Sanitize - Implementation and tests

Author: pangea-andrest

.gitignore

@@ -19,3 +19,4 @@ pangea_sdk_log.json
 download/
 
 *.gz
+sanitized.*

CHANGELOG.md

@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added 
 
 - `attributes` field in `/list-resources` and `/list-subjects` endpoint
+- Sanitize service support
 
 ## [3.10.0] - 2024-07-19
 

pangea-sdk/.sdk-ci.yml

@@ -20,6 +20,7 @@ sdk-test-it:
     SERVICE_FILE_INTEL_ENV: LVE
     SERVICE_USER_INTEL_ENV: LVE
     SERVICE_REDACT_ENV: LVE
+    SERVICE_SANITIZE_ENV: LVE
     SERVICE_VAULT_ENV: LVE
   before_script:
     - echo $ENV
@@ -76,6 +77,9 @@ sdk-test-it:
       - CLOUD: [AWS, GCP]
         ENV: ${SERVICE_REDACT_ENV}
         TEST: redact
+      - CLOUD: [AWS]
+        ENV: ${SERVICE_SANITIZE_ENV}
+        TEST: sanitize
       - CLOUD: [AWS, GCP]
         ENV: ${SERVICE_VAULT_ENV}
         TEST: vault

pangea-sdk/v3/pangea/base_service.go

@@ -30,7 +30,7 @@ func NewBaseService(name string, baseCfg *Config) BaseService {
 
 func (bs *BaseService) PollResultByError(ctx context.Context, e AcceptedError) (*PangeaResponse[any], error) {
 	if e.RequestID == nil {
-		return nil, errors.New("Request ID is empty")
+		return nil, errors.New("request ID is empty")
 	}
 
 	resp, err := bs.PollResultByID(ctx, *e.RequestID, e.ResultField)

pangea-sdk/v3/pangea/file_uploader.go

@@ -0,0 +1,114 @@
+package pangea
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"hash/crc32"
+	"io"
+	"os"
+	"strconv"
+	"strings"
+)
+
+type FileUploader struct {
+	client *Client
+}
+
+func NewFileUploader() FileUploader {
+	cfg := &Config{
+		QueuedRetryEnabled: false,
+	}
+
+	return FileUploader{
+		client: NewClient("FileUploader", cfg),
+	}
+}
+
+func (fu *FileUploader) UploadFile(ctx context.Context, url string, tm TransferMethod, fd FileData) error {
+	if tm == TMmultipart {
+		return fmt.Errorf("%s is not supported in UploadFile. Use service client instead", tm)
+	}
+
+	fds := FileData{
+		File:    fd.File,
+		Name:    "file",
+		Details: fd.Details,
+	}
+	return fu.client.UploadFile(ctx, url, tm, fds)
+}
+
+type UploadFileParams struct {
+	Size   int    `json:"size,omitempty"`
+	CRC32C string `json:"crc32c,omitempty"`
+	SHA256 string `json:"sha256,omitempty"`
+}
+
+func GetUploadFileParams(input io.ReadSeeker) (*UploadFileParams, error) {
+	// Create a new CRC32C hash
+	crcHash := crc32.New(crc32.MakeTable(crc32.Castagnoli))
+	// Create a new SHA256 hash
+	sha256Hash := sha256.New()
+
+	// Seek back to the beginning of the file
+	_, err := file.Seek(0, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	// Copy the file content into the hash function
+	if _, err := io.Copy(sha256Hash, file); err != nil {
+		return nil, err
+	}
+	// Get the hash sum as a byte slice
+	hashInBytes := sha256Hash.Sum(nil)
+
+	// Seek back to the beginning of the file
+	_, err = file.Seek(0, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	// Copy the file content into the hash calculation
+	size, err := io.Copy(crcHash, file)
+	if err != nil {
+		return nil, err
+	}
+	// Get the CRC32C checksum value
+	crc32c := crcHash.Sum32()
+
+	// Reset to be sent
+	file.Seek(0, 0)
+
+	// Convert the CRC32 value to hexadecimal
+	crcStr := strconv.FormatUint(uint64(crc32c), 16)
+	// Pad "0" on the left to make it 8 characters long. It's for the zero bytes file case
+	paddedCRCStr := strings.Repeat("0", 8-len(crcStr)) + crcStr
+
+	return &UploadFileParams{
+		CRC32C: paddedCRCStr,
+		SHA256: hex.EncodeToString(hashInBytes),
+		Size:   int(size),
+	}, nil
+}
+
+func GetFileSize(file *os.File) (int64, error) {
+	_, err := file.Seek(0, io.SeekStart)
+	if err != nil {
+		return 0, err
+	}
+
+	// Seek to the end of the file
+	size, err := file.Seek(0, io.SeekEnd)
+	if err != nil {
+		return 0, err
+	}
+
+	// Reset to be sent
+	file.Seek(0, io.SeekStart)
+	if err != nil {
+		return 0, err
+	}
+	return size, nil
+}

