regscale-cli 6.16.0.0__py3-none-any.whl → 6.16.2.0__py3-none-any.whl

regscale/__init__.py

@@ -1 +1 @@
-__version__ = "6.16.0.0"
+__version__ = "6.16.2.0"

regscale/core/app/application.py

@@ -86,6 +86,7 @@ class Application(metaclass=Singleton):
             "dependabotRepo": "<myGithubRepoNameGoesHere>",
             "dependabotToken": "<myGithubPersonalAccessTokenGoesHere>",
             "domain": "https://regscale.yourcompany.com/",
+            "disableCache": False,
             "evidenceFolder": "./evidence",
             "passScore": 80,
             "failScore": 30,

regscale/core/app/internal/login.py

@@ -70,7 +70,7 @@ def login(
         config["domain"] = (host if host and host != "None" else config.get("REGSCALE_DOMAIN")) or os.getenv(
             "REGSCALE_DOMAIN"
         )
-        app.logger.info("Running in Airflow, logging in with token: %s", token)
+        app.logger.debug("Running in Airflow, logging in with token: %s", token)
     else:
         config["domain"] = host or config["domain"]
     token = token or os.getenv("REGSCALE_TOKEN")

regscale/core/app/internal/poam_editor.py

@@ -452,7 +452,7 @@ def all_issues(regscale_id: int, regscale_module: str, path: Path) -> None:
         error_and_exit("There was an error creating your workbook for the given RegScale Id and RegScale Module.")
 
     logger.info(
-        "Your data has beeen loaded. Please open the all_issues workbook and make your desired changes %s. " % path
+        "Your data has been loaded. Please open the all_issues workbook and make your desired changes %s. " % path
     )
     return None
 

regscale/core/app/utils/app_utils.py

@@ -642,7 +642,7 @@ def save_to_json(file: Path, data: Any, output_log: bool) -> None:
         with open(file, "w", encoding="utf-8") as outfile:
             outfile.write(str(data))
     if output_log:
-        logger.info("Data successfully saved to %s", file.name)
+        logger.info("Data successfully saved to %s", file.absolute())
 
 
 def save_data_to(file: Path, data: Any, output_log: bool = True, transpose_data: bool = True) -> None:

regscale/core/app/utils/parser_utils.py

@@ -23,7 +23,7 @@ def safe_float(value: Any, default: float = 0.0, field_name: str = "value") -> f
     try:
         return float(value)
     except (ValueError, TypeError):
-        logger.warning(f"Invalid float {field_name}: {value}. Defaulting to {default}")
+        logger.debug(f"Invalid float {field_name}: {value}. Defaulting to {default}")
         return default
 
 
@@ -43,7 +43,7 @@ def safe_int(value: Any, default: int = 0, field_name: str = "value") -> int:
     try:
         return int(value)
     except (ValueError, TypeError):
-        logger.warning(f"Invalid integer {field_name}: {value}. Defaulting to {default}")
+        logger.debug(f"Invalid integer {field_name}: {value}. Defaulting to {default}")
         return default
 
 

regscale/integrations/commercial/__init__.py

@@ -161,7 +161,7 @@ show_mapping(ecr, "ecr")
 @click.group(
     cls=LazyGroup,
     lazy_subcommands={
-        "import_file": "regscale.integrations.commercial.opentext.click.import_file",
+        "import_file": "regscale.integrations.commercial.opentext.commands.import_scans",
     },
     name="opentext",
 )
@@ -320,7 +320,7 @@ def trivy():
 @click.group(
     cls=LazyGroup,
     lazy_subcommands={
-        "import_scans": "regscale.integrations.commercial.grype.import_scans",
+        "import_scans": "regscale.integrations.commercial.grype.commands.import_scans",
     },
     name="grype",
 )

regscale/integrations/commercial/ad.py

@@ -278,7 +278,7 @@ def get_group(str_group: str) -> None:
             file=Path(f"./artifacts/adMemberList-{group_id}.json"),
             data=member_data,
         )
-        logger.info(member_data)
+        logger.debug(member_data)
         # retrieve the list of RegScale users
         url_users = f'{config["domain"]}/api/accounts/getList'
         try:

