regscale-cli 6.16.0.0__py3-none-any.whl

regscale/models/integration_models/trivy_import.py

@@ -0,0 +1,231 @@
+"""
+Module for processing Trivy scan results and loading them into RegScale as assets, issues, and vulnerabilities.
+"""
+
+import logging
+import traceback
+from typing import Any, Dict, Iterator, List, Optional
+
+from regscale.core.app.utils.parser_utils import safe_datetime_str
+from regscale.exceptions import ValidationException
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
+from regscale.models import ImportValidater
+from regscale.models.integration_models.flat_file_importer import FlatFileImporter
+from regscale.models.regscale_models import AssetStatus, IssueSeverity, IssueStatus
+
+logger = logging.getLogger(__name__)
+
+
+class TrivyImport(FlatFileImporter):
+    """Class for handling Trivy scanner integration."""
+
+    asset_identifier_field = "otherTrackingNumber"
+    finding_severity_map = {
+        "CRITICAL": IssueSeverity.Critical.value,
+        "HIGH": IssueSeverity.High.value,
+        "MEDIUM": IssueSeverity.Moderate.value,
+        "LOW": IssueSeverity.Low.value,
+        "UNKNOWN": IssueSeverity.High.value,
+        "NEGLIGIBLE": IssueSeverity.High.value,
+    }
+    identifier: Optional[str] = None
+
+    def __init__(self, **kwargs: Any):
+        self.name = kwargs.get("name", "Trivy")
+        self.identifier = None
+        self.required_headers = [
+            "Metadata",
+        ]
+        self.mapping_file = kwargs.get("mappings_path")
+        self.disable_mapping = kwargs.get("disable_mapping")
+        self.validater = ImportValidater(
+            self.required_headers,
+            kwargs.get("file_path"),
+            self.mapping_file,
+            self.disable_mapping,
+        )
+        self.headers = self.validater.parsed_headers
+        self.mapping = self.validater.mapping
+        if kwargs.get("scan_date"):
+            self.scan_date = kwargs.pop("scan_date")
+        else:
+            self.scan_date = safe_datetime_str(self.validater.data.get("CreatedAt"))
+        # even if a user doesn't specify a scan_date, we want to remove it from the kwargs and use the scan_date from
+        # the attributes after the scan_date is set in the previous logic
+        if "scan_date" in kwargs:
+            kwargs.pop("scan_date")
+        if "sha256-" in kwargs["file_name"]:
+            logger.debug("found sha256 in file name %s", kwargs["file_name"])
+            self.identifier = "sha256-" + kwargs["file_name"].split("sha256-")[1].split(".json")[0]
+        else:
+            logger.debug("using imageID for identifier")
+            self.identifier = self.mapping.get_value(self.validater.data, "Metadata", {}).get("ImageID")
+        logger.debug("self.identifier: %s", self.identifier)
+        self.integration_name = self.identifier
+        self.other_tracking_number = self.mapping.get_value(self.validater.data, "ArtifactName", self.identifier)
+        self.notes = f"{kwargs['file_name']}"
+        vuln_count = 0
+        for item in self.mapping.get_value(self.validater.data, "Results", []):
+            vuln_count += len(item.get("Vulnerabilities", []))
+        super().__init__(
+            logger=logger,
+            headers=self.headers,
+            extra_headers_allowed=True,
+            finding_severity_map=self.finding_severity_map,
+            vuln_func=self.create_vuln,
+            asset_func=self.create_asset,
+            scan_date=self.scan_date,
+            asset_identifier_field=self.asset_identifier_field,
+            vuln_count=vuln_count,
+            asset_count=1,
+            **kwargs,
+        )
+
+    def parse_asset(self, **kwargs) -> IntegrationAsset:
+        """
+        Parse assets from Trivy scan data.
