regscale-cli 6.16.0.0__py3-none-any.whl

regscale/models/integration_models/grype_import.py

@@ -0,0 +1,247 @@
+"""
+Module for processing Grype scan results and loading them into RegScale as assets, issues, and vulnerabilities.
+"""
+
+import logging
+import traceback
+from typing import Any, Iterator, List, Optional
+
+from regscale.core.app.utils.parser_utils import safe_datetime_str
+from regscale.exceptions import ValidationException
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
+from regscale.models import ImportValidater
+from regscale.models.integration_models.flat_file_importer import FlatFileImporter
+from regscale.models.regscale_models import AssetStatus, IssueSeverity, IssueStatus
+
+logger = logging.getLogger(__name__)
+
+
+class GrypeImport(FlatFileImporter):
+    """Class for handling Grype scanner integration."""
+
+    asset_identifier_field = "otherTrackingNumber"
+    finding_severity_map = {
+        "CRITICAL": IssueSeverity.Critical.value,
+        "HIGH": IssueSeverity.High.value,
+        "MEDIUM": IssueSeverity.Moderate.value,
+        "LOW": IssueSeverity.Low.value,
+        "UNKNOWN": IssueSeverity.High.value,
+        "NEGLIGIBLE": IssueSeverity.High.value,
+    }
+    identifier: Optional[str] = None
+
+    def __init__(self, **kwargs: Any):
+        self.name = kwargs.get("name", "Grype")
+        self.required_headers = [
+            "matches",
+        ]
+        self.mapping_file = kwargs.get("mappings_path")
+        self.disable_mapping = kwargs.get("disable_mapping")
+        self.validater = ImportValidater(
+            self.required_headers,
+            kwargs.get("file_path"),
+            self.mapping_file,
+            self.disable_mapping,
+        )
+        self.headers = self.validater.parsed_headers
+        self.mapping = self.validater.mapping
+        if kwargs.get("scan_date"):
+            self.scan_date = kwargs.pop("scan_date")
+        else:
+            self.scan_date = safe_datetime_str(self.mapping.get_value(self.validater.data, "timestamp", warnings=False))
+        # even if a user doesn't specify a scan_date, we want to remove it from the kwargs and use the scan_date from
+        # the attributes after the scan_date is set in the previous logic
+        if "scan_date" in kwargs:
+            kwargs.pop("scan_date")
+        source_target_data = self.mapping.get_value(self.validater.data, "source", {}, warnings=False).get("target", {})
+
+        if "sha256-" in kwargs["file_name"]:
+            logger.debug("found sha256 in file name %s", kwargs["file_name"])
+            self.identifier = "sha256-" + kwargs["file_name"].split("sha256-")[1].split(".json")[0]
+        else:
+            logger.debug("using imageID for identifier")
+            self.identifier = source_target_data.get("imageID", "Unknown")
+        logger.debug("self.identifier: %s", self.identifier)
+        self.integration_name = self.identifier
+        self.other_tracking_number = source_target_data.get("userInput", "Unknown")
+        self.os = source_target_data.get("os", "Linux")
+        self.notes = f"{kwargs['file_name']}"
+        vuln_count = len(self.mapping.get_value(self.validater.data, "matches", [], warnings=False))
+        super().__init__(
+            logger=logger,
+            headers=self.headers,
+            extra_headers_allowed=True,
+            finding_severity_map=self.finding_severity_map,
+            vuln_func=self.create_vuln,
+            asset_func=self.create_asset,
+            scan_date=self.scan_date,
+            asset_identifier_field=self.asset_identifier_field,
+            vuln_count=vuln_count,
+            asset_count=1,
+            **kwargs,
+        )
+
+    def create_asset(self, *args, **kwargs) -> Iterator[IntegrationAsset]:
+        """
+        Fetches assets from the processed json files
+
+        :yields: Iterator[IntegrationAsset]
+        """
+        # Get a list of issues from xml node Issues
+        if assets := self.fetch_assets(**kwargs):
+            for asset in assets:
+                yield asset
+
+    def create_vuln(self, *args, **kwargs) -> Iterator[IntegrationFinding]:
+        """
+        Fetches findings from the processed json files
+
+        :return: A list of findings
+        :rtype: List[IntegrationFinding]
+        """
+        if findings := self.fetch_findings(**kwargs):
+            for finding in findings:
+                yield finding
+
+    def fetch_findings(self, **_) -> List[IntegrationFinding]:
+        """
+        Fetch findings from Grype scan data.
