Move SQS branch from pe-reports to ATC-Framework

.vscode/settings.json

@@ -0,0 +1,22 @@
+{
+    "workbench.colorCustomizations": {
+        "activityBar.activeBackground": "#3399ff",
+        "activityBar.background": "#3399ff",
+        "activityBar.foreground": "#15202b",
+        "activityBar.inactiveForeground": "#15202b99",
+        "activityBarBadge.background": "#bf0060",
+        "activityBarBadge.foreground": "#e7e7e7",
+        "commandCenter.border": "#e7e7e799",
+        "sash.hoverBorder": "#3399ff",
+        "statusBar.background": "#007fff",
+        "statusBar.foreground": "#e7e7e7",
+        "statusBarItem.hoverBackground": "#3399ff",
+        "statusBarItem.remoteBackground": "#007fff",
+        "statusBarItem.remoteForeground": "#e7e7e7",
+        "titleBar.activeBackground": "#007fff",
+        "titleBar.activeForeground": "#e7e7e7",
+        "titleBar.inactiveBackground": "#007fff99",
+        "titleBar.inactiveForeground": "#e7e7e799"
+    },
+    "peacock.color": "#007fff"
+}

=

@@ -0,0 +1 @@
+Requirement already satisfied: Flask-SQLAlchemy in /Users/stewartc/.pyenv/versions/3.11.1/envs/pe-reports/lib/python3.11/site-packages/Flask_SQLAlchemy-3.0.3-py3.11.egg (3.0.3)

CONTRIBUTING.md

@@ -15,7 +15,7 @@ all of which should be in this repository.
 
 If you want to report a bug or request a new feature, the most direct
 method is to [create an
-issue](https://github.com/cisagov/ATC-Framework/issues) in
+issue](https://github.com/cisagov/pe-reports/issues) in
 this repository.  We recommend that you first search through existing
 issues (both open and closed) to check if your particular issue has
 already been reported.  If it has then you might want to add a comment
@@ -25,7 +25,7 @@ one.
 ## Pull requests ##
 
 If you choose to [submit a pull
-request](https://github.com/cisagov/ATC-Framework/pulls),
+request](https://github.com/cisagov/pe-reports/pulls),
 you will notice that our continuous integration (CI) system runs a
 fairly extensive set of linters, syntax checkers, system, and unit tests.
 Your pull request may fail these checks, and that's OK.  If you want
@@ -135,9 +135,9 @@ can create and configure the Python virtual environment with these
 commands:
 
 ```console
-cd ATC-Framework
-pyenv virtualenv <python_version_to_use> ATC-Framework
-pyenv local ATC-Framework
+cd pe-reports
+pyenv virtualenv <python_version_to_use> pe-reports
+pyenv local pe-reports
 pip install --requirement requirements-dev.txt
 ```
 

LICENSE

@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 CC0 1.0 Universal
 
 Statement of Purpose
@@ -115,126 +114,3 @@ Affirmer's express Statement of Purpose.
 
