regscale-cli 6.16.0.0__py3-none-any.whl

regscale/models/integration_models/aqua.py

@@ -0,0 +1,247 @@
+"""
+Aqua Scan information
+"""
+
+from itertools import groupby
+from operator import itemgetter
+from typing import List, Optional
+
+from regscale.core.app.application import Application
+from regscale.core.app.logz import create_logger
+from regscale.core.app.utils.app_utils import get_current_datetime, is_valid_fqdn
+from regscale.core.utils.date import datetime_str
+from regscale.models.app_models import ImportValidater
+from regscale.models.integration_models.flat_file_importer import FlatFileImporter
+from regscale.models.regscale_models.asset import Asset
+from regscale.models.regscale_models.vulnerability import Vulnerability
+
+
+class Aqua(FlatFileImporter):
+    """Aqua Scan information"""
+
+    def __init__(self, **kwargs):
+        from regscale.integrations.integration_override import IntegrationOverride
+
+        self.name = kwargs.get("name")
+        self.integration_mapping = IntegrationOverride(Application())
+        self.vuln_title = "Vulnerability Name"
+        self.fmt = "%m/%d/%Y"
+        self.dt_format = "%Y-%m-%d %H:%M:%S"
+        self.image_name = "Image Name"
+        self.OS = "OS"
+        self.description = "Description"
+        self.ffi = "First Found on Image"
+        self.last_image_scan = "Last Image Scan"
+        self.installed_version = "Installed Version"
+        self.vendor_cvss_v2_severity = "Vendor CVSS v2 Severity"
+        self.vendor_cvss_v3_severity = "Vendor CVSS v3 Severity"
+        self.vendor_cvss_v3_score = "Vendor CVSS v3 Score"
+        self.nvd_cvss_v2_severity = "NVD CVSS v2 Severity"
+        self.nvd_cvss_v3_severity = "NVD CVSS v3 Severity"
+        self.required_headers = [
+            self.image_name,
+            self.OS,
+            self.vuln_title,
+            self.description,
+        ]
+        self.mapping_file = kwargs.get("mappings_path")
+        self.disable_mapping = kwargs.get("disable_mapping")
+        self.validater = ImportValidater(
+            self.required_headers, kwargs.get("file_path"), self.mapping_file, self.disable_mapping
+        )
+        self.headers = self.validater.parsed_headers
+        self.mapping = self.validater.mapping
+        logger = create_logger()
+        self.logger = logger
+        super().__init__(
+            logger=logger,
+            headers=self.headers,
+            asset_func=self.create_asset,
+            vuln_func=self.create_vuln,
+            app=Application(),
+            ignore_validation=True,
+            **kwargs,
+        )
+
+    def create_asset(self, dat: Optional[dict] = None) -> Optional[Asset]:
+        """
+        Create an asset from a row in the Aqua file
+
+        :param Optional[dict] dat: Data row from CSV file, defaults to None
+        :return: RegScale Asset object or None
+        :rtype: Optional[Asset]
+        """
+        name = self.mapping.get_value(dat, self.image_name)
+        if not name:
+            return None
+        os = self.mapping.get_value(dat, self.OS)
+        return Asset(
+            **{
+                "id": 0,
+                "name": name,
+                "description": "",
+                "operatingSystem": Asset.find_os(os),
+                "operatingSystemVersion": os,
+                "ipAddress": "0.0.0.0",
+                "isPublic": True,
+                "status": "Active (On Network)",
+                "assetCategory": "Hardware",
+                "bLatestScan": True,
+                "bAuthenticatedScan": True,
+                "scanningTool": self.name,
+                "assetOwnerId": self.config["userId"],
+                "assetType": "Other",
+                "fqdn": name if is_valid_fqdn(name) else None,
+                "systemAdministratorId": self.config["userId"],
+                "parentId": self.attributes.parent_id,
+                "parentModule": self.attributes.parent_module,
+                "extra_data": {"software_inventory": self.generate_software_inventory(name)},
+            }
+        )
+
+    def generate_software_inventory(self, name: str) -> List[dict]:
+        """
+        Create and post a list of software inventory for a given asset
+
+        :param str name: The name of the asset
+        :return: List of software inventory
+        :rtype: List[dict]
+        """
+        inventory: List[dict] = []
+
+        image_group = {
+            k: list(g) for k, g in groupby(self.file_data, key=itemgetter(self.mapping.get_header(self.image_name)))
+        }
+
+        softwares = image_group[name]
+        for software in softwares:
+            if "Resource" not in software or self.installed_version not in software:
+                continue
+            inv = {
+                "name": software["Resource"],
+                "version": str(software[self.installed_version]),
+            }
+            if (inv.get("name"), inv.get("version")) not in {
+                (soft.get("name"), soft.get("version")) for soft in inventory
+            }:
+                inventory.append(inv)
+
+        return inventory
+
+    def current_datetime_w_log(self, field: str) -> str:
+        """
+        Get the current date and time with a log message
+
+        :param str field: The field that is missing the date
+        :return: The current date and time
+        :rtype: str
+        """
+        self.logger.info(f"Unable to determine date for the '{field}' field, falling back to current date and time.")
