regscale-cli 6.16.0.0__py3-none-any.whl

regscale/models/integration_models/synqly_models/connectors/vulnerabilities.py

@@ -0,0 +1,169 @@
+"""Vulnerabilities Connector Model"""
+
+from typing import Iterator, Optional
+
+from pydantic import ConfigDict
+
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding, ScannerIntegration
+from regscale.models.integration_models.synqly_models.synqly_model import SynqlyModel
+from regscale.models.regscale_models import IssueSeverity
+
+
+class VulnerabilitiesIntegration(ScannerIntegration):
+    title = "Vulnerabilities Connector Integration"
+    # Required fields from ScannerIntegration
+    asset_identifier_field = "otherTrackingNumber"
+    finding_severity_map = {
+        "Critical": IssueSeverity.Critical,
+        "High": IssueSeverity.High,
+        "Medium": IssueSeverity.Moderate,
+        "Low": IssueSeverity.Low,
+    }
+
+    def fetch_assets(self, *args, **kwargs) -> Iterator[IntegrationAsset]:
+        """
+        Fetches assets from Synqly
+
+        :yields: Iterator[IntegrationAsset]
+        """
+        integration_assets = kwargs.get("integration_assets")
+        for asset in integration_assets:
+            yield asset
+
+    def fetch_findings(self, *args, **kwargs) -> Iterator[IntegrationFinding]:
+        """
+        Fetches findings from the Synqly
+
+        :yields: Iterator[IntegrationFinding]
+        """
+        integration_findings = kwargs.get("integration_findings")
+        for finding in integration_findings:
+            yield finding
+
+
+class Vulnerabilities(SynqlyModel):
+    """Vulnerabilities Connector Model"""
+
+    model_config = ConfigDict(populate_by_name=True, use_enum_values=True, arbitrary_types_allowed=True)
+
+    integration_id: str = ""
+    scanner_integration: Optional["VulnerabilitiesIntegration"] = None
+    provider: str = ""
+    can_fetch_assets: bool = False
+    can_fetch_vulns: bool = False
+
+    def __init__(self, integration: str, **kwargs):
+        SynqlyModel.__init__(self, connector_type=self.__class__.__name__, integration=integration, **kwargs)
+        self.integration_id = f"{self._connector_type.lower()}_{self.integration.lower()}"
+        integration_company = self.integration.split("_")[0] if "_" in self.integration else self.integration  # noqa
+        self.provider = integration_company
+        self.can_fetch_assets = "query_assets" in self.capabilities
+        self.can_fetch_vulns = "query_findings" in self.capabilities
+
+    @staticmethod
+    def _handle_scan_date_options(regscale_ssp_id: int, **kwargs) -> list[str]:
+        """
+        Handle scan date options for the integration sync process
+
+        :param int regscale_ssp_id: The RegScale SSP ID
+        :return: List of strings to filter vulnerabilities
+        :rtype: list[str]
+        """
+        from regscale.integrations.commercial.tenablev2.utils import get_last_pull_epoch
+
+        if vuln_filter := kwargs.get("vuln_filter"):
+            kwargs.pop("vuln_filter")
+            if isinstance(vuln_filter, str):
+                vuln_filter = [f"severity[in]{vuln_filter}"]
+        else:
+            vuln_filter = ["severity[in]critical,high,medium,low"]
+        if kwargs.get("all_scans"):
+            vuln_filter.append("finding.last_seen_time[gte]915148800")  # Friday, January 1, 1999 12:00:00 AM UTC
+        elif scan_date := kwargs.get("scan_date"):
+            from regscale.core.utils.date import date_obj
+
+            if scan_date := date_obj(scan_date):
+                vuln_filter.append(f"finding.last_seen_time[gte]{scan_date.isoformat()}")
+            else:
+                raise ValueError(f"Invalid scan date: {scan_date}")
+        else:
+            vuln_filter.append(f"finding.last_seen_time[gte]{get_last_pull_epoch(regscale_ssp_id)}")
+        return vuln_filter
+
+    def integration_sync(self, regscale_ssp_id: int, **kwargs) -> None:
+        """
+        Runs the integration sync process
+
+        :param int regscale_ssp_id: The RegScale SSP ID
+        :rtype: None
+        """
+        vuln_filter = self._handle_scan_date_options(regscale_ssp_id=regscale_ssp_id, **kwargs)
+        self.logger.debug(f"Vulnerability filter: {vuln_filter}")
+        self.logger.info(f"Fetching vulnerability data from {self.integration_name}...")
