carbonblack
diff --git a/‎.coveragerc
+6 b/‎.coveragerc
+6
diff --git a/‎.gitignore
+17 b/‎.gitignore
+17
diff --git a/‎Dockerfile
+8 b/‎Dockerfile
+8
diff --git a/‎MANIFEST.in
+1 b/‎MANIFEST.in
+1
diff --git a/‎README.md
+137-2 b/‎README.md
+137-2
diff --git a/‎VERSION
+1 b/‎VERSION
+1
diff --git a/‎bin/linters.sh
+7 b/‎bin/linters.sh
+7
diff --git a/‎bin/tests_n_reports.sh
+10 b/‎bin/tests_n_reports.sh
+10
diff --git a/‎codeship-services.yml
+5 b/‎codeship-services.yml
+5
diff --git a/‎codeship-steps.yml
+6 b/‎codeship-steps.yml
+6
diff --git a/‎config/binary-analysis-config.yaml.example
+16 b/‎config/binary-analysis-config.yaml.example
+16
diff --git a/‎env.encrypted
+2 b/‎env.encrypted
+2
diff --git a/‎pytest.ini
+5 b/‎pytest.ini
+5
diff --git a/‎requirements.txt
+15 b/‎requirements.txt
+15
diff --git a/‎setup.cfg
+12 b/‎setup.cfg
+12
diff --git a/‎setup.py
+52 b/‎setup.py
+52
diff --git a/‎src/cbc_binary_toolkit/__init__.py
+5 b/‎src/cbc_binary_toolkit/__init__.py
+5
@@ -0,0 +1,6 @@
+[run]
+source = src/cbc_binary_toolkit
+[report]
+exclude_lines =
+    pragma: no cover
+    if __name__ == .__main__.:
@@ -46,6 +46,8 @@ coverage.xml
 *.cover
 .hypothesis/
 .pytest_cache/
+*log.txt
+persist_test.db
 
 # Translations
 *.mo
@@ -97,8 +99,23 @@ venv.bak/
 # Rope project settings
 .ropeproject
 
+# Eclipse/PyDev
+/.project
+/.pydevproject
+/.settings
+
+# macOS
+.DS_Store
+
 # mkdocs documentation
 /site
 
 # mypy
 .mypy_cache/
+
+# Local configuration
+config/binary-analysis-config.yaml
+
+.coverage
+codeship.aes
+env
@@ -0,0 +1,8 @@
+from python:3
+MAINTAINER [email protected]
+
+COPY . /app
+WORKDIR /app
+
+RUN pip install -r requirements.txt
+RUN ln -s /usr/local/lib/python3.8/site-packages/usr/local/lib/libyara.so /usr/local/lib/libyara.so
@@ -0,0 +1 @@
+include src/cbc_binary_toolkit_examples/engine/yara_local/example_rule.yara
@@ -1,2 +1,137 @@
-# cb-binary-analysis
-Binary Analysis SDK for the Carbon Black Cloud
+[![Codeship Status for carbonblack/cb-binary-analysis](https://app.codeship.com/projects/6a7a91c0-2a8b-0138-4f71-1610ceb87095/status?branch=develop)](https://app.codeship.com/projects/384255)
+[![Coverage Status](https://coveralls.io/repos/github/carbonblack/cb-binary-analysis/badge.svg?branch=develop&t=rhX4tc)](https://coveralls.io/github/carbonblack/cb-binary-analysis?branch=develop)
+# Carbon Black Cloud Binary Toolkit
+
+#### \*\*Disclaimer: This is an ALPHA release\*\*
+
+**Latest Version:** 1.0a1
+<br>
+**Release Date:** 05/11/2020
+
+The Carbon Black Cloud Binary Toolkit provides a system of processing incoming SHA256 hashes by integrating with the Unified Binary Store (UBS) on the Carbon Black Cloud (CBC).
+
+
+## Recent updates
+
+View the latest release notes [here](https://github.com/carbonblack/cbc-binary-toolkit/releases).
+
+
+## License
+
+Use of the Carbon Black API is governed by the license found in [LICENSE](LICENSE).
+
+## Support
+
+1. View all API and integration offerings on the [Developer Network](https://developer.carbonblack.com) along with reference documentation, video tutorials, and how-to guides.
+2. Use the [Developer Community Forum](https://community.carbonblack.com/) to discuss issues and get answers from other API developers in the Carbon Black Community.
+3. Create a github issue for bugs and change requests. Formal [Carbon Black Support](http://carbonblack.com/resources/support/) coming with v1.0.
