regscale-cli 6.16.0.0__py3-none-any.whl

regscale/integrations/commercial/wizv2/variables.py

@@ -0,0 +1,39 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""Wiz Variables"""
+
+from regscale.core.app.utils.variables import RsVariableType, RsVariablesMeta
+
+
+class WizVariables(metaclass=RsVariablesMeta):
+    """
+    Wiz Variables class to define class-level attributes with type annotations and examples
+    """
+
+    # Define class-level attributes with type annotations and examples
+    wizFullPullLimitHours: RsVariableType(int, 8)  # type: ignore
+    wizUrl: RsVariableType(str, "https://api.us27.app.wiz.io/graphql", required=False)  # type: ignore
+    wizIssueFilterBy: RsVariableType(
+        str,
+        '{"projectId": ["xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"], "type": ["API_GATEWAY"]}',
+        default={},
+        required=False,
+    )  # type: ignore
+    wizInventoryFilterBy: RsVariableType(
+        str,
+        '{"projectId": ["xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"], "type": ["API_GATEWAY"]}',
+        default="""{"type":
+  [ "API_GATEWAY", "BACKUP_SERVICE", "CDN", "CICD_SERVICE", "CLOUD_LOG_CONFIGURATION",
+  "CLOUD_ORGANIZATION", "CONTAINER", "CONTAINER_IMAGE", "CONTAINER_REGISTRY", "CONTAINER_SERVICE",
+  "CONTROLLER_REVISION", "DATABASE", "DATA_WORKLOAD", "DB_SERVER", "DOMAIN", "EMAIL_SERVICE", "ENCRYPTION_KEY",
+  "FILE_SYSTEM_SERVICE", "FIREWALL", "GATEWAY", "KUBERNETES_CLUSTER", "LOAD_BALANCER",
+  "MANAGED_CERTIFICATE", "MESSAGING_SERVICE", "NAMESPACE", "NETWORK_INTERFACE", "PRIVATE_ENDPOINT",
+  "PRIVATE_LINK", "RAW_ACCESS_POLICY", "REGISTERED_DOMAIN", "RESOURCE_GROUP", "SECRET",
+  "SECRET_CONTAINER", "SERVERLESS", "SERVERLESS_PACKAGE", "SERVICE_ACCOUNT", "SERVICE_CONFIGURATION",
+  "STORAGE_ACCOUNT", "SUBNET", "SUBSCRIPTION", "VIRTUAL_DESKTOP", "VIRTUAL_MACHINE",
+  "VIRTUAL_MACHINE_IMAGE", "VIRTUAL_NETWORK", "VOLUME", "WEB_SERVICE" ] }""",
+    )  # type: ignore
+    wizAccessToken: RsVariableType(str, "", sensitive=True, required=False)  # type: ignore
+    wizClientId: RsVariableType(str, "", sensitive=True)  # type: ignore
+    wizClientSecret: RsVariableType(str, "", sensitive=True)  # type: ignore
+    wizLastInventoryPull: RsVariableType(str, "2022-01-01T00:00:00Z", required=False)  # type: ignore

