regscale-cli 6.16.0.0__py3-none-any.whl

regscale/integrations/commercial/sap/click.py

@@ -0,0 +1,31 @@
+"""
+This module contains the Click command group for SAP.
+"""
+
+import logging
+
+import click
+
+logger = logging.getLogger("regscale")
+
+
+@click.group()
+def sap():
+    """
+    SAP Integration
+    """
+
+
+@sap.group(help="SAP Concur")
+def concur():
+    """Performs actions on the SAP Concur API."""
+
+
+@concur.group(help="SAP Sysdig")
+def sysdig():
+    """Performs actions on the SysDig Concur export."""
+
+
+@concur.group(help="Synchronize data from Tenable.")
+def tenable():
+    """Performs actions on a Tenable Concur export."""

regscale/integrations/commercial/sap/sysdig/click.py

@@ -0,0 +1,57 @@
+"""
+This module contains the Click command group for SAP.
+"""
+
+import logging
+
+import click
+
+from regscale.integrations.commercial.sap.click import sysdig
+from regscale.models.app_models.click import regscale_ssp_id
+
+logger = logging.getLogger("regscale")
+
+
+@sysdig.command(name="sync_vulns")
+@regscale_ssp_id()
+@click.option(
+    "--path",
+    type=click.STRING,
+    help="Path to the CSV file containing the SAP Concur data.",
+    required=True,
+)
+@click.option(
+    "--scan_date",
+    type=click.DateTime(formats=["%Y-%m-%d"]),
+    help="The scan date of the file.",
+    required=False,
+)
+def sync_vulns(regscale_ssp_id: int, path: str, scan_date: click.DateTime = None):
+    """
+    Synchronize vulnerabilities from SAP Concur data.
+    """
+    from regscale.integrations.commercial.sap.sysdig.sysdig_scanner import SAPConcurSysDigScanner
+
+    SAPConcurSysDigScanner(plan_id=regscale_ssp_id).sync_findings(
+        plan_id=regscale_ssp_id, path=path, scan_date=scan_date
+    )
+
+
+@sysdig.command(name="sync_assets")
+@regscale_ssp_id()
+@click.option(
+    "--path",
+    type=click.Path(exists=True, file_okay=True, dir_okay=False, readable=True),
+    help="Path to the CSV file containing the SAP Concur data.",
+    required=True,
+)
+def sync_assets(regscale_ssp_id: int, path: str):
+    """
+    Synchronize assets from SAP Concur data.
+
+    :param int regscale_ssp_id: RegScale System Security Plan ID
+    :param str path: Path to the CSV file containing the SAP Concur data
+    """
+    from regscale.integrations.commercial.sap.sysdig.sysdig_scanner import SAPConcurSysDigScanner
+
+    SAPConcurSysDigScanner(plan_id=regscale_ssp_id).sync_assets(plan_id=regscale_ssp_id, path=path)