+
+        :return: Integration asset
+        :rtype: IntegrationAsset
+        """
+        os_data = kwargs.pop("os_data")
+        return IntegrationAsset(
+            identifier=self.identifier,
+            name=self.integration_name,
+            ip_address="0.0.0.0",
+            cpu=0,
+            ram=0,
+            status=AssetStatus.Active.value,
+            asset_type="Other",
+            asset_category="Software",
+            operating_system=f"{os_data.get('Family', '')} {os_data.get('Name', '')}",
+            notes=self.notes,
+            other_tracking_number=self.other_tracking_number,
+        )
+
+    def create_asset(self, *args, **kwargs) -> Iterator[IntegrationAsset]:
+        """
+        Fetches assets from the processed json files
+
+        :yields: Iterator[IntegrationAsset]
+        """
+        if assets := self.fetch_assets(**kwargs):
+            for asset in assets:
+                yield asset
+
+    def create_vuln(self, *args, **kwargs) -> Iterator[IntegrationFinding]:
+        """
+        Fetches findings from the processed json files
+
+        :return: A list of findings
+        :rtype: List[IntegrationFinding]
+        """
+        if findings := self.fetch_findings(**kwargs):
+            for finding in findings:
+                yield finding
+
+    def fetch_findings(self, **_) -> List[IntegrationFinding]:
+        """
+        Fetch findings from Trivy scan data.
+
+        :raises ValidationException: If there is an error fetching/parsing findings
+        :return: List of IntegrationFinding
+        :rtype: List[IntegrationFinding]
+        """
+
+        findings = []
+        try:
+            for item in self.mapping.get_value(self.validater.data, "Results", []):
+                for finding in item.get("Vulnerabilities", []):
+                    findings.append(
+                        IntegrationFinding(
+                            title=finding.get("Title", finding.get("PkgName")),
+                            description=finding.get("Description", "No description available"),
+                            severity=(
+                                self.process_severity(finding.get("Severity"))
+                                if finding.get("Severity")
+                                else IssueSeverity.NotAssigned.value
+                            ),
+                            status=IssueStatus.Open.value,
+                            cvss_v3_score=self.get_cvss_score(finding),
+                            cvss_v3_base_score=self.get_cvss_score(finding),
+                            plugin_name=finding.get("DataSource", {}).get("Name", self.name),
+                            plugin_id=finding.get("DataSource", {}).get("ID", self.name),
+                            asset_identifier=self.identifier,
+                            cve=finding.get("VulnerabilityID"),
+                            first_seen=self.scan_date,
+                            last_seen=self.scan_date,
+                            scan_date=self.scan_date,
+                            category="Software",
+                            control_labels=[],
+                        )
+                    )
+            return findings
+        except Exception:
+            error_message = traceback.format_exc()
+            logger.error(f"Error fetching findings: {error_message}")
+            raise ValidationException(f"Error fetching findings: {error_message}")
+
+    def process_severity(self, severity: str) -> str:
+        """
+        Process the severity of a finding.
+
+        :param str severity: The severity of the finding
+        :return: IssueSeverity corresponding to the severity
+        :rtype: str
+        """
+        from regscale.core.app.application import Application
+
+        app = Application()
+        severity_default = app.config.get("vulnerabilityMappingDefault", IssueSeverity.NotAssigned.value)
+        return self.finding_severity_map.get(severity.upper(), severity_default)
+
+    @staticmethod
+    def process_status(status: str) -> str:
+        """
+        Process the status of a finding.
+
+        :param str status: The status of the finding
+        :return: The corresponding Issue status
+        :rtype: str
+        """
+        if status.lower() == "fixed":
+            return IssueStatus.Closed.value
+        else:
+            return IssueStatus.Open.value
+
+    @staticmethod
+    def get_cvss_score(finding: Dict) -> float:
+        """
+        Get the CVSS score from the finding data.
+
+        :param dict finding: The finding data
+        :return: The CVSS score
+        :rtype: float
+        """
+        value = 0.0
+        if cvs := finding.get("CVSS"):
+            if nvd := cvs.get("nvd"):
+                value = nvd.get("V3Score", 0.0)
+            elif redhat := cvs.get("redhat"):
+                value = redhat.get("V3Score", 0.0)
+        return value
+
+    def fetch_assets(self, **_) -> List[IntegrationAsset]:
+        """
+        Fetch assets from Trivy scan data.
