regscale-cli 6.16.0.0__py3-none-any.whl

regscale/models/inspect_models.py

@@ -0,0 +1,79 @@
+#!/usr/bin/env python3
+
+"""Click BaseModels."""
+from collections import OrderedDict
+from inspect import Parameter, Signature, signature
+from types import MappingProxyType
+from typing import Any, Dict, List, Optional, Union, Callable
+
+import click
+import click.core
+from pydantic import BaseModel, validator, ConfigDict, field_validator
+
+
+# A Pydantic model to represent a parameter in a function signature
+class ParameterModel(BaseModel):
+    model_config = ConfigDict(extra="ignore", arbitrary_types_allowed=True)
+    name: str
+    kind: str
+    default: Optional[Any] = None
+    annotation: Union[str, None]
+
+    # Validators to convert Parameter.kind and Parameter.annotation to string
+    @field_validator("kind", mode="before")
+    def _get_kind_str(cls, v):
+        return str(v)
+
+    @field_validator("annotation", mode="before")
+    def _get_annotation_str(cls, v):
+        if v is Parameter.empty:
+            return None
+        return str(v)
+
+
+class SignatureModel(BaseModel):
+    """Signature Model"""
+
+    model_config = ConfigDict(extra="ignore", arbitrary_types_allowed=True)
+
+    name: Optional[str] = None
+    signature: Optional[Union[Signature, dict, str]] = None
+    # parameters: Optional[OrderedDict] = None
+    parameters: Dict[str, ParameterModel]
+
+    @field_validator("signature", mode="before")
+    def _check_signature(cls, var):
+        """Validate a click.Command"""
+        if not isinstance(var, (Signature, str, dict)):
+            print(f"signature must be a (Signature, str, dict) not {type(var)}")
+        return var
+
+    @classmethod
+    def from_callable(cls, command: str, fn: Callable):
+        sig = signature(fn)
+        params = {
+            name: ParameterModel(
+                name=command,
+                kind=param.kind,
+                default=param.default if param.default is not Parameter.empty else None,
+                annotation=param.annotation,
+            )
+            for name, param in sig.parameters.items()
+        }
+        return cls(name=command, parameters=params, signature=sig)
+
+    def to_dict(self):
+        return {name: param.dict() for name, param in self.parameters.items()}
+
+    def to_string(self):
+        return ", ".join(
+            [f"{param.name}: {param.annotation}={repr(param.default)}" for param in self.parameters.values()]
+        )
+
+
+if __name__ == "__main__":
+    from regscale.models.hierarchy import REGSCALE_CLI
+
+    call = REGSCALE_CLI["login"].callback
+    b = SignatureModel.from_callable(command="login", fn=call)
+    b

regscale/models/integration_models/amazon_models/inspector.py

@@ -0,0 +1,262 @@
+"""
+AWS Inspector Model
+"""
+
+import csv
+import json
+from typing import List, Optional, TYPE_CHECKING, Tuple, Union
+
+if TYPE_CHECKING:
+    from regscale.models import Mapping
+
+from pathlib import Path
+from pydantic import BaseModel
+
+from regscale.core.app.utils.app_utils import error_and_exit
+
+
+class InspectorRecord(BaseModel):
+    """
+    AWS Inspector Record
+    """
+
+    aws_account_id: str
+    severity: Optional[str] = None
+    fix_available: Optional[str] = None
+    finding_type: Optional[str] = None
+    title: Optional[str] = None
+    description: Optional[str] = None
+    finding_arn: Optional[str] = None
+    first_seen: Optional[str] = None
+    last_seen: Optional[str] = None
+    last_updated: Optional[str] = None