regscale/integrations/commercial/azure/intune.py

@@ -73,6 +73,7 @@ def sync_intune(regscale_id: int, regscale_module: str):
         )
         in_scan.sync_findings(
             plan_id=regscale_id,
+            finding_count=len(devices),
             integration_findings=fetch_intune_findings(devices=devices),
         )
     else:

regscale/integrations/commercial/grype/__init__.py

@@ -0,0 +1,3 @@
+"""
+Module for processing Grype scan results and loading them into RegScale.
+"""

regscale/integrations/commercial/grype/commands.py

@@ -0,0 +1,72 @@
+"""
+This module contains the CLI commands for the Grype scanner integration.
+"""
+
+from datetime import datetime
+from typing import Optional
+
+import click
+from pathlib import Path
+
+from regscale.models.integration_models.flat_file_importer import FlatFileImporter
+
+
+@click.group()
+def grype():
+    """Performs actions from the Grype scanner integration."""
+    pass
+
+
+@grype.command("import_scans")
+@FlatFileImporter.common_scanner_options(
+    message="File path to the folder containing JFrog XRay .json files to process to RegScale.",
+    prompt="File path for Grype files",
+    import_name="grype",
+)
+@click.option(
+    "--destination",
+    "-d",
+    help="Path to download the files to. If not provided, files will be downloaded to the temporary directory.",
+    type=click.Path(exists=True, dir_okay=True),
+    required=False,
+)
+@click.option(
+    "--file_pattern",
+    "-fp",
+    help="[Optional] File pattern to match (e.g., '*.json')",
+    required=False,
+)
+def import_scans(
+    destination: Optional[Path],
+    file_pattern: str,
+    folder_path: Path,
+    regscale_ssp_id: int,
+    scan_date: datetime,
+    mappings_path: Path,
+    disable_mapping: bool,
+    s3_bucket: str,
+    s3_prefix: str,
+    aws_profile: str,
+    upload_file: bool,
+) -> None:
+    """
+    Process Grype scan results from a folder containing Grype scan files and load into RegScale.
+    """
+    from regscale.integrations.commercial.grype.scanner import GrypeIntegration
+
+    if s3_bucket and not folder_path:
+        folder_path = s3_bucket
+    gi = GrypeIntegration(
+        plan_id=regscale_ssp_id,
+        file_path=str(folder_path) if folder_path else None,
+        s3_bucket=s3_bucket,
+        s3_prefix=s3_prefix,
+        aws_profile=aws_profile,
+        scan_date=scan_date,
+        mappings_path=str(mappings_path) if mappings_path else None,
+        disable_mapping=disable_mapping,
+        download_destination=destination,
+        file_pattern=file_pattern,
+        upload_file=upload_file,
+    )
+    gi.sync_assets_and_findings()

