regscale-cli 6.16.3.0__py3-none-any.whl → 6.16.4.0__py3-none-any.whl

regscale/integrations/commercial/trivy/scanner.py

@@ -13,7 +13,7 @@ from pathlib import Path
 
 from regscale.core.app.utils.parser_utils import safe_datetime_str
 from regscale.integrations.jsonl_scanner_integration import JSONLScannerIntegration
-from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding, issue_due_date
 from regscale.models import IssueSeverity, AssetStatus, IssueStatus
 
 logger = logging.getLogger("regscale")
@@ -50,6 +50,9 @@ class TrivyIntegration(JSONLScannerIntegration):
         kwargs["read_files_only"] = True
         kwargs["file_pattern"] = "*.json"
         self.disable_mapping = kwargs["disable_mapping"] = True
+        self.scan_date = kwargs.get("scan_date") if "scan_date" in kwargs else None
+        if self.scan_date:
+            self.scan_date = self.clean_scan_date(self.scan_date)
         super().__init__(*args, **kwargs)
 
     def is_valid_file(self, data: Any, file_path: Union[Path, str]) -> Tuple[bool, Optional[Dict[str, Any]]]:
@@ -167,8 +170,10 @@ class TrivyIntegration(JSONLScannerIntegration):
         :return: IntegrationFinding object
         :rtype: IntegrationFinding
         """
+        created_date = safe_datetime_str(data.get("CreatedAt"))
         # Get scan date from the finding or use current time
-        scan_date = safe_datetime_str(data.get("CreatedAt"))
+        if self.scan_date is None:
+            self.scan_date = created_date
 
         # Process severity
         severity_str = item.get("Severity", "UNKNOWN")
@@ -220,10 +225,10 @@ class TrivyIntegration(JSONLScannerIntegration):
             plugin_id=plugin_id,
             asset_identifier=asset_identifier,
             cve=cve,
-            first_seen=scan_date,
-            last_seen=scan_date,
-            scan_date=scan_date,
-            date_created=scan_date,
+            first_seen=safe_datetime_str(data.get("CreatedAt")),
+            last_seen=self.scan_date,
+            scan_date=self.scan_date,
+            date_created=item.get("CreatedAt"),
             category="Software",
             control_labels=[],
             installed_versions=item.get("InstalledVersion", ""),
@@ -234,6 +239,9 @@ class TrivyIntegration(JSONLScannerIntegration):
             build_version=build_version,
             fixed_versions=item.get("FixedVersion", ""),
             fix_status=item.get("Status", ""),
+            due_date=issue_due_date(
+                severity=severity, created_date=created_date, title="trivy", config=self.app.config
+            ),
         )
 
     @staticmethod

regscale/integrations/commercial/wizv2/click.py

@@ -32,20 +32,17 @@ def authenticate(client_id, client_secret):
 
 
 @wiz.command()
-@click.option(  # type: ignore
+@click.option(
     "--wiz_project_id",
     "-p",
     required=False,
     type=str,
     help="Comma Seperated list of one or more Wiz project ids to pull inventory for.",
 )
-@click.option("--regscale_id", "-i", help="RegScale id to push inventory to in RegScale.")  # type: ignore
-@click.option(  # type: ignore
-    "--regscale_module",
-    "-m",
-    help="Regscale module to push inventory to in RegScale.",
+@regscale_ssp_id(
+    help="RegScale SSP ID to push inventory to in RegScale.",
 )
-@click.option(  # type: ignore
+@click.option(
     "--client_id",
     "-ci",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
@@ -53,7 +50,7 @@ def authenticate(client_id, client_secret):
     hide_input=False,
     required=False,
 )
-@click.option(  # type: ignore
+@click.option(
     "--client_secret",
     "-cs",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
@@ -61,7 +58,7 @@ def authenticate(client_id, client_secret):
     hide_input=False,
     required=False,
 )
-@click.option(  # type: ignore
+@click.option(
     "--filter_by_override",
     "-f",
     default=None,
@@ -71,22 +68,12 @@ def authenticate(client_id, client_secret):
     IE: --filter_by='{projectId: ["1234"], type: ["VIRTUAL_MACHINE"], subscriptionExternalId: ["1234"],
          providerUniqueId: ["1234"], updatedAt: {after: "2023-06-14T14:07:06Z"}, search: "test-7"}' """,
 )
-@click.option(  # type: ignore
-    "--full_inventory",
-    "-fi",
-    is_flag=True,
-    help="Pull full inventory list. this disregards the last pull date.",
-    required=False,
-    default=False,
-)
 def inventory(
     wiz_project_id: str,
-    regscale_id: int,
-    regscale_module: str,
+    regscale_ssp_id: int,
     client_id: str,
     client_secret: str,
     filter_by_override: Optional[str] = None,
-    full_inventory: bool = False,
 ) -> None:
     """Process inventory from Wiz and create assets in RegScale."""
     from regscale.integrations.commercial.wizv2.scanner import WizVulnerabilityIntegration
@@ -96,9 +83,9 @@ def inventory(
     if not client_id:
         client_id = WizVariables.wizClientId
 