+    resource_id: Optional[str] = None
+    container_image_tags: Optional[str] = None
+    region: Optional[str] = None
+    platform: Optional[str] = None
+    resource_tags: Optional[str] = None
+    affected_packages: Optional[str] = None
+    package_installed_version: Optional[str] = None
+    fixed_in_version: Optional[str] = None
+    package_remediation: Optional[str] = None
+    file_path: Optional[str] = None
+    network_paths: Optional[str] = None
+    age_days: Optional[str] = None
+    remediation: Optional[str] = None
+    inspector_score: Optional[str] = None
+    inspector_score_vector: Optional[str] = None
+    status: Optional[str] = None
+    vulnerability_id: Optional[str] = None
+    vendor: Optional[str] = None
+    vendor_severity: Optional[str] = None
+    vendor_advisory: Optional[str] = None
+    vendor_advisory_published: Optional[str] = None
+    nvd_cvss3_score: Optional[str] = None
+    nvd_cvss3_vector: Optional[str] = None
+    nvd_cvss2_score: Optional[str] = None
+    nvd_cvss2_vector: Optional[str] = None
+    vendor_cvss3_score: Optional[str] = None
+    vendor_cvss3_vector: Optional[str] = None
+    vendor_cvss2_score: Optional[str] = None
+    vendor_cvss2_vector: Optional[str] = None
+    resource_type: Optional[str] = None
+    ami: Optional[str] = None
+    resource_public_ipv4: Optional[str] = None
+    resource_private_ipv4: Optional[str] = None
+    resource_ipv6: Optional[str] = None
+    resource_vpc: Optional[str] = None
+    port_range: Optional[str] = None
+    epss_score: Optional[str] = None
+    exploit_available: Optional[str] = None
+    last_exploited_at: Optional[str] = None
+    lambda_layers: Optional[str] = None
+    lambda_package_type: Optional[str] = None
+    lambda_last_updated_at: Optional[str] = None
+    reference_urls: Optional[str] = None
+    detector_name: Optional[str] = None
+    package_manager: Optional[str] = None
+
+    @classmethod
+    def process_csv(cls, file_path: Union[str, Path], mapping: "Mapping") -> Tuple[dict, List["InspectorRecord"]]:
+        """
+        Process CSV file
+
+        :param Union[str, Path] file_path: File path
+        :param Mapping mapping: Mapping object for different headers
+        :return: A header dict and a list of InspectorRecord objects
+        :rtype: Tuple[dict, List["InspectorRecord"]]
+        """
+
+        with open(file=file_path, mode="r", encoding="utf-8") as f:
+            res = []
+            reader = csv.DictReader(f)
+            header = reader.fieldnames
+            header_mapping = {name: name for name in header}
+            for row in reader:
+                new_row = {header_mapping[key]: value for key, value in row.items()}
+                res.append(cls.create_inspector_record_from_csv_data(new_row, mapping))
+        return header, res
+
+    @classmethod
+    def process_json(cls, file_path: Union[str, Path], mapping: "Mapping") -> Tuple[dict, List["InspectorRecord"]]:
+        """
+        Process JSON file
+
+        :param Union[str, Path] file_path: File path
+        :param Mapping mapping: Mapping object for different headers
+        :rtype: Tuple[dict, List["InspectorRecord"]]
+        :return: An empty dict and a list of InspectorRecord objects
+        """
+        with open(file=file_path, mode="r", encoding="utf-8") as file_object:
+            dat = json.load(file_object)
+        if not dat.get("findings"):
+            error_and_exit("No findings in JSON file, check the file format and try again.")