regscale/integrations/commercial/wizv2/wiz_auth.py

@@ -0,0 +1,159 @@
+"""Wiz Authentication Module"""
+
+from typing import Optional
+
+import requests
+
+from regscale.core.app.api import Api
+from regscale.core.app.logz import create_logger
+from regscale.core.app.utils.app_utils import (
+    error_and_exit,
+    check_license,
+)
+from regscale.integrations.commercial.wizv2.variables import WizVariables
+
+logger = create_logger()
+AUTH0_URLS = [
+    "https://auth.wiz.io/oauth/token",
+    "https://auth0.gov.wiz.io/oauth/token",
+    "https://auth0.test.wiz.io/oauth/token",
+    "https://auth0.demo.wiz.io/oauth/token",
+    "https://auth.gov.wiz.io/oauth/token",
+]
+COGNITO_URLS = [
+    "https://auth.app.wiz.io/oauth/token",
+    "https://auth.test.wiz.io/oauth/token",
+    "https://auth.demo.wiz.io/oauth/token",
+    "https://auth.app.wiz.us/oauth/token",
+]
+
+
+def wiz_authenticate(client_id: Optional[str] = None, client_secret: Optional[str] = None) -> Optional[str]:
+    """
+    Authenticate to Wiz
+
+    :param Optional[str] client_id: Wiz client ID, defaults to None
+    :param Optional[str] client_secret: Wiz client secret, defaults to None
+    :raises ValueError: No Wiz Client ID provided in system environment or CLI command
+    :return: token
+    :rtype: Optional[str]
+    """
+    app = check_license()
+    api = Api()
+    # Login with service account to retrieve a 24hr access token that updates YAML file
+    logger.info("Authenticating - Loading configuration from init.yaml file")
+
+    # load the config from YAML
+    config = app.config
+
+    # get secrets
+    client_id = WizVariables.wizClientId if client_id is None else client_id
+    if not client_id:
+        raise ValueError("No Wiz Client ID provided in system environment or CLI command.")
+    client_secret = WizVariables.wizClientSecret if client_secret is None else client_secret
+    if not client_secret:
+        raise ValueError("No Wiz Client Secret provided in system environment or CLI command.")
+    wiz_auth_url = config.get("wizAuthUrl")
+    if not wiz_auth_url:
+        error_and_exit("No Wiz Authentication URL provided in the init.yaml file.")
+
+    # login and get token
+    logger.info("Attempting to retrieve OAuth token from Wiz.io.")
+    token, scope = get_token(
+        api=api,
+        client_id=client_id,
+        client_secret=client_secret,
+        token_url=wiz_auth_url,
+    )
+
+    # assign values
+
+    config["wizAccessToken"] = token
+    config["wizScope"] = scope
+
+    # write our the result to YAML
+    # write the changes back to file
+    app.save_config(config)
+    return token
+
+
+def get_token(api: Api, client_id: str, client_secret: str, token_url: str) -> tuple[str, str]:
+    """
+    Return Wiz.io token
+
+    :param Api api: api instance
+    :param str client_id: Wiz client ID
+    :param str client_secret: Wiz client secret
+    :param str token_url: token url
+    :return: tuple of token and scope
+    :rtype: tuple[str, str]
+    """
+    app = api.app
+    config = api.config
+    status_code = 500
+    logger.info("Getting a token")
+    response = api.post(
+        url=token_url,
+        headers={"Content-Type": "application/x-www-form-urlencoded"},
+        json=None,
+        data=generate_authentication_params(client_id, client_secret, token_url),
+    )
+    if response.ok:
+        status_code = 200
+    logger.debug(response.reason)
+    # If response is unauthorized, try the first cognito url
+    if response.status_code == requests.codes.unauthorized:
+        try:
+            response = api.post(
+                url=COGNITO_URLS[0],
+                headers={"Content-Type": "application/x-www-form-urlencoded"},
+                json=None,
+                data=generate_authentication_params(client_id, client_secret, COGNITO_URLS[0]),
+            )
+            if response.ok:
+                status_code = 200
+                logger.info(
+                    "Successfully authenticated using the authorization url: %s, now updating init.yaml..",
+                    COGNITO_URLS[0],
+                )
+                config["wizAuthUrl"] = COGNITO_URLS[0]
+                app.save_config(config)
+        except requests.RequestException:
+            error_and_exit(f"Wiz Authentication: {response.reason}")
+    if status_code != requests.codes.ok:
+        error_and_exit(f"Error authenticating to Wiz [{response.status_code}] - {response.text}")
+    response_json = response.json()
+    token = response_json.get("access_token")
+    scope = response_json.get("scope")
+    if not token:
+        error_and_exit(f'Could not retrieve token from Wiz: {response_json.get("message")}')
+    logger.info("SUCCESS: Wiz.io access token successfully retrieved.")
+    return token, scope
+
+
+def generate_authentication_params(client_id: str, client_secret: str, token_url: str) -> dict:
+    """
+    Create the Correct Parameter format based on URL
+
+    :param str client_id: Wiz Client ID
+    :param str client_secret: Wiz Client Secret
+    :param str token_url: Wiz URL
+    :raises Exception: A generic exception if token_url provided is invalid
+    :return: Dictionary containing authentication parameters
+    :rtype: dict
+    """
+    if token_url in AUTH0_URLS:
+        return {
+            "grant_type": "client_credentials",
+            "audience": "beyond-api",
+            "client_id": client_id,
+            "client_secret": client_secret,
+        }
+    if token_url in COGNITO_URLS:
+        return {
+            "grant_type": "client_credentials",
+            "audience": "wiz-api",
+            "client_id": client_id,
+            "client_secret": client_secret,
+        }
+    raise ValueError("Invalid Token URL")