regscale/integrations/commercial/grype/scanner.py

@@ -0,0 +1,390 @@
+"""
+Grype scanner integration class.
+"""
+
+import logging
+import os
+from typing import (
+    Any,
+    Dict,
+    Optional,
+    Union,
+    Tuple,
+    TypeVar,
+)
+
+from pathlib import Path
+
+from regscale.core.app.utils.parser_utils import safe_datetime_str
+from regscale.integrations.jsonl_scanner_integration import JSONLScannerIntegration
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
+from regscale.models import IssueSeverity, AssetStatus, IssueStatus
+
+logger = logging.getLogger("regscale")
+
+# Define generic types for items that can be written to file
+T = TypeVar("T")
+ItemType = TypeVar("ItemType", IntegrationAsset, IntegrationFinding)
+
+
+class GrypeIntegration(JSONLScannerIntegration):
+    """Class for handling Grype scanner integration."""
+
+    title: str = "Grype"
+    asset_identifier_field: str = "otherTrackingNumber"
+    finding_severity_map: Dict[str, Any] = {
+        "CRITICAL": IssueSeverity.Critical.value,
+        "HIGH": IssueSeverity.High.value,
+        "MEDIUM": IssueSeverity.Moderate.value,
+        "LOW": IssueSeverity.Low.value,
+        "UNKNOWN": IssueSeverity.High.value,
+        "NEGLIGIBLE": IssueSeverity.High.value,
+    }
+
+    # Constants for file paths
+    ASSETS_FILE = "./artifacts/grype_assets.jsonl"
+    FINDINGS_FILE = "./artifacts/grype_findings.jsonl"
+
+    def __init__(self, *args, **kwargs):
+        """
+        Initialize the TrivyIntegration object.
+
+        :param Any kwargs: Keyword arguments
+        """
+        kwargs["read_files_only"] = True
+        kwargs["file_pattern"] = "*.json"
+        self.disable_mapping = kwargs["disable_mapping"] = True
+        super().__init__(*args, **kwargs)
+
+    def is_valid_file(self, data: Any, file_path: Union[Path, str]) -> Tuple[bool, Optional[Dict[str, Any]]]:
+        """
+        Check if a file is a valid Grype scan file.
+
+        :param Any data: Data parsed from the file to validate
+        :param Union[Path, str] file_path: Path to the file being processed
+        :return: Tuple of (is_valid, data) where is_valid indicates validity and data is the validated content or None
+        :rtype: Tuple[bool, Optional[Dict[str, Any]]]
+        """
+        try:
+            # Check if this looks like a Grype scan file
+            # Grype files should have matches array and source object
+            if not isinstance(data, dict):
+                logger.warning(f"File {file_path} is not a dict, skipping")
+                return False, None
+
+            if "matches" not in data:
+                logger.warning(f"File {file_path} has no 'matches' key, skipping")
+                return False, None
+
+            if not isinstance(data.get("matches"), list):
+                logger.warning(f"File {file_path} 'matches' is not a list, skipping")
+                return False, None
+
+            if "source" not in data:
+                logger.warning(f"File {file_path} has no 'source' key, skipping")
+                return False, None
+
+            logger.debug(f"File {file_path} validated successfully")
+            return True, data
+        except Exception as e:
+            logger.warning(f"Error reading file {file_path}: {str(e)}")
+            return False, None
+
+    def parse_asset(self, file_path: Union[Path, str], data: Dict[str, Any]) -> IntegrationAsset:
+        """
+        Parse a single asset from Grype scan data.
+
+        :param Union[Path, str] file_path: Path to the file containing the asset data
+        :param Dict[str, Any] data: The parsed JSON data
+        :return: IntegrationAsset object
+        :rtype: IntegrationAsset
+        """
+        source_target_data = data.get("source", {}).get("target", {})
+        # Convert path to string if it's not already
+        file_path_str = str(file_path)
+
+        # Determine identifier from file name or data
+        if "sha256-" in file_path_str:
+            # Extract the sha256 from the filename
+            base_name = os.path.basename(file_path_str)
+            identifier = "sha256-" + base_name.split("sha256-")[1].split(".json")[0]
+        else:
+            identifier = source_target_data.get("imageID", "Unknown")
+
+        return IntegrationAsset(
+            identifier=identifier,
+            name=identifier,
+            ip_address="0.0.0.0",
+            cpu=0,
+            ram=0,
+            status=AssetStatus.Active,
+            asset_type="Other",
+            asset_category="Software",
+            operating_system=source_target_data.get("os", source_target_data.get("OS", "Linux")),
+            notes=f"{os.path.basename(file_path_str)}",
+            other_tracking_number=source_target_data.get("userInput", source_target_data.get("UserInput", "Unknown")),
+            fqdn=source_target_data.get("userInput", source_target_data.get("UserInput", "Unknown")),
+            parent_id=self.plan_id,
+            parent_module="securityplans",
+        )
+
+    def parse_finding(self, asset_identifier: str, data: Dict[str, Any], item: Dict[str, Any]) -> IntegrationFinding:
+        """
+        Parse a single finding from Grype scan data.
+
+        Constructs a finding object by extracting and processing vulnerability details.
+
+        :param str asset_identifier: Identifier of the asset this finding belongs to
+        :param Dict[str, Any] data: Parsed scan data containing metadata
+        :param Dict[str, Any] item: Individual finding data
+        :return: Parsed finding object
+        :rtype: IntegrationFinding