+
+        :raises ValidationException: If there is an error fetching/parsing findings
+        :return: List of IntegrationFinding
+        :rtype: List[IntegrationFinding]
+        """
+
+        findings = []
+        try:
+            for item in self.mapping.get_value(self.validater.data, "matches", []):
+                finding = item.get("vulnerability", {})
+                cve_id = finding.get("id")
+                artifact = item.get("artifact", {})
+                cvss = finding.get("cvss", [])
+                related_vulns = item.get("relatedVulnerabilities", [])
+                description = "No description available"
+                if related_vulns:
+                    for v in related_vulns:
+                        if v.get("id") == cve_id:
+                            description = v.get("description", "No description available")
+                            cvss = v.get("cvss", [])
+                            break
+
+                findings.append(
+                    IntegrationFinding(
+                        title=artifact.get("name", "unknown"),
+                        description=description,
+                        severity=(
+                            self.process_severity(finding.get("severity"))
+                            if finding.get("severity")
+                            else IssueSeverity.NotAssigned.value
+                        ),
+                        status=IssueStatus.Open.value,
+                        cvss_v3_score=self.get_cvss_score(cvss_list=cvss),
+                        cvss_v3_base_score=self.get_cvss_base_score(cvss_list=cvss),
+                        plugin_name=self.name,
+                        asset_identifier=self.identifier,
+                        cve=finding.get("id"),
+                        first_seen=self.scan_date,
+                        last_seen=self.scan_date,
+                        scan_date=self.scan_date,
+                        category="Software",
+                        control_labels=[],
+                    )
+                )
+            return findings
+        except Exception:
+            error_message = traceback.format_exc()
+            logger.error(f"Error fetching findings: {error_message}")
+            raise ValidationException(f"Error fetching findings: {error_message}")
+
+    def process_severity(self, severity: str) -> str:
+        """
+        Process the severity of a finding.
+
+        :param str severity: The severity of the finding
+        :return: IssueSeverity corresponding to the severity
+        :rtype: str
+        """
+        from regscale.core.app.application import Application
+
+        app = Application()
+        severity_default = app.config.get("vulnerabilityMappingDefault", IssueSeverity.NotAssigned.value)
+        return self.finding_severity_map.get(severity.upper(), severity_default)
+
+    @staticmethod
+    def process_status(status: str) -> str:
+        """
+        Process the status of a finding.
+
+        :param str status: The status of the finding
+        :return: The corresponding Issue status
+        :rtype: str
+        """
+        if status.lower() == "fixed":
+            return IssueStatus.Closed.value
+        else:
+            return IssueStatus.Open.value
+
+    @staticmethod
+    def get_cvss_base_score(cvss_list: List) -> float:
+        """
+        Get the CVSS base score from the vulnerability data.
+        :param List cvss_list: List of CVSS objects
+        :return: The CVSS base score
+        :rtype: float
+        """
+        v3_base_score = 0.0
+        for cvss in cvss_list:
+            if cvss.get("type") == "Primary":
+                if cvs := cvss.get("metrics"):
+                    v3_base_score = cvs.get("baseScore")
+                    break
+        return v3_base_score
+
+    @staticmethod
+    def get_cvss_score(cvss_list: List) -> float:
+        """
+        Get the CVSS score from the finding data.
+        :param List cvss_list: List of CVSS objects
+        :return: The CVSS score
+        :rtype: float
+        """
+        value = 0.0
+        for cvss in cvss_list:
+            if cvss.get("type") == "Primary":
+                if cvs := cvss.get("metrics"):
+                    if impact_score := cvs.get("impactScore"):
+                        value = impact_score
+                return value
+
+    def fetch_assets(self, **_) -> List[IntegrationAsset]:
+        """
+        Fetch assets from Grype scan data.