regscale/integrations/commercial/sap/sysdig/sysdig_scanner.py

@@ -0,0 +1,190 @@
+import csv
+import logging
+from typing import Any, Dict, Iterator, Tuple
+
+from regscale.core.app.utils.app_utils import get_current_datetime
+from regscale.core.app.utils.parser_utils import safe_datetime_str, safe_float
+from regscale.integrations.scanner_integration import (
+    IntegrationAsset,
+    IntegrationFinding,
+    ScannerIntegration,
+    issue_due_date,
+)
+from regscale.integrations.variables import ScannerVariables
+from regscale.models import regscale_models
+
+logger = logging.getLogger("regscale")
+
+
+class SAPConcurSysDigScanner(ScannerIntegration):
+    title = "SAP Concur - SysDig"
+    asset_identifier_field = "name"
+    finding_severity_map = {
+        "critical": regscale_models.IssueSeverity.Critical,
+        "high": regscale_models.IssueSeverity.High,
+        "medium": regscale_models.IssueSeverity.Moderate,
+        "low": regscale_models.IssueSeverity.Low,
+    }
+
+    def parse_assets(self, asset: Dict[str, Any]) -> IntegrationAsset:
+        """
+        Parse a single asset from the vulnerability data.
+
+        :param Dict[str, Any] asset: A dictionary containing the asset data
+        :return: An IntegrationAsset object with parsed data
+        :rtype: IntegrationAsset
+        """
+        name = (
+            asset.get("Image name", None) + ":" + asset.get("Image tag", None)
+            if (asset.get("Image name") and asset.get("Image tag"))
+            else None
+        )
+        return IntegrationAsset(
+            name=name,
+            identifier=name
+            or asset.get("Container name")
+            or asset.get("Cluster name")
+            or asset.get("Pod")
+            or asset.get("Namespace"),
+            asset_type="Other",  # Sysdig primarily concerns itself with containers
+            asset_category=regscale_models.AssetCategory.Hardware,
+            asset_owner_id=ScannerVariables.userId,
+            status="Active (On Network)",
+            mac_address="",
+            fqdn="",
+            ip_address="",
+            operating_system="",
+            aws_identifier="",
+            vlan_id="",
+            location="",
+            software_inventory=[],
+        )
+
+    def fetch_assets(self, *args: Tuple, **kwargs: dict) -> Iterator[IntegrationAsset]:
+        """
+        Fetch assets from a CSV file and yield IntegrationAsset objects.
+
+        :param Tuple args: Variable length argument list
+        :param dict kwargs: Arbitrary keyword arguments
+        :return: An iterator of IntegrationAsset objects
+        :rtype: Iterator[IntegrationAsset]
+        """
+        path: str = kwargs.get("path", "")
+        if not path:
+            raise ValueError("Path is required")
+
+        logger.info(f"Fetching assets from {path}")
+        with open(path, "r", newline="") as csvfile:
+            reader = csv.DictReader(csvfile)
+            for row in reader:
+                yield self.parse_assets(row)
+
+    def fetch_findings(self, *args: Tuple, **kwargs: dict) -> Iterator[IntegrationFinding]:
+        """
+        Fetch findings from a CSV file and yield IntegrationFinding objects.
+
+        :param Tuple args: Variable length argument list
+        :param dict kwargs: Arbitrary keyword arguments
+        :return: An iterator of IntegrationFinding objects
+        :rtype: Iterator[IntegrationFinding]
+        """
+        path: str = kwargs.get("path", "")
+        if not path:
+            raise ValueError("Path is required")
+
+        logger.info(f"Fetching findings from {path}")
+
+        with open(path, "r", newline="") as csvfile:
+            reader = csv.DictReader(csvfile)
+            for row in reader:
+                yield from self.parse_findings(finding=row, kwargs=kwargs)
+
+    def parse_findings(self, finding: Dict[str, Any], **kwargs: dict) -> Iterator[IntegrationFinding]:
+        """
+        Parse a single finding from the vulnerability data.
+
+        :param Dict[str, Any] finding: A dictionary containing the finding data
+        :param dict kwargs: Arbitrary keyword arguments
+        :return: An iterator of IntegrationFinding objects
+        :rtype: Iterator[IntegrationFinding]
+        """
+        severity = self.finding_severity_map.get(finding["Severity"].lower(), regscale_models.IssueSeverity.Low)
+        cves = finding.get("Vulnerability ID", "").split(",") if finding.get("Vulnerability ID") else []
+
+        if not cves:
+            # If there are no CVEs, yield a single finding without CVE information
+            yield self._create_finding(finding=finding, severity=severity, kwargs=kwargs)
+        else:
+            # If there are CVEs, yield a finding for each CVE
+            for cve in cves:
+                yield self._create_finding(finding=finding, severity=severity, cve=cve.strip(), kwargs=kwargs)
+
+    def _create_finding(
+        self, finding: Dict[str, Any], severity: regscale_models.IssueSeverity, cve: str = "", **kwargs: dict
+    ) -> IntegrationFinding:
+        """
+        Create an IntegrationFinding object from the given data.
+
+        :param Dict[str, Any] finding: A dictionary containing the finding data
+        :param regscale_models.IssueSeverity severity: The severity of the finding
+        :param str cve: The CVE number (optional)
+        :return: An IntegrationFinding object
+        :rtype: IntegrationFinding
+        """
+        asset_name = (
+            finding.get("Image name", None) + ":" + finding.get("Image tag", None)
+            if (finding.get("Image name") and finding.get("Image tag"))
+            else None
+        )
+        asset_id = (
+            asset_name
+            or finding.get("Container name")
+            or finding.get("Cluster name")
+            or finding.get("Pod")
+            or finding.get("Namespace")
+        )
+        cve_description = finding.get("Cve description")
+        category = "Sysdig Vulnerability: General"
+        issue_type = "Vulnerability"
+        scan_date = kwargs.get("scan_date", get_current_datetime())
+        return IntegrationFinding(
+            cvss_v3_base_score=safe_float(finding.get("CVSS v3 base score")),
+            cvss_score=safe_float(finding.get("CVSS v2 base score")),
+            control_labels=[],
+            category=category,
+            title=cve or cve_description,
+            issue_title=cve or cve_description,
+            description=cve_description or cve,
+            severity=severity,
+            status=regscale_models.IssueStatus.Open,
+            asset_identifier=asset_id,
+            external_id=finding.get("pluginID", "Unknown"),
+            scan_date=scan_date,
+            first_seen=scan_date,
+            last_seen=scan_date,
+            remediation=finding.get("Vuln link", ""),
+            cve=cve,
+            vulnerability_type=self.title,
+            plugin_id="0",
+            plugin_name=cve or "",
+            ip_address="",
+            dns=cve,
+            issue_type=issue_type,
+            date_created=get_current_datetime(),
+            date_last_updated=get_current_datetime(),
+            gaps="",
+            observations=finding.get("plugin_output", ""),
+            evidence=finding.get("plugin_output", ""),
+            identified_risk=finding.get("risk_factor", ""),
+            impact="",
+            recommendation_for_mitigation=finding.get("Vuln link", ""),
+            rule_id=finding.get("pluginID"),
+            rule_version=finding.get("script_version"),
+            results=finding.get("plugin_output", ""),
+            comments=None,
+            baseline="",
+            poam_comments=None,
+            vulnerable_asset=asset_id,
+            source_rule_id=finding.get("fname"),
+            basis_for_adjustment=None,
+        )

