regscale-cli 6.16.0.0__py3-none-any.whl → 6.16.1.0__py3-none-any.whl

regscale/integrations/scanner_integration.py

@@ -537,6 +537,7 @@ class ScannerIntegration(ABC):
     _lock_registry: ThreadSafeDict = ThreadSafeDict()
     _global_lock = threading.Lock()  # Class-level lock
     _kev_data = ThreadSafeDict()  # Class-level lock
+    _results = ThreadSafeDict()
 
     # Error handling
     errors: List[str] = []
@@ -578,7 +579,7 @@ class ScannerIntegration(ABC):
         self.app = Application()
         self.alerted_assets: Set[str] = set()
         self.regscale_version: str = APIHandler().regscale_version  # noqa
-        logger.info(f"RegScale Version: {self.regscale_version}")
+        logger.debug(f"RegScale Version: {self.regscale_version}")
         self.plan_id: int = plan_id
         self.tenant_id: int = tenant_id
         self.components: ThreadSafeList[Any] = ThreadSafeList()
@@ -801,13 +802,20 @@ class ScannerIntegration(ABC):
         :return: The finding identifier
         :rtype: str
         """
+        # We could have a string truncation error platform side on IntegrationFindingId nvarchar(450)
         prefix = f"{self.plan_id}:"
-        if ScannerVariables.tenableGroupByPlugin and finding.plugin_id:
-            return f"{prefix}{finding.plugin_id}"
+        if (
+            ScannerVariables.tenableGroupByPlugin
+            and finding.plugin_id
+            and "tenable" in (finding.source_report or self.title).lower()
+        ):
+            res = f"{prefix}{finding.plugin_id}"
+            return res[:450]
         prefix += finding.cve or finding.plugin_id or finding.rule_id or self.hash_string(finding.external_id).__str__()
         if ScannerVariables.issueCreation.lower() == "perasset":
-            return f"{prefix}:{finding.asset_identifier}"
-        return prefix
+            res = f"{prefix}:{finding.asset_identifier}"
+            return res[:450]
+        return prefix[:450]
 
     def get_or_create_assessment(self, control_implementation_id: int) -> regscale_models.Assessment:
         """
@@ -963,6 +971,9 @@ class ScannerIntegration(ABC):
 
         created, existing_or_new_asset = self.create_new_asset(asset, component=None)
 
+        # update results expects a dict[str, list] to update result counts
+        self.update_result_counts("assets", {"created": [1] if created else [], "updated": [] if created else [1]})
+
         # If the asset is associated with a component, create a mapping between them.
         if existing_or_new_asset and component:
             _was_created, _asset_mapping = regscale_models.AssetMapping(
@@ -1170,7 +1181,7 @@ class ScannerIntegration(ABC):
         """
         logger.info("Updating RegScale assets...")
         loading_assets = self._setup_progress_bar()
-        logger.info("Pre-populating cache")
+        logger.debug("Pre-populating cache")
         regscale_models.AssetMapping.populate_cache_by_plan(self.plan_id)
         regscale_models.ComponentMapping.populate_cache_by_plan(self.plan_id)
 
@@ -1258,22 +1269,52 @@ class ScannerIntegration(ABC):
             logger.info("Processed %d assets.", assets_processed)
         return assets_processed
 
+    def update_result_counts(self, key: str, results: dict[str, list]) -> None:
+        """
+        Updates the results dictionary with the given key and results.
+
+        :param str key: The key to update
+        :param dict[str, list] results: The results to update, example: ["updated": [], "created": []]
+        :rtype: None
+        """
+        if key not in self._results:
+            self._results[key] = {"created_count": 0, "updated_count": 0}
+        self._results[key]["created_count"] += len(results.get("created", []))
+        self._results[key]["updated_count"] += len(results.get("updated", []))
+
     def _perform_batch_operations(self, progress: Progress) -> None:
         """
         Performs batch operations for assets, software inventory, and data.
 