+        return get_current_datetime()
+
+    def create_vuln(self, dat: Optional[dict] = None, **kwargs: dict) -> Optional[Vulnerability]:
+        """
+        Create a vulnerability from a row in the Aqua csv file
+
+        :param Optional[dict] dat: Data row from CSV file, defaults to None
+        :param dict **kwargs: Additional keyword arguments
+        :return: RegScale Vulnerability object or None
+        :rtype: Optional[Vulnerability]
+        """
+
+        hostname = self.mapping.get_value(dat, self.image_name)
+
+        # Custom Integration Mapping fields
+        remediation = self.mapping.get_value(dat, self.integration_mapping.load("aqua", "remediation")) or (
+            self.mapping.get_value(dat, self.description) or "Upgrade affected package"
+        )  # OLDTODO: BMC would like this to use "Solution" column
+        description = self.mapping.get_value(dat, self.integration_mapping.load("aqua", "description")) or (
+            self.mapping.get_value(dat, self.description)
+        )
+        title = self.mapping.get_value(dat, self.integration_mapping.load("aqua", "title")) or (
+            description[:255] if description else f"Vulnerability on {hostname}"
+        )  # OLDTODO: BMC Would like the CVE here
+
+        regscale_vuln = None
+        severity = self.determine_cvss_severity(dat)
+        config = self.attributes.app.config
+        asset_match = [asset for asset in self.data["assets"] if asset.name == hostname]
+        asset = asset_match[0] if asset_match else None
+        if asset_match and self.validate(ix=kwargs.get("index"), dat=dat):
+            regscale_vuln = Vulnerability(
+                id=0,
+                scanId=0,
+                parentId=asset.id,
+                parentModule="assets",
+                ipAddress="0.0.0.0",
+                lastSeen=datetime_str(self.mapping.get_value(dat, self.last_image_scan))
+                or self.current_datetime_w_log(self.last_image_scan),
+                firstSeen=datetime_str(self.mapping.get_value(dat, self.ffi)) or self.current_datetime_w_log(self.ffi),
+                daysOpen=None,
+                dns=hostname,
+                mitigated=None,
+                operatingSystem=asset.operatingSystem,
+                severity=severity,
+                plugInName=description,
+                cve=self.mapping.get_value(dat, self.vuln_title),
+                cvsSv3BaseScore=self.mapping.get_value(dat, self.vendor_cvss_v3_score, 0.0),
+                tenantsId=0,
+                title=title,
+                description=description,
+                plugInText=self.mapping.get_value(dat, self.vuln_title),
+                createdById=config["userId"],
+                lastUpdatedById=config["userId"],
+                dateCreated=get_current_datetime(),
+                extra_data={"solution": remediation},
+            )
+        return regscale_vuln
+
+    def determine_cvss_severity(self, dat: dict) -> str:
+        """
+        Determine the CVSS severity of the vulnerability
+
+        :param dict dat: Data row from CSV file
+        :return: A severity derived from the CVSS scores
+        :rtype: str
+        """
+        precedence_order = [
+            self.nvd_cvss_v3_severity,
+            self.nvd_cvss_v2_severity,
+            self.vendor_cvss_v3_severity,
+            # This field may or may not be available in the file (Coalfire has it, BMC does not.)
+            (
+                self.vendor_cvss_v2_severity
+                if self.mapping.get_value(dat, self.vendor_cvss_v2_severity, warnings=False)
+                else None
+            ),
+        ]
+        severity = "info"
+        for key in precedence_order:
+            if key and self.mapping.get_value(dat, key):
+                severity = self.mapping.get_value(dat, key).lower()
+                break
+
+        return severity
+
+    def validate(self, ix: Optional[int], dat: dict) -> bool:
+        """
+        Validate the row of data, and populate with something if missing
+
+        :param Optional[int] ix: index
+        :param dict dat: Data row from CSV file
+        :return: True if the row is valid or has been updated with default value
+        :rtype: bool
+        """
+        required_keys = [self.description]
+        val = True
+        for key in required_keys:
+            if not dat.get(key):
+                default_val = f"No {key} available."
