regscale-cli 6.16.0.0__py3-none-any.whl

regscale/integrations/public/fedramp/mappings/system_roles.py

@@ -0,0 +1,34 @@
+"""Mappings for System Roles."""
+
+from lxml import etree
+
+from regscale.core.app.application import Application
+from regscale.integrations.public.fedramp.mappings.values import (
+    UUID,
+    FunctionPerformed,
+    Title,
+)
+from regscale.core.app.utils.app_utils import get_current_datetime
+from regscale.models.regscale_models.system_role import SystemRole
+
+
+def create_system_role(element: etree._Element) -> SystemRole:
+    """
+    Create a SystemRoles object from an XML Element
+
+    :param etree._Element element: The XML Element to parse
+    :return: A SystemRole object
+    :rtype: SystemRole
+    """
+    data = {}
+    for field in [UUID, Title, FunctionPerformed]:
+        for elem in element:
+            if results := field.parse_from_element(elem):
+                data[field.value] = results[1]
+    app = Application()
+    data["id"] = 0
+    data["createdById"] = app.config.get("userId")
+    data["lastUpdatedById"] = app.config.get("userId")
+    data["dateCreated"] = get_current_datetime(dt_format="%Y-%m-%dT%H:%M:%S.%fZ")
+    data["dateLastUpdated"] = get_current_datetime(dt_format="%Y-%m-%dT%H:%M:%S.%fZ")
+    return SystemRole(**data)

regscale/integrations/public/fedramp/mappings/user.py

@@ -0,0 +1,175 @@
+# flake8: noqa
+"""LeveragedAuthMapping classes for FedRAMP."""
+
+from typing import List, Optional
+
+from lxml import etree
+
+from regscale.core.app.api import Api
+from regscale.core.app.application import Application
+from regscale.core.app.logz import create_logger
+from regscale.integrations.public.fedramp.fedramp_traversal import FedrampTraversal
+from regscale.core.app.utils.XMLIR import XMLIR2, XMLIRTraversal
+from regscale.models.regscale_models.system_role import SystemRole
+
+logger = create_logger()
+
+
+class UserMappingIRAuthorizedPrivilegesIR(XMLIR2):
+    title: Optional[str] = None
+
+    def get_title(self, trv: XMLIRTraversal) -> Optional[str]:
+        """The title of the authorized privilege."""
+        vlist = trv.el_xpath(".//oscal:title")
+        return vlist[0].text if vlist else None
+
+    description: Optional[str] = None
+
+    def get_description(self, trv: XMLIRTraversal) -> Optional[str]:
+        """The description of the authorized privilege."""
+        vlist = trv.el_xpath(".//oscal:description")
+        return vlist[0].text if vlist else None
+
+
+class UserMappingIR(XMLIR2):
+    title: Optional[str] = None
+
+    def get_title(self, trv: XMLIRTraversal) -> Optional[str]:
+        """The user's title"""
+        vlist = trv.el_xpath(".//oscal:title")
+        return vlist[0].text if vlist else None
+
+    type: Optional[str] = None
+
+    def get_type(self, trv: XMLIRTraversal) -> Optional[str]:
+        """The type of the user."""
+        vlist = trv.el_xpath('.//oscal:prop[@name="type"]')
+        return vlist[0].get("value") if vlist else None
+
+    sensitivity: Optional[str] = None
+
+    def get_sensitivity(self, trv: XMLIRTraversal) -> Optional[str]:
+        """The sensitivity of the user."""
+        vlist = trv.el_xpath('.//oscal:prop[@name="sensitivity"]')
+
+        return vlist[0].get("value") if vlist else None
+
+    privilege_level: Optional[str] = None
+
+    def get_privilege_level(self, trv: XMLIRTraversal) -> Optional[str]:
+        """The privilege level of the user."""
+        vlist = trv.el_xpath('.//oscal:prop[@name="privilege-level"]')
+
+        return vlist[0].get("value") if vlist else None
+
+    role_id: Optional[str] = None
+
+    def get_role_id(self, trv: XMLIRTraversal) -> Optional[str]:
+        """The role id of the user."""
+        vlist = trv.el_xpath(".//oscal:role-id")