         :rtype: None
         """
-        logger.info("Bulk saving assets...")
-        regscale_models.Asset.bulk_save(progress_context=progress)
-        regscale_models.Issue.bulk_save(progress_context=progress)
-        regscale_models.Property.bulk_save(progress_context=progress)
-
+        logger.debug("Bulk saving assets...")
+        self.update_result_counts("assets", regscale_models.Asset.bulk_save(progress_context=progress))
+        logger.debug("Done bulk saving assets.")
+        logger.debug("Bulk saving issues...")
+        self.update_result_counts("issues", regscale_models.Issue.bulk_save(progress_context=progress))
+        logger.debug("Done bulk saving issues.")
+        logger.debug("Bulk saving properties...")
+        self.update_result_counts("properties", regscale_models.Property.bulk_save(progress_context=progress))
+        logger.debug("Done bulk saving properties.")
+
+        software_inventory = {}
         if self.software_to_create:
-            regscale_models.SoftwareInventory.batch_create(items=self.software_to_create, progress_context=progress)
+            logger.debug("Bulk creating software inventory...")
+            software_inventory["created_count"] = len(
+                regscale_models.SoftwareInventory.batch_create(items=self.software_to_create, progress_context=progress)
+            )
+            logger.debug("Done bulk creating software inventory.")
         if self.software_to_update:
-            regscale_models.SoftwareInventory.batch_update(items=self.software_to_update, progress_context=progress)
-        regscale_models.Data.bulk_save(progress_context=progress)
+            logger.debug("Bulk updating software inventory...")
+            software_inventory["updated_updated"] = len(
+                regscale_models.SoftwareInventory.batch_update(items=self.software_to_update, progress_context=progress)
+            )
+            logger.debug("Done bulk updating software inventory.")
+        self._results["software_inventory"] = software_inventory
+        logger.debug("Bulk saving data records...")
+        self.update_result_counts("data", regscale_models.Data.bulk_save(progress_context=progress))
+        logger.debug("Done bulk saving data records.")
 
     @staticmethod
     def get_issue_title(finding: IntegrationFinding) -> str:
@@ -1848,8 +1889,8 @@ class ScannerIntegration(ABC):
                 list(executor.map(process_finding_with_progress, findings))
 
         # Close outdated issues
-        scan_history.save()
-        regscale_models.Issue.bulk_save(progress_context=self.finding_progress)
+        self._results["scan_history"] = scan_history.save()
+        self.update_result_counts("issues", regscale_models.Issue.bulk_save(progress_context=self.finding_progress))
         self.close_outdated_issues(current_vulnerabilities)
 
         return processed_findings_count
@@ -2039,7 +2080,7 @@ class ScannerIntegration(ABC):
             firstSeen=finding.first_seen,
             lastSeen=finding.last_seen,
             plugInName=finding.cve or finding.plugin_name,  # Use CVE if available, otherwise use plugin name
-            # plugInId=finding.plugin_id,  # Vulnerability.pluginId is an int, but it is a string on Issue
+            plugInId=finding.plugin_id,
             exploitAvailable=None,  # Set this if you have information about exploit availability
             plugInText=finding.observations,  # or finding.evidence, whichever is more appropriate
             port=finding.port if hasattr(finding, "port") else None,
@@ -2205,7 +2246,9 @@ class ScannerIntegration(ABC):
         )
 
         # Create a progress bar
-        task_id = self.finding_progress.add_task("[cyan]Closing outdated issues...", total=len(open_issues))
+        task_id = self.finding_progress.add_task(
+            f"[cyan]Analyzing {len(open_issues)} issue(s) and closing any outdated issue(s)...", total=len(open_issues)
+        )
 
         for issue in open_issues:
             if self.should_close_issue(issue, current_vulnerabilities):
@@ -2230,7 +2273,10 @@ class ScannerIntegration(ABC):
         for control_id in affected_control_ids:
             self.update_control_implementation_status_after_close(control_id)
 