+
+        :return: List of IntegrationAsset
+        :rtype: List[IntegrationAsset]
+        """
+        assets: List[IntegrationAsset] = []
+        try:
+            assets.append(
+                IntegrationAsset(
+                    identifier=self.identifier,
+                    name=self.integration_name,
+                    ip_address="0.0.0.0",
+                    cpu=0,
+                    ram=0,
+                    status=AssetStatus.Active.value,
+                    asset_type="Other",
+                    asset_category="Software",
+                    operating_system=self.os,
+                    notes=self.notes,
+                    other_tracking_number=self.other_tracking_number,
+                )
+            )
+            return assets
+        except Exception:
+            error_message = traceback.format_exc()
+            logger.error(f"Error fetching assets: {error_message}")
+            raise ValidationException(f"Error fetching assets: {error_message}")

regscale/models/integration_models/ibm.py

@@ -0,0 +1,126 @@
+"""
+IBM Scan information
+"""
+
+from typing import Optional
+from urllib.parse import urlparse
+
+from regscale.core.app.application import Application
+from regscale.core.app.logz import create_logger
+from regscale.core.app.utils.app_utils import epoch_to_datetime, get_current_datetime, is_valid_fqdn
+from regscale.models import ImportValidater, Mapping
+from regscale.models.integration_models.flat_file_importer import FlatFileImporter
+from regscale.models.regscale_models import Asset, Vulnerability
+
+ISSUE_TYPE = "Issue Type"
+VULNERABILITY_TITLE = ISSUE_TYPE
+VULNERABILITY_ID = ISSUE_TYPE
+
+
+class AppScan(FlatFileImporter):
+    """
+    IBM Scan information
+    """
+
+    severity_map = {
+        "Critical": "critical",
+        "High": "high",
+        "Medium": "medium",
+        "Low": "low",
+        "Informational": "low",
+    }
+
+    def __init__(self, **kwargs):
+        self.name = kwargs.get("name")
+        self.vuln_title = VULNERABILITY_TITLE
+        self.vuln_id = VULNERABILITY_ID
+        logger = create_logger()
+        self.required_headers = ["URL"]
+        self.mapping_file = kwargs.get("mappings_path")
+        self.disable_mapping = kwargs.get("disable_mapping")
+        self.validater = ImportValidater(
+            self.required_headers, kwargs.get("file_path"), self.mapping_file, self.disable_mapping, ignore_unnamed=True
+        )
+        self.headers = self.validater.parsed_headers
+        self.mapping = self.validater.mapping
+        super().__init__(
+            logger=logger,
+            app=Application(),
+            headers=self.headers,
+            asset_func=self.create_asset,
+            vuln_func=self.create_vuln,
+            extra_headers_allowed=True,
+            **kwargs,
+        )
+
+    def create_asset(self, dat: Optional[dict] = None) -> Asset:
+        """
+        Create an asset from a row in the IBM csv file
+
+        :param Optional[dict] dat: Data row from CSV file, defaults to None
+        :return: RegScale Asset object
+        :rtype: Asset
+        """
+        parsed_url = urlparse(self.mapping.get_value(dat, "URL"))
+        hostname: str = f"{parsed_url.scheme}://{parsed_url.netloc}"
+        return Asset(
+            **{
+                "id": 0,
+                "name": hostname,
+                "isPublic": True,
+                "status": "Active (On Network)",
+                "assetCategory": "Software",
+                "bLatestScan": True,
+                "bAuthenticatedScan": True,
+                "scanningTool": self.name,
+                "assetOwnerId": self.config["userId"],
+                "assetType": "Other",
+                "fqdn": hostname if is_valid_fqdn(hostname) else None,
+                "systemAdministratorId": self.config["userId"],
+                "parentId": self.attributes.parent_id,
+                "parentModule": self.attributes.parent_module,
+            }
+        )
+
+    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> Optional[Vulnerability]:
+        """
+        Create a vulnerability from a row in the IBM csv file
+
+        :param Optional[dict] dat: Data row from CSV file, defaults to None
+        :return: RegScale Vulnerability object or None
+        :rtype: Optional[Vulnerability]
+        """
+        regscale_vuln = None
+        parsed_url = urlparse(self.mapping.get_value(dat, "URL"))
+        hostname: str = f"{parsed_url.scheme}://{parsed_url.netloc}"
+        description: str = self.mapping.get_value(dat, ISSUE_TYPE)
+        app_scan_severity = self.mapping.get_value(dat, "Severity")
+        severity = self.severity_map.get(app_scan_severity, "Informational")
+        config = self.attributes.app.config
+        asset_match = [asset for asset in self.data["assets"] if asset.name == hostname]
+        asset = asset_match[0] if asset_match else None
+        if dat and asset_match:
+            regscale_vuln = Vulnerability(
+                id=0,
+                scanId=0,  # set later
+                parentId=asset.id,
+                parentModule="assets",
+                ipAddress="0.0.0.0",  # No ip address available
+                lastSeen=get_current_datetime(),
+                firstSeen=epoch_to_datetime(self.create_epoch),
+                daysOpen=None,
+                dns=hostname,
+                mitigated=None,
+                severity=severity,
+                plugInName=description,
+                cve="",
+                vprScore=None,
+                tenantsId=0,
+                title=description[:255] if description else "No Title",
+                description=description,
+                plugInText=description,
+                createdById=config["userId"],
+                lastUpdatedById=config["userId"],
+                dateCreated=get_current_datetime(),
+            )
+        return regscale_vuln

regscale/models/integration_models/implementation_results.py

@@ -0,0 +1,85 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""standard python imports"""
+from rich.console import Console
+from rich.table import Table
+
+
+class ImplementationResults:
+    """
+    Stores results related to STIG (Security Technical Implementation Guide) files.