+                row_skip = (
+                    f"Populating {key} for row #{ix + 1} with {default_val}"
+                    if isinstance(ix, int)
+                    else f"Populating {key} with {default_val}"
+                )
+                self.attributes.logger.warning(f"Missing value for required field: {key}, {row_skip}")
+                dat[key] = default_val
+        return val

regscale/models/integration_models/azure_alerts.py

@@ -0,0 +1,255 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""Dataclass for a Microsoft Defender for Cloud alerts"""
+
+# standard python imports
+from dataclasses import dataclass
+from typing import Any, Optional
+from typing import List
+
+
+@dataclass
+class Location:
+    countryCode: Optional[str] = None
+    countryName: Optional[str] = None
+    state: Optional[str] = None
+    city: Optional[str] = None
+    longitude: Optional[float] = None
+    latitude: Optional[float] = None
+    asn: Optional[int] = None
+    carrier: Optional[str] = None
+    organization: Optional[str] = None
+    organizationType: Optional[str] = None
+    cloudProvider: Optional[str] = None
+    systemService: Optional[str] = None
+
+    @staticmethod
+    def from_dict(obj: Any) -> "Location":
+        _countryCode = str(obj.get("countryCode"))
+        _countryName = str(obj.get("countryName"))
+        _state = str(obj.get("state"))
+        _city = str(obj.get("city"))
+        _longitude = float(obj.get("longitude"))
+        _latitude = float(obj.get("latitude"))
+        _asn = int(obj.get("asn"))
+        _carrier = str(obj.get("carrier"))
+        _organization = str(obj.get("organization"))
+        _organizationType = str(obj.get("organizationType"))
+        _cloudProvider = str(obj.get("cloudProvider"))
+        _systemService = str(obj.get("systemService"))
+        return Location(
+            _countryCode,
+            _countryName,
+            _state,
+            _city,
+            _longitude,
+            _latitude,
+            _asn,
+            _carrier,
+            _organization,
+            _organizationType,
+            _cloudProvider,
+            _systemService,
+        )
+
+
+@dataclass
+class SourceAddress:
+    ref: Optional[str] = None
+
+    @staticmethod
+    def from_dict(obj: Any) -> "SourceAddress":
+        _ref = str(obj.get("$ref"))
+        return SourceAddress(_ref)
+
+
+@dataclass
+class Host:
+    ref: Optional[str] = None
+
+    @staticmethod
+    def from_dict(obj: Any) -> "Host":
+        _ref = str(obj.get("$ref"))
+        return Host(_ref)
+
+
+@dataclass
+class Entity:
+    id: Optional[str] = None
+    resourceId: Optional[str] = None
+    type: Optional[str] = None
+    address: Optional[str] = None
+    location: Optional[str] = None
+    hostName: Optional[str] = None
+    sourceAddress: Optional[SourceAddress] = None
+    name: Optional[str] = None
+    host: Optional[Host] = None
+
+    @staticmethod
+    def from_dict(obj: Any) -> "Entity":
+        _id = str(obj.get("$id"))
+        _resourceId = str(obj.get("resourceId"))
+        _type = str(obj.get("type"))
+        _address = str(obj.get("address"))
+        _location = Location.from_dict(obj.get("location"))
+        _hostName = str(obj.get("hostName"))
+        _sourceAddress = SourceAddress.from_dict(obj.get("sourceAddress"))
+        _name = str(obj.get("name"))
+        _host = Host.from_dict(obj.get("host"))
+        return Entity(
+            _id,
+            _resourceId,
+            _type,
+            _address,
+            _location,
+            _hostName,
+            _sourceAddress,
+            _name,
+            _host,
+        )
+
+
+@dataclass
+class ExtendedProperties:
+    alertId: Optional[str] = None
+    compromisedEntity: Optional[str] = None
+    clientIpAddress: Optional[str] = None
+    clientPrincipalName: Optional[str] = None
+    clientApplication: Optional[str] = None
+    investigationSteps: Optional[str] = None
+    potentialCauses: Optional[str] = None
+    resourceType: Optional[str] = None
+    killChainIntent: Optional[str] = None
+
+    @staticmethod
+    def from_dict(obj: Any) -> "ExtendedProperties":
+        _alertId = str(obj.get("alert Id"))
+        _compromisedEntity = str(obj.get("compromised entity"))
+        _clientIpAddress = str(obj.get("client IP address"))
+        _clientPrincipalName = str(obj.get("client principal name"))
+        _clientApplication = str(obj.get("client application"))
+        _investigationSteps = str(obj.get("investigation steps"))
+        _potentialCauses = str(obj.get("potential causes"))
+        _resourceType = str(obj.get("resourceType"))
+        _killChainIntent = str(obj.get("killChainIntent"))
+        return ExtendedProperties(
+            _alertId,
+            _compromisedEntity,
+            _clientIpAddress,
+            _clientPrincipalName,