-        logger.info("Closed %d outdated issues.", closed_count)
+        if closed_count > 0:
+            logger.info("Closed %d outdated issues.", closed_count)
+        else:
+            logger.info("No outdated issues to close.")
         return closed_count
 
     def update_control_implementation_status_after_close(self, control_id: int) -> None:
@@ -2370,7 +2416,7 @@ class ScannerIntegration(ABC):
         :return: The number of findings processed
         :rtype: int
         """
-        logger.info("Syncing %s findings...", cls.title)
+        logger.info("Syncing %s findings...", kwargs.get("title", cls.title))
         instance = cls(plan_id=plan_id)
         instance.set_keys(**kwargs)
         # If a progress object was passed, use it instead of creating a new one
@@ -2394,7 +2440,25 @@ class ScannerIntegration(ABC):
         else:
             logger.info("All findings have been processed successfully.")
 
-        logger.info("Processed %d findings.", findings_processed)
+        if scan_history := instance._results.get("scan_history"):
+            logger.info(
+                "Processed %d findings: %d Critical(s), %d High(s), %d Moderate(s), %d Low(s).",
+                findings_processed,
+                scan_history.vCritical,
+                scan_history.vHigh,
+                scan_history.vMedium,
+                scan_history.vLow,
+            )
+        else:
+            logger.info("Processed %d findings.", findings_processed)
+        issue_created_count = instance._results.get("issues", {}).get("created_count", 0)
+        issue_updated_count = instance._results.get("issues", {}).get("updated_count", 0)
+        if issue_created_count or issue_updated_count:
+            logger.info(
+                "Created %d issue(s) and updated %d issue(s) in RegScale.",
+                issue_created_count,
+                issue_updated_count,
+            )
         return findings_processed
 
     @classmethod
@@ -2406,7 +2470,7 @@ class ScannerIntegration(ABC):
         :return: The number of assets processed
         :rtype: int
         """
-        logger.info("Syncing %s assets...", cls.title)
+        logger.info("Syncing %s assets...", kwargs.get("title", cls.title))
         instance = cls(plan_id=plan_id, **kwargs)
         instance.set_keys(**kwargs)
         instance.asset_progress = kwargs.pop("progress") if "progress" in kwargs else create_progress_object()
@@ -2425,7 +2489,16 @@ class ScannerIntegration(ABC):
             logger.info("All assets have been processed successfully.")
 
         APIHandler().log_api_summary()
-        logger.info("%d assets processed.", assets_processed)
+        created_count = instance._results.get("assets", {}).get("created_count", 0)
+        updated_count = instance._results.get("assets", {}).get("updated_count", 0)
+        dedupe_count = assets_processed - (created_count + updated_count)
+        logger.info(
+            "%d assets processed and %d asset(s) deduped. %d asset(s) created & %d asset(s) updated in RegScale.",
+            assets_processed,
+            dedupe_count,
+            created_count,
+            updated_count,
+        )
         return assets_processed
 
     @classmethod

regscale/models/app_models/mapping.py

@@ -226,7 +226,7 @@ class Mapping(BaseModel):
         """
         return self.mapping.get(key)
 
-    def get_value(self, dat: Optional[dict], key: str, default_val: Optional[Any] = "", warnings: bool = True) -> Any:
+    def get_value(self, dat: Optional[dict], key: str, default_val: Optional[Any] = "") -> Any:
         """
         Get the value from a dictionary by mapped key
 