+
+        :raises ValidationException: If there is an error fetching/parsing assets
+        :return: List of IntegrationAsset
+        :rtype: List[IntegrationAsset]
+        """
+        data = self.validater.data
+        assets: List[IntegrationAsset] = []
+        os_data = self.mapping.get_value(data, "Metadata", {}, warnings=False).get("OS", {})
+        try:
+            assets.append(self.parse_asset(asset=data, os_data=os_data))
+            return assets
+        except Exception:
+            error_message = traceback.format_exc()
+            logger.error(f"Error fetching assets: {error_message}")
+            raise ValidationException(f"Error fetching assets: {error_message}")

regscale/models/integration_models/veracode.py

@@ -0,0 +1,217 @@
+from typing import List, Optional
+
+from regscale.core.app.logz import create_logger
+from regscale.core.app.utils.app_utils import get_current_datetime
+from regscale.models import Asset, Vulnerability, Mapping, ImportValidater
+from regscale.models.integration_models.flat_file_importer import FlatFileImporter
+
+APP_NAME = "@app_name"
+VERSION = "@version"
+ACCOUNT_ID = "@account_id"
+
+
+class Veracode(FlatFileImporter):
+    def __init__(self, **kwargs):
+        self.name = kwargs.get("name", "Veracode")
+        logger = create_logger()
+        self.vuln_title = "PROBLEM_TITLE"
+        self.fmt = "%Y-%m-%d"
+        self.dt_format = "%Y-%m-%d %H:%M:%S"
+        csv_headers = [
+            "Source",
+        ]
+        xml_headers = [
+            "app_name",
+        ]
+        self.mapping_file = kwargs.get("mappings_path")
+        self.disable_mapping = kwargs.get("disable_mapping")
+        file_type = kwargs.get("file_type")
+        if file_type == ".xml":
+            self.required_headers = xml_headers
+            xml_tag = "detailedreport"
+        else:
+            self.required_headers = csv_headers
+            xml_tag = None
+        self.validater = ImportValidater(
+            self.required_headers, kwargs.get("file_path"), self.mapping_file, self.disable_mapping, xml_tag=xml_tag
+        )
+        self.headers = self.validater.parsed_headers
+        self.mapping = self.validater.mapping
+        super().__init__(
+            logger=logger,
+            headers=self.headers,
+            asset_func=self.create_asset,
+            vuln_func=self.create_vuln,
+            extra_headers_allowed=False,
+            **kwargs,
+        )
+
+    def create_asset(self, dat: Optional[dict] = None) -> List[Asset]:
+        """
+        Create a RegScale asset from an asset  in the Veracode export file
+
+        :param Optional[dict] dat: The data from the Veracode export file
+        :return: List of RegScale Asset objects
+        :rtype: List[Asset]
+        """
+        version = None
+        # Veracode is a Web Application Security Scanner, so these will be software assets, scanning a
+        # single web application
+        if "detailedreport" in self.mapping.mapping.keys():
+            name = self.mapping.get_value(dat, "detailedreport", {}).get(APP_NAME, "")
+            account_id = self.mapping.get_value(dat, "detailedreport", {}).get(ACCOUNT_ID, "")
+            version = self.mapping.get_value(dat, "detailedreport", {}).get(VERSION, "")
+        else:
+            name = self.mapping.get_value(dat, "Source", "")
+            account_id = str(self.mapping.get_value(dat, "ID", ""))
+        asset = Asset(
+            **{
+                "id": 0,
+                "name": name,
+                "otherTrackingNumber": account_id,
+                "ipAddress": "0.0.0.0",
+                "isPublic": True,
+                "status": "Active (On Network)",
+                "assetCategory": "Software",
+                "bLatestScan": True,
+                "bAuthenticatedScan": True,
+                "scanningTool": self.name,
+                "assetOwnerId": self.config["userId"],
+                "assetType": "Other",
+                "softwareVendor": "Veracode",
+                "softwareName": name,
+                "softwareVersion": version,
+                "systemAdministratorId": self.config["userId"],
+                "parentId": self.attributes.parent_id,
+                "parentModule": self.attributes.parent_module,
+            }
+        )
+        return [asset]
+
+    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> List[Vulnerability]:
+        """
+        Create a RegScale vulnerability from a vulnerability in the Veracode export file
+
+        :param Optional[dict]  dat: The data from the Veracode export file
+        :return: List of RegScale Vulnerability objects
+        :rtype: List[Vulnerability]
+        """
+        import_type = "xml" if isinstance(dat, str) else "csv"
+        # Veracode is a Web Application Security Scanner, so these will be software assets,
+        # scanning a single web application
+        if import_type == "xml":
+            name = self.mapping.get_value(dat, "detailedreport", {}).get(APP_NAME, "")
+            all_sev_data = self.mapping.get_value(dat, "detailedreport", {}).get("severity", [])
