CheckPoint/teapi.sh at master · billygr/CheckPoint · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#!/bin/sh
# Check Point Threat Prevention API implementation in shell
# Based on the work of Martin K
# Updated by Bill N
# Uses jq from /opt/CPshrd-R80.30/bin/jq

ARG_1=$2

# define API server
# TE cloud API server is located on te.checkpoint.com, 127.0.0.1:18194 is the local one
#TESERVER=te.checkpoint.com
TESERVER=127.0.0.1:18194
TEAPIKEY=""

query() {
  echo "QUERY"
  [[ -z "$ARG_1" ]] && { echo "No file specified exiting" ; exit 1; }
  [ ! -f "$ARG_1" ] && { echo "$ARG_1 is not a file exiting" ; exit 1;}

  # file to investigate
  TEFILE=$ARG_1
  filename=$(basename "$TEFILE")
  extension="${filename##*.}"

  echo "Filename: ${filename}"
  echo "Extension: $extension"

  # calculate hash for $TEFILE
  TESHA1=`sha1sum $TEFILE | cut -f1 -d" "`
  echo "file: ${TEFILE} sha1: ${TESHA1}"

  # build request body
  TEQ=`jq -c -n --arg sha1 "$TESHA1" --arg filename "$filename" --arg extension "$extension"  '{request: [{sha1: $sha1, file_type: $extension, file_name: $filename, features: ["te"], te: {reports: ["pdf","xml", "tar", "full_report"]}} ]}'`

  # display it formated via jq
  echo $TEQ | jq .

  # place API request based on previously constructed body TEQ
  TEQRESP=$(curl_cli -d "$TEQ" -k -s -H "Content-type: application/json" -H "Authorization: $TEAPIKEY" https://$TESERVER/tecloud/api/v1/file/query)

  # display response formated by jq
  echo $TEQRESP | jq .
}

upload() {
  echo "UPLOAD"
  [[ -z "$ARG_1" ]] && { echo "No file specified exiting" ; exit 1; }
  [ ! -f "$ARG_1" ] && { echo "$ARG_1 is not a file exiting" ; exit 1;}

  # file to upload
  TEFILE=$ARG_1
  filename=$(basename "$TEFILE")
  extension="${filename##*.}"

  echo "Filename: ${filename}"
  echo "Extension: $extension"

  # calculate hash for $TEFILE
  TESHA1=`sha1sum $TEFILE | cut -f1 -d" "`
  echo "file: ${TEFILE} sha1: ${TESHA1}"

  # our upload request body will be same as for query
  TEQ=`jq -c -n --arg sha1 "$TESHA1" --arg filename "$filename" --arg extension "$extension"  '{request: [{sha1: $sha1, file_type: $extension, file_name: $filename, features: ["te"], te: {reports: ["pdf","xml", "tar", "full_report"]}} ]}'`
  TEU=$TEQ

  # do multipart request with both API request body and the file
  TEURESP=$(curl_cli -F "request=$TEU" -F "file=@$TEFILE" -k -s -H "Content-Type: multipart/form-data" https://$TESERVER/tecloud/api/v1/file/upload )

  # format response with jq
  echo $TEURESP | jq .
}

download() {
  echo "DOWNLOAD"
}

quota() {
  echo "QUOTA"
  [[ -z "$TEAPIKEY" ]] && { echo "Empty TEAPIKEY, probalby using local TE, exiting" ; exit 1; }

  TEQRESP=$(curl_cli -k -s -H "Content-type: application/json" -H "Authorization: $TEAPIKEY" https://$TESERVER/tecloud/api/v1/file/quota)

  # display response formated by jq
  echo $TEQRESP | jq .
}

display_help() {
    echo "Usage: $0 {query|upload|download|quota}" >&2
    echo
    exit 1
}

case "$1" in
  query)
    query
    ;;
  upload)
    upload
    ;;
  download)
    download
    ;;
  quota)
    quota
    ;;
  *)
    display_help

   exit 1
   ;;
esac