@@ -241,8 +241,8 @@ class Mapping(BaseModel):
         if key == "None" or key is None:
             return default_val
         mapped_key = self.mapping.get(key)
-        if not mapped_key and warnings:
-            self._logger.warning(f"Value for key '{key}' not found in mapping.")
+        if not mapped_key:
+            self._logger.debug(f"Value for key '{key}' not found in mapping.")
         if dat and mapped_key:
             val = dat.get(mapped_key)
             if isinstance(val, str):

regscale/models/integration_models/amazon_models/inspector.py

@@ -129,21 +129,21 @@ class InspectorRecord(BaseModel):
         platform_key = list(details.keys())[0] if details.keys() else None
 
         return InspectorRecord(
-            aws_account_id=mapping.get_value(finding, "awsAccountId", "", warnings=False),
-            description=mapping.get_value(finding, "description", warnings=False),
-            exploit_available=mapping.get_value(finding, "exploitAvailable", warnings=False),
-            finding_arn=mapping.get_value(finding, "findingArn", warnings=False),
-            first_seen=mapping.get_value(finding, "firstObservedAt", warnings=False),
-            fix_available=mapping.get_value(finding, "fixAvailable", warnings=False),
-            last_seen=mapping.get_value(finding, "lastObservedAt", warnings=False),
+            aws_account_id=mapping.get_value(finding, "awsAccountId", ""),
+            description=mapping.get_value(finding, "description"),
+            exploit_available=mapping.get_value(finding, "exploitAvailable"),
+            finding_arn=mapping.get_value(finding, "findingArn"),
+            first_seen=mapping.get_value(finding, "firstObservedAt"),
+            fix_available=mapping.get_value(finding, "fixAvailable"),
+            last_seen=mapping.get_value(finding, "lastObservedAt"),
             remediation=mapping.get_value(finding, "remediation", {}).get("recommendation", {}).get("text", ""),
-            severity=mapping.get_value(finding, "Severity", warnings=False),
-            status=mapping.get_value(finding, "status", warnings=False),
-            title=mapping.get_value(finding, "title", warnings=False),
+            severity=mapping.get_value(finding, "Severity"),
+            status=mapping.get_value(finding, "status"),
+            title=mapping.get_value(finding, "title"),
             resource_type=resource.get("type"),
             resource_id=resource.get("id"),
             region=resource.get("region"),
-            last_updated=mapping.get_value(finding, "updatedAt", warnings=False),
+            last_updated=mapping.get_value(finding, "updatedAt"),
             platform=resource.get("details", {}).get(platform_key, {}).get("platform", ""),
             resource_tags=" ,".join(resource.get("details", {}).get(platform_key, {}).get("imageTags", "")),
             affected_packages=cls.get_vulnerable_package_info(vulnerabilities, "name"),
@@ -152,18 +152,16 @@ class InspectorRecord(BaseModel):
             package_remediation=cls.get_vulnerable_package_info(vulnerabilities, "remediation"),
             vulnerability_id=vulnerabilities.get("vulnerabilityId") if vulnerabilities else None,
             vendor=vulnerabilities.get("source") if vulnerabilities else None,
-            vendor_severity=mapping.get_value(finding, "severity", warnings=False),
+            vendor_severity=mapping.get_value(finding, "severity"),
             vendor_advisory=vulnerabilities.get("sourceUrl") if vulnerabilities else None,
             vendor_advisory_published=vulnerabilities.get("vendorCreatedAt") if vulnerabilities else None,
             package_manager=cls.get_vulnerable_package_info(
-                mapping.get_value(finding, "packageVulnerabilityDetails", {}, warnings=False), "packageManager"
+                mapping.get_value(finding, "packageVulnerabilityDetails", {}), "packageManager"
             ),
             file_path=cls.get_vulnerable_package_info(
-                mapping.get_value(finding, "packageVulnerabilityDetails", {}, warnings=False), "filePath"
-            ),
-            reference_urls=mapping.get_value(finding, "packageVulnerabilityDetails", {}, warnings=False).get(
-                "sourceUrl"
+                mapping.get_value(finding, "packageVulnerabilityDetails", {}), "filePath"
             ),
+            reference_urls=mapping.get_value(finding, "packageVulnerabilityDetails", {}).get("sourceUrl"),
         )
 