+        findings = (
+            self.fetch_integration_data(
+                func=self.tenant.engine_client.vulnerabilities.query_findings,
+                filter=vuln_filter,
+                **kwargs,
+            )
+            if self.can_fetch_vulns
+            else []
+        )
+        self.logger.info(f"Fetching asset data from {self.integration_name}...")
+        assets = (
+            self.fetch_integration_data(func=self.tenant.engine_client.vulnerabilities.query_assets, **kwargs)
+            if self.can_fetch_assets
+            else []
+        )
+
+        self.scanner_integration = VulnerabilitiesIntegration(plan_id=regscale_ssp_id)
+        self.logger.info(f"Mapping {self.provider} asset(s) data to RegScale asset(s)...")
+        if assets:
+            self.app.thread_manager.submit_tasks_from_list(
+                func=self.mapper.to_regscale,
+                items=assets,
+                args=None,
+                connector=self,
+                regscale_ssp_id=regscale_ssp_id,
+                **kwargs,
+            )
+            integration_assets = self.app.thread_manager.execute_and_verify(return_passed=True)
+            self.logger.info(f"Mapped {len(integration_assets)} {self.provider} asset(s) to RegScale asset(s)...")
+            self.scanner_integration.sync_assets(
+                title=f"{self.integration_name} Vulnerabilities",
+                plan_id=regscale_ssp_id,
+                integration_assets=integration_assets,
+            )
+
+        if findings:
+            integration_findings = []
+            self.logger.info(f"Mapping {self.provider} finding(s) data to RegScale finding(s)...")
+            self.app.thread_manager.submit_tasks_from_list(
+                func=self.mapper.to_regscale,
+                items=findings,
+                args=None,
+                connector=self,
+                regscale_ssp_id=regscale_ssp_id,
+                **kwargs,
+            )
+            mapped_findings = self.app.thread_manager.execute_and_verify(return_passed=True)
+            for finding in mapped_findings:
+                if isinstance(finding, list):
+                    integration_findings.extend(finding)
+                else:
+                    integration_findings.append(finding)
+            self.logger.info(f"Mapped {len(integration_findings)} {self.provider} finding(s) to RegScale finding(s)...")
+            self.scanner_integration.sync_findings(
+                title=f"{self.integration_name} Vulnerabilities",
+                plan_id=regscale_ssp_id,
+                integration_findings=integration_findings,
+            )
+        self.logger.info(f"[green]Sync from {self.integration_name} to RegScale completed.")
