regscale-cli 6.16.0.0__py3-none-any.whl → 6.16.2.0__py3-none-any.whl

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,99 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.03.13",
-    "dateReleased": "2025-03-13T19:37:52.2229Z",
-    "count": 1302,
+    "catalogVersion": "2025.03.24",
+    "dateReleased": "2025-03-24T18:01:34.066Z",
+    "count": 1308,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-30154",
+            "vendorProject": "reviewdog",
+            "product": "action-setup GitHub Action",
+            "vulnerabilityName": "reviewdog\/action-setup GitHub Action Embedded Malicious Code Vulnerability",
+            "dateAdded": "2025-03-24",
+            "shortDescription": "reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-14",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https:\/\/github.com\/reviewdog\/reviewdog\/security\/advisories\/GHSA-qmg3-hpqr-gqvc ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30154",
+            "cwes": [
+                "CWE-506"
+            ]
+        },
+        {
+            "cveID": "CVE-2017-12637",
+            "vendorProject": "SAP",
+            "product": "NetWeaver",
+            "vulnerabilityName": "SAP NetWeaver Directory Traversal Vulnerability",
+            "dateAdded": "2025-03-19",
+            "shortDescription": "SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler\/ui\/js\/ffffffffbca41eb4\/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "SAP users must have an account to log in and access the patch: https:\/\/me.sap.com\/notes\/3476549 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-12637",
+            "cwes": [
+                "CWE-22"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-48248",
+            "vendorProject": "NAKIVO",
+            "product": "Backup and Replication",
+            "vulnerabilityName": "NAKIVO Backup and Replication Absolute Path Traversal Vulnerability",
+            "dateAdded": "2025-03-19",
+            "shortDescription": "NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/helpcenter.nakivo.com\/Release-Notes\/Content\/Release-Notes.htm ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-48248",
+            "cwes": [
+                "CWE-36"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-1316",
+            "vendorProject": "Edimax",
+            "product": "IC-7100 IP Camera",
+            "vulnerabilityName": "Edimax IC-7100 IP Camera OS Command Injection Vulnerability",
+            "dateAdded": "2025-03-19",
+            "shortDescription": "Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-09",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.edimax.com\/edimax\/post\/post\/data\/edimax\/global\/press_releases\/4801\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-1316",
+            "cwes": [
+                "CWE-78"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-30066",
+            "vendorProject": "tj-actions",
+            "product": "changed-files GitHub Action",
+            "vulnerabilityName": "tj-actions\/changed-files GitHub Action Embedded Malicious Code Vulnerability",
+            "dateAdded": "2025-03-18",
+            "shortDescription": "tj-actions\/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens (PATs), npm tokens, and private RSA keys.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-08",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https:\/\/github.com\/tj-actions\/changed-files\/blob\/45fb12d7a8bedb4da42342e52fe054c6c2c3fd73\/README.md?plain=1#L20-L28 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30066",
+            "cwes": [
+                "CWE-506"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-24472",
+            "vendorProject": "Fortinet",
+            "product": "FortiOS and FortiProxy",
+            "vulnerabilityName": "Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability",
+            "dateAdded": "2025-03-18",
+            "shortDescription": " Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-08",
+            "knownRansomwareCampaignUse": "Known",
+            "notes": "https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-24-535 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24472",
+            "cwes": [
+                "CWE-288"
+            ]
+        },
         {
             "cveID": "CVE-2025-21590",
             "vendorProject": "Juniper",
@@ -733,7 +823,7 @@
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-02-25",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "https:\/\/ofbiz.apache.org\/security.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-45195",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/ofbiz.apache.org\/security.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-45195",
             "cwes": [
                 "CWE-425"
             ]
@@ -852,7 +942,7 @@
             "shortDescription": "Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-01-21",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-24-535 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-55591",
             "cwes": [
                 "CWE-288"
@@ -867,7 +957,7 @@
             "shortDescription": "Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-02-03",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/community.qlik.com\/t5\/Official-Support-Articles\/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows\/tac-p\/2120510 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-48365",
             "cwes": [
                 "CWE-444"
@@ -2454,7 +2544,7 @@
         {
             "cveID": "CVE-2024-5217",
             "vendorProject": "ServiceNow",
-            "product": "Utah, Vancouver, and Washington DC Now",
+            "product": "Utah, Vancouver, and Washington DC Now Platform",
             "vulnerabilityName": "ServiceNow Incomplete List of Disallowed Inputs Vulnerability",
             "dateAdded": "2024-07-29",
             "shortDescription": "ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.",
@@ -2469,10 +2559,10 @@
         {
             "cveID": "CVE-2024-4879",
             "vendorProject": "ServiceNow",
-            "product": "Utah, Vancouver, and Washington DC Now",
+            "product": "Utah, Vancouver, and Washington DC Now Platform",
             "vulnerabilityName": "ServiceNow Improper Input Validation Vulnerability",
             "dateAdded": "2024-07-29",
-            "shortDescription": "ServiceNow Utah, Vancouver, and Washington DC Now releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely. ",
+            "shortDescription": "ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely. ",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2024-08-19",
             "knownRansomwareCampaignUse": "Unknown",
@@ -6309,7 +6399,7 @@
             "shortDescription": "Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2023-03-07",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2023-23376;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-23376",
             "cwes": [
                 "CWE-122"