+
+    :param str stig_file_name: The name of the STIG file.
+    :param Console console: The console object to print with.
+    """
+
+    def __init__(self, stig_file_name: str, console: Console):
+        self.stig_file_name = stig_file_name
+        self.failed_implementations = 0
+        self.passed_implementations = 0
+        self.console = console
+
+    def add_result(self, status: str):
+        """
+        Adds a result to the STIG file.
+
+        :param str status: The status of the implementation.
+        """
+        if status == "Fully Implemented":
+            self.record_passed_implementation()
+        else:
+            self.record_failed_implementation()
+
+    def record_failed_implementation(self):
+        """
+        Records a failed implementation in the STIG file.
+        """
+        self.failed_implementations += 1
+
+    def record_passed_implementation(self):
+        """
+        Records a passed implementation in the STIG file.
+        """
+        self.passed_implementations += 1
+
+    def get_total_implementations(self) -> int:
+        """
+        Get the total number of implementations (both passed and failed).
+
+        :return: The total number of implementations.
+        :rtype: int
+        """
+        return self.failed_implementations + self.passed_implementations
+
+    def report_log(self) -> None:
+        """
+        Log report of the results with colors and formatting.
+
+        :rtype: None
+        """
+        table = Table(show_header=True, header_style="bold cyan")
+        table.add_column("STIG File", style="cyan")
+        table.add_column("Total Implementations")
+        table.add_column("Passed Implementations", style="green")
+        table.add_column("Failed Implementations", style="red")
+        table.add_column("Success Rate (%)")
+        table.add_row(
+            self.stig_file_name,
+            str(self.get_total_implementations()),
+            str(self.passed_implementations),
+            str(self.failed_implementations),
+            f"{self.get_success_rate() * 100:.2f}",
+        )
+
+        self.console.print(table)
+
+    def get_success_rate(self) -> float:
+        """
+        Calculate the success rate of implementations in the STIG file.
+
+        :return: The success rate as a percentage.
+        :rtype: float
+        """
+        if self.get_total_implementations() > 0:
+            return self.passed_implementations / self.get_total_implementations()
+        return 0.0

regscale/models/integration_models/nexpose.py

@@ -0,0 +1,140 @@
+"""
+Nexpose Scan information
+"""
+
+from pathlib import Path
+from typing import Optional
+
+from regscale.core.app.application import Application
+from regscale.core.app.logz import create_logger
+from regscale.core.app.utils.app_utils import epoch_to_datetime, get_current_datetime, is_valid_fqdn
+from regscale.models import ImportValidater
+from regscale.models.app_models.mapping import Mapping
+from regscale.models.integration_models.flat_file_importer import FlatFileImporter
+from regscale.models.regscale_models import Asset, Issue, Vulnerability
+
+VULNERABILITY_TITLE = "Vulnerability Title"
+VULNERABILITY_ID = "Vulnerability ID"
+CVSS3_SCORE = "CVSSv3 Score"
+IP_ADDRESS = "IP Address"
+
+
+class Nexpose(FlatFileImporter):
+    """
+    Prisma/Nexpose Scan information
+    """
+
+    def __init__(self, **kwargs):
+        self.name = kwargs.get("name")
+        self.vuln_title = VULNERABILITY_TITLE
+        self.vuln_id = VULNERABILITY_ID
+        self.cvss3_score = CVSS3_SCORE
+        self.required_headers = [
+            "IP Address",
+            "Hostname",
+            "OS",
+            "Vulnerability Title",
+            "Vulnerability ID",
+            "CVSSv2 Score",
+            "CVSSv3 Score",
+            "Description",
+            "Proof",
+            "Solution",
+            "CVEs",
+        ]
+        self.mapping_file = kwargs.get("mappings_path")
+        self.disable_mapping = kwargs.get("disable_mapping")
+        self.validater = ImportValidater(
+            self.required_headers, kwargs.get("file_path"), self.mapping_file, self.disable_mapping