+
+        return vlist[0].text if vlist else None
+
+    authorized_privileges: List[UserMappingIRAuthorizedPrivilegesIR] = []
+
+    def get_authorized_privileges(self, trv: XMLIRTraversal) -> List[UserMappingIRAuthorizedPrivilegesIR]:
+        """The authorized privileges of the user."""
+        vlist = trv.el_xpath(".//oscal:authorized-privilege")
+
+        return [
+            UserMappingIRAuthorizedPrivilegesIR(
+                XMLIRTraversal(xpathToThis="....", el=el, root=trv.root, namespaces=trv.namespaces)
+            )
+            for el in vlist
+        ]
+
+
+def handle_user(trv: FedrampTraversal):
+    """
+    Extract user nodes from the SSP and send them to the RegScale API.
+    """
+    try:
+        api = trv.api
+        root = trv.root
+
+        namespaces = {
+            "oscal": "http://csrc.nist.gov/ns/oscal/1.0",
+            "fedramp": "https://fedramp.gov/ns/oscal",
+        }
+
+        # Extract user nodes
+        users = root.xpath(".//oscal:system-implementation/oscal:user", namespaces=namespaces)
+
+        if len(users) == 0:
+            trv.log_info(
+                {
+                    "model_layer": "system-implementation",
+                    "record_type": "user",
+                    "event_msg": "No users / System Roles detected.",
+                }
+            )
+
+        for elem in users:
+            res = UserMappingIR(XMLIRTraversal(xpathToThis="....", el=elem, root=root, namespaces=namespaces))
+
+            logger.debug("parsed object", res)
+
+            sending = {
+                "id": 0,
+                # Title
+                "roleName": res.title,
+                "fedrampRoleId": res.role_id,
+                "roleType": res.type,
+                "assignedUserId": None,
+                "accessLevel": res.privilege_level,
+                "sensitivityLevel": res.sensitivity,
+                "privilegeDescription": res.privilege_level,
+                "functions": ", ".join([str(dict(r)) for r in res.authorized_privileges]),
+                "securityPlanId": trv.ssp_id,
+                "createdById": api.config["userId"],
+                "isPublic": True,
+            }
+
+            system_roles = SystemRole(**sending)
+            if system_roles.insert_systemrole(api.app):
+                trv.log_info(
+                    {
+                        "model_layer": "system-implementation",
+                        "record_type": "user",
+                        "event_msg": f"Created user '{res.title}' with role id '{res.role_id}'",
+                    }
+                )
+
+                logger.info("System role was created successfully in RegScale.")
+            else:
+                trv.log_error(
+                    {
+                        "model_layer": "system-implementation",
+                        "record_type": "user",
+                        "event_msg": "Failed to create user",
+                    }
+                )
+    except Exception as e:
+        trv.log_error(
+            {
+                "model_layer": "system-implementation",
+                "record_type": "user",
+                "event_msg": f"Unknown issue: Failed to create user (ERROR: {str(e)})",
+            }
+        )
+
+
+if __name__ == "__main__":
+    # If data is incomplete This fails w/ 500 error ( which means the json string being received by the server is either malformed or missing something
+    __app = Application()
+    __api = Api()
+
+    def basic_test():
+        tree = etree.parse("fr_ssp_gold_v1.1.xml")
+        root = tree.getroot()
+        ARG_SSP_ID = 360
+
+        handle_user(FedrampTraversal(api=__api, root=root, ssp_id=ARG_SSP_ID))
+
+    # Run tests
+    basic_test()