regscale/integrations/commercial/sap/tenable/click.py

@@ -0,0 +1,49 @@
+"""
+This module contains the Click command group for SAP.
+"""
+
+import logging
+
+import click
+
+from regscale.integrations.commercial.sap.click import tenable
+from regscale.models.app_models.click import regscale_ssp_id
+
+logger = logging.getLogger("regscale")
+
+
+@tenable.command(name="sync_vulns")
+@regscale_ssp_id()
+@click.option(
+    "--path",
+    type=click.STRING,
+    help="Path to the CSV file containing the SAP Concur data.",
+    required=True,
+)
+def sync_vulns(regscale_ssp_id: int, path: str):
+    """
+    Synchronize vulnerabilities from SAP Concur Tenable data.
+    """
+    from .scanner import SAPConcurScanner
+
+    SAPConcurScanner(plan_id=regscale_ssp_id).sync_findings(plan_id=regscale_ssp_id, path=path)
+
+
+@tenable.command(name="sync_assets")
+@regscale_ssp_id()
+@click.option(
+    "--path",
+    type=click.Path(exists=True, file_okay=True, dir_okay=False, readable=True),
+    help="Path to the CSV file containing the SAP Concur data.",
+    required=True,
+)
+def sync_assets(regscale_ssp_id: int, path: str):
+    """
+    Synchronize assets from SAP Concur Tenable data.
+
+    :param int regscale_ssp_id: RegScale System Security Plan ID
+    :param str path: Path to the CSV file containing the SAP Concur data
+    """
+    from .scanner import SAPConcurScanner
+
+    SAPConcurScanner(plan_id=regscale_ssp_id).sync_assets(plan_id=regscale_ssp_id, path=path)

