#!/usr/bin/env python3 """CLI for the bitdefender skill — GravityZone Cloud Public API. Read-only subcommands run freely. Destructive subcommands (delete-endpoint, delete-package, delete-group) refuse to run unless --confirm is passed; without it they print what they WOULD do and exit non-zero. Output: --json emits raw JSON; otherwise a readable table/summary. Usage examples: python gz.py status python gz.py companies python gz.py endpoints --company 5c4280716c0318f3478b456e python gz.py endpoint python gz.py sweep --company python gz.py policies python gz.py policy python gz.py packages python gz.py quarantine --company python gz.py inventory --refresh python gz.py create-package --name "Win Default" --company python gz.py install-links --package "Win Default" --company python gz.py scan --targets --type 2 --name "Full scan" python gz.py move --endpoints --group python gz.py make-group --name "New Group" --parent python gz.py delete-endpoint --confirm python gz.py raw --module network --method getEndpointsList --params '{"page":1}' """ from __future__ import annotations import argparse import dataclasses import json import sys from gz_client import GravityZoneClient, GravityZoneError, GZEndpointSummary def _emit(obj, as_json: bool, table_fn=None) -> None: if as_json or table_fn is None: print(json.dumps(obj, indent=2, default=_json_default)) else: table_fn(obj) def _json_default(o): if dataclasses.is_dataclass(o): return dataclasses.asdict(o) return str(o) # --- table renderers ---------------------------------------------------------- def _print_kv(d: dict) -> None: for k, v in d.items(): print(f" {k}: {v}") def _print_company_table(data: dict) -> None: items = data.get("items", []) print(f"Companies: {data.get('total', len(items))}") for c in items: print(f" {c.get('id','?'):26} {c.get('name','')}") def _print_endpoint_table(data: dict) -> None: items = data.get("items", []) print(f"Endpoints: {data.get('total', len(items))}") for e in items: print(f" {e.get('id','?'):26} {e.get('name',''):30} " f"{e.get('operatingSystemVersion', e.get('os',''))}") def _print_sweep_table(summaries: list) -> None: print(f"Endpoints swept: {len(summaries)}") print(f" {'STATUS':10} {'NAME':30} {'AGENT':14} {'LAST SEEN'}") for s in summaries: flags = [] if s.infected: flags.append("INFECTED") if s.signature_outdated: flags.append("SIG-OLD") if s.product_outdated: flags.append("PROD-OLD") status = ",".join(flags) if flags else "OK" print(f" {status:10} {s.name[:30]:30} {str(s.agent_version or '-'):14} " f"{s.last_seen or '-'}") def _print_policy_table(data: dict) -> None: items = data.get("items", []) print(f"Policies: {data.get('total', len(items))}") for p in items: print(f" {p.get('id','?'):26} {p.get('name','')}") def _print_package_table(data: dict) -> None: items = data.get("items", []) print(f"Packages: {data.get('total', len(items))}") for p in items: print(f" {str(p.get('id','?')):26} {p.get('name','')}") def _print_quarantine_table(data: dict) -> None: items = data.get("items", []) print(f"Quarantine items: {data.get('total', len(items))}") for q in items: print(f" {q.get('threatName','?'):30} {q.get('endpointName','')} " f"{q.get('detectionTime','')}") def _print_inventory_table(cache: dict) -> None: print(f"Inventory cached_at: {cache.get('fetched_at')}") print(f" companies: {len(cache.get('companies', {}))}") print(f" endpoints: {len(cache.get('endpoints', {}))}") print(f" policies: {len(cache.get('policies', {}))}") print(f" packages: {len(cache.get('packages', []))}") print(f" groups: {len(cache.get('groups', {}))}") # --- command handlers --------------------------------------------------------- def cmd_status(client, args): _emit(client.get_api_status(), args.json, _print_kv) def cmd_companies(client, args): _emit(client.list_companies(), args.json, _print_company_table) def cmd_endpoints(client, args): _emit(client.list_endpoints(args.company, per_page=args.per_page), args.json, _print_endpoint_table) def cmd_endpoint(client, args): _emit(client.get_endpoint_details(args.endpoint_id), args.json, _print_kv) def cmd_sweep(client, args): target = args.company or _require_company_for_sweep() summaries = client.security_sweep(target) if args.json: print(json.dumps([dataclasses.asdict(s) for s in summaries], indent=2)) else: _print_sweep_table(summaries) def _require_company_for_sweep() -> str: from gz_client import ACG_COMPANIES_CONTAINER_ID print("[INFO] No --company given; sweeping the ACG companies container.", file=sys.stderr) return ACG_COMPANIES_CONTAINER_ID def cmd_policies(client, args): _emit(client.list_policies(), args.json, _print_policy_table) def cmd_policy(client, args): print("[WARNING] Public API returns shallow policy detail only " "(no granular config).", file=sys.stderr) _emit(client.get_policy_details(args.policy_id), args.json, _print_kv) def cmd_packages(client, args): _emit(client.list_packages(), args.json, _print_package_table) def cmd_quarantine(client, args): _emit(client.list_quarantine(args.company), args.json, _print_quarantine_table) def cmd_inventory(client, args): _emit(client.get_inventory(refresh=args.refresh), args.json, _print_inventory_table) def cmd_create_package(client, args): result = client.create_package( package_name=args.name, company_id=args.company, description=args.description, language=args.language, ) _emit({"created": args.name, "result": result}, args.json, _print_kv) def cmd_install_links(client, args): _emit(client.get_installation_links(args.package, args.company), args.json, _print_kv) def cmd_scan(client, args): result = client.create_scan_task( target_ids=args.targets, scan_type=args.type, name=args.name ) _emit({"scanTask": result}, args.json, _print_kv) def cmd_move(client, args): result = client.move_endpoints(args.endpoints, args.group) _emit({"moved": args.endpoints, "to": args.group, "result": result}, args.json, _print_kv) def cmd_make_group(client, args): result = client.create_custom_group(args.name, args.parent) _emit({"createdGroup": args.name, "result": result}, args.json, _print_kv) def cmd_raw(client, args): try: params = json.loads(args.params) if args.params else {} except json.JSONDecodeError as exc: print(f"[ERROR] --params is not valid JSON: {exc}", file=sys.stderr) return 2 if not isinstance(params, dict): print("[ERROR] --params must be a JSON object.", file=sys.stderr) return 2 result = client._jsonrpc_request(args.module, args.method, params) print(json.dumps(result, indent=2, default=_json_default)) return 0 # --- destructive (gated) ------------------------------------------------------ def _gated(action_desc: str, confirm: bool) -> bool: if not confirm: print(f"[WARNING] Refusing destructive action without --confirm.") print(f"[INFO] Would: {action_desc}") return False return True def cmd_delete_endpoint(client, args): if not _gated(f"delete endpoint {args.endpoint_id}", args.confirm): return 3 result = client.delete_endpoint(args.endpoint_id) _emit({"deletedEndpoint": args.endpoint_id, "result": result}, args.json, _print_kv) return 0 def cmd_delete_package(client, args): if not _gated(f"delete package '{args.package}'", args.confirm): return 3 result = client.delete_package(args.package, args.company) _emit({"deletedPackage": args.package, "result": result}, args.json, _print_kv) return 0 def cmd_delete_group(client, args): if not _gated(f"delete custom group {args.group}", args.confirm): return 3 result = client.delete_custom_group(args.group) _emit({"deletedGroup": args.group, "result": result}, args.json, _print_kv) return 0 # --- parser ------------------------------------------------------------------- def build_parser() -> argparse.ArgumentParser: p = argparse.ArgumentParser( prog="gz.py", description="GravityZone Cloud Public API CLI (ACG MSP tenant).", ) p.add_argument("--json", action="store_true", help="Emit raw JSON output.") sub = p.add_subparsers(dest="command", required=True) sub.add_parser("status", help="API key + license status.") sub.add_parser("companies", help="List client companies.") sp = sub.add_parser("endpoints", help="List endpoints under a company/group.") sp.add_argument("--company", help="Parent company/group id.") sp.add_argument("--per-page", type=int, default=100) sp = sub.add_parser("endpoint", help="Full detail for one endpoint.") sp.add_argument("endpoint_id") sp = sub.add_parser("sweep", help="Live security posture sweep.") sp.add_argument("--company", help="Parent id (defaults to ACG container).") sub.add_parser("policies", help="List policies (id + name).") sp = sub.add_parser("policy", help="Shallow detail for one policy.") sp.add_argument("policy_id") sub.add_parser("packages", help="List installation packages.") sp = sub.add_parser("quarantine", help="List quarantine items for a company.") sp.add_argument("--company", required=True) sp = sub.add_parser("inventory", help="Show cached identity/structure.") sp.add_argument("--refresh", action="store_true", help="Force a full re-pull.") sp = sub.add_parser("create-package", help="Create an installer package.") sp.add_argument("--name", required=True) sp.add_argument("--company") sp.add_argument("--description") sp.add_argument("--language") sp = sub.add_parser("install-links", help="Get installer download URLs.") sp.add_argument("--package", required=True) sp.add_argument("--company") sp = sub.add_parser("scan", help="Create a scan task.") sp.add_argument("--targets", nargs="+", required=True) sp.add_argument("--type", type=int, required=True, help="1=Quick 2=Full 3=Memory 4=Custom (verify in console).") sp.add_argument("--name") sp = sub.add_parser("move", help="Move endpoints into a group.") sp.add_argument("--endpoints", nargs="+", required=True) sp.add_argument("--group", required=True) sp = sub.add_parser("make-group", help="Create a custom group.") sp.add_argument("--name", required=True) sp.add_argument("--parent") sp = sub.add_parser("raw", help="Call any method directly (power use).") sp.add_argument("--module", required=True) sp.add_argument("--method", required=True) sp.add_argument("--params", default="{}", help="JSON object of params.") # destructive (gated) sp = sub.add_parser("delete-endpoint", help="Delete an endpoint (gated).") sp.add_argument("endpoint_id") sp.add_argument("--confirm", action="store_true") sp = sub.add_parser("delete-package", help="Delete a package (gated).") sp.add_argument("--package", required=True) sp.add_argument("--company") sp.add_argument("--confirm", action="store_true") sp = sub.add_parser("delete-group", help="Delete a custom group (gated).") sp.add_argument("--group", required=True) sp.add_argument("--confirm", action="store_true") return p HANDLERS = { "status": cmd_status, "companies": cmd_companies, "endpoints": cmd_endpoints, "endpoint": cmd_endpoint, "sweep": cmd_sweep, "policies": cmd_policies, "policy": cmd_policy, "packages": cmd_packages, "quarantine": cmd_quarantine, "inventory": cmd_inventory, "create-package": cmd_create_package, "install-links": cmd_install_links, "scan": cmd_scan, "move": cmd_move, "make-group": cmd_make_group, "raw": cmd_raw, "delete-endpoint": cmd_delete_endpoint, "delete-package": cmd_delete_package, "delete-group": cmd_delete_group, } def main(argv=None) -> int: args = build_parser().parse_args(argv) handler = HANDLERS[args.command] try: client = GravityZoneClient() rc = handler(client, args) return rc if isinstance(rc, int) else 0 except GravityZoneError as exc: print(f"[ERROR] {exc}", file=sys.stderr) return 1 except KeyboardInterrupt: return 130 if __name__ == "__main__": raise SystemExit(main())