regscale/integrations/commercial/xray.py

@@ -0,0 +1,91 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""xray RegScale integration"""
+from datetime import datetime
+from os import PathLike
+from typing import Optional
+
+import click
+from pathlib import Path
+
+from regscale.models.integration_models.flat_file_importer import FlatFileImporter
+from regscale.models.integration_models.xray import XRay
+
+
+@click.group()
+def xray():
+    """Performs actions on xray files."""
+
+
+@xray.command(name="import_xray")
+@FlatFileImporter.common_scanner_options(
+    message="File path to the folder containing JFrog XRay .json files to process to RegScale.",
+    prompt="File path for JFrog XRay files",
+    import_name="xray",
+)
+def import_xray(
+    folder_path: PathLike[str],
+    regscale_ssp_id: int,
+    scan_date: datetime,
+    mappings_path: Path,
+    disable_mapping: bool,
+    s3_bucket: str,
+    s3_prefix: str,
+    aws_profile: str,
+    upload_file: bool,
+) -> None:
+    """
+    Import JFrog XRay scans, vulnerabilities and assets to RegScale from XRay .json files
+    """
+    import_xray_files(
+        folder_path=folder_path,
+        regscale_ssp_id=regscale_ssp_id,
+        scan_date=scan_date,
+        mappings_path=mappings_path,
+        disable_mapping=disable_mapping,
+        s3_bucket=s3_bucket,
+        s3_prefix=s3_prefix,
+        aws_profile=aws_profile,
+        upload_file=upload_file,
+    )
+
+
+def import_xray_files(
+    folder_path: PathLike[str],
+    regscale_ssp_id: int,
+    scan_date: datetime,
+    mappings_path: Path,
+    disable_mapping: bool,
+    s3_bucket: str,
+    s3_prefix: str,
+    aws_profile: str,
+    upload_file: Optional[bool] = True,
+) -> None:
+    """
+    Function to import XRay files to RegScale as assets and vulnerabilities
+
+    :param PathLike[str] folder_path: Path to the folder containing XRay files
+    :param int regscale_ssp_id: RegScale SSP ID
+    :param datetime scan_date: Scan date
+    :param Path mappings_path: Path to the header mapping file
+    :param bool disable_mapping: Disable mapping
+    :param str s3_bucket: S3 bucket to download the files from
+    :param str s3_prefix: S3 prefix to download the files from
+    :param str aws_profile: AWS profile to use for S3 access
+    :param Optional[bool] upload_file: Whether to upload the file to RegScale after processing, default: True
+    :rtype: None
+    """
+    FlatFileImporter.import_files(
+        import_type=XRay,
+        import_name="XRay",
+        file_types=".json",
+        folder_path=folder_path,
+        regscale_ssp_id=regscale_ssp_id,
+        scan_date=scan_date,
+        mappings_path=mappings_path,
+        disable_mapping=disable_mapping,
+        s3_bucket=s3_bucket,
+        s3_prefix=s3_prefix,
+        aws_profile=aws_profile,
+        upload_file=upload_file,
+    )

regscale/integrations/integration/__init__.py

@@ -0,0 +1,2 @@
+from .integration import Integration
+from .inventory import Inventory

regscale/integrations/integration/integration.py

@@ -0,0 +1,26 @@
+from abc import abstractmethod
+from regscale.core.app.application import Application
+
+
+class Integration(Application):
+    """
+    Base class for all integrations
+    """
+
+    def __init__(self, **kwargs):
+        super().__init__()
+        for key, value in kwargs.items():
+            setattr(self, key, value)
+
+    def __repr__(self):
+        return f"{self.__class__.__name__}"
+
+    def __str__(self):
+        return f"{self.__class__.__name__}"
+
+    @abstractmethod
+    def authenticate(self, **kwargs):
+        """
+        Authenticate to the integration
+        """
+        pass