     @classmethod

regscale/models/integration_models/aqua.py

@@ -209,11 +209,7 @@ class Aqua(FlatFileImporter):
             self.nvd_cvss_v2_severity,
             self.vendor_cvss_v3_severity,
             # This field may or may not be available in the file (Coalfire has it, BMC does not.)
-            (
-                self.vendor_cvss_v2_severity
-                if self.mapping.get_value(dat, self.vendor_cvss_v2_severity, warnings=False)
-                else None
-            ),
+            (self.vendor_cvss_v2_severity if self.mapping.get_value(dat, self.vendor_cvss_v2_severity) else None),
         ]
         severity = "info"
         for key in precedence_order:

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,84 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.03.13",
-    "dateReleased": "2025-03-13T19:37:52.2229Z",
-    "count": 1302,
+    "catalogVersion": "2025.03.19",
+    "dateReleased": "2025-03-19T18:00:10.5417Z",
+    "count": 1307,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2017-12637",
+            "vendorProject": "SAP",
+            "product": "NetWeaver",
+            "vulnerabilityName": "SAP NetWeaver Directory Traversal Vulnerability",
+            "dateAdded": "2025-03-19",
+            "shortDescription": "SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler\/ui\/js\/ffffffffbca41eb4\/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "SAP users must have an account to log in and access the patch: https:\/\/me.sap.com\/notes\/3476549 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-12637",
+            "cwes": [
+                "CWE-22"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-48248",
+            "vendorProject": "NAKIVO",
+            "product": "Backup and Replication",
+            "vulnerabilityName": "NAKIVO Backup and Replication Absolute Path Traversal Vulnerability",
+            "dateAdded": "2025-03-19",
+            "shortDescription": "NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/helpcenter.nakivo.com\/Release-Notes\/Content\/Release-Notes.htm ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-48248",
+            "cwes": [
+                "CWE-36"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-1316",
+            "vendorProject": "Edimax",
+            "product": "IC-7100 IP Camera",
+            "vulnerabilityName": "Edimax IC-7100 IP Camera OS Command Injection Vulnerability",
+            "dateAdded": "2025-03-19",
+            "shortDescription": "Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.edimax.com\/edimax\/post\/post\/data\/edimax\/global\/press_releases\/4801\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-1316",
+            "cwes": [
+                "CWE-78"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-30066",
+            "vendorProject": "tj-actions",
+            "product": "changed-files GitHub Action",
+            "vulnerabilityName": "tj-actions\/changed-files GitHub Action Embedded Malicious Code Vulnerability",
+            "dateAdded": "2025-03-18",
+            "shortDescription": "The tj-actions\/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading actions logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens (PATs), npm tokens, and private RSA keys.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-08",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/github.com\/tj-actions\/changed-files\/blob\/45fb12d7a8bedb4da42342e52fe054c6c2c3fd73\/README.md?plain=1#L20-L28 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30066",
+            "cwes": [
+                "CWE-506"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-24472",
+            "vendorProject": "Fortinet",
+            "product": "FortiOS and FortiProxy",
+            "vulnerabilityName": "Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability",
+            "dateAdded": "2025-03-18",
+            "shortDescription": " Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-08",
+            "knownRansomwareCampaignUse": "Known",
+            "notes": "https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-24-535 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24472",
+            "cwes": [
+                "CWE-288"
+            ]
+        },
         {
             "cveID": "CVE-2025-21590",
             "vendorProject": "Juniper",
@@ -733,7 +808,7 @@
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-02-25",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "https:\/\/ofbiz.apache.org\/security.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-45195",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/ofbiz.apache.org\/security.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-45195",
             "cwes": [
                 "CWE-425"
             ]
@@ -852,7 +927,7 @@
             "shortDescription": "Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-01-21",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-24-535 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-55591",
             "cwes": [
                 "CWE-288"
@@ -867,7 +942,7 @@
             "shortDescription": "Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-02-03",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/community.qlik.com\/t5\/Official-Support-Articles\/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows\/tac-p\/2120510 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-48365",
             "cwes": [
                 "CWE-444"
@@ -2454,7 +2529,7 @@
         {
             "cveID": "CVE-2024-5217",
             "vendorProject": "ServiceNow",
-            "product": "Utah, Vancouver, and Washington DC Now",
+            "product": "Utah, Vancouver, and Washington DC Now Platform",
             "vulnerabilityName": "ServiceNow Incomplete List of Disallowed Inputs Vulnerability",
             "dateAdded": "2024-07-29",
             "shortDescription": "ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.",
@@ -2469,10 +2544,10 @@
         {
             "cveID": "CVE-2024-4879",
             "vendorProject": "ServiceNow",
-            "product": "Utah, Vancouver, and Washington DC Now",
+            "product": "Utah, Vancouver, and Washington DC Now Platform",
             "vulnerabilityName": "ServiceNow Improper Input Validation Vulnerability",
             "dateAdded": "2024-07-29",
-            "shortDescription": "ServiceNow Utah, Vancouver, and Washington DC Now releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely. ",
+            "shortDescription": "ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely. ",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2024-08-19",
             "knownRansomwareCampaignUse": "Unknown",
@@ -6309,7 +6384,7 @@
             "shortDescription": "Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2023-03-07",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2023-23376;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-23376",
             "cwes": [
                 "CWE-122"