+        """
+        finding_info = self._extract_finding_info(item, data)
+        artifact_info = self._extract_artifact_info(item)
+        severity_info = self._determine_severity(finding_info)
+        cvss_fields = self._get_cvss_fields(finding_info["cvss"])
+        scan_date = safe_datetime_str(finding_info["descriptor"].get("timestamp", ""))
+        evidence = self._build_evidence(artifact_info)
+        observations = self._build_observations(finding_info)
+        remediation_info = self._build_remediation_info(finding_info["fix"])
+
+        return IntegrationFinding(
+            title=(
+                f"{severity_info['cve_id']}: {artifact_info['name']}"
+                if severity_info["cve_id"]
+                else artifact_info["name"]
+            ),
+            description=severity_info["description"],
+            severity=severity_info["severity"],
+            status=IssueStatus.Open,
+            cvss_v3_score=cvss_fields.get("V3Score"),
+            cvss_v3_vector=cvss_fields.get("V3Vector") or "",
+            cvss_v2_score=cvss_fields.get("V2Score"),
+            cvss_v2_vector=cvss_fields.get("V2Vector") or "",
+            plugin_name=artifact_info["name"],
+            plugin_id=self.title,
+            asset_identifier=asset_identifier,
+            category="Vulnerability",
+            cve=severity_info["cve_id"],
+            control_labels=["CM-7", "SI-2"],
+            evidence=evidence,
+            observations=observations,
+            identified_risk=f"Vulnerable {artifact_info['type'] or 'package'} detected: {artifact_info['name'] or 'unknown'} {artifact_info['version'] or 'unknown'}",
+            recommendation_for_mitigation=remediation_info["remediation"],
+            scan_date=scan_date,
+            first_seen=scan_date,
+            last_seen=scan_date,
+            vulnerability_type=finding_info["type"],
+            rule_id=finding_info["id"],
+            source_rule_id=finding_info["id"],
+            remediation=remediation_info["remediation"],
+            vulnerable_asset=f"{artifact_info['name'] or 'unknown'}:{artifact_info['version'] or 'unknown'}",
+            security_check=finding_info["matcher"],
+            external_id=finding_info["data_source"],
+            installed_versions=artifact_info["version"],
+            affected_os=finding_info["affected_os"],
+            affected_packages=artifact_info["name"],
+            image_digest=finding_info["manifest_digest"],
+            package_path=artifact_info["purl"],
+            build_version=finding_info["build_version"],
+            fixed_versions=remediation_info["fixed_versions"],
+            fix_status=remediation_info["fix_status"],
+        )
+
+    def _extract_finding_info(self, item: Dict[str, Any], data: Dict[str, Any]) -> Dict[str, Any]:
+        """
+        Extract core finding information from Grype scan data.
+
+        :param Dict[str, Any] item: Individual finding data
+        :param Dict[str, Any] data: Parsed scan data containing metadata
+        :return: Dictionary of extracted finding details
+        :rtype: Dict[str, Any]
+        """
+        finding = item.get("vulnerability", {})
+        source_target = data.get("source", {}).get("target", {})
+        labels = source_target.get("labels", {})
+        return {
+            "id": finding.get("id", ""),
+            "type": finding.get("type", ""),
+            "data_source": finding.get("dataSource", ""),
+            "namespace": finding.get("namespace", ""),
+            "urls": finding.get("urls", []),
+            "cvss": finding.get("cvss", []),
+            "related_vulns": item.get("relatedVulnerabilities", []),
+            "descriptor": data.get("descriptor", {}),
+            "match_details": item.get("matchDetails", []),
+            "description": finding.get("description", "No description available"),
+            "build_version": str(labels.get("io.buildah.version", "")),
+            "manifest_digest": source_target.get("manifestDigest", ""),
+            "affected_os": labels.get("org.opencontainers.image.base.name")
+            or f"{labels.get('org.opencontainers.image.ref.name', '')} {labels.get('org.opencontainers.image.version', '')}".strip(),
+            "fix": finding.get("fix", {}),
+            "severity": finding.get("severity", "UNKNOWN"),
+            "matcher": item.get("matchDetails", [{}])[0].get("matcher", ""),
+        }
+
+    def _extract_artifact_info(self, item: Dict[str, Any]) -> Dict[str, Any]:
+        """
+        Extract artifact-related information from Grype finding data.
+
+        :param Dict[str, Any] item: Individual finding data
+        :return: Dictionary of artifact details
+        :rtype: Dict[str, Any]
+        """
+        artifact = item.get("artifact", {})
+        locations = [loc.get("path", "") for loc in artifact.get("locations", [])]
+        return {
+            "type": artifact.get("type", ""),
+            "version": artifact.get("version", ""),
+            "name": artifact.get("name", ""),
+            "licenses": ", ".join(artifact.get("licenses", [])),
+            "purl": artifact.get("purl", ""),
+            "locations": locations,
+        }
+
+    def _determine_severity(self, finding_info: Dict[str, Any]) -> Dict[str, str]:
+        """
+        Determine the severity and related details for the finding.
+
+        Prefers NVD data if available among related vulnerabilities.
+
+        :param Dict[str, Any] finding_info: Extracted finding details
+        :return: Dictionary with severity, CVE ID, and description
+        :rtype: Dict[str, str]