regscale/integrations/integration/inventory.py

@@ -0,0 +1,17 @@
+from abc import ABC, abstractmethod
+
+
+class Inventory(ABC):
+    def __init__(
+        self,
+        **kwargs,
+    ):
+        for key, value in kwargs.items():
+            setattr(self, key, value)
+
+    @abstractmethod
+    def pull(self):
+        """
+        Pull inventory from an Integration platform into RegScale
+        """
+        pass

regscale/integrations/integration/issue.py

@@ -0,0 +1,100 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+"""
+Integration issue module
+"""
+from abc import ABC, abstractmethod
+from datetime import time
+from time import sleep
+from typing import Callable, Dict, List, Set
+
+from regscale.core.app.application import Application
+from regscale.core.app.utils.app_utils import get_current_datetime
+from regscale.models import Issue, Vulnerability
+
+
+class IntegrationIssue(ABC):
+    """
+    Integration issue class
+    """
+
+    # TOMOO This needs to be refactored to use ScannerIntegration.
+    # ScannerIntegration will have to be refactored to handle missing field mappings
+
+    def __init__(
+        self,
+        **kwargs,
+    ):
+        for key, value in kwargs.items():
+            setattr(self, key, value)
+
+    @abstractmethod
+    def pull(self):
+        """
+        Pull inventory from an Integration platform into RegScale
+        """
+
+    def create_issues(
+        self,
+        issues: list[Issue],
+    ):
+        """
+        Create issues in RegScale
+
+        :param list[Issue] issues: list of issues to create
+        """
+        Issue.batch_create(items=issues)
+
+    @staticmethod
+    def create_or_update_issues(
+        issues: list[Issue],
+        parent_id: int,
+        parent_module: str,
+    ):
+        """
+        Create issues in RegScale
+
+        :param list[Issue] issues: list of issues to create or update
+        :param int parent_id: parent id
+        :param str parent_module: parent module
+        """
+        existing_issues: List[Issue] = Issue.get_all_by_parent(parent_id=parent_id, parent_module=parent_module)
+        # otherIdentifier is the real key with coalfire/fedramp
+        insert_issues = [
+            item for item in issues if item.otherIdentifier not in {iss.otherIdentifier for iss in existing_issues}
+        ]
+        update_issues: List[Issue] = []
+        for issue in issues:
+            if issue.otherIdentifier in {iss.otherIdentifier for iss in existing_issues}:
+                # get index of the issue
+                issue.id = [iss for iss in existing_issues if iss.otherIdentifier == issue.otherIdentifier].pop().id
+                # update the update_issues list
+                update_issues.append(issue)
+        if insert_issues:
+            Issue.batch_create(items=insert_issues)
+        if update_issues:
+            Issue.batch_update(items=list(update_issues))
+
+    @staticmethod
+    def close_issues(issue_vuln_map: Dict[int, Dict[int, List[Vulnerability]]]) -> None:
+        """
+        Close issues in RegScale based on the newest vulnerabilities
+
+        :param Dict[int, Dict[int, List[Vulnerability]]] issue_vuln_map: map of issues to
+            vulnerabilities by way of assets!
+        """
+
+        update_issues: List[Issue] = []
+        for key in issue_vuln_map.keys():
+            # close existing_issues in RegScale if they are no longer relevant
+            for asset_key in issue_vuln_map[key].keys():
+                vulns = issue_vuln_map[key][asset_key]
+                if not [vuln for vuln in vulns if str(vuln.severity or "").lower() in ["moderate", "high", "critical"]]:
+                    # Close issue
+                    update_issue = Issue.get_object(object_id=key)
+                    if update_issue:
+                        update_issue.status = "Closed"
+                        update_issue.dateCompleted = get_current_datetime()
+                        update_issues.append(update_issue)
+        if update_issues:
+            Issue.batch_update(items=update_issues)