+            severity = self.severity_info(all_sev_data)[0] if all_sev_data else "low"
+            if severity_data := self.severity_info(all_sev_data):
+                if isinstance(severity_data, list) and len(severity_data) >= 2:
+                    cwes = [
+                        f"{c.get('cweid')} {c.get('cwename')}" for c in severity_data[1].get("cwe", [])
+                    ]  # Multiple cwes per asset in official XML
+            else:
+                cwes = []
+        else:
+            name = self.mapping.get_value(dat, "Source", "")
+            severity = self.mapping.get_value(dat, "Sev", "").lower()
+            cwes = [self.mapping.get_value(dat, "CWE ID & Name", [])]  # Coalfire should flatten data for asset -> cwes
+
+        return self.process_csv_vulns(name, cwes, severity)
+
+    def process_csv_vulns(self, hostname: str, cwes: List[str], severity: str) -> List[Vulnerability]:
+        """
+        Process the CSV findings from the ECR scan
+
+        :param str hostname: The hostname
+        :param List[str] cwes: The CWEs
+        :param str severity: The severity
+        :return: A list of vulnerabilities
+        :rtype: List[Vulnerability]
+        """
+        vulns = []
+        for cwe in cwes:
+            severity = self.determine_severity(severity)
+            if asset := self.get_asset(hostname):
+                vuln = self.create_vulnerability_object(asset, hostname, cwe, severity, "")
+                vulns.append(vuln)
+        return vulns
+
+    def create_vulnerability_object(
+        self, asset: Asset, hostname: str, cwe: str, severity: str, description: str
+    ) -> Vulnerability:
+        """
+        Create a vulnerability from a row in the Veracode file
+
+        :param Asset asset: The asset
+        :param str hostname: The hostname
+        :param str cwe: The CWE
+        :param str severity: The severity
+        :param str description: The description
+        :return: The vulnerability
+        :rtype: Vulnerability
+        """
+        config = self.attributes.app.config
+
+        return Vulnerability(  # type: ignore
+            id=0,
+            scanId=0,
+            parentId=asset.id,
+            parentModule="assets",
+            ipAddress="0.0.0.0",
+            lastSeen=get_current_datetime(),  # No timestamp on Veracode
+            firstSeen=get_current_datetime(),  # No timestamp on Veracode
+            daysOpen=None,
+            dns=hostname,
+            mitigated=None,
+            operatingSystem=asset.operatingSystem,
+            severity=severity,
+            plugInName=cwe,
+            cve="",
+            tenantsId=0,
+            title=f"{cwe} on asset {asset.name}",
+            description=cwe,
+            plugInText=description,
+            createdById=config["userId"],
+            lastUpdatedById=config["userId"],
+            dateCreated=get_current_datetime(),
+        )
+
+    def get_asset(self, hostname: str) -> Optional[Asset]:
+        """
+        Get the asset from the hostname
+
+        :param str hostname: The hostname
+        :return: The asset, if found
+        :rtype: Optional[Asset]
+        """
+        asset_match = [asset for asset in self.data["assets"] if asset.name == hostname]
+        return asset_match[0] if asset_match else None
+
+    def severity_info(self, severity_list: list) -> Optional[tuple]:
+        """
+        Get the severity level and category of the vulnerability
+
+        :param list severity_list: List of severity levels
+        :return: Severity level and category
+        :rtype: Optional[tuple]
+        """
+        hit = [sev for sev in severity_list if sev.get("category")]
+        if hit:
+            return (self.hit_mapping().get(hit[0].get("level"), "low"), hit[0].get("category"))
+        return None
+
+    @staticmethod
+    def hit_mapping() -> dict:
+        """
+        Mapping of severity levels
+
+        :return: Mapping of severity levels
+        :rtype: dict
+        """
+        return {
+            "5": "critical",
+            "4": "high",
+            "3": "moderate",
+            "2": "low",
+            "1": "low",
+            "0": "info",
+        }

regscale/models/integration_models/xray.py

@@ -0,0 +1,135 @@
+"""
+Nexpose Scan information
+"""
+
+from typing import List, Optional
+
+from regscale.core.app.application import Application
+from regscale.core.app.logz import create_logger
+from regscale.core.app.utils.app_utils import epoch_to_datetime, get_current_datetime
+from regscale.models import ImportValidater, Mapping
+from regscale.models.integration_models.flat_file_importer import FlatFileImporter
+from regscale.models.regscale_models.asset import Asset
+from regscale.models.regscale_models.vulnerability import Vulnerability
+
+
+class XRay(FlatFileImporter):
+    """JFrog Xray Scan information
+
+    :param str name: Name of the scan
+    :param Application app: RegScale Application object
+    :param str file_path: Path to the JSON files
+    :param int regscale_ssp_id: RegScale System Security Plan ID
+    """
+
+    def __init__(self, **kwargs):
+        self.name = kwargs.get("name")
+        regscale_ssp_id = kwargs.get("regscale_ssp_id")