 For more information, please see
 <http://creativecommons.org/publicdomain/zero/1.0/>
-=======
-Creative Commons Legal Code
-
-CC0 1.0 Universal
-
-    CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
-    LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
-    ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
-    INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
-    REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
-    PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
-    THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
-    HEREUNDER.
-
-Statement of Purpose
-
-The laws of most jurisdictions throughout the world automatically confer
-exclusive Copyright and Related Rights (defined below) upon the creator
-and subsequent owner(s) (each and all, an "owner") of an original work of
-authorship and/or a database (each, a "Work").
-
-Certain owners wish to permanently relinquish those rights to a Work for
-the purpose of contributing to a commons of creative, cultural and
-scientific works ("Commons") that the public can reliably and without fear
-of later claims of infringement build upon, modify, incorporate in other
-works, reuse and redistribute as freely as possible in any form whatsoever
-and for any purposes, including without limitation commercial purposes.
-These owners may contribute to the Commons to promote the ideal of a free
-culture and the further production of creative, cultural and scientific
-works, or to gain reputation or greater distribution for their Work in
-part through the use and efforts of others.
-
-For these and/or other purposes and motivations, and without any
-expectation of additional consideration or compensation, the person
-associating CC0 with a Work (the "Affirmer"), to the extent that he or she
-is an owner of Copyright and Related Rights in the Work, voluntarily
-elects to apply CC0 to the Work and publicly distribute the Work under its
-terms, with knowledge of his or her Copyright and Related Rights in the
-Work and the meaning and intended legal effect of CC0 on those rights.
-
-1. Copyright and Related Rights. A Work made available under CC0 may be
-protected by copyright and related or neighboring rights ("Copyright and
-Related Rights"). Copyright and Related Rights include, but are not
-limited to, the following:
-
-  i. the right to reproduce, adapt, distribute, perform, display,
-     communicate, and translate a Work;
- ii. moral rights retained by the original author(s) and/or performer(s);
-iii. publicity and privacy rights pertaining to a person's image or
-     likeness depicted in a Work;
- iv. rights protecting against unfair competition in regards to a Work,
-     subject to the limitations in paragraph 4(a), below;
-  v. rights protecting the extraction, dissemination, use and reuse of data
-     in a Work;
- vi. database rights (such as those arising under Directive 96/9/EC of the
-     European Parliament and of the Council of 11 March 1996 on the legal
-     protection of databases, and under any national implementation
-     thereof, including any amended or successor version of such
-     directive); and
-vii. other similar, equivalent or corresponding rights throughout the
-     world based on applicable law or treaty, and any national
-     implementations thereof.
-
-2. Waiver. To the greatest extent permitted by, but not in contravention
-of, applicable law, Affirmer hereby overtly, fully, permanently,
-irrevocably and unconditionally waives, abandons, and surrenders all of
-Affirmer's Copyright and Related Rights and associated claims and causes
-of action, whether now known or unknown (including existing as well as
-future claims and causes of action), in the Work (i) in all territories
-worldwide, (ii) for the maximum duration provided by applicable law or
-treaty (including future time extensions), (iii) in any current or future
-medium and for any number of copies, and (iv) for any purpose whatsoever,
-including without limitation commercial, advertising or promotional
-purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
-member of the public at large and to the detriment of Affirmer's heirs and
-successors, fully intending that such Waiver shall not be subject to
-revocation, rescission, cancellation, termination, or any other legal or
-equitable action to disrupt the quiet enjoyment of the Work by the public
-as contemplated by Affirmer's express Statement of Purpose.
-
-3. Public License Fallback. Should any part of the Waiver for any reason
-be judged legally invalid or ineffective under applicable law, then the
-Waiver shall be preserved to the maximum extent permitted taking into
-account Affirmer's express Statement of Purpose. In addition, to the
-extent the Waiver is so judged Affirmer hereby grants to each affected
-person a royalty-free, non transferable, non sublicensable, non exclusive,
-irrevocable and unconditional license to exercise Affirmer's Copyright and
-Related Rights in the Work (i) in all territories worldwide, (ii) for the
-maximum duration provided by applicable law or treaty (including future
-time extensions), (iii) in any current or future medium and for any number
-of copies, and (iv) for any purpose whatsoever, including without
-limitation commercial, advertising or promotional purposes (the
-"License"). The License shall be deemed effective as of the date CC0 was
-applied by Affirmer to the Work. Should any part of the License for any
-reason be judged legally invalid or ineffective under applicable law, such
-partial invalidity or ineffectiveness shall not invalidate the remainder
-of the License, and in such case Affirmer hereby affirms that he or she
-will not (i) exercise any of his or her remaining Copyright and Related
-Rights in the Work or (ii) assert any associated claims and causes of
-action with respect to the Work, in either case contrary to Affirmer's
-express Statement of Purpose.
-
-4. Limitations and Disclaimers.
-
- a. No trademark or patent rights held by Affirmer are waived, abandoned,
-    surrendered, licensed or otherwise affected by this document.
- b. Affirmer offers the Work as-is and makes no representations or
-    warranties of any kind concerning the Work, express, implied,
-    statutory or otherwise, including without limitation warranties of
-    title, merchantability, fitness for a particular purpose, non
-    infringement, or the absence of latent or other defects, accuracy, or
-    the present or absence of errors, whether or not discoverable, all to
-    the greatest extent permissible under applicable law.
- c. Affirmer disclaims responsibility for clearing rights of other persons
-    that may apply to the Work or any use thereof, including without
-    limitation any person's Copyright and Related Rights in the Work.
-    Further, Affirmer disclaims responsibility for obtaining any necessary
-    consents, permissions or other rights required for any use of the
-    Work.
- d. Affirmer understands and acknowledges that Creative Commons is not a
-    party to this document and has no duty or obligation with respect to
-    this CC0 or use of the Work.
->>>>>>> origin/develop