-    scanner = WizVulnerabilityIntegration(plan_id=regscale_id)
+    scanner = WizVulnerabilityIntegration(plan_id=regscale_ssp_id)
     scanner.sync_assets(
-        plan_id=regscale_id,
+        plan_id=regscale_ssp_id,
         filter_by_override=filter_by_override or WizVariables.wizInventoryFilterBy,  # type: ignore
         client_id=client_id,  # type: ignore
         client_secret=client_secret,  # type: ignore
@@ -106,38 +93,30 @@ def inventory(
     )
 
 
-@wiz.command()  # type: ignore
-@click.option(  # type: ignore
+@wiz.command()
+@click.option(
     "--wiz_project_id",
     "-p",
     prompt="Enter the project ID for Wiz",
     default=None,
     required=False,
 )
-@regscale_id(help="RegScale will create and update issues as children of this record.")
-@click.option(  # type: ignore
-    "--regscale_module",
-    "-m",
-    type=click.STRING,  # type: ignore
-    help="Enter the RegScale module name. Default is 'securityplans'",
-    default="securityplans",
-    required=False,
-)
-@click.option(  # type: ignore
+@regscale_ssp_id(help="RegScale will create and update issues as children of this record.")
+@click.option(
     "--client_id",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
     default="",
     hide_input=False,
     required=False,
 )
-@click.option(  # type: ignore
+@click.option(
     "--client_secret",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
     default="",
     hide_input=True,
     required=False,
 )
-@click.option(  # type: ignore
+@click.option(
     "--filter_by_override",
     "-f",
     default=None,
@@ -152,7 +131,6 @@ def issues(
     regscale_id: int,
     client_id: str,
     client_secret: str,
-    regscale_module: str = "securityplans",
     filter_by_override: Optional[str] = None,
 ) -> None:
     """

regscale/integrations/jsonl_scanner_integration.py

@@ -8,14 +8,18 @@ import logging
 import os
 import shutil
 import tempfile
+import traceback
+from datetime import datetime, time
 from typing import Any, Dict, Iterator, Optional, Union, Tuple, TypeVar, Type, List
 
 import boto3
 from pathlib import Path
 
+from regscale.core.app.utils.app_utils import get_current_datetime
 from regscale.core.app.utils.file_utils import is_s3_path, read_file, find_files, download_from_s3
 from regscale.exceptions import ValidationException
 from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding, ScannerIntegration
+from regscale.models import regscale_models
 from regscale.models.app_models.mapping import Mapping
 
 logger = logging.getLogger("regscale")
@@ -43,33 +47,36 @@ class JSONLScannerIntegration(ScannerIntegration):
     # Constants for file paths - subclasses should override these
     ASSETS_FILE = "./artifacts/assets.jsonl"
     FINDINGS_FILE = "./artifacts/findings.jsonl"
+    DT_FORMAT = "%Y-%m-%d"
 
     def __init__(self, *args, **kwargs):
         """
         Initialize the JSONLScannerIntegration.
         """
+        logger.info("Initializing JSONLScannerIntegration")
+        self.plan_id = kwargs.get("plan_id", None)
+        # plan_id is required for all integrations
+        super().__init__(**kwargs)
         # Extract S3-related kwargs
-        self.s3_bucket = kwargs.pop("s3_bucket", None)
-        self.s3_prefix = kwargs.pop("s3_prefix", "")
-        self.aws_profile = kwargs.pop("aws_profile", "default")
+        self.s3_bucket = kwargs.get("s3_bucket", None)
+        self.s3_prefix = kwargs.get("s3_prefix", "")
+        self.aws_profile = kwargs.get("aws_profile", "default")
 