+        return {}, [cls.create_inspector_record_from_json_data(finding, mapping) for finding in dat.get("findings", [])]
+
+    @classmethod
+    def create_inspector_record_from_json_data(cls, finding: dict, mapping: "Mapping") -> "InspectorRecord":
+        """
+        Create an InspectorRecord from a csv row of data
+
+        :param dict finding: The finding data
+        :param Mapping mapping: Mapping object for different headers
+        :return: An InspectorRecord object
+        :rtype: InspectorRecord
+        """
+        resource = cls.get_resource(finding, mapping)
+        details = resource.get("details", {})
+        vulnerabilities = mapping.get_value(finding, "packageVulnerabilityDetails", {})
+        platform_key = list(details.keys())[0] if details.keys() else None
+
+        return InspectorRecord(
+            aws_account_id=mapping.get_value(finding, "awsAccountId", "", warnings=False),
+            description=mapping.get_value(finding, "description", warnings=False),
+            exploit_available=mapping.get_value(finding, "exploitAvailable", warnings=False),
+            finding_arn=mapping.get_value(finding, "findingArn", warnings=False),
+            first_seen=mapping.get_value(finding, "firstObservedAt", warnings=False),
+            fix_available=mapping.get_value(finding, "fixAvailable", warnings=False),
+            last_seen=mapping.get_value(finding, "lastObservedAt", warnings=False),
+            remediation=mapping.get_value(finding, "remediation", {}).get("recommendation", {}).get("text", ""),
+            severity=mapping.get_value(finding, "Severity", warnings=False),
+            status=mapping.get_value(finding, "status", warnings=False),
+            title=mapping.get_value(finding, "title", warnings=False),
+            resource_type=resource.get("type"),
+            resource_id=resource.get("id"),
+            region=resource.get("region"),
+            last_updated=mapping.get_value(finding, "updatedAt", warnings=False),
+            platform=resource.get("details", {}).get(platform_key, {}).get("platform", ""),
+            resource_tags=" ,".join(resource.get("details", {}).get(platform_key, {}).get("imageTags", "")),
+            affected_packages=cls.get_vulnerable_package_info(vulnerabilities, "name"),
+            package_installed_version=cls.get_vulnerable_package_info(vulnerabilities, "version"),
+            fixed_in_version=cls.get_vulnerable_package_info(vulnerabilities, "fixedInVersion"),
+            package_remediation=cls.get_vulnerable_package_info(vulnerabilities, "remediation"),
+            vulnerability_id=vulnerabilities.get("vulnerabilityId") if vulnerabilities else None,
+            vendor=vulnerabilities.get("source") if vulnerabilities else None,
+            vendor_severity=mapping.get_value(finding, "severity", warnings=False),
+            vendor_advisory=vulnerabilities.get("sourceUrl") if vulnerabilities else None,
+            vendor_advisory_published=vulnerabilities.get("vendorCreatedAt") if vulnerabilities else None,
+            package_manager=cls.get_vulnerable_package_info(
+                mapping.get_value(finding, "packageVulnerabilityDetails", {}, warnings=False), "packageManager"
+            ),
+            file_path=cls.get_vulnerable_package_info(
+                mapping.get_value(finding, "packageVulnerabilityDetails", {}, warnings=False), "filePath"
+            ),
+            reference_urls=mapping.get_value(finding, "packageVulnerabilityDetails", {}, warnings=False).get(
+                "sourceUrl"
+            ),
+        )
+
+    @classmethod
+    def create_inspector_record_from_csv_data(cls, finding: dict, mapping: "Mapping") -> "InspectorRecord":
+        """
+        Create an InspectorRecord from a finding
+
+        :param dict finding: The finding data
+        :param Mapping mapping: Mapping object for different headers
+        :return: An InspectorRecord object
+        :rtype: InspectorRecord
+        """
+        return InspectorRecord(
+            aws_account_id=mapping.get_value(finding, "AWS Account Id"),
+            severity=mapping.get_value(finding, "Severity"),
+            fix_available=mapping.get_value(finding, "Fix Available"),
+            finding_type=mapping.get_value(finding, "Finding Type"),