README.md

@@ -1,39 +1,146 @@
-# ATC-Framework #
+# Posture & Exposure Reports (P&E Reports) #
 
-[![GitHub Build Status](https://github.com/cisagov/ATC-Framework/workflows/build/badge.svg)](https://github.com/cisagov/ATC-Framework/actions)
-[![CodeQL](https://github.com/cisagov/ATC-Framework/workflows/CodeQL/badge.svg)](https://github.com/cisagov/ATC-Framework/actions/workflows/codeql-analysis.yml)
-[![Coverage Status](https://coveralls.io/repos/github/cisagov/ATC-Framework/badge.svg?branch=develop)](https://coveralls.io/github/cisagov/ATC-Framework?branch=develop)
-[![Known Vulnerabilities](https://snyk.io/test/github/cisagov/ATC-Framework/develop/badge.svg)](https://snyk.io/test/github/cisagov/ATC-Framework)
+[![GitHub Build Status](https://github.com/cisagov/pe-reports/workflows/build/badge.svg)](https://github.com/cisagov/pe-reports/actions)
+[![CodeQL](https://github.com/cisagov/pe-reports/workflows/CodeQL/badge.svg)](https://github.com/cisagov/pe-reports/actions/workflows/codeql-analysis.yml)
+[![Coverage Status](https://coveralls.io/repos/github/cisagov/pe-reports/badge.svg?branch=develop)](https://coveralls.io/github/cisagov/pe-reports?branch=develop)
+[![Known Vulnerabilities](https://snyk.io/test/github/cisagov/pe-reports/develop/badge.svg)](https://snyk.io/test/github/cisagov/pe-reports)
 
-This is a generic skeleton project that can be used to quickly get a
-new [cisagov](https://github.com/cisagov) Python library GitHub
-project started.  This skeleton project contains [licensing
-information](LICENSE), as well as
-[pre-commit hooks](https://pre-commit.com) and
-[GitHub Actions](https://github.com/features/actions) configurations
-appropriate for a Python library project.
+This package is used to generate and deliver CISA Posture & Exposure Reports
+(P&E Reports). Reports are delivered by email and include an encrypted PDF
+attachment with a series of embedded raw-data files of the collected materials.
+The reports are delivered in a two step process. First the `pe_reports` module
+collects the raw data and creates the encrypted PDFs. The `pe_mailer` then
+securely delivers the content.
 
-## New Repositories from a Skeleton ##
+Topics of interest include *Exposed Credentials, Domain Masquerading, Malware,
+Inferred Vulnerabilities and the Dark Web*. The data collected for the reports
+is gathered on the 1st and 15th of each month.
 