regscale/integrations/public/fedramp/mappings/values.py

@@ -0,0 +1,141 @@
+"""Provide base models for values in the FedRAMP SSP."""
+
+from typing import Callable, List, Optional, Tuple, Type, Union
+
+from lxml import etree
+from pydantic import BaseModel
+
+from regscale.core.app.logz import create_logger
+from regscale.integrations.public.fedramp.xml_utils import extract_markup_content
+
+logger = create_logger()
+
+
+class SSPField(BaseModel):
+    value: str
+    xpath: str
+    type_: Type = str
+    namespace: Optional[dict] = None
+    callable: Optional[Callable] = None
+
+    def parse_from_element(
+        self,
+        element: etree._Element,
+    ) -> Union[Tuple[str, str], List[Tuple[str, str]]]:
+        """Parse an SSPField from an XML Element
+
+        :param etree._Element element: The XML Element to parse
+        :return: A tuple of the field name and value
+        :rtype: Union[Tuple[str, str], List[Tuple[str, str]]]
+        """
+        result_list = element.xpath(self.xpath, namespaces=self.namespace)
+        output = []
+
+        def _helper(result):
+            if self.callable and callable(self.callable):
+                return self.value, self.type_(self.callable(result))
+            return self.value, self.type_(result)
+
+        if len(result_list) == 0:
+            logger.warning(f"No results found for {self.value} in {element.tag}")
+        if result_list and len(result_list) > 0:
+            output = [_helper(result) for result in result_list]
+        try:
+            return output[0][1] if len(result_list) == 1 and output and len(output[0]) > 1 else output
+        except IndexError:
+            return output
+
+
+UUID = SSPField(value="uuid", xpath="@uuid")
+Link = SSPField(value="link", xpath="link/@href")
+Title = SSPField(value="title", xpath="title/text()")
+PartyUUID = SSPField(
+    value="party_uuid",
+    xpath="party-uuid/text()",
+    namespace={"oscal": "http://csrc.nist.gov/ns/oscal/1.0"},
+)
+DateAuthorized = SSPField(
+    value="date_authorized",
+    xpath="date-authorized/text()",
+    namespace={"oscal": "http://csrc.nist.gov/ns/oscal/1.0"},
+)
+Remarks = SSPField(value="remarks", xpath="remarks", callable=extract_markup_content)
+Description = SSPField(value="description", xpath="description", callable=extract_markup_content)
+RoleId = SSPField(value="role-id", xpath="role-id/text()")
+PropName = SSPField(value="prop-name", xpath="prop/@name")
+PropValue = SSPField(value="prop-value", xpath="prop/@value")
+UserUUID = SSPField(value="user-uuid", xpath="user/@uuid")
+FunctionPerformed = SSPField(value="function-performed", xpath="function-performed/text()")
+
+
+if __name__ == "__main__":
+    from regscale.models.regscale_models import (
+        LeveragedAuthorization,
+    )
+
+    xml_string = """<leveraged-authorization uuid="5a9c98ab-8e5e-433d-a7bd-515c07cd1497">
+       <title>AWS GovCloud</title>
+       <prop ns="https://fedramp.gov/ns/oscal" name="leveraged-system-identifier" value="F1603047866"/>
+       <link href="//path/to/leveraged_system_ssp.xml"/>
+       <link href="//path/to/leveraged_system_legacy_crm.xslt"/>
+       <link href="//path/to/leveraged_system_responsibility_and_inheritance.xml"/>
+       <party-uuid>f0bc13a4-3303-47dd-80d3-380e159c8362</party-uuid>
+       <date-authorized>2015-01-01</date-authorized>
+       <remarks>
+       <h1>Remarks</h1>
+          <p>The leveraged-authorizaton assembly is supposed to have a required uuid flag instead
+             of an optional id flag. This will be fixed in the syntax shortly.</p>
+          <p>Use one leveraged-authorization assembly for each underlying system. (In the legacy
+             world, these may be general support systems.</p>
+          <p>The link fields are optional, but preferred where known. Often, a leveraging system's
+             SSP author will not have access to the leveraged system's SSP, but should have access
+             to the leveraged system's CRM.</p>
+       </remarks>
+       <description>
+          <p>The description of the object contains the remarks.</p>
+          <h2>Services Used</h2>
+          <p>Services used by the leveraged system:</p>
+          <ul>
+                <li>EC2</li>
+          </ul>
+       </description>
+    </leveraged-authorization>
+    """
+    root = etree.fromstring(xml_string)
+    uuid = UUID.parse_from_element(root)
+    print(uuid)
+    date_authorized = DateAuthorized.parse_from_element(root)
+    print(date_authorized)
+    party_uuid = PartyUUID.parse_from_element(root)
+    print(party_uuid)
+    links = Link.parse_from_element(root)
+    print(links)
+    title = Title.parse_from_element(root)
+    print(title)
+    remarks = Remarks.parse_from_element(root)
+    print(remarks)
+    description = Description.parse_from_element(root)
+    print(description)
+    from regscale.core.app.application import Application
+    from regscale.core.app.utils.app_utils import get_current_datetime
+
+    app = Application()
+    leveraged_authorizations = LeveragedAuthorization(
+        uuid=uuid[1],
+        title=title[1],
+        fedrampId=None,
+        ownerId=party_uuid[1],
+        securityPlanId=1,
+        dateAuthorized=date_authorized[1],
+        description=remarks[1],
+        servicesUsed=None,
+        securityPlanLink=links[0][1],
+        crmLink=links[1][1],
+        responsibilityAndInheritanceLink=links[2][1],
+        createdById=app.config["userId"],
+        dateCreated=get_current_datetime(dt_format="%Y-%m-%dT%H:%M:%S.%fZ"),
+        lastUpdatedById=app.config["userId"],
+        dateLastUpdated=get_current_datetime(dt_format="%Y-%m-%dT%H:%M:%S.%fZ"),
+        tenantsId=None,
+    )
+    print(leveraged_authorizations)