pangea-sdk/v3/pangea/pangea.go

@@ -527,7 +527,7 @@ func (c *Client) NewRequestMultipart(method, url string, body any, fd FileData)
 	}
 
 	// Write file
-	if fw, err = w.CreateFormFile(fd.Name, "filename.exe"); err != nil {
+	if fw, err = w.CreateFormFile(fd.Name, fd.Name); err != nil {
 		return nil, err
 	}
 	if _, err = io.Copy(fw, fd.File); err != nil {
@@ -571,7 +571,7 @@ func (c *Client) NewRequestForm(method, url string, fd FileData, setHeaders bool
 
 	// Write file
 	var err error
-	part, err := w.CreateFormFile(fd.Name, "filename.exe")
+	part, err := w.CreateFormFile(fd.Name, fd.Name)
 	if err != nil {
 		return nil, err
 	}

pangea-sdk/v3/service/sanitize/api.go

@@ -0,0 +1,128 @@
+package sanitize
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+
+	"github.com/pangeacyber/pangea-go/pangea-sdk/v3/internal/request"
+	"github.com/pangeacyber/pangea-go/pangea-sdk/v3/pangea"
+)
+
+func (e *sanitize) Sanitize(ctx context.Context, input *SanitizeRequest, file io.ReadSeeker) (*pangea.PangeaResponse[SanitizeResult], error) {
+	if input == nil {
+		return nil, errors.New("nil input")
+	}
+
+	if input.TransferMethod == pangea.TMpostURL {
+		params, err := pangea.GetUploadFileParams(file)
+		if err != nil {
+			return nil, err
+		}
+		input.SHA256 = params.SHA256
+		input.CRC32C = params.CRC32C
+		input.Size = pangea.Int(params.Size)
+	}
+
+	name := "file"
+	if input.TransferMethod == pangea.TMmultipart {
+		name = "upload"
+	}
+
+	fd := pangea.FileData{
+		File: file,
+		Name: name,
+	}
+
+	return request.DoPostWithFile(ctx, e.Client, "v1beta/sanitize", input, &SanitizeResult{}, fd)
+}
+
+func (e *sanitize) RequestUploadURL(ctx context.Context, input *SanitizeRequest) (*pangea.PangeaResponse[SanitizeResult], error) {
+	if input.TransferMethod == pangea.TMmultipart || input.TransferMethod == pangea.TMdestURL || input.TransferMethod == pangea.TMsourceURL {
+		return nil, fmt.Errorf("transfer method [%s] is not supported in RequestUploadURL. Use Sanitize() method instead.", input.TransferMethod)
+	}
+
+	if input.TransferMethod == pangea.TMpostURL && (input.SHA256 == "" || input.CRC32C == "" || input.Size == nil) {
+		return nil, errors.New("Need to set SHA256, CRC32C and Size in order to use TMpostURL")
+	}
+
+	return request.GetUploadURL(ctx, e.Client, "v1beta/sanitize", input, &SanitizeResult{})
+}
+
+// SanitizeFile represents the SanitizeFile API request model.
+type SanitizeFile struct {
+	ScanProvider string `json:"scan_provider,omitempty"`
+}
+
+// SanitizeContent represents the SanitizeContent API request model.
+type SanitizeContent struct {
+	URLIntel            *bool  `json:"url_intel,omitempty"`
+	URLIntelProvider    string `json:"url_intel_provider,omitempty"`
+	DomainIntel         *bool  `json:"domain_intel,omitempty"`
+	DomainIntelProvider string `json:"domain_intel_provider,omitempty"`
+	Defang              *bool  `json:"defang,omitempty"`
+	DefangThreshold     *int   `json:"defang_threshold,omitempty"`
+	Redact              *bool  `json:"redact,omitempty"`
+	RemoveAttachments   *bool  `json:"remove_attachments,omitempty"`
+	RemoveInteractive   *bool  `json:"remove_interactive,omitempty"`