+
+    def run_sync(self, *args, **kwargs) -> None:
+        """
+        Syncs RegScale issues with Vulnerability connector using Synqly
+
+        :rtype: None
+        """
+        self.run_integration_sync(*args, **kwargs)

regscale/models/integration_models/synqly_models/ocsf_mapper.py

@@ -0,0 +1,331 @@
+"""Class to handle mapping RegScale models to OCSF models for Synqly integration"""
+
+from datetime import datetime
+from typing import Any, Union, TYPE_CHECKING, Optional
+
+if TYPE_CHECKING:
+    from regscale.models.integration_models.synqly_models.connectors import Ticketing, Vulnerabilities
+    from synqly.engine.resources.ocsf.resources.v_1_1_0.resources.securityfinding import ResourceDetails, Vulnerability
+
+from synqly import engine
+from synqly.engine import CreateTicketRequest
+from synqly.engine.resources.ticketing.types.priority import Priority
+
+from regscale.core.app.utils.app_utils import (
+    error_and_exit,
+    convert_datetime_to_regscale_string,
+)
+from synqly.engine.resources.ticketing.types.ticket import Ticket
+from synqly.engine.resources.vulnerabilities.types import Asset as OCSFAsset, SecurityFinding
+from regscale.models.regscale_models import Issue
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
+
+
+class Mapper:
+    """Mapping class to handle RegScale models to OCSF models for Synqly integration"""
+
+    date_format = "%Y-%m-%dT%H:%M:%S"
+
+    def to_ocsf(self, regscale_object: Any, **kwargs) -> Any:
+        """
+        Convert RegScale object to OCSF object
+
+        :param Any regscale_object: RegScale object to convert to an OCSF object
+        :return: The comparable OCSF object
+        :rtype: Any
+        """
+        if isinstance(regscale_object, Issue):
+            return self._regscale_issue_to_ticket(regscale_object, **kwargs)
+        else:
+            error_and_exit(f"Unsupported object type {type(regscale_object)}")
+
+    def to_regscale(self, ocsf_object: Any, connector: Union["Ticketing", "Vulnerabilities"], **kwargs) -> Any:
+        """
+        Convert OCSF object to RegScale object
+
+        :param Any ocsf_object: OCSF object to convert to a RegScale object
+        :param Union["Ticketing", "Vulnerabilities"] connector: Connector class object
+        :return: The comparable RegScale object
+        :rtype: Any
+        """
+        if isinstance(ocsf_object, Ticket):
+            return self._ticket_to_regscale(connector, ocsf_object, **kwargs)
+        elif isinstance(ocsf_object, OCSFAsset):
+            return self._ocsf_asset_to_regscale(connector, ocsf_object, **kwargs)
+        elif isinstance(ocsf_object, SecurityFinding):
+            return self._security_finding_to_regscale(connector, ocsf_object, **kwargs)
+        else:
+            error_and_exit(f"Unsupported object type {type(ocsf_object)}")
+
+    def _ticket_to_regscale(self, connector: "Ticketing", ticket: Ticket, **kwargs) -> Issue:
+        """
+        Convert OCSF Ticket to RegScale Issue
+
+        :param "Ticketing" connector: Ticketing connector class object
+        :param Ticket ticket: OCSF Ticket to convert to a RegScale Issue
+        :param dict **kwargs: Keyword Arguments
+        :return: The comparable RegScale Issue
+        :rtype: Issue
+        """
+        due_date = convert_datetime_to_regscale_string(ticket.due_date)
+        if not due_date:
+            due_date = self._determine_due_date(ticket.priority)
+        ticket_dict = ticket.dict()
+        key_val_desc = "All fields:\n"
+        for k, v in ticket_dict.items():
+            key_val_desc += f"{k.replace('_', ' ').title()}: {str(v) or 'NULL'}\n"
+        regscale_issue = Issue(
+            title=ticket.summary,
+            severityLevel=Issue.assign_severity(ticket.priority),
+            dueDate=due_date,
+            description=f"Description {ticket.description}\n{key_val_desc}",
+            status=("Closed" if ticket.status.lower() == "done" else "Draft"),
+            dateCompleted=(
+                convert_datetime_to_regscale_string(ticket.completion_date) if ticket.status.lower() == "done" else None
+            ),
+            **kwargs,
+        )
+        # update the correct integration field names or manual detection fields
+        if connector.has_integration_field:
+            setattr(regscale_issue, connector.integration_id_field, ticket.id)
+        else:
+            regscale_issue.manualDetectionSource = connector.integration