+
+## Requirements
+
+The Carbon Black Cloud Binary Toolkit is design to work on Python 3.6 and above.
+
+All requirements are installed as part of `pip install` or if you're planning on pushing changes to the Carbon Black Cloud Binary Toolkit, the following can be used after cloning the repo `pip install requirements.txt`
+
+### Python Packages
+* argparse
+* cbapi
+* python-dateutil
+* pyyaml
+* requests
+* schema
+* yara-python
+
+### Carbon Black Cloud
+* Enterprise EDR
+
+## Getting Started
+
+There are two ways to use the Carbon Black Cloud Binary Toolkit. You can either run the Binary Analysis Tool using out-of-the-box functionality, or you can use the Toolkit to develop your own tool for processing binaries.
+
+
+First you will need to install the Binary Toolkit with the following command:
+```
+pip install cbc-binary-toolkit
+```
+
+### Running Binary Analysis tool
+
+The cbc-binary-analysis tool provides out-of-the-box builtin resources for processing binaries and managing the analysis results. For more information see the [User Guide](https://github.com/carbonblack/cbc-binary-toolkit/wiki/User-Guide) wiki page.
+
+```
+usage: cbc-binary-analysis [-h] [-c CONFIG]
+                           [-ll {DEBUG,INFO,WARNING,ERROR,CRITICAL}]
+                           {analyze,restart,clear} ...
+
+positional arguments:
+  {analyze,restart,clear}
+                        Binary analysis commands
+    analyze             Analyze a list of hashes by command line or file
+    restart             Restart a failed job and pick up where the job crashed
+                        or exited
+    clear               Clear cache of analyzed hashes. All or by timestamp
+
+optional arguments:
+  -h, --help            show this help message and exit
+  -c CONFIG, --config CONFIG
+                        Location of the configuration file (default .../carbonblackcloud/binary-toolkit/binary-analysis-config.yaml.example)
+  -ll {DEBUG,INFO,WARNING,ERROR,CRITICAL}, --log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}
+                        The base log level (default INFO)
+```
+
+**Note: Run --help on any of the commands for up to date arguments**
+
+
+### Using the Toolkit to develop your own tools
+
+The following python code snippet will allow you to begin developing with the Carbon Black Cloud Binary toolkit. For more information see the [Developer Guide](https://github.com/carbonblack/cbc-binary-toolkit/wiki/Developer-Guide) wiki page.
+```
+from cbc_binary_toolkit import *
+```
+
+
+## Developing Improvements for the Carbon Black Cloud Binary Toolkit
+
+If you want to provide additional examples, fix a bug, or add a feature to the Toolkit the following steps will get you started.
+
+### Installing for Toolkit development
+
+You will need to fork the repo in order to create pull requests when submitting code for review. For details on forking a repo, see [here](https://help.github.com/en/github/getting-started-with-github/fork-a-repo)
+
+```
+git clone https://github.com/{fork-name}/cbc-binary-toolkit
+cd cbc-binary-toolkit
+pip install requirements.txt
+```
+
+
+### Running the Toolkit tests
+
+To check if your code changes didn't break any use cases the following command will run all the tests:
+```
+pytest
+  Optional args:
+    -s Logs streamed to stdout
+    -k {test or file} Selectively runs test matching string or file
+```
+
+### Development Flow
+
+To begin a code change start by creating a branch off of the develop branch.
+```
+git checkout develop
+git checkout -b {branch-name}
+```
+
+When the feature or bug fix is finished you will need to create a pull request to the CarbonBlack repo, the following will push your changes to Github.
+```
+git push {remote} {branch-name}
+```
+
+If your branch is behind the develop branch then you will need to rebase.
+```
+git checkout {branch-name}
+git rebase develop
+```
+
+Note if your develop branch is out of sync with the CarbonBlack repo then you will need to sync your fork. For information on syncing your fork, see [here](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/syncing-a-fork)
@@ -0,0 +1 @@
+1.0a1
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+
+echo 'Running flake8....'
+flake8 --docstring-convention google src/cbc_binary_toolkit/*.py
+flake8 --docstring-convention google src/tests/*.py
@@ -0,0 +1,10 @@
+#! /bin/bash
+
+set -e
+
+echo 'Running tests....'
+coverage run -m pytest
+
+echo 'Running report and sending to coveralls....'