regscale/integrations/public/fedramp/markdown_parser.py

@@ -0,0 +1,150 @@
+"""
+This module contains the MDDocParser class, which is used to parse an SSP Appendix A file
+and return a dictionary representing the data in the markdown document.
+"""
+
+import re
+import logging
+import zipfile  # Assuming you need this for other file handling
+import pypandoc
+from collections import defaultdict
+from typing import Dict, TextIO, Optional, Tuple
+from regscale.models import ProfileMapping
+
+# Configure logger
+logging.basicConfig(level=logging.DEBUG)
+logger = logging.getLogger(__name__)
+
+# Tokens used in HTML parsing
+BEGINPARTTOKEN = "<tr>"
+ENDPARTTOKEN = "</tr>"
+BODYSTARTTOKEN = "<tbody>"
+BODYENDTOKEN = "</tbody>"
+CONTROLSUMMARYTOKEN = "What is the solution"
+
+FULL_SUMMARY_TOKEN = "What is the solution and how is it implemented?"
+html_tag_pattern = re.compile(r"</?[^>]+>")
+
+
+def clean_part(part: str) -> str:
+    """
+    Cleans an HTML part string by removing specific HTML tags.
+
+    :param part: The HTML part string
+    :return: A cleaned HTML part string with specific tags removed
+    """
+    # Pattern to match specified HTML tags, using non-capturing groups for better performance
+    pattern = re.compile(r"</?(td|tr|th|tbody|thead)(?: [^>]*)?>", re.IGNORECASE)
+    return pattern.sub("", part).strip()
+
+
+class MDDocParser:
+    """
+    Parses an SSP .md file and extracts control parts into a dictionary.
+    """
+
+    def __init__(self, md_path: str, profile_id: int):
+        """
+        Initializes the MDDocParser with the path to the markdown file.
+
+        :param str md_path: Path to the markdown file
+        :param int profile_id: The profile ID to associate with the control parts
+        """
+        # List of controls to parse
+        self.md_path = md_path
+        try:
+            self.controls = [profile_map.controlId for profile_map in ProfileMapping.get_by_profile(profile_id)]
+            # Convert .md file to markdown_strict format and save output
+            self.md_text = pypandoc.convert_file(md_path, "markdown_strict", outputfile="app_a.md")
+            self.md_doc = "app_a.md"
+        except Exception as e:
+            logger.error(f"Error converting file: {e}")
+            raise
+
+    def get_parts(self) -> Dict[str, str]:
+        """
+        Parses the .md file and extracts control parts.
+
+        :return: A dictionary of control parts, keyed by control ID
+        """
+        control_parts_dict = defaultdict(str)
+        try:
+            with open(self.md_doc, "r") as file:
+                for line in file:
+                    if CONTROLSUMMARYTOKEN in line:
+                        control_id = self._handle_control_summary_line(line)
+                        if not control_id:
+                            continue
+                        # Skip lines to find the table content
+                        next(file)  # Skip HTML table definition line
+                        # Loop through file to capture parts between tbody tags
+                        self.find_parts(file, control_parts_dict, control_id)
+        except FileNotFoundError as e:
+            logger.error(f"File not found: {e}")
+        except Exception as e:
+            logger.error(f"Error parsing file: {e}")
+        return control_parts_dict
+
+    @staticmethod
+    def clean_html_and_newlines(input_text: str) -> str:
+        """
+        Cleans HTML tags and newlines from a string.
+        :param str input_text: The text to clean
+        :return: The cleaned text
+        :rtype: str
+        """
+        # Remove HTML tags
+        cleaner_text = html_tag_pattern.sub("", input_text)
+        # Remove newlines
+        return cleaner_text.replace("\n", "")
+
+    def _handle_control_summary_line(self, line: str) -> Optional[str]:
+        """
+        Handles a line of text from the markdown file.
+
+        :param str line: The line of text
+        :return: The control ID
+        :rtype: Optional[str]
+        """
+        # Extract control ID and clean it
+        html_free_line = self.clean_html_and_newlines(line)
+        clean_line = html_free_line.replace(FULL_SUMMARY_TOKEN, "")
+        if not clean_line:
+            return None
+        clean_control_id_from_line = clean_line.strip()
+        return clean_control_id_from_line
+
+    def find_parts(self, file: TextIO, control_parts_dict: Dict, cntrlid: str):
+        """
+        Parses and collects parts from a markdown file into a dictionary by control ID.
+
+        :param file: The markdown file
+        :param control_parts_dict: Dictionary to store parts by control ID
+        :param cntrlid: The control ID
+        """
+        allparts = ""
+        for line in file:
+            if BODYSTARTTOKEN in line:
+                continue
+            elif BODYENDTOKEN in line:
+                break
+            allparts += self.part_cleaner(file, line)
+
+        control_parts_dict[cntrlid] = allparts
+        logger.debug(f"Control ID: {cntrlid}, Parts: {allparts}")
+
+    @staticmethod
+    def part_cleaner(file: TextIO, line: str) -> str:
+        """
+        Cleans and accumulates parts of text from the markdown file.
+
+        :param file: The markdown file
+        :param line: The current line of text
+        :return: The cleaned part as a string
+        """
+        part = ""
+        for next_line in file:
+            part += " " + clean_part(next_line)
+            if ENDPARTTOKEN in next_line:
+                break
+        return part