regscale/integrations/integration_override.py

@@ -0,0 +1,149 @@
+"""
+A simple singleton class that loads custom integration mappings, if available
+"""
+
+from regscale.core.app.application import Application
+
+# pylint: disable=C0415
+
+
+class IntegrationOverride:
+    """
+    Custom Mapping class for findings
+    """
+
+    from threading import Lock
+    from typing import Any, Optional
+
+    _instance = None
+    _lock = Lock()  # Ensures thread safety for singleton instance creation
+
+    def __new__(cls, *args, **kwargs):
+        if not cls._instance:
+            with cls._lock:
+                if not cls._instance:  # Double-checked locking
+                    cls._instance = super(IntegrationOverride, cls).__new__(cls)
+        return cls._instance
+
+    def __init__(self, app):
+        from rich.console import Console
+
+        config = app.config
+        self.app = app
+        self.mapping = self._get_mapping(config)
+        if not hasattr(self, "_initialized"):
+            self.console = Console()
+            self._log_mappings()
+            self._initialized = True
+
+    def _log_mappings(self):
+        """
+        Notify the user that overrides are found
+        """
+        from rich.table import Table
+
+        table = Table(title="Custom Integration Mappings", show_header=True, header_style="bold magenta")
+        table.add_column("Integration", width=12, style="cyan")
+        table.add_column("Field", width=12, style="orange3")  # Ensure this color is supported
+        table.add_column("Mapped Value", width=20, style="red")
+
+        for integration, fields in self.mapping.items():
+            for field, value in fields.items():
+                if value != "default":
+                    table.add_row(integration, field, value)
+
+        if table.row_count > 0:
+            self.console.print(table)
+
+    def _get_mapping(self, config: dict) -> dict:
+        """
+        Loads the mapping configuration from the application config.
+
+        :param dict config: The application configuration
+        :return: The mapping configuration
+        :rtype: dict
+        """
+        return config.get("findingFromMapping", {})
+
+    def load(self, integration: Optional[str], field_name: Optional[str]) -> Optional[str]:
+        """
+        Retrieves the mapped field name for a given integration and field name.
+
+        :param Optional[str] integration: The integration name
+        :param Optional[str] field_name: The field name
+        :return: The mapped field name
+        :rtype: Optional[str]
+        """
+        if integration and self.mapping_exists(integration, field_name):
+            integration_map = self.mapping.get(integration.lower(), {})
+            return integration_map.get(field_name.lower())
+        return None
+
+    def mapping_exists(self, integration: str, field_name: str) -> bool:
+        """
+        Checks if a mapping exists for a given integration and field name.
+
+        :param str integration: The integration name
+        :param str field_name: The field name
+        :return: Whether the mapping exists
+        :rtype: bool
+        """
+        the_map = self.mapping.get(integration.lower())
+        return the_map and field_name.lower() in the_map and the_map.get(field_name.lower()) != "default"
+
+    def field_map_validation(self, obj: Any, model_type: str) -> Optional[str]:
+        """
+        Validate a field mapping between a RegScale object/dictionary and dataset.
+
+        :param Any obj: The object to validate
+        :param str model_type: The model type, ie. asset, issue, etc.
+        :return: The validated field
+        :rtype: Optional[str]
+        """
+        match = None
+        try:
+            unique_override = self.app.config.get("uniqueOverride", {}).get(model_type, [])
+            if not unique_override:
+                return match
+
+            regscale_field = unique_override[0]
+            if not regscale_field:
+                return match
+
+            regscale_to_obj_mapping = {
+                # Tenable SC -> RegScale object -> RegScale field
+                "tenableasset": {
+                    "asset": {
+                        "ipAddress": "ip",
+                        "name": "dnsName",
+                        "dns": "dnsName",
+                        "fqdn": "dnsName",
+                    }
+                },
+                # dict key -> RegScale object -> RegScale field.  This could grow to be quite large.
+                "dict": {
+                    "asset": {
+                        "ipAddress": "ipv4",
+                        "name": "fqdn",
+                        "dns": "fqdn",
+                        "fqdn": "fqdn",
+                    }
+                },
+            }
+            # The type an associated fields we are able to override. Limited for now.
+            supported_fields = {"asset": {"ipAddress", "name", "fqdn", "dns"}}
+            if regscale_field not in supported_fields.get(model_type.lower(), set()):
+                return match
+
+            model = obj.__class__.__name__.lower()
+            mapped_field = regscale_to_obj_mapping.get(model, {}).get(model_type, {}).get(regscale_field)
+            if not mapped_field:
+                return match
+
+            if isinstance(obj, dict):
+                match = obj.get(mapped_field)
+            elif hasattr(obj, mapped_field):
+                match = getattr(obj, mapped_field)
+        except (KeyError, AttributeError, IndexError, TypeError) as e:
+            self.app.logger.warning("Error parsing uniqueOverride: %s", str(e))
+        return match