-Please see our [Project Setup guide](https://github.com/cisagov/development-guide/tree/develop/project_setup)
-for step-by-step instructions on how to start a new repository from
-a skeleton. This will save you time and effort when configuring a
-new repository!
+## Requirements ##
+
+- [Python Environment](CONTRIBUTING.md#creating-the-python-virtual-environment)
+
+- [cisagov MongoDB](https://github.com/cisagov/mongo-db-from-config)
+
+- [cisagov AWS SES](https://github.com/cisagov/cool-dns-cyber.dhs.gov)
+
+## Installation ##
+
+- `git clone https://github.com/cisagov/pe-reports.git`
+
+- `pip install -e .`
+
+## Create P&E Reports ##
+
+- Configure [cisagov MongoDB connection](https://github.com/cisagov/mongo-db-from-config)
+
+```console
+Usage:
+  pe-reports REPORT_DATE DATA_DIRECTORY OUTPUT_DIRECTORY [--log-level=LEVEL]
+
+Arguments:
+  REPORT_DATE                   Date of the report, format YYYY-MM-DD.
+  OUTPUT_DIRECTORY              The directory where the final PDF reports should be saved.
+Options:
+  -h --help                     Show this message.
+  -v --version                  Show version information.
+  --log-level=LEVEL             If specified, then the log level will be set to
+                                the specified value.  Valid values are "debug", "info",
+                                "warning", "error", and "critical". [default: info]
+```
+
+## Deliver P&E Reports ##
+
+- Configure [cisagov MongoDB connection](https://github.com/cisagov/mongo-db-from-config)
+
+- Load an AWS profile that assumes [this role](https://github.com/cisagov/cool-dns-cyber.dhs.gov/blob/develop/sessendemail_rolerole.tf#L33-L39)
+
+```console
+Usage:
+  pe-mailer [--pe-report-dir=DIRECTORY] [--db-creds-file=FILENAME] [--log-level=LEVEL]
+
+Arguments:
+  -p --pe-report-dir=DIRECTORY  Directory containing the pe-reports output.
+  -c --db-creds-file=FILENAME   A YAML file containing the Cyber
+                                Hygiene database credentials.
+                                [default: /secrets/database_creds.yml]
+Options:
+  -h --help                     Show this message.
+  -v --version                  Show version information.
+  -s --summary-to=EMAILS        A comma-separated list of email addresses
+                                to which the summary statistics should be
+                                sent at the end of the run.  If not
+                                specified then no summary will be sent.
+  -t --test_emails=EMAILS       A comma-separated list of email addresses
+                                to which to test email send process. If not
+                                specified then no test will be sent.
+  -l --log-level=LEVEL          If specified, then the log level will be set to
+                                the specified value.  Valid values are "debug", "info",
+                                "warning", "error", and "critical". [default: info]
+```
+
+## Database backup/restore ##
+
+Follow the instructions below to backup the P&E database instance and restore locally.
+
+In the P&E database environment:
+
+- Pull the latest repository
+- If necessary, edit ./src/pe_reports/pe_db/pg_backup.sh and replace the
+default output path ($PWD) with your preferred output path.
+- Open terminal and run:
+`bash ./src/pe_reports/pe_db/pg_backup.sh`
+- Export resulting .zip file
+
+In your local environment:
+
+- Pull the latest repository
+- If necessary, edit ./src/pe_reports/pe_db/pg_restore.sh and replace
+the default path to the backup files ($PWD) with your preferred path.
+- Start local postgres
+- Open terminal and run:
+`bash ./src/pe_reports/pe_db/pg_restore.sh`
+
+## Collect P&E Source Data ##
+
+- Add database and data source credentials to src/pe_reports/data/config.ini
+
+```console
+Usage:
+  pe-source DATA_SOURCE [--log-level=LEVEL] [--orgs=ORG_LIST] [--cybersix-methods=METHODS]
+
+Arguments:
+  DATA_SOURCE                       Source to collect data from. Valid values are "cybersixgill",
+                                    "dnstwist", "hibp", and "shodan".
+Options:
+  -h --help                         Show this message.
+  -v --version                      Show version information.
+  -l --log-level=LEVEL              If specified, then the log level will be set to
+                                    the specified value.  Valid values are "debug", "info",
+                                    "warning", "error", and "critical". [default: info]
+  -o --orgs=ORG_LIST                A comma-separated list of orgs to collect data for.
+                                    If not specified, data will be collected for all
+                                    orgs in the pe database. Orgs in the list must match the
+                                    IDs in the cyhy-db. E.g. DHS,DHS_ICE,DOC
+                                    [default: all]
+  -csg --cybersix-methods=METHODS   A comma-separated list of cybersixgill methods.
+                                    If not specified, all will run. Valid values are "alerts",
+                                    "credentials", "mentions", "topCVEs". E.g. alerts,mentions.
+                                    [default: all]
+```
 
 ## Contributing ##
 
-We welcome contributions!  Please see [`CONTRIBUTING.md`](CONTRIBUTING.md) for
-details.
+We welcome contributions!  Please see [`CONTRIBUTING.md`](CONTRIBUTING.md) for details.
 
 ## License ##
 
 This project is in the worldwide [public domain](LICENSE).
 
-This project is in the public domain within the United States, and
-copyright and related rights in the work worldwide are waived through
-the [CC0 1.0 Universal public domain
-dedication](https://creativecommons.org/publicdomain/zero/1.0/).
+This project is in the public domain within the United States, and copyright
+and related rights in the work worldwide are waived through the
+[CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
 
-All contributions to this project will be released under the CC0
-dedication. By submitting a pull request, you are agreeing to comply
-with this waiver of copyright interest.
+All contributions to this project will be released under the CC0 dedication.
+By submitting a pull request, you are agreeing to comply with this waiver
+of copyright interest.