type": "str"
-                            }, {
-                                "name": "username",
-                                "type": "str"
-                            }]
-                        },
-                     })
+
+```pyton
+api = Client(auth={"key": "myapikey",
+                   "secret": "myapisecret"},
+             address="https://apiv2-eu.devo.com/search/query",
+             config=ClientConfig(response="json", stream=False, processor=JSON,
+                                 destination= { 
+                                     "type":"redis",
+                                     "params":{
+                                          "friendlyName":"redis-rresino-154q", 
+                                            "description": "description of task",
+                                            "expireIn": 30000,
+                                            "keyFields": [{
+                                                "name": "domain",
+                                                "type": "str"
+                                            }, {
+                                                "name": "username",
+                                                "type": "str"
+                                            }],
+                                            "valueFields": [{
+                                                "name": "domain",
+                                                "type": "str"
+                                            }, {
+                                                "name": "username",
+                                                "type": "str"
+                                            }]
+                                        },
+                                     }))
+
+
+response = api.query("from siem.logtrust.web.activity select * limit 10",
+                     dates={"from": "yesterday()", "to": "now()"})
+
 ```
 
 ## Results
@@ -147,4 +146,4 @@ fields in object;
         "error": []
     }
 }
-```
+```