+        self.cvss3_score = "cvss_v3_score"
+        self.vuln_title = "cve"
+        self.required_headers = [
+            "impacted_artifact",
+        ]
+        self.mapping_file = kwargs.get("mappings_path")
+        self.disable_mapping = kwargs.get("disable_mapping")
+        self.validater = ImportValidater(
+            self.required_headers, kwargs.get("file_path"), self.mapping_file, self.disable_mapping
+        )
+        self.headers = self.validater.parsed_headers
+        self.mapping = self.validater.mapping
+        logger = create_logger()
+        super().__init__(
+            logger=logger,
+            app=Application(),
+            headers=None,
+            parent_id=regscale_ssp_id,
+            parent_module="securityplans",
+            asset_func=self.create_asset,
+            vuln_func=self.create_vuln,
+            **kwargs,
+        )
+
+    def create_asset(self, dat: Optional[dict] = None) -> Optional[Asset]:
+        """
+        Create an asset from a row in the Xray JSON file
+
+        :param Optional[dict] dat: Data row from JSON file, defaults to None
+        :return: RegScale Asset object
+        :rtype: Optional[Asset]
+        """
+
+        if asset_name := self.mapping.get_value(dat, "impacted_artifact") if isinstance(dat, dict) else dat:
+            return Asset(
+                **{
+                    "id": 0,
+                    "name": asset_name,
+                    "ipAddress": "0.0.0.0",
+                    "isPublic": True,
+                    "status": "Active (On Network)",
+                    "assetCategory": "Software",
+                    "bLatestScan": True,
+                    "bAuthenticatedScan": True,
+                    "scanningTool": self.name,
+                    "assetOwnerId": self.config["userId"],
+                    "assetType": "Other",
+                    "fqdn": None,
+                    "operatingSystem": "Linux",
+                    "systemAdministratorId": self.config["userId"],
+                    "parentId": self.attributes.parent_id,
+                    "parentModule": self.attributes.parent_module,
+                }
+            )
+        return None
+
+    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> List[Vulnerability]:
+        """
+        Create a vulnerability from a row in the JFrog Xray JSON file
+
+        :param Optional[dict] dat: Data row from JSON file, defaults to None
+        :return: List of RegScale Vulnerability object, if any
+        :rtype: List[Vulnerability]
+        """
+        asset_match = [
+            asset for asset in self.data["assets"] if asset.name == self.mapping.get_value(dat, "impacted_artifact")
+        ]
+        asset = asset_match[0] if asset_match else None
+        vulns = []
+        for vuln in self.mapping.get_value(dat, "cves", []):
+            # CVE IS A VULN, A VULN IS A CVE, Finkle is Einhorn
+            regscale_vuln = None
+            severity = (
+                Vulnerability.determine_cvss3_severity_text(float(vuln[self.cvss3_score]))
+                if vuln.get(self.cvss3_score)
+                else "low"
+            )
+            if asset_match:
+                cves = [c["cve"] for c in self.mapping.get_value(dat, "cves", []) if c.get("cve")]
+                for cve in cves:
+                    regscale_vuln = Vulnerability(
+                        id=0,
+                        scanId=0,  # set later
+                        parentId=asset.id,
+                        parentModule="assets",
+                        ipAddress="0.0.0.0",  # No ip address available
+                        lastSeen=self.scan_date,
+                        firstSeen=epoch_to_datetime(self.create_epoch),
+                        daysOpen=None,
+                        dns=self.mapping.get_value(dat, "impacted_artifact"),
+                        mitigated=None,
+                        operatingSystem="Linux",
+                        severity=severity,
+                        plugInName=self.mapping.get_value(dat, "issue_id", "XRay"),
+                        plugInId=int(self.mapping.get_value(dat, "issue_id", "Xray-0000")[5:]),
+                        cve=cve,
+                        vprScore=None,
+                        tenantsId=0,  # Need a way to figure this out programmatically
+                        title=f"{self.mapping.get_value(dat, 'issue_id', warnings=False) or self.mapping.get_value(dat, 'summary', f'XRay Vulnerability from Import {get_current_datetime()}', warnings=False)} on asset {asset.name}",
+                        description=self.mapping.get_value(dat, "summary"),
+                        plugInText=vuln.get("cve"),
+                        extra_data={
+                            "references": self.mapping.get_value(dat, "references", "None"),
+                            "solution": self.mapping.get_value(dat, "fixed_versions", "None"),
+                        },
+                    )
+                vulns.append(regscale_vuln)
+        return vulns

regscale/models/locking.py

@@ -0,0 +1,100 @@
+"""Class to lock a file to prevent concurrent access to it."""