-        self.plan_id = kwargs.pop("plan_id", None)
-        self.file_path = kwargs.pop("file_path", None)
+        self.file_path = kwargs.get("file_path", None)
         self.empty_files: bool = True
-        self.scan_date = kwargs.pop("scan_date", None)
-        self.download_destination = kwargs.pop("destination", None)
-        self.file_pattern = kwargs.pop("file_pattern", "*.json")
-        self.read_files_only = kwargs.pop("read_files_only", False)
+        self.download_destination = kwargs.get("destination", None)
+        self.file_pattern = kwargs.get("file_pattern", "*.json")
+        self.read_files_only = kwargs.get("read_files_only", False)
 
         # Extract mapping-related kwargs
-        self.disable_mapping = kwargs.pop("disable_mapping", False)
-        self.mapping_path = kwargs.pop("mapping_path", f"./mappings/{self.__class__.__name__.lower()}/mapping.json")
-        self.required_asset_fields = kwargs.pop("required_asset_fields", ["identifier", "name"])
-        self.required_finding_fields = kwargs.pop("required_finding_fields", ["asset_identifier", "title", "severity"])
+        self.disable_mapping = kwargs.get("disable_mapping", False)
+        self.mapping_path = kwargs.get("mapping_path", f"./mappings/{self.__class__.__name__.lower()}/mapping.json")
+        self.required_asset_fields = kwargs.get("required_asset_fields", ["identifier", "name"])
+        self.required_finding_fields = kwargs.get("required_finding_fields", ["asset_identifier", "title", "severity"])
         self.mapping = self._load_mapping() if not self.disable_mapping else None
 
+        self.set_scan_date(kwargs.get("scan_date", get_current_datetime()))
         # Initialize parent class
-        super().__init__(plan_id=self.plan_id, **kwargs)
 
         self.s3_client = None
         if self.s3_bucket and not self.read_files_only:
@@ -80,6 +87,100 @@ class JSONLScannerIntegration(ScannerIntegration):
                 logger.error(f"Failed to initialize S3 client with profile {self.aws_profile}: {str(e)}")
                 raise ValidationException(f"S3 client initialization failed: {str(e)}")
 
+    def set_scan_date(self, scan_date_input: str):
+        """
+        Set the scan date input.
+
+        :param str scan_date_input: The scan date input (string or datetime)
+        :return: The cleaned scan date in 'YYYY-MM-DD' format
+        :rtype: str
+        """
+
+        self.scan_date: str = self.clean_scan_date(scan_date_input)
+        logger.info(f"Setting scan date input to {self.scan_date}")
+
+    def get_scan_date(self) -> str:
+        """
+        Get the scan date in 'YYYY-MM-DD' format.
+
+        :return: The scan date as a string
+        :rtype: str
+        """
+        if self.scan_date:
+            return self.clean_scan_date(self.scan_date)
+        return get_current_datetime()
+
+    def create_scan_history(self) -> "regscale_models.ScanHistory":
+        """
+        Creates a new ScanHistory object for the current scan, using self.scan_date if available.
+
+        :param str scan_date: The date of the scan in 'YYYY-MM-DD' format
+        :return: A newly created ScanHistory object
+        :rtype: regscale_models.ScanHistory
+        """
+        scan_date = self.get_scan_date()
+        logger.info(f"Creating ScanHistory with scan_date: {scan_date}")
+        scan_history = regscale_models.ScanHistory(
+            parentId=self.plan_id,
+            parentModule=regscale_models.SecurityPlan.get_module_string(),
+            scanningTool=self.title,
+            scanDate=scan_date,
+            createdById=self.assessor_id,
+            tenantsId=self.tenant_id,
+            vLow=0,
+            vMedium=0,
+            vHigh=0,
+            vCritical=0,
+        ).create()
+
+        count = 0
+        regscale_models.ScanHistory.delete_object_cache(scan_history)
+        while not regscale_models.ScanHistory.get_object(object_id=scan_history.id) and count < 10:
+            logger.info("Waiting for ScanHistory to be created...")
+            time.sleep(1)
+            count += 1
+            regscale_models.ScanHistory.delete_object_cache(scan_history)
+        return scan_history
+
+    @staticmethod
+    def clean_scan_date(date_input: Optional[Union[str, datetime]]) -> Optional[str]:
+        """
+        Convert a date (string or datetime object) to a JSON-serializable string.
+
+        Args:
+            date_input: A date as a string (e.g., '2025-02-01') or datetime object, or None.
+
+        Returns:
+            A string in 'YYYY-MM-DD' format if date_input is valid, otherwise None.
+
+        Examples:
+            >>> to_json_date('2025-02-01')
+            '2025-02-01'
+            >>> to_json_date(datetime(2025, 2, 1))
+            '2025-02-01'
+            >>> to_json_date(None)
+            None
+        """
+        if date_input is None:
+            return None
+        if isinstance(date_input, datetime):
+            return date_input.strftime("%Y-%m-%d")
+        if isinstance(date_input, str):
+            try:
+                datetime.strptime(date_input, "%Y-%m-%d")
+                return date_input
+            except ValueError:
+                # Try parsing other common formats if needed
+                try:
+                    try:
+                        dt = datetime.strptime(date_input, "%Y-%m-%dT%H:%M:%S")  # e.g., '2025-01-29T00:43:04'
+                    except ValueError:
+                        dt = datetime.strptime(date_input, "%Y-%m-%dT%H:%M:%S%z")  # e.g., '2025-01-29T00:43:51+0000'
+                    return dt.strftime("%Y-%m-%d")
+                except ValueError:
+                    return None
+        return None
+
     def _load_mapping(self) -> Optional[Mapping]:
         """Load the mapping configuration from a JSON file."""
         try:
@@ -435,8 +536,9 @@ class JSONLScannerIntegration(ScannerIntegration):
             logger.info(f"Processing file: {file}")
             self._process_asset(file, data, assets_file, asset_tracker)
             self._process_findings(file, data, findings_file, asset_tracker.existing, finding_tracker)
-        except Exception as e:
-            logger.error(f"Error processing file {file}: {str(e)}")
+        except Exception:
+            error_message = traceback.format_exc()
+            logger.error(f"Error processing file {file}: {str(error_message)}")
 