+            title=mapping.get_value(finding, "Title"),
+            description=mapping.get_value(finding, "Description"),
+            finding_arn=mapping.get_value(finding, "Finding ARN"),
+            first_seen=mapping.get_value(finding, "First Seen"),
+            last_seen=mapping.get_value(finding, "Last Seen"),
+            last_updated=mapping.get_value(finding, "Last Updated"),
+            resource_id=mapping.get_value(finding, "Resource ID"),
+            container_image_tags=mapping.get_value(finding, "Container Image Tags"),
+            region=mapping.get_value(finding, "Region"),
+            platform=mapping.get_value(finding, "Platform"),
+            resource_tags=mapping.get_value(finding, "Resource Tags"),
+            affected_packages=mapping.get_value(finding, "Affected Packages"),
+            package_installed_version=mapping.get_value(finding, "Package Installed Version"),
+            fixed_in_version=mapping.get_value(finding, "Fixed in Version"),
+            package_remediation=mapping.get_value(finding, "Package Remediation"),
+            file_path=mapping.get_value(finding, "File Path"),
+            network_paths=mapping.get_value(finding, "Network Paths"),
+            age_days=mapping.get_value(finding, "Age (Days)"),
+            remediation=mapping.get_value(finding, "Remediation"),
+            inspector_score=mapping.get_value(finding, "Inspector Score"),
+            inspector_score_vector=mapping.get_value(finding, "Inspector Score Vector"),
+            status=mapping.get_value(finding, "Status"),
+            vulnerability_id=mapping.get_value(finding, "Vulnerability Id"),
+            vendor=mapping.get_value(finding, "Vendor"),
+            vendor_severity=mapping.get_value(finding, "Vendor Severity"),
+            vendor_advisory=mapping.get_value(finding, "Vendor Advisory"),
+            vendor_advisory_published=mapping.get_value(finding, "Vendor Advisory Published"),
+            nvd_cvss3_score=mapping.get_value(finding, "NVD CVSS3 Score"),
+            nvd_cvss3_vector=mapping.get_value(finding, "NVD CVSS3 Vector"),
+            nvd_cvss2_score=mapping.get_value(finding, "NVD CVSS2 Score"),
+            nvd_cvss2_vector=mapping.get_value(finding, "NVD CVSS2 Vector"),
+            vendor_cvss3_score=mapping.get_value(finding, "Vendor CVSS3 Score"),
+            vendor_cvss3_vector=mapping.get_value(finding, "Vendor CVSS3 Vector"),
+            vendor_cvss2_score=mapping.get_value(finding, "Vendor CVSS2 Score"),
+            vendor_cvss2_vector=mapping.get_value(finding, "Vendor CVSS2 Vector"),
+            resource_type=mapping.get_value(finding, "Resource Type"),
+            ami=mapping.get_value(finding, "Ami"),
+            resource_public_ipv4=mapping.get_value(finding, "Resource Public Ipv4"),
+            resource_private_ipv4=mapping.get_value(finding, "Resource Private Ipv4"),
+            resource_ipv6=mapping.get_value(finding, "Resource Ipv6"),
+            resource_vpc=mapping.get_value(finding, "Resource Vpc"),
+            port_range=mapping.get_value(finding, "Port Range"),
+            epss_score=mapping.get_value(finding, "Epss Score"),
+            exploit_available=mapping.get_value(finding, "Exploit Available"),
+            last_exploited_at=mapping.get_value(finding, "Last Exploited At"),
+            lambda_layers=mapping.get_value(finding, "Lambda Layers"),
+            lambda_package_type=mapping.get_value(finding, "Lambda Package Type"),
+            lambda_last_updated_at=mapping.get_value(finding, "Lambda Last Updated At"),
+            reference_urls=mapping.get_value(finding, "Reference Urls"),
+            detector_name=mapping.get_value(finding, "Detector Name"),
+            package_manager=mapping.get_value(finding, "Package Manager"),
+        )
+
+    @staticmethod
+    def get_resource(finding: dict, mapping: "Mapping") -> dict:
+        """
+        Get the resource from a finding
+
+        :param dict finding: The finding data
+        :param Mapping mapping: Mapping object for different headers
+        :return: The resource data
+        :rtype: dict
+        """
+        resources = mapping.get_value(finding, "resources", [])
+        resource = resources.pop() if resources else {}
+        return resource
+
+    @staticmethod
+    def get_vulnerable_package_info(vulnerabilities: dict, key: str) -> Optional[str]:
+        """
+        Get information from a vulnerable package
+
+        :param dict vulnerabilities: The vulnerabilities data
+        :param str key: The key of the information to get
+        :return: The information or None if not found
+        :rtype: Optional[str]
+        """
+        vulnerable_packages = vulnerabilities.get("vulnerablePackages", [])
+        return vulnerable_packages[0].get(key) if vulnerabilities and vulnerable_packages else None

regscale/models/integration_models/amazon_models/inspector_scan.py

@@ -0,0 +1,206 @@
+"""
+AWS Inspector Scan information
+"""
+
+import re
+from typing import List, Optional, Tuple
+
+from pathlib import Path
+
+from regscale.core.app.application import Application
+from regscale.core.app.logz import create_logger
+from regscale.core.app.utils.app_utils import get_current_datetime, is_valid_fqdn
+from regscale.models import ImportValidater
+from regscale.models.integration_models.amazon_models.inspector import InspectorRecord
+from regscale.models.integration_models.flat_file_importer import FlatFileImporter
+from regscale.models.regscale_models.asset import Asset
+from regscale.models.regscale_models.vulnerability import Vulnerability
+
+
+class InspectorScan(FlatFileImporter):
+    """
+    AWS Inspector Scan
+    """
+
+    def __init__(self, **kwargs: dict):
+        self.name = "amazon"
+        self.vuln_title = "Vulnerability Name"
+        self.fmt = "%m/%d/%Y"
+        self.dt_format = "%Y-%m-%d %H:%M:%S"
+        self.image_name = "Image Name"
+        self.ffi = "First Found on Image"
+        json_headers = [
+            "awsAccountId",
+            "resources",
+            "packageVulnerabilityDetails",
+            "title",
+            "description",
+        ]
+        csv_headers = [
+            "AWS Account Id",
+            "Resource ID",
+            "Title",
+            "Description",
+        ]
+        file_type = kwargs.get("file_type")
+        if file_type == ".json":
+            self.required_headers = json_headers
+            key = "findings"
+        elif file_type == ".csv":
+            self.required_headers = csv_headers
+            key = None
+        else:
+            from regscale.exceptions import ValidationException
+
+            raise ValidationException(f"Unsupported file format: {file_type}, must be .json or .csv.")
+        self.mappings_path = kwargs.get("mappings_path")
+        self.disable_mapping = kwargs.get("disable_mapping")
+        self.validater = ImportValidater(
+            self.required_headers, kwargs.get("file_path"), self.mappings_path, self.disable_mapping, key=key
+        )
+        self.headers = self.validater.parsed_headers
+        self.mapping = self.validater.mapping
+        logger = create_logger()
+        super().__init__(
+            logger=logger,
+            app=Application(),
+            headers=self.headers,
+            asset_func=self.create_asset,
+            vuln_func=self.create_vuln,
+            **kwargs,
+        )
+
+    def file_to_list_of_dicts(self) -> Tuple[dict, List[InspectorRecord]]:
+        """
+        Override the base class method to handle the AWS Inspector CSV or JSON file format
+
+        :raises ValueError: If the file format is not supported
+        :return: Tuple of a header and a list of inspector objects
+        :rtype: Tuple[dict, List[InspectorRecord]]
+        """
+        file_path = Path(self.attributes.file_path)
+        file_ext = file_path.suffix
+        if file_ext == ".csv":
+            header, res = InspectorRecord.process_csv(file_path, self.mapping)
+        elif file_ext == ".json":
+            header, res = InspectorRecord.process_json(file_path, self.mapping)
+        else:
+            raise ValueError(f"Unsupported file format: {file_ext}")
+        return header, res
+
+    def create_asset(self, dat: Optional[InspectorRecord] = None) -> Asset:
+        """
+        Create an asset from a row in an Inspector Record
+
+        :param Optional[InspectorRecord] dat: Data row from an Inspector Record, defaults to None
+        :return: RegScale Asset object
+        :rtype: Asset
+        """
+        hostname = dat.resource_id
+        distro = dat.platform
+        # Container Image, Virtual Machine (VM), etc.