regscale/models/integration_models/ecr_models/ecr.py

@@ -89,9 +89,7 @@ class ECR(FlatFileImporter):
         :rtype: Asset
         """
         name = self.mapping.get_value(dat, "Name") or self.mapping.get_value(dat, "name")
-        if repository_name := self.mapping.get_value(
-            dat, "repositoryName", self.raw_dict.get("repositoryName", ""), warnings=False
-        ):
+        if repository_name := self.mapping.get_value(dat, "repositoryName", self.raw_dict.get("repositoryName", "")):
             if (image_id_data := self.raw_dict.get("imageId", {}).get("imageDigest", "").split(":")) and len(
                 image_id_data
             ) > 1:
@@ -134,9 +132,7 @@ class ECR(FlatFileImporter):
         """
         vulns: List[Vulnerability] = []
         hostname = dat.get("Name") or dat.get("name")
-        if repository_name := self.mapping.get_value(
-            dat, "repositoryName", self.raw_dict.get("repositoryName", ""), warnings=False
-        ):
+        if repository_name := self.mapping.get_value(dat, "repositoryName", self.raw_dict.get("repositoryName", "")):
             image_id_data = self.raw_dict.get("imageId", {}).get("imageDigest", "").split(":")
             if len(image_id_data) > 1:
                 image_id = image_id_data[1]

regscale/models/integration_models/{flat_file_importer.py → flat_file_importer/__init__.py}

@@ -192,7 +192,7 @@ class FlatFileImporter(ABC):
             finding_severity_map=self.finding_severity_map,
         )
         flat_int.asset_identifier_field = self.asset_identifier_field
-        logger.info(f"Asset Identifier Field: {flat_int.asset_identifier_field}")
+        logger.debug(f"Asset Identifier Field: {flat_int.asset_identifier_field}")
         flat_int.title = self.attributes.name
         self.create_assets(kwargs["asset_func"])  # type: ignore # Pass in the function to create an asset
         self.create_vulns(kwargs["vuln_func"])  # type: ignore # Pass in the function to create a vuln
@@ -430,7 +430,7 @@ class FlatFileImporter(ABC):
         :return: Tuple of header and data from csv file
         :rtype: tuple
         """
-        logger.info("flatfileimporter: Converting csv to dict")
+        logger.debug("flatfileimporter: Converting csv to dict")
         # if file is empty, error and exit
         if not file.read(1):
             error_and_exit("File is empty")
@@ -446,6 +446,7 @@ class FlatFileImporter(ABC):
             self.handle_extra_headers(header=header)
 
         data = list(reader)
+        logger.debug("flatfileimporter: Done converting csv to dict.")
         return data, header
 
     def convert_xlsx_to_dict(self, file: TextIO, start_line_number: int = 0) -> tuple:
@@ -457,7 +458,7 @@ class FlatFileImporter(ABC):
         :return: Tuple of data and header from xlsx file
         :rtype: tuple
         """
-        logger.info("flatfileimporter: Converting xlsx to dict")
+        logger.debug("flatfileimporter: Converting xlsx to dict")
         # Load the workbook
         workbook = load_workbook(filename=file.name)
 
