diff options
Diffstat (limited to 'cmd/sl.go')
| -rw-r--r-- | cmd/sl.go | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/cmd/sl.go b/cmd/sl.go new file mode 100644 index 0000000..1551681 --- /dev/null +++ b/cmd/sl.go @@ -0,0 +1,73 @@ +package cmd + +import ( + "dborg/internal/client" + "dborg/internal/config" + "dborg/internal/models" + "encoding/json" + "fmt" + + "github.com/spf13/cobra" +) + +var slCmd = &cobra.Command{ + Use: "sl [query]", + Short: "Search stealer logs", + Long: `Search stealer logs with various filters`, + Args: cobra.ExactArgs(1), + RunE: runSLSearch, +} + +func init() { + rootCmd.AddCommand(slCmd) + slCmd.Flags().IntP("max_hits", "n", 10, "Maximum number of hits to return") + slCmd.Flags().StringP("sort_by", "s", "", "Sort by field (ingest_timestamp or date_posted)") + slCmd.Flags().StringP("ingest_start_date", "i", "", "Ingest timestamp start date") + slCmd.Flags().StringP("ingest_end_date", "e", "", "Ingest timestamp end date") + slCmd.Flags().StringP("posted_start_date", "p", "", "Date posted start date") + slCmd.Flags().StringP("posted_end_date", "d", "", "Date posted end date") + slCmd.Flags().StringP("format", "f", "json", "Response format") +} + +func runSLSearch(cmd *cobra.Command, args []string) error { + apiKey, _ := cmd.Flags().GetString("api-key") + cfg := config.New().WithAPIKey(apiKey) + + c, err := client.New(cfg) + if err != nil { + return err + } + + params := &models.SLParams{ + Query: args[0], + } + params.MaxHits, _ = cmd.Flags().GetInt("max_hits") + params.SortBy, _ = cmd.Flags().GetString("sort_by") + params.IngestStartDate, _ = cmd.Flags().GetString("ingest_start_date") + params.IngestEndDate, _ = cmd.Flags().GetString("ingest_end_date") + params.PostedStartDate, _ = cmd.Flags().GetString("posted_start_date") + params.PostedEndDate, _ = cmd.Flags().GetString("posted_end_date") + params.Format, _ = cmd.Flags().GetString("format") + + response, err := c.SearchStealerLogs(params) + if err != nil { + return err + } + + if response.Error != "" { + return fmt.Errorf("API error: %s", response.Error) + } + + if params.Format != "json" { + fmt.Println(response.Message) + return nil + } + + output, err := json.MarshalIndent(response.Results, "", " ") + if err != nil { + return fmt.Errorf("failed to format response: %w", err) + } + + fmt.Println(string(output)) + return nil +} |