+        asset_type = self.amazon_type_map().get(dat.resource_type, "Other")
+
+        return Asset(
+            **{
+                "id": 0,
+                "name": hostname,
+                "awsIdentifier": hostname,
+                "ipAddress": "",
+                "isPublic": True,
+                "status": "Active (On Network)",
+                "assetCategory": "Hardware",
+                "bLatestScan": True,
+                "bAuthenticatedScan": True,
+                "scanningTool": self.name,
+                "assetOwnerId": self.config["userId"],
+                "assetType": asset_type,
+                "fqdn": hostname if is_valid_fqdn(hostname) else None,
+                "operatingSystem": Asset.find_os(distro),
+                "systemAdministratorId": self.config["userId"],
+                "parentId": self.attributes.parent_id,
+                "parentModule": self.attributes.parent_module,
+            }
+        )
+
+    def create_vuln(self, dat: Optional[InspectorRecord] = None, **kwargs) -> Optional[Vulnerability]:
+        """
+        Create a vulnerability from an Inspector Record
+
+        :param Optional[InspectorRecord] dat: Data row an Inspector Record, defaults to None
+        :return: RegScale Vulnerability object or None
+        :rtype: Optional[Vulnerability]
+        """
+        hostname = dat.resource_id
+        distro = dat.platform
+        cve: str = dat.vulnerability_id
+        description: str = dat.description
+        title = dat.title if dat.title else dat.description
+        aws_severity = dat.severity
+        severity = self.severity_mapper(aws_severity)
+        config = self.attributes.app.config
+        asset_match = [asset for asset in self.data["assets"] if asset.name == hostname]
+        asset = asset_match[0] if asset_match else None
+        if dat and asset_match:
+            return Vulnerability(
+                id=0,
+                scanId=0,  # set later
+                parentId=asset.id,
+                parentModule="assets",
+                ipAddress="0.0.0.0",  # No ip address available
+                lastSeen=dat.last_seen,
+                firstSeen=dat.first_seen,
+                daysOpen=None,
+                dns=hostname,
+                mitigated=None,
+                operatingSystem=(Asset.find_os(distro) if Asset.find_os(distro) else None),
+                severity=severity,
+                plugInName=dat.title,
+                plugInId=self.convert_cve_string_to_int(dat.vulnerability_id),
+                cve=cve,
+                vprScore=None,
+                tenantsId=0,
+                title=f"{description} on asset {asset.name}",
+                description=description,
+                plugInText=title,
+                createdById=config["userId"],
+                lastUpdatedById=config["userId"],
+                dateCreated=get_current_datetime(),
+                extra_data={
+                    "solution": dat.remediation,
+                    "proof": dat.finding_arn,
+                },
+            )
+        return None
+
+    @staticmethod
+    def amazon_type_map() -> dict:
+        """
+        Map Amazon Inspector resource types to RegScale asset types
+        """
+        return {
+            "AWS_EC2_INSTANCE": "Virtual Machine (VM)",
+            "AWS_ECR_CONTAINER_IMAGE": "Container Image",
+        }
+
+    @staticmethod
+    def severity_mapper(aws_severity):
+        """
+        Map AWS Inspector severity to RegScale severity
+        """
+
+        severity_map = {"CRITICAL": "high", "HIGH": "high", "LOW": "low", "MEDIUM": "medium", "UNTRIAGED": "high"}
+        return severity_map.get(aws_severity, "low")
+
+    @staticmethod
+    def convert_cve_string_to_int(s: str) -> int:
+        """
+        Convert a CVE string to an integer
+
+        :param str s: CVE string
+        :return: CVE integer
+        :rtype: int
+        """
+        numbers = re.findall(r"\d+", s)
+        # merge numbers to string
+        return int("".join(numbers))