+coverage report -m
+coveralls
@@ -0,0 +1,5 @@
+testing:
+  build:
+    dockerfile: Dockerfile
+  encrypted_env_file:
+    - env.encrypted
@@ -0,0 +1,6 @@
+- name: linters
+  service: testing
+  command: bin/linters.sh
+- name: tests
+  service: testing
+  command: bin/tests_n_reports.sh
@@ -0,0 +1,16 @@
+id: cbc_binary_toolkit
+version: 0.0.1
+carbonblackcloud:
+  url: https://defense-dev01.cbdtest.io
+  api_token: ABCDEFGHIJKLMNOPQRSTUVWXYZ/1234567890
+  org_key: abcdefgh
+  ssl_verify: True
+  expiration_seconds: 3600
+database:
+  _provider: cbc_binary_toolkit.state.builtin.Persistor
+  location: ":memory:"
+engine:
+  name: engine-name
+  feed_id: 578fTEQBNWXHCPGIXD4RA
+  type: local
+  _provider: example.engine
@@ -0,0 +1,2 @@
+codeship:v2
+syxgwyyjEE1w+MuEoUTyqbe9npoNpNkMGQOgwERtWg5PM3Gjv+xsBaTyJcY5WjRYB0OW8Jv3Psr5Jpn5yq26fGmFlh8VuFFXagGQYppCAlww8CGoyUSaWvQoxVMqFUp84fa4HGvRBA==
@@ -0,0 +1,5 @@
+[pytest]
+log_cli = True
+log_cli_level = FATAL
+markers =
+    incremental: Fails out for incremental tests which depend on previous steps
@@ -0,0 +1,15 @@
+# Package dependencies
+argparse
+cbapi
+python-dateutil
+pyyaml
+requests
+schema
+yara-python
+
+# Dev dependencies
+flake8
+flake8-docstrings
+coverage
+coveralls
+pytest
@@ -0,0 +1,12 @@
+[metadata]
+description-file = README.md
+
+[bdist_wheel]
+universal = 1
+
+[flake8]
+ignore = F400, D415, D212, E722
+exclude = *__init__.py,
+max-doc-length = 120
+max-line-length = 120
+docstring-convention=google
@@ -0,0 +1,52 @@
+#!/usr/bin/env python3
+"""Python setup script for PIP packaging"""
+from __future__ import unicode_literals
+import os
+from setuptools import setup, find_packages
+
+
+def read(fname):
+    """Process files for configuration"""
+    return open(os.path.join(os.path.dirname(__file__), fname)).read()
+
+
+install_reqs = [
+    "argparse",
+    "cbapi",
+    "python-dateutil",
+    "pyyaml",
+    "requests",
+    "schema",
+    "yara-python"
+]
+
+setup(
+    name="cbc_binary_toolkit",
+    version=read("VERSION"),
+    url="https://developer.carbonblack.com/",
+    license="MIT",
+    author="VMware Carbon Black",
+    author_email="[email protected]",
+    description="The VMware Carbon Black Cloud Binary Toolkit provides useful tools to process "
+                "binaries and upload IOCs to your Feeds",
+    long_description=read("README.md"),
+    long_description_content_type='text/markdown',
+    platforms="any",
+    classifiers=[
+        "Development Status :: 3 - Alpha",
+        "Intended Audience :: Developers",
+        "Intended Audience :: System Administrators",
+        "Operating System :: OS Independent",
+        "Programming Language :: Python :: 3.6",
+        "Programming Language :: Python :: 3.7",
+        "Programming Language :: Python :: 3.8",
+        "Topic :: Security",
+        "Topic :: Software Development :: Libraries :: Python Modules",
+    ],
+    install_requires=install_reqs,
+    package_dir={'': 'src'},
+    packages=find_packages(where="src", exclude=["tests.*", "tests"]),
+    include_package_data=True,
+    entry_points={"console_scripts": ["cbc-binary-analysis = cbc_binary_toolkit_examples.tools.analysis_util:main"]},
+    data_files=[("carbonblackcloud/binary-toolkit", ["config/binary-analysis-config.yaml.example"])]
+)
@@ -0,0 +1,5 @@
+from .ingestion_component import IngestionComponent
+from .deduplication_component import DeduplicationComponent
+from .engine_results import EngineResults
+
+from .errors import InitializationError
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+include src/cbc_binary_toolkit_examples/engine/yara_local/example_rule.yara`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+codeship:v2`
	`2`	`+syxgwyyjEE1w+MuEoUTyqbe9npoNpNkMGQOgwERtWg5PM3Gjv+xsBaTyJcY5WjRYB0OW8Jv3Psr5Jpn5yq26fGmFlh8VuFFXagGQYppCAlww8CGoyUSaWvQoxVMqFUp84fa4HGvRBA==`