regscale/integrations/commercial/sap/tenable/scanner.py

@@ -0,0 +1,196 @@
+import csv
+import logging
+from typing import Any, Dict, Iterator, Tuple
+
+from regscale.core.app.utils.parser_utils import safe_datetime_str, safe_float, safe_int
+from regscale.integrations.scanner_integration import (
+    IntegrationAsset,
+    IntegrationFinding,
+    ScannerIntegration,
+    issue_due_date,
+)
+from regscale.models import regscale_models
+
+logger = logging.getLogger("regscale")
+
+# Constants for repeated literals
+IP_ADDRESS_ANONYMIZED = "IP Address (Anonymized)"
+DNS_NAME = "DNS Name"
+LAST_OBSERVED = "Last Observed"
+CVSS_V3_BASE_SCORE = "CVSS V3 Base Score"
+
+
+class SAPConcurScanner(ScannerIntegration):
+    title = "SAP Concur"
+    asset_identifier_field = "tenableId"
+    finding_severity_map = {
+        "critical": regscale_models.IssueSeverity.Critical,
+        "high": regscale_models.IssueSeverity.High,
+        "medium": regscale_models.IssueSeverity.Moderate,
+        "low": regscale_models.IssueSeverity.Low,
+    }
+
+    def parse_assets(self, asset: Dict[str, Any]) -> IntegrationAsset:
+        """
+        Parse a single asset from the vulnerability data.
+
+        :param Dict[str, Any] asset: A dictionary containing the asset data
+        :return: An IntegrationAsset object with parsed data
+        :rtype: IntegrationAsset
+        """
+        ip_address = asset.get(IP_ADDRESS_ANONYMIZED, "")
+        external_id = asset.get("Host ID") or ip_address  # Use Host ID if available, otherwise use IP address
+
+        return IntegrationAsset(
+            name=asset.get(DNS_NAME) or ip_address,
+            identifier=external_id,
+            asset_type="Server",
+            asset_category="Infrastructure",
+            status="Active (On Network)",
+            date_last_updated=safe_datetime_str(asset.get(LAST_OBSERVED)),
+            ip_address=ip_address,
+            mac_address=asset.get("MAC Address"),
+            fqdn=asset.get(DNS_NAME),
+            component_names=[],
+            external_id=external_id,
+            software_name=asset.get("Plugin Name"),
+            software_version=asset.get("Version"),
+            operating_system=None,
+            os_version=None,
+            source_data=asset,
+            url=None,
+            ports_and_protocols=(
+                [
+                    {
+                        "start_port": safe_int(asset.get("Port")),
+                        "end_port": safe_int(asset.get("Port")),
+                        "protocol": asset.get("Protocol"),
+                    }
+                ]
+                if safe_int(asset.get("Port"))
+                else []
+            ),
+            software_inventory=[],
+            notes=f"NetBIOS Name: {asset.get('NetBIOS Name', '')}, Repository: {asset.get('Repository', '')}",
+        )
+
+    def fetch_assets(self, *args: Tuple, **kwargs: dict) -> Iterator[IntegrationAsset]:
+        """
+        Fetch assets from a CSV file and yield IntegrationAsset objects.
+
+        :param Tuple args: Variable length argument list
+        :param dict kwargs: Arbitrary keyword arguments
+        :return: An iterator of IntegrationAsset objects
+        :rtype: Iterator[IntegrationAsset]
+        """
+        path: str = kwargs.get("path", "")
+        if not path:
+            raise ValueError("Path is required")
+
+        logger.info(f"Fetching assets from {path}")
+        with open(path, "r", newline="") as csvfile:
+            reader = csv.DictReader(csvfile)
+            for row in reader:
+                yield self.parse_assets(row)
+
+    def fetch_findings(self, *args: Tuple, **kwargs: dict) -> Iterator[IntegrationFinding]:
+        """
+        Fetch findings from a CSV file and yield IntegrationFinding objects.
+
+        :param Tuple args: Variable length argument list
+        :param dict kwargs: Arbitrary keyword arguments
+        :return: An iterator of IntegrationFinding objects
+        :rtype: Iterator[IntegrationFinding]
+        """
+        path: str = kwargs.get("path", "")
+        if not path:
+            raise ValueError("Path is required")
+
+        logger.info(f"Fetching findings from {path}")
+