regscale/models/integration_models/ecr_models/ecr.py

@@ -89,9 +89,7 @@ class ECR(FlatFileImporter):
         :rtype: Asset
         """
         name = self.mapping.get_value(dat, "Name") or self.mapping.get_value(dat, "name")
-        if repository_name := self.mapping.get_value(
-            dat, "repositoryName", self.raw_dict.get("repositoryName", ""), warnings=False
-        ):
+        if repository_name := self.mapping.get_value(dat, "repositoryName", self.raw_dict.get("repositoryName", "")):
             if (image_id_data := self.raw_dict.get("imageId", {}).get("imageDigest", "").split(":")) and len(
                 image_id_data
             ) > 1:
@@ -134,9 +132,7 @@ class ECR(FlatFileImporter):
         """
         vulns: List[Vulnerability] = []
         hostname = dat.get("Name") or dat.get("name")
-        if repository_name := self.mapping.get_value(
-            dat, "repositoryName", self.raw_dict.get("repositoryName", ""), warnings=False
-        ):
+        if repository_name := self.mapping.get_value(dat, "repositoryName", self.raw_dict.get("repositoryName", "")):
             image_id_data = self.raw_dict.get("imageId", {}).get("imageDigest", "").split(":")
             if len(image_id_data) > 1:
                 image_id = image_id_data[1]

regscale/models/integration_models/flat_file_importer.py

@@ -192,7 +192,7 @@ class FlatFileImporter(ABC):
             finding_severity_map=self.finding_severity_map,
         )
         flat_int.asset_identifier_field = self.asset_identifier_field
-        logger.info(f"Asset Identifier Field: {flat_int.asset_identifier_field}")
+        logger.debug(f"Asset Identifier Field: {flat_int.asset_identifier_field}")
         flat_int.title = self.attributes.name
         self.create_assets(kwargs["asset_func"])  # type: ignore # Pass in the function to create an asset
         self.create_vulns(kwargs["vuln_func"])  # type: ignore # Pass in the function to create a vuln
@@ -430,7 +430,7 @@ class FlatFileImporter(ABC):
         :return: Tuple of header and data from csv file
         :rtype: tuple
         """
-        logger.info("flatfileimporter: Converting csv to dict")
+        logger.debug("flatfileimporter: Converting csv to dict")
         # if file is empty, error and exit
         if not file.read(1):
             error_and_exit("File is empty")
@@ -446,6 +446,7 @@ class FlatFileImporter(ABC):
             self.handle_extra_headers(header=header)
 
         data = list(reader)
+        logger.debug("flatfileimporter: Done converting csv to dict.")
         return data, header
 
     def convert_xlsx_to_dict(self, file: TextIO, start_line_number: int = 0) -> tuple:
@@ -457,7 +458,7 @@ class FlatFileImporter(ABC):
         :return: Tuple of data and header from xlsx file
         :rtype: tuple
         """
-        logger.info("flatfileimporter: Converting xlsx to dict")
+        logger.debug("flatfileimporter: Converting xlsx to dict")
         # Load the workbook
         workbook = load_workbook(filename=file.name)
 