+
+import os
+import time
+from types import TracebackType
+from typing import Optional, Type
+
+
+class FileLock:
+    """
+    Class to lock a file to prevent concurrent access to it
+
+    :param str lock_file: File to lock, defaults to "results/xdist_lock.txt"
+    :param bool skip_lock: Whether to skip the lock, defaults to False
+    """
+
+    lock_file: str
+    lock_scope: str
+    skip_lock: bool
+
+    def __init__(self, lock_file: str = "results/xdist_lock.txt", skip_lock: bool = False):
+        self.lock_file: str = lock_file
+        self.lock_scope: str = f"{os.getpid()}".ljust(10, ".")
+        self.skip_lock = skip_lock
+        lock_folder = os.path.dirname(self.lock_file)
+        if not os.path.isdir(lock_folder):
+            os.makedirs(lock_folder)
+
+    def __enter__(self) -> "FileLock":
+        """
+        Enter the context manager.
+
+        :return: The FileLock object
+        :rtype: FileLock
+        """
+        if not self.skip_lock:
+            self.acquire_lock()
+        return self
+
+    def __exit__(
+        self, exc_type: Optional[Type[BaseException]], exc_val: Optional[BaseException], exc_tb: Optional[TracebackType]
+    ) -> None:
+        """
+        Exit the context manager.
+
+        :param Optional[Type[BaseException]] exc_type: The exception type
+        :param Optional[BaseException] exc_val: The exception value
+        :param Optional[TracebackType] exc_tb: The traceback
+        :rtype: None
+        """
+        if not self.skip_lock:
+            self.release_lock()
+
+    def lock_contents(self) -> str:
+        """
+        Get the contents of the lock file.
+
+        :return: Contents of the lock file as a string
+        :rtype: str
+        """
+        with open(self.lock_file, "r") as lockfile:
+            contents = lockfile.read()
+        return contents
+
+    def acquire_lock(self) -> None:
+        """
+        Acquire the lock.
+
+        :rtype: None
+        """
+        try:
+            while os.path.isfile(self.lock_file):
+                # Another process is holding the lock. Waiting to acquire...
+                time.sleep(0.1)
+            # Create the lock file with the pid inside
+            with open(self.lock_file, "w") as lockfile:
+                lockfile.write(f"{self.lock_scope}")
+            # Read the lock file to make sure the contents is ours
+            with open(self.lock_file, "r") as lockfile:
+                contents = lockfile.read()
+            # If the contents is not ours, race condition -> back to square one
+            if contents != f"{self.lock_scope}":
+                self.acquire_lock()
+        except Exception:
+            self.acquire_lock()
+
+    def release_lock(self) -> None:
+        """
+        Release the lock.
+
+        :rtype: None
+        """
+        if os.path.isfile(self.lock_file):
+            with open(self.lock_file, "r") as lockfile:
+                scope = str(lockfile.read().strip())
+
+            if scope == str(self.lock_scope):
+                os.remove(self.lock_file)  # Lock released
+            else:
+                pass  # Lock can only be released by {self.lock_scope}