+        with open(path, "r", newline="") as csvfile:
+            reader = csv.DictReader(csvfile)
+            for row in reader:
+                yield from self.parse_findings(row)
+
+    def parse_findings(self, finding: Dict[str, Any]) -> Iterator[IntegrationFinding]:
+        """
+        Parse a single finding from the vulnerability data.
+
+        :param Dict[str, Any] finding: A dictionary containing the finding data
+        :return: An iterator of IntegrationFinding objects
+        :rtype: Iterator[IntegrationFinding]
+        """
+        severity = self.finding_severity_map.get(finding["Severity"].lower(), regscale_models.IssueSeverity.Low)
+        cves = finding.get("CVE", "").split(",") if finding.get("CVE") else []
+
+        if not cves:
+            # If there are no CVEs, yield a single finding without CVE information
+            yield self._create_finding(finding, severity)
+        else:
+            # If there are CVEs, yield a finding for each CVE
+            for cve in cves:
+                yield self._create_finding(finding, severity, cve.strip())
+
+    def _create_finding(
+        self, finding: Dict[str, Any], severity: regscale_models.IssueSeverity, cve: str = ""
+    ) -> IntegrationFinding:
+        """
+        Create an IntegrationFinding object from the given data.
+
+        :param Dict[str, Any] finding: A dictionary containing the finding data
+        :param regscale_models.IssueSeverity severity: The severity of the finding
+        :param str cve: The CVE number (optional)
+        :return: An IntegrationFinding object
+        :rtype: IntegrationFinding
+        """
+        return IntegrationFinding(
+            control_labels=[],
+            title=finding.get("Plugin Name"),
+            category=finding.get("Family", "Unknown"),
+            plugin_name=finding.get("Plugin", ""),
+            severity=severity,
+            description=finding.get("Description", ""),
+            status=regscale_models.IssueStatus.Open,
+            priority=finding.get("Vulnerability Priority Rating", "Medium"),
+            first_seen=safe_datetime_str(finding.get("First Discovered")),
+            last_seen=safe_datetime_str(finding.get(LAST_OBSERVED)),
+            cve=cve,
+            cvss_v3_score=safe_float(finding.get(CVSS_V3_BASE_SCORE)),
+            cvss_v2_score=safe_float(finding.get("CVSS V2 Base Score")),
+            ip_address=finding.get(IP_ADDRESS_ANONYMIZED),
+            plugin_id=finding.get("Plugin"),
+            dns=finding.get(DNS_NAME),
+            issue_title=f"Vulnerability {finding.get('Plugin Name')} found",
+            issue_type="Risk",
+            date_created=safe_datetime_str(finding.get("First Discovered")),
+            date_last_updated=safe_datetime_str(finding.get(LAST_OBSERVED)),
+            due_date=issue_due_date(severity=severity, created_date=safe_datetime_str(finding.get("First Discovered"))),
+            external_id=finding.get("Plugin"),
+            gaps="",
+            observations="",
+            evidence=finding.get("Plugin Output", ""),
+            identified_risk=finding.get("Risk Factor", ""),
+            impact="",
+            recommendation_for_mitigation=finding.get("Steps to Remediate", ""),
+            asset_identifier=finding.get(IP_ADDRESS_ANONYMIZED, ""),
+            comments=None,
+            poam_comments=None,
+            cci_ref=None,
+            rule_id=finding.get("Plugin", ""),
+            rule_version=finding.get("Version", ""),
+            results="",
+            baseline="",
+            vulnerability_number=cve,
+            oval_def="",
+            scan_date=safe_datetime_str(finding.get(LAST_OBSERVED)),
+            rule_id_full="",
+            group_id="",
+            vulnerable_asset=finding.get(IP_ADDRESS_ANONYMIZED, ""),
+            remediation=finding.get("Steps to Remediate", ""),
+            cvss_score=safe_float(finding.get(CVSS_V3_BASE_SCORE) or finding.get("CVSS V2 Base Score")),
+            cvss_v3_base_score=safe_float(finding.get(CVSS_V3_BASE_SCORE)),
+            source_rule_id=finding.get("Plugin", ""),
+            vulnerability_type=finding.get("Family", ""),
+            basis_for_adjustment=None,
+        )