+        )
+        self.headers = self.validater.parsed_headers
+        self.mapping = self.validater.mapping
+        logger = create_logger()
+        super().__init__(
+            logger=logger,
+            app=Application(),
+            headers=self.mapping.to_header(),
+            asset_func=self.create_asset,
+            vuln_func=self.create_vuln,
+            extra_headers_allowed=True,
+            **kwargs,
+        )
+
+    def create_asset(self, dat: Optional[dict] = None) -> Optional[Asset]:
+        """
+        Create an asset from a row in the Nexpose csv file
+
+        :param Optional[dict] dat: Data row from CSV file, defaults to None
+        :return: RegScale Asset object, if it has a hostname
+        :rtype: Optional[Asset]
+        """
+        if hostname := self.mapping.get_value(dat, "Hostname"):
+            return Asset(
+                **{
+                    "id": 0,
+                    "name": hostname,
+                    "ipAddress": self.mapping.get_value(dat, IP_ADDRESS),
+                    "isPublic": True,
+                    "status": "Active (On Network)",
+                    "assetCategory": "Hardware",
+                    "bLatestScan": True,
+                    "bAuthenticatedScan": True,
+                    "scanningTool": self.name,
+                    "assetOwnerId": self.config["userId"],
+                    "assetType": "Other",
+                    "fqdn": hostname if is_valid_fqdn(hostname) else None,
+                    "operatingSystem": Asset.find_os(self.mapping.get_value(dat, "OS")),
+                    "systemAdministratorId": self.config["userId"],
+                    "parentId": self.attributes.parent_id,
+                    "parentModule": self.attributes.parent_module,
+                }
+            )
+
+    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> Optional[Vulnerability]:
+        """
+        Create a vulnerability from a row in the Prisma/Nexpose csv file
+
+        :param Optional[dict] dat: Data row from CSV file, defaults to None
+        :return: RegScale Vulnerability object or None
+        :rtype: Optional[Vulnerability]
+        """
+        regscale_vuln = None
+        cvss3_score = self.mapping.get_value(dat, self.cvss3_score)
+        hostname: str = self.mapping.get_value(dat, "Hostname")
+        os: str = self.mapping.get_value(dat, "OS")
+        description: str = self.mapping.get_value(dat, "Description")
+        severity = Vulnerability.determine_cvss3_severity_text(float(cvss3_score)) if cvss3_score else "low"
+        config = self.attributes.app.config
+        asset_match = [asset for asset in self.data["assets"] if asset.name == hostname]
+        asset = asset_match[0] if asset_match else None
+        if dat and asset_match:
+            return Vulnerability(
+                id=0,
+                scanId=0,  # set later
+                parentId=asset.id,
+                parentModule="assets",
+                ipAddress="0.0.0.0",  # No ip address available
+                lastSeen=get_current_datetime(),
+                firstSeen=epoch_to_datetime(self.create_epoch),
+                daysOpen=None,
+                dns=hostname,
+                mitigated=None,
+                operatingSystem=(Asset.find_os(os) if Asset.find_os(os) else None),
+                severity=severity,
+                plugInName=self.mapping.get_value(dat, self.vuln_title),
+                plugInId=self.mapping.get_value(dat, self.vuln_id),
+                cve=self.mapping.get_value(dat, "CVEs"),
+                vprScore=None,
+                tenantsId=0,
+                title=description[:255],
+                description=description,
+                plugInText=self.mapping.get_value(dat, self.vuln_title),
+                createdById=config["userId"],
+                lastUpdatedById=config["userId"],
+                dateCreated=get_current_datetime(),
+                extra_data={
+                    "solution": self.mapping.get_value(dat, "Solution"),
+                    "proof": self.mapping.get_value(dat, "Proof"),
+                },
+            )
+        return regscale_vuln