@@ -485,6 +486,7 @@ class FlatFileImporter(ABC):
                     except SyntaxError as rex:
                         # Object is probably not a list, so just leave it as a string
                         self.attributes.app.logger.debug("SyntaxError: %s", rex)
+        logger.debug("flatfileimporter: Done converting xlsx to dict.")
         return data_dict, header
 
     def count_vuln_by_severity(self, severity: str, asset_id: int) -> int:
@@ -531,6 +533,7 @@ class FlatFileImporter(ABC):
         :param Callable func: The function to process the data
         :rtype: None
         """
+        from regscale.integrations.scanner_integration import IntegrationAsset
 
         res = func(dat)
         if not res:
@@ -744,7 +747,7 @@ class FlatFileImporter(ABC):
             check_file_path(str(processed_dir.absolute()))
             try:
                 self.attributes.logger.info(
-                    "Renaming %s to %s, ...",
+                    "Renaming %s to %s...",
                     file_path.name,
                     new_file_path.name,
                 )

regscale/models/integration_models/grype_import.py

@@ -48,12 +48,12 @@ class GrypeImport(FlatFileImporter):
         if kwargs.get("scan_date"):
             self.scan_date = kwargs.pop("scan_date")
         else:
-            self.scan_date = safe_datetime_str(self.mapping.get_value(self.validater.data, "timestamp", warnings=False))
+            self.scan_date = safe_datetime_str(self.mapping.get_value(self.validater.data, "timestamp"))
         # even if a user doesn't specify a scan_date, we want to remove it from the kwargs and use the scan_date from
         # the attributes after the scan_date is set in the previous logic
         if "scan_date" in kwargs:
             kwargs.pop("scan_date")
-        source_target_data = self.mapping.get_value(self.validater.data, "source", {}, warnings=False).get("target", {})
+        source_target_data = self.mapping.get_value(self.validater.data, "source", {}).get("target", {})
 
         if "sha256-" in kwargs["file_name"]:
             logger.debug("found sha256 in file name %s", kwargs["file_name"])
@@ -66,7 +66,7 @@ class GrypeImport(FlatFileImporter):
         self.other_tracking_number = source_target_data.get("userInput", "Unknown")
         self.os = source_target_data.get("os", "Linux")
         self.notes = f"{kwargs['file_name']}"
-        vuln_count = len(self.mapping.get_value(self.validater.data, "matches", [], warnings=False))
+        vuln_count = len(self.mapping.get_value(self.validater.data, "matches", []))
         super().__init__(
             logger=logger,
             headers=self.headers,

regscale/models/integration_models/prisma.py

@@ -80,7 +80,7 @@ class Prisma(FlatFileImporter):
             **{
                 "id": 0,
                 "name": hostname,
-                "ipAddress": self.mapping.get_value(dat, "IP Address", warnings=False),
+                "ipAddress": self.mapping.get_value(dat, "IP Address"),
                 "isPublic": True,
                 "status": "Active (On Network)",
                 "assetCategory": "Hardware",
@@ -132,8 +132,8 @@ class Prisma(FlatFileImporter):
                 severity=severity,
                 plugInName=self.mapping.get_value(dat, self.vuln_title),
                 plugInId=(
-                    self.mapping.get_value(dat, VULNERABILITY_ID, warnings=False)
-                    if self.mapping.get_value(dat, VULNERABILITY_ID, warnings=False)
+                    self.mapping.get_value(dat, VULNERABILITY_ID)
+                    if self.mapping.get_value(dat, VULNERABILITY_ID)
                     else None
                 ),
                 cve=cve,