+            regscale_issue.manualDetectionId = ticket.id
+        return regscale_issue
+
+    @staticmethod
+    def _ocsf_asset_to_regscale(connector: "Vulnerabilities", asset: OCSFAsset, **kwargs) -> IntegrationAsset:
+        """
+        Convert OCSF Asset to RegScale Asset
+
+        :param Vulnerabilities connector: Vulnerabilities connector class object
+        :param OCSFAsset asset: OCSF Asset to convert to an IntegrationAsset
+        :return: The comparable IntegrationAsset object
+        :rtype: IntegrationAsset
+        """
+        from regscale.models.regscale_models import AssetCategory, SecurityPlan
+
+        device_data = asset.device
+        os_data = device_data.os
+        if device_data.sw_info:
+            software_inventory = [
+                {"name": sw.name, "version": sw.version} for sw in device_data.sw_info if getattr(sw, "name", None)
+            ]
+        else:
+            software_inventory = []
+        return IntegrationAsset(
+            name=device_data.name or device_data.hostname or f"{connector.provider} Asset: {device_data.instance_uid}",
+            identifier=device_data.uid,
+            asset_type=device_data.type,
+            asset_category=AssetCategory.Hardware,
+            parent_id=kwargs.pop("regscale_ssp_id"),
+            parent_module=SecurityPlan.get_module_string(),
+            mac_address=device_data.mac,
+            fqdn=device_data.hostname,
+            ip_address=", ".join(device_data.ip_addresses) if device_data.ip_addresses else device_data.ip,
+            location=device_data.location or device_data.zone,
+            vlan_id=device_data.vlan_uid,
+            other_tracking_number=device_data.uid,
+            serial_number=device_data.hw_info.serial_number if device_data.hw_info else None,
+            cpu=device_data.hw_info.cpu_cores if device_data.hw_info else None,
+            ram=device_data.hw_info.ram_size if device_data.hw_info else None,
+            operating_system=os_data.name if os_data else None,
+            os_version=os_data.version if os_data else None,
+            software_inventory=software_inventory,
+        )
+
+    @staticmethod
+    def _parse_finding_data(finding: "SecurityFinding", vuln: Optional["Vulnerability"] = None) -> dict:
+        """
+        Parse the data from the SecurityFinding object
+
+        :param Optional[Vulnerability] vuln: OCSF Vulnerability object, defaults to None
+        :return: A dictionary of the parsed data
+        :rtype: dict
+        """
+        from synqly.engine.resources.ocsf.resources.v_1_1_0.resources.securityfinding import Remediation
+
+        finding_data = {
+            "cve": None,
+            "first_seen": vuln.first_seen_time_dt if vuln else finding.finding.first_seen_time_dt,
+            "last_seen": vuln.last_seen_time_dt if vuln else finding.finding.last_seen_time_dt,
+            "plugin_id": vuln.cve.uid if vuln else finding.finding.product_uid,
+            "severity": int(vuln.severity) if vuln else finding.severity_id,
+            "remediation": getattr(vuln, "remediation") if vuln else finding.finding.remediation.desc,
+        }
+        if vuln:
+            finding_data["cve"] = vuln.cve.uid
+        else:
+            finding_data["cve"] = finding.finding.title if "cve" in finding.finding.title.lower() else None
+        if isinstance(finding_data["remediation"], Remediation):
+            finding_data["remediation"] = finding_data["remediation"].desc
+        elif isinstance(finding_data["remediation"], dict):
+            remediation_string = ""
+            for f, v in finding_data["remediation"].items():
+                remediation_string += f"{f}: {v}\n"
+            finding_data["remediation"] = remediation_string
+        elif isinstance(finding_data["remediation"], list):
+            finding_data["remediation"] = "\n".join(finding_data["remediation"])
+        return finding_data
+
+    @staticmethod
+    def _populate_cvs_scores(finding_obj: IntegrationFinding, vuln: Optional["Vulnerability"] = None) -> None:
+        """
+        Populates the CVSS scores for the provided IntegrationFinding object
+
+        :param IntegrationFinding finding_obj: IntegrationFinding object
+        :param Vulnerability vuln: OCSF Vulnerability object, defaults to None
+        :rtype: None
+        """
+        if vuln:
+            for cvs in getattr(vuln.cve, "cvss", []):
+                if "3" in cvs.version:
+                    finding_obj.cvss_v3_score = cvs.base_score