+}
+
+// SanitizeShareOutput represents the SanitizeShareOutput API request model.
+type SanitizeShareOutput struct {
+	Enabled      *bool  `json:"enabled,omitempty"`
+	OutputFolder string `json:"output_folder,omitempty"`
+}
+
+// SanitizeRequest represents the SanitizeRequest API request model.
+type SanitizeRequest struct {
+	pangea.BaseRequest
+	pangea.TransferRequest
+
+	SourceURL        string               `json:"source_url,omitempty"`
+	ShareID          string               `json:"share_id,omitempty"`
+	File             *SanitizeFile        `json:"file,omitempty"`
+	Content          *SanitizeContent     `json:"content,omitempty"`
+	ShareOutput      *SanitizeShareOutput `json:"share_output,omitempty"`
+	Size             *int                 `json:"size,omitempty"`
+	CRC32C           string               `json:"crc32c,omitempty"`
+	SHA256           string               `json:"sha256,omitempty"`
+	UploadedFileName string               `json:"uploaded_file_name,omitempty"`
+}
+
+// DefangData represents the DefangData PangeaResponseResult.
+type DefangData struct {
+	ExternalURLsCount    int    `json:"external_urls_count"`
+	ExternalDomainsCount int    `json:"external_domains_count"`
+	DefangedCount        int    `json:"defanged_count"`
+	URLIntelSummary      string `json:"url_intel_summary"`
+	DomainIntelSummary   string `json:"domain_intel_summary"`
+}
+
+// RedactData represents the RedactData PangeaResponseResult.
+type RedactData struct {
+	RedactionCount int            `json:"redaction_count"`
+	SummaryCounts  map[string]int `json:"summary_counts"`
+}
+
+// CDR represents the CDR PangeaResponseResult.
+type CDR struct {
+	FileAttachmentsRemoved     int `json:"file_attachments_removed"`
+	InteractiveContentsRemoved int `json:"interactive_contents_removed"`
+}
+
+// SanitizeData represents the SanitizeData PangeaResponseResult.
+type SanitizeData struct {
+	Defang        *DefangData `json:"defang,omitempty"`
+	Redact        *RedactData `json:"redact,omitempty"`
+	MaliciousFile bool        `json:"malicious_file"`
+	CDR           *CDR        `json:"cdr,omitempty"`
+}
+
+// SanitizeResult represents the SanitizeResult PangeaResponseResult.
+type SanitizeResult struct {
+	DestURL     *string                `json:"dest_url,omitempty"`
+	DestShareID *string                `json:"dest_share_id,omitempty"`
+	Data        SanitizeData           `json:"data"`
+	Parameters  map[string]interface{} `json:"parameters,omitempty"`
+}

pangea-sdk/v3/service/sanitize/integration_test.go

@@ -0,0 +1,27 @@
+package sanitize
+
+import (
+	"context"
+	"io"
+
+	"github.com/pangeacyber/pangea-go/pangea-sdk/v3/pangea"
+)
+
+type Client interface {
+	Sanitize(ctx context.Context, input *SanitizeRequest, file io.ReadSeeker) (*pangea.PangeaResponse[SanitizeResult], error)
+	RequestUploadURL(ctx context.Context, input *SanitizeRequest) (*pangea.PangeaResponse[SanitizeResult], error)
+
+	// Base service methods
+	pangea.BaseServicer
+}
+
+type sanitize struct {
+	pangea.BaseService
+}
+
+func New(cfg *pangea.Config) Client {
+	cli := &sanitize{
+		BaseService: pangea.NewBaseService("sanitize", cfg),
+	}
+	return cli
+}