@@ -485,6 +486,7 @@ class FlatFileImporter(ABC):
                     except SyntaxError as rex:
                         # Object is probably not a list, so just leave it as a string
                         self.attributes.app.logger.debug("SyntaxError: %s", rex)
+        logger.debug("flatfileimporter: Done converting xlsx to dict.")
         return data_dict, header
 
     def count_vuln_by_severity(self, severity: str, asset_id: int) -> int:
@@ -531,6 +533,7 @@ class FlatFileImporter(ABC):
         :param Callable func: The function to process the data
         :rtype: None
         """
+        from regscale.integrations.scanner_integration import IntegrationAsset
 
         res = func(dat)
         if not res:
@@ -744,7 +747,7 @@ class FlatFileImporter(ABC):
             check_file_path(str(processed_dir.absolute()))
             try:
                 self.attributes.logger.info(
-                    "Renaming %s to %s, ...",
+                    "Renaming %s to %s...",
                     file_path.name,
                     new_file_path.name,
                 )

regscale/models/integration_models/grype_import.py

@@ -48,12 +48,12 @@ class GrypeImport(FlatFileImporter):
         if kwargs.get("scan_date"):
             self.scan_date = kwargs.pop("scan_date")
         else:
-            self.scan_date = safe_datetime_str(self.mapping.get_value(self.validater.data, "timestamp", warnings=False))
+            self.scan_date = safe_datetime_str(self.mapping.get_value(self.validater.data, "timestamp"))
         # even if a user doesn't specify a scan_date, we want to remove it from the kwargs and use the scan_date from
         # the attributes after the scan_date is set in the previous logic
         if "scan_date" in kwargs:
             kwargs.pop("scan_date")
-        source_target_data = self.mapping.get_value(self.validater.data, "source", {}, warnings=False).get("target", {})
+        source_target_data = self.mapping.get_value(self.validater.data, "source", {}).get("target", {})
 
         if "sha256-" in kwargs["file_name"]:
             logger.debug("found sha256 in file name %s", kwargs["file_name"])
@@ -66,7 +66,7 @@ class GrypeImport(FlatFileImporter):
         self.other_tracking_number = source_target_data.get("userInput", "Unknown")
         self.os = source_target_data.get("os", "Linux")
         self.notes = f"{kwargs['file_name']}"
-        vuln_count = len(self.mapping.get_value(self.validater.data, "matches", [], warnings=False))
+        vuln_count = len(self.mapping.get_value(self.validater.data, "matches", []))
         super().__init__(
             logger=logger,
             headers=self.headers,

regscale/models/integration_models/prisma.py

@@ -80,7 +80,7 @@ class Prisma(FlatFileImporter):
             **{
                 "id": 0,
                 "name": hostname,
-                "ipAddress": self.mapping.get_value(dat, "IP Address", warnings=False),
+                "ipAddress": self.mapping.get_value(dat, "IP Address"),
                 "isPublic": True,
                 "status": "Active (On Network)",
                 "assetCategory": "Hardware",
@@ -132,8 +132,8 @@ class Prisma(FlatFileImporter):
                 severity=severity,
                 plugInName=self.mapping.get_value(dat, self.vuln_title),
                 plugInId=(
-                    self.mapping.get_value(dat, VULNERABILITY_ID, warnings=False)
-                    if self.mapping.get_value(dat, VULNERABILITY_ID, warnings=False)
+                    self.mapping.get_value(dat, VULNERABILITY_ID)
+                    if self.mapping.get_value(dat, VULNERABILITY_ID)
                     else None
                 ),
                 cve=cve,