+                elif "2" in cvs.version:
+                    finding_obj.cvss_v2_score = cvs.base_score
+                else:
+                    finding_obj.cvss_score = cvs.base_score
+
+    def _security_finding_to_regscale(
+        self, connector: "Vulnerabilities", finding: SecurityFinding, **_
+    ) -> list[IntegrationFinding]:
+        """
+        Convert OCSF SecurityFinding to RegScale IntegrationFinding
+
+        :param "Vulnerabilities" connector: Vulnerabilities connector class object
+        :param SecurityFinding finding: OCSF SecurityFinding to convert to an IntegrationFinding
+        :return: List of comparable IntegrationFinding objects
+        :rtype: list[IntegrationFinding]
+        """
+        findings = []
+
+        def _create_finding(resource: "ResourceDetails", vuln: Optional["Vulnerability"] = None) -> IntegrationFinding:
+            """
+            Create an IntegrationFinding object from a resource and vulnerability
+
+            :param ResourceDetails resource: OCSF ResourceDetails object
+            :param Optional[Vulnerability] vuln: OCSF Vulnerability object, defaults to None
+            :return: An IntegrationFinding object
+            :rtype: IntegrationFinding
+            """
+            base = vuln if vuln else finding.finding
+            finding_data = self._parse_finding_data(finding, vuln)
+            if resource.data:
+                dns = resource.data.get("hostname")
+                ip_address = resource.data.get("ipv4")
+            else:
+                dns = resource.uid if vuln else None
+                ip_address = None
+
+            finding_obj = IntegrationFinding(
+                control_labels=[],
+                category=f"{connector.integration_name} Vulnerability",
+                title=base.title,
+                plugin_name=connector.integration_name,
+                severity=Issue.assign_severity(finding.severity),  # type: ignore
+                description=base.desc,
+                status=finding.status or "Open",
+                first_seen=self._datetime_to_str(finding_data["first_seen"]),
+                last_seen=self._datetime_to_str(finding_data["last_seen"]),
+                ip_address=ip_address,
+                plugin_id=finding_data["plugin_id"],
+                dns=dns,
+                severity_int=finding_data["severity"],
+                issue_title=base.title,
+                cve=finding_data["cve"],
+                evidence=finding.evidence,
+                impact=finding.impact,
+                asset_identifier=resource.uid,
+                source_report=connector.integration_name,
+                remediation=finding_data["remediation"],
+            )
+
+            self._populate_cvs_scores(finding_obj, vuln)
+
+            return finding_obj
+
+        for asset in finding.resources:
+            if finding.vulnerabilities:
+                findings.extend(_create_finding(asset, vuln) for vuln in finding.vulnerabilities)
+            else:
+                findings.append(_create_finding(asset))
+
+        return findings
+
+    def _datetime_to_str(self, date_time: Optional[datetime] = None) -> str:
+        """
+        Convert a datetime object to a string
+
+        :param Optional[datetime] date_time: The datetime object to convert, defaults to None
+        :return: The datetime as a string
+        :rtype: str
+        """
+        from regscale.core.utils.date import datetime_str
+
+        return datetime_str(date_time, self.date_format)
+
+    @staticmethod
+    def _map_ticket_priority(severity: str) -> Priority:
+        """
+        Map RegScale severity to OCSF priority
+
+        :param str severity: RegScale severity
+        :return: OCSF priority
+        :rtype: Priority
+        """
+        if "high" in severity.lower():
+            return Priority.HIGH
+        elif "moderate" in severity.lower():
+            return Priority.MEDIUM
+        else:
+            return Priority.LOW
+
+    def _determine_due_date(self, severity: str) -> str:
+        """
+        Determine the due date based on the provided severity
+
+        :param str severity: RegScale severity
+        :return: Due date for the issue
+        :rtype: str
+        """
+        from datetime import timedelta
+
+        if "high" in severity.lower():
+            return (datetime.now() + timedelta(days=30)).strftime(self.date_format)
+        elif "medium" in severity.lower():