+        """
+        severity_str = finding_info["severity"]
+        cve_id = finding_info["id"]
+        description = finding_info["description"]
+        cvss = finding_info["cvss"]
+
+        for vuln in finding_info["related_vulns"]:
+            if "nvd" in vuln.get("dataSource", ""):
+                cve_id = vuln.get("id", cve_id)
+                severity_str = vuln.get("severity", severity_str)
+                description = vuln.get("description", description)
+                cvss = vuln.get("cvss", cvss)
+                break
+
+        severity_value = self.finding_severity_map.get(severity_str.upper(), IssueSeverity.High.value)
+        try:
+            severity = IssueSeverity(severity_value)
+        except ValueError:
+            severity = IssueSeverity.High
+
+        return {"severity": severity, "cve_id": cve_id, "description": description, "cvss": cvss}
+
+    def _build_evidence(self, artifact_info: Dict[str, Any]) -> str:
+        """
+        Build the evidence string for the finding.
+
+        :param Dict[str, Any] artifact_info: Artifact details
+        :return: Formatted evidence string
+        :rtype: str
+        """
+        evidence = f"Found in {artifact_info['name']} {artifact_info['version']}"
+        details = [
+            f"type: {artifact_info['type']}" if artifact_info["type"] else "",
+            f"Locations: {', '.join(artifact_info['locations'])}" if artifact_info["locations"] else "",
+            f"Licenses: {artifact_info['licenses']}" if artifact_info["licenses"] else "",
+            f"Package URL: {artifact_info['purl']}" if artifact_info["purl"] else "",
+            f"References: {', '.join(artifact_info.get('urls', []))}" if artifact_info.get("urls", []) else "",
+        ]
+        return evidence + "\n".join(filter(None, details))
+
+    def _build_observations(self, finding_info: Dict[str, Any]) -> str:
+        """
+        Build the observations string for the finding.
+
+        :param Dict[str, Any] finding_info: Extracted finding details
+        :return: Formatted observations string
+        :rtype: str
+        """
+        match_type = finding_info["match_details"][0].get("type", "") if finding_info["match_details"] else ""
+        matcher = finding_info["matcher"]
+        return "\n".join(
+            filter(
+                None,
+                [
+                    f"Match type: {match_type}" if match_type else "",
+                    f"Matcher: {matcher}" if matcher else "",
+                    f"Data source: {finding_info['data_source']}" if finding_info["data_source"] else "",
+                    f"Namespace: {finding_info['namespace']}" if finding_info["namespace"] else "",
+                ],
+            )
+        )
+
+    def _build_remediation_info(self, fix_info: Dict[str, Any]) -> Dict[str, str]:
+        """
+        Build remediation information for the finding.
+
+        :param Dict[str, Any] fix_info: Fix details from the finding
+        :return: Dictionary with remediation details
+        :rtype: Dict[str, str]
+        """
+        state = fix_info.get("state", "No fix available")
+        remediation = f"State: {state}"
+        fixed_versions = ""
+        if versions := fix_info.get("versions", []):
+            fixed_versions = ", ".join(versions)
+            remediation += f", Fixed versions: {fixed_versions}"
+        return {"remediation": remediation, "fixed_versions": fixed_versions, "fix_status": state}
+
+    def _get_findings_data_from_file(self, data: Dict[str, Any]) -> list:
+        """
+        Extract findings data from Grype file data.
+
+        :param Dict[str, Any] data: The data from the Grype file
+        :return: List of finding items
+        :rtype: list
+        """
+        if not data or not isinstance(data, dict):
+            return []
+
+        matches = data.get("matches", [])
+        if not isinstance(matches, list):
+            return []
+        return matches
+
+    @staticmethod
+    def _get_cvss_fields(cvss):
+        """
+        Get the CVSS v3 and v2 scores and vectors from the cvss data.
+
+        :param Dict finding: The cvss data
+        :return: The CVSS fields
+        :rtype: dict
+        """
+        values = {
+            "V3Score": None,
+            "V2Score": None,
+            "V3Vector": None,
+            "V2Vector": None,
+        }
+
+        i = 0
+        while i < len(cvss):
+            item = cvss[i]
+            cvss_type = item.get("type", "")
+            version = item.get("version")
+            if "3." in version and cvss_type == "Primary":
+                values["V3Score"] = item.get("metrics", {}).get("baseScore", None)
+                values["V3Vector"] = item.get("vector", "")
+            elif "2." in version and item.get("type") == "Primary":
+                values["V2Score"] = item.get("metrics", {}).get("baseScore", None)
+                values["V2Vector"] = item.get("vector", "")
+
+            if values["V3Score"] is not None and values["V2Score"] is not None:
+                break
+
+            if values["V3Score"] is None and "3." in version and cvss_type == "Secondary":
+                values["V3Score"] = item.get("metrics", {}).get("baseScore", None)
+                values["V3Vector"] = item.get("vector", "")
+
+            if values["V2Score"] is None and "2." in version and cvss_type == "Secondary":
+                values["V2Score"] = item.get("metrics", {}).get("baseScore", None)
+                values["V2Vector"] = item.get("vector", "")
+
+            i += 1
+
+        return values