     def _process_asset(
         self,
@@ -723,6 +825,7 @@ class JSONLScannerIntegration(ScannerIntegration):
             file_path=file_path,
             use_jsonl_file=True,
             asset_count=total_assets,
+            scan_date=self.scan_date,
         )
 
         logger.info("Syncing %d findings to RegScale", total_findings)
@@ -731,6 +834,7 @@ class JSONLScannerIntegration(ScannerIntegration):
             file_path=file_path,
             use_jsonl_file=True,
             finding_count=total_findings,
+            scan_date=self.scan_date,
         )
 
         logger.info("Assets and findings sync complete")

regscale/integrations/public/fedramp/click.py

@@ -3,7 +3,7 @@
 """standard python imports"""
 import glob
 import logging
-from datetime import datetime, date
+from datetime import date, datetime
 from typing import Literal, Optional
 
 import click
@@ -432,11 +432,11 @@ def import_drf(file_path: click.Path, regscale_id: int, regscale_module: str) ->
     required=True,
 )
 @click.option(
-    "--regscale_ssp_id",
-    "-i",
+    "--profile_id",
+    "-p",
     type=click.INT,
-    help="The ID number from RegScale of the System Security Plan.",
-    prompt="Enter RegScale System Security Plan ID",
+    help="The ID number from RegScale of the Profile.  (This will generate the control implementations for a new Security Plan)",
+    prompt="Enter RegScale Profile ID",
     required=True,
 )
 @click.option(
@@ -459,11 +459,11 @@ def import_ciscrm(
     version: str,
     cis_sheet_name: str,
     crm_sheet_name: Optional[click.STRING],
-    regscale_ssp_id: int,
+    profile_id: int,
     leveraged_auth_id: int = 0,
 ):
     """
-    [BETA] Import FedRAMP Rev5 CIS/CRM Workbook into a RegScale System Security Plan.
+    [BETA] Import FedRAMP Rev5 CIS/CRM Workbook into a new RegScale System Security Plan.
     """
 
     from regscale.integrations.public.fedramp.fedramp_cis_crm import parse_and_import_ciscrm
@@ -474,6 +474,6 @@ def import_ciscrm(
         version=version_literal,  # type: ignore
         cis_sheet_name=cis_sheet_name,
         crm_sheet_name=crm_sheet_name,
-        regscale_ssp_id=regscale_ssp_id,
+        profile_id=profile_id,
         leveraged_auth_id=leveraged_auth_id,
     )