+            return (datetime.now() + timedelta(days=60)).strftime(self.date_format)
+        else:
+            return (datetime.now() + timedelta(days=90)).strftime(self.date_format)
+
+    def _regscale_issue_to_ticket(self, regscale_issue: Issue, **kwargs) -> CreateTicketRequest:
+        """
+        Maps a RegScale issue to a JIRA issue
+
+        :param Issue regscale_issue: RegScale issue object
+        :return: Synqly CreateTicketRequest object
+        :rtype: CreateTicketRequest
+        """
+        description = ""
+        for key, value in regscale_issue.dict().items():
+            if key not in ["id"] and value:
+                description += f"{key.title()}: {value}\n"
+        if project := kwargs.get("default_project"):
+            kwargs.pop("default_project")
+            return engine.CreateTicketRequest(
+                name=regscale_issue.title,
+                description=f"RegScale Issue #{regscale_issue.id}:\n{description}",
+                summary=regscale_issue.title,
+                creator=kwargs.get("creator", "RegScale CLI"),
+                priority=self._map_ticket_priority(regscale_issue.severityLevel),
+                project=project,
+                **kwargs,
+            )
+        else:
+            return engine.CreateTicketRequest(
+                name=regscale_issue.title,
+                description=f"RegScale Issue #{regscale_issue.id}:\n{description}",
+                summary=regscale_issue.title,
+                creator=kwargs.get("creator", "RegScale CLI"),
+                priority=self._map_ticket_priority(regscale_issue.severityLevel),
+                **kwargs,
+            )

regscale/models/integration_models/synqly_models/param.py

@@ -0,0 +1,72 @@
+from typing import Any, Optional
+
+from pydantic import BaseModel, ConfigDict, Field, model_validator
+
+
+class Param(BaseModel):
+    model_config = ConfigDict(populate_by_name=True, frozen=True)
+
+    name: Optional[str] = Field("", description="The name of the parameter")
+    description: Optional[str] = Field("", description="The description of the parameter")
+    expected_type: str = Field("STRING", description="The expected type of the parameter as a string", alias="type")
+    optional: bool = Field(description="Whether the parameter is optional or not", alias="optional", default=False)
+    data_type: Optional[Any] = Field(None, description="The allowed data type of the parameter")
+    click_type: Optional[str] = Field(None, description="The click type of the parameter")
+    default: Optional[Any] = Field("None", description="The default value of the parameter")
+
+    @model_validator(mode="before")
+    def set_data_types(cls, values: dict) -> dict:
+        """
+        Set the data type of the parameter based on the expected type
+
+        :param values: The values of the model
+        :return: Updated values
+        :rtype: dict
+        """
+        if expected_type := values.get("type"):
+            values["data_type"] = cls._map_types(expected_type)
+            values["click_type"] = cls._map_click_types(expected_type)
+        return values
+
+    @classmethod
+    def _map_click_types(cls, type_str: str) -> Optional[str]:
+        """
+        Map the string type to the equivalent click type
+
+        :param str type_str: The data type as a string
+        :return: The equivalent click type, if it exists
+        :rtype: Optional[str]
+        """
+        click_types = {
+            "string": "click.STRING",
+            "number": "click.FLOAT",
+            "integer": "click.INT",
+            "bool": "click.BOOL",
+            "choice": "click.Choice",
+        }
+        return click_types.get(type_str)
+
+    @classmethod
+    def _map_types(cls, type_str: str) -> Any:
+        """
+        Map the javascript string type to python type
+
+        :param str type_str: The data type as a string
+        :return: The actual data type in python
+        :rtype: Any
+        """
+        data_types = {
+            "string": "str",
+            "object": "dict",
+            "array": "list",
+            "number": "float",
+            "integer": "int",
+            "boolean": "bool",
+            "choice": "choice",
+        }
+        if type_str in data_types:
+            return data_types[type_str]
+        try:
+            return eval(type_str)
+        except NameError:
+            raise ValueError(f"Invalid type: {type_str}")