regscale/integrations/commercial/import_all/import_all_cmd.py

@@ -89,10 +89,10 @@ def import_all_scans(
     from regscale.integrations.commercial.burp import import_burp
     from regscale.integrations.commercial.defender import import_alerts
     from regscale.integrations.commercial.ecr import import_ecr
-    from regscale.integrations.commercial.grype import import_scans as import_grype_scans
+    from regscale.integrations.commercial.grype.commands import import_scans as import_grype_scans
     from regscale.integrations.commercial.ibm import import_appscan
     from regscale.integrations.commercial.nexpose import import_nexpose
-    from regscale.integrations.commercial.opentext.click import import_file as import_opentext_file
+    from regscale.integrations.commercial.opentext.commands import import_scans as import_opentext_file
     from regscale.integrations.commercial.prisma import import_prisma
     from regscale.integrations.commercial.qualys import import_scans as import_qualys
     from regscale.integrations.commercial.snyk import import_snyk

regscale/integrations/commercial/nessus/scanner.py

@@ -79,6 +79,7 @@ class NessusIntegration(ScannerIntegration):
             self.log_file_warning_and_exit(path)
         if not self.check_collection(file_collection, path):
             return
+        self.num_findings_to_process = 0
         for file in iterate_files(file_collection):
             content = read_file(file)
             root = ET.fromstring(content)
@@ -87,6 +88,7 @@ class NessusIntegration(ScannerIntegration):
                 for nessus_vulnerability in root.iterfind(f"./Report/ReportHost[@name='{asset_name}']/ReportItem"):
                     parsed_vulnerability = self.parse_finding(nessus_vulnerability, asset_name)
                     if parsed_vulnerability:
+                        self.num_findings_to_process += 1
                         yield parsed_vulnerability
         self.move_files(file_collection)
 
@@ -214,6 +216,7 @@ class NessusIntegration(ScannerIntegration):
                 tree = ElementTree(root)
                 assets = nfr.scan.report_hosts(root)
                 cpe_items = cpe_xml_to_dict(tree)  # type: ignore
+                self.num_assets_to_process = len(assets)
                 for asset in assets:
                     asset_properties = self.get_asset_properties(root, cpe_items, asset)
                     parsed_asset = self.parse_asset(asset_properties)

regscale/integrations/commercial/opentext/__init__.py

@@ -0,0 +1,6 @@
+"""
+Module for processing OpenText WebInspect scan results and loading them into RegScale.
+"""
+
+from regscale.integrations.commercial.opentext.commands import fortify
+from regscale.integrations.commercial.opentext.scanner import WebInspectIntegration