regscale/integrations/public/__init__.py

@@ -0,0 +1,103 @@
+"""
+Public commands for the RegScale CLI
+"""
+
+import click
+from regscale.core.lazy_group import LazyGroup
+
+
+@click.group(
+    cls=LazyGroup,
+    lazy_subcommands={
+        "import_docx": "regscale.integrations.public.fedramp.click.load_fedramp_docx",
+        "import_oscal": "regscale.integrations.public.fedramp.click.load_fedramp_oscal",
+        "import_ssp_xml": "regscale.integrations.public.fedramp.click.import_fedramp_ssp_xml",
+        "import_appendix_a": "regscale.integrations.public.fedramp.click.load_fedramp_appendix_a",
+        "import_inventory": "regscale.integrations.public.fedramp.click.import_fedramp_inventory",
+        "import_poam": "regscale.integrations.public.fedramp.click.import_fedramp_poam_template",
+        "import_drf": "regscale.integrations.public.fedramp.click.import_drf",
+        "import_cis_crm": "regscale.integrations.public.fedramp.click.import_ciscrm",
+    },
+    name="fedramp",
+)
+def fedramp():
+    """Performs bulk processing of FedRAMP files (Upload trusted data only)."""
+    pass
+
+
+@click.group(
+    cls=LazyGroup,
+    lazy_subcommands={
+        "ingest_pulses": "regscale.integrations.public.otx.ingest_pulses",
+    },
+    name="alienvault",
+)
+def alienvault():
+    """AlienVault OTX Integration to load pulses to RegScale."""
+    pass
+
+
+@click.group(
+    cls=LazyGroup,
+    lazy_subcommands={
+        "ingest_cisa_kev": "regscale.integrations.public.cisa.ingest_cisa_kev",
+        "ingest_cisa_alerts": "regscale.integrations.public.cisa.ingest_cisa_alerts",
+    },
+    name="cisa",
+)
+def cisa():
+    """Performs administrative actions on the RegScale platform."""
+    pass
+
+
+@click.group(
+    cls=LazyGroup,
+    lazy_subcommands={
+        "import": "regscale.integrations.public.criticality_updater.update_control_criticality",
+    },
+    name="criticality_updater",
+)
+def criticality_updater():
+    """
+    Update the criticality of security controls in the catalog.
+    """
+
+
+@click.group(
+    cls=LazyGroup,
+    lazy_subcommands={
+        "populate_controls": "regscale.integrations.public.emass.populate_workbook",
+        "import_slcm": "regscale.integrations.public.emass.import_slcm",
+    },
+    name="emass",
+)
+def emass():
+    """Performs bulk processing of eMASS files (Upload trusted data only)."""
+    pass
+
+
+@click.group(
+    cls=LazyGroup,
+    lazy_subcommands={
+        "sort_control_ids": "regscale.integrations.public.nist_catalog.sort_control_ids",
+    },
+    name="nist",
+)
+def nist():
+    """Sort the controls of a catalog in RegScale."""
+    pass
+
+
+@click.group(
+    cls=LazyGroup,
+    lazy_subcommands={
+        "version": "regscale.integrations.public.oscal.version",
+        "component": "regscale.integrations.public.oscal.upload_component",
+        "profile": "regscale.integrations.public.oscal.profile",
+        "catalog": "regscale.integrations.public.oscal.catalog",
+    },
+    name="oscal",
+)
+def oscal():
+    """Performs bulk processing of OSCAL files."""
+    pass