+            _clientApplication,
+            _investigationSteps,
+            _potentialCauses,
+            _resourceType,
+            _killChainIntent,
+        )
+
+
+@dataclass
+class ResourceIdentifier:
+    id: Optional[str] = None
+    azureResourceId: Optional[str] = None
+    type: Optional[str] = None
+    azureResourceTenantId: Optional[str] = None
+
+    @staticmethod
+    def from_dict(obj: Any) -> "ResourceIdentifier":
+        _id = str(obj.get("$id"))
+        _azureResourceId = str(obj.get("azureResourceId"))
+        _type = str(obj.get("type"))
+        _azureResourceTenantId = str(obj.get("azureResourceTenantId"))
+        return ResourceIdentifier(_id, _azureResourceId, _type, _azureResourceTenantId)
+
+
+@dataclass
+class Properties:
+    status: Optional[str] = None
+    timeGeneratedUtc: Optional[str] = None
+    processingEndTimeUtc: Optional[str] = None
+    version: Optional[str] = None
+    vendorName: Optional[str] = None
+    productName: Optional[str] = None
+    productComponentName: Optional[str] = None
+    alertType: Optional[str] = None
+    startTimeUtc: Optional[str] = None
+    endTimeUtc: Optional[str] = None
+    severity: Optional[str] = None
+    isIncident: Optional[str] = None
+    systemAlertId: Optional[str] = None
+    correlationKey: Optional[str] = None
+    intent: Optional[str] = None
+    resourceIdentifiers: Optional[List[ResourceIdentifier]] = None
+    compromisedEntity: Optional[str] = None
+    alertDisplayName: Optional[str] = None
+    description: Optional[str] = None
+    remediationSteps: Optional[List[str]] = None
+    extendedProperties: Optional[ExtendedProperties] = None
+    entities: Optional[List[Entity]] = None
+    alertUri: Optional[str] = None
+
+    @staticmethod
+    def from_dict(obj: Any) -> "Properties":
+        _status = str(obj.get("status"))
+        _timeGeneratedUtc = str(obj.get("timeGeneratedUtc"))
+        _processingEndTimeUtc = str(obj.get("processingEndTimeUtc"))
+        _version = str(obj.get("version"))
+        _vendorName = str(obj.get("vendorName"))
+        _productName = str(obj.get("productName"))
+        _productComponentName = str(obj.get("productComponentName"))
+        _alertType = str(obj.get("alertType"))
+        _startTimeUtc = str(obj.get("startTimeUtc"))
+        _endTimeUtc = str(obj.get("endTimeUtc"))
+        _severity = str(obj.get("severity"))
+        _isIncident = bool(obj.get("isIncident"))
+        _systemAlertId = str(obj.get("systemAlertId"))
+        _correlationKey = str(obj.get("correlationKey"))
+        _intent = str(obj.get("intent"))
+        _resourceIdentifiers = [ResourceIdentifier.from_dict(y) for y in obj.get("resourceIdentifiers")]
+        _compromisedEntity = str(obj.get("compromisedEntity"))
+        _alertDisplayName = str(obj.get("alertDisplayName"))
+        _description = str(obj.get("description"))
+        _remediationSteps = [obj.get("remediationSteps")]
+        _extended_properties = ExtendedProperties.from_dict(obj.get("extendedProperties"))
+        _entities = [Entity.from_dict(y) for y in obj.get("entities")]
+        _alertUri = str(obj.get("alertUri"))
+        return Properties(
+            _status,
+            _timeGeneratedUtc,
+            _processingEndTimeUtc,
+            _version,
+            _vendorName,
+            _productName,
+            _productComponentName,
+            _alertType,
+            _startTimeUtc,
+            _endTimeUtc,
+            _severity,
+            _isIncident,
+            _systemAlertId,
+            _correlationKey,
+            _intent,
+            _resourceIdentifiers,
+            _compromisedEntity,
+            _alertDisplayName,
+            _description,
+            _remediationSteps,
+            _extended_properties,
+            _entities,
+            _alertUri,
+        )
+
+
+@dataclass
+class Alert:
+    id: str
+    name: str
+    type: str
+    properties: Properties
+
+    @staticmethod
+    def from_dict(obj: Any) -> "Alert":
+        _id = str(obj.get("id"))
+        _name = str(obj.get("name"))
+        _type = str(obj.get("type"))
+        _properties = Properties.from_dict(obj.get("properties"))
+        return Alert(_id, _name, _type, _properties)

regscale/models/integration_models/base64.py

@@ -0,0 +1,23 @@
+"""Standard imports"""
+
+import base64
+
+from pydantic import ValidationError
+
+
+class Base64String(str):
+    """Base64 String"""
+
+    @classmethod
+    def __get_validators__(cls):
+        """Get validators"""
+        yield cls.validate_base64_str
+
+    @classmethod
+    def validate_base64_str(cls, input_string: str, field: str):
+        """Validate base64 string"""
+        try:
+            base64.b64decode(input_string)
+            return input_string
+        except Exception as exc:
+            raise ValidationError(f"{field} is not a valid base64 string") from exc