regscale-cli 6.16.3.0__py3-none-any.whl → 6.16.4.0__py3-none-any.whl

regscale/integrations/public/fedramp/ssp_logger.py

@@ -1,11 +1,7 @@
-from regscale.integrations.public.fedramp.reporting import (
-    write_events,
-    log_error,
-    log_event,
-)
-
 import logging
+
 from regscale.core.app.logz import create_logger
+from regscale.integrations.public.fedramp.reporting import log_error, log_event, write_events
 
 
 class CaptureEventsHandler(logging.Handler):
@@ -39,7 +35,6 @@ class SSPLogger:
         return self.logger
 
     def info(self, event_msg: str, record_type: str = "", model_layer: str = ""):
-        self.logger.info(event_msg)
         info = {
             "event_msg": event_msg,
             "record_type": record_type,
@@ -57,7 +52,6 @@ class SSPLogger:
         model_layer: str = "",
         missing_element: str = "",
     ):
-        self.logger.error(event_msg)
         error = {
             "event_msg": event_msg,
             "missing_element": missing_element,
@@ -67,7 +61,6 @@ class SSPLogger:
         self.errors.append(log_error(**error, level="Error"))
 
     def warning(self, event_msg: str, record_type: str = "", model_layer: str = ""):
-        self.logger.warning(event_msg)
         warning = {
             "event_msg": event_msg,
             "record_type": record_type,

regscale/integrations/scanner_integration.py

@@ -2105,7 +2105,7 @@ class ScannerIntegration(ABC):
             parentId=self.plan_id,
             parentModule=regscale_models.SecurityPlan.get_module_string(),
             scanningTool=self.title,
-            scanDate=get_current_datetime(),
+            scanDate=self.scan_date if self.scan_date else get_current_datetime(),
             createdById=self.assessor_id,
             tenantsId=self.tenant_id,
             vLow=0,
@@ -2190,16 +2190,12 @@ class ScannerIntegration(ABC):
             if asset := self.get_asset_by_identifier(finding.asset_identifier):
                 if vulnerability_id := self.handle_vulnerability(finding, asset, scan_history):
                     current_vulnerabilities[asset.id].add(vulnerability_id)
-
-        # Handle failing finding (creates/updates issues) for both checklist and vulnerability cases
-        if finding.status != regscale_models.IssueStatus.Closed:
             self.handle_failing_finding(
                 issue_title=finding.issue_title or finding.title,
                 finding=finding,
             )
-
-        # Update scan history severity counts
-        self.set_severity_count_for_scan(finding.severity, scan_history)
+            # Update scan history severity counts
+            self.set_severity_count_for_scan(finding.severity, scan_history)
 
     def create_vulnerability_from_finding(
         self, finding: IntegrationFinding, asset: regscale_models.Asset, scan_history: regscale_models.ScanHistory
@@ -2581,7 +2577,7 @@ class ScannerIntegration(ABC):
         :rtype: int
         """
         logger.info("Syncing %s findings...", kwargs.get("title", cls.title))
-        instance = cls(plan_id=plan_id)
+        instance = cls(plan_id=plan_id, **kwargs)
         instance.set_keys(**kwargs)
         # If a progress object was passed, use it instead of creating a new one
         instance.finding_progress = kwargs.pop("progress") if "progress" in kwargs else create_progress_object()
@@ -2605,9 +2601,17 @@ class ScannerIntegration(ABC):
             logger.info("All findings have been processed successfully.")
 
         if scan_history := instance._results.get("scan_history"):
+            open_count = scan_history.vCritical + scan_history.vHigh + scan_history.vMedium + scan_history.vLow
+            closed_count = findings_processed - open_count
             logger.info(
-                "Processed %d findings: %d Critical(s), %d High(s), %d Moderate(s), %d Low(s).",
+                "Processed %d total findings. Open vulnerabilities: %d & Closed vulnerabilities: %d",
                 findings_processed,
+                open_count,
+                closed_count,
+            )
+            logger.info(
+                "%d Open vulnerabilities: Critical(s): %d, High(s): %d, Medium(s): %d, Low(s): %d",
+                open_count,
                 scan_history.vCritical,
                 scan_history.vHigh,
                 scan_history.vMedium,
@@ -2805,6 +2809,7 @@ class ScannerIntegration(ABC):
         :return: None
         :rtype: None
         """
+        logger.info(f"Updating scan history with scan_date {self.scan_date}")
         scan_history.scanDate = datetime_str(self.scan_date)
         scan_history.save()
 

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,40 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.03.27",
-    "dateReleased": "2025-03-27T17:55:47.8204Z",
-    "count": 1311,
+    "catalogVersion": "2025.04.03",
+    "dateReleased": "2025-04-03T12:34:57.2906Z",
+    "count": 1313,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-24813",
+            "vendorProject": "Apache",
+            "product": "Tomcat",
+            "vulnerabilityName": "Apache Tomcat Path Equivalence Vulnerability",
+            "dateAdded": "2025-04-01",
+            "shortDescription": "Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-22",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/lists.apache.org\/thread\/j5fkjv2k477os90nczf2v9l61fb0kkgq ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24813",
+            "cwes": [
+                "CWE-44",
+                "CWE-502"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-20439",
+            "vendorProject": "Cisco",
+            "product": "Smart Licensing Utility",
+            "vulnerabilityName": "Cisco Smart Licensing Utility Static Credential Vulnerability",
+            "dateAdded": "2025-03-31",
+            "shortDescription": "Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-21",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-cslu-7gHMzWmw ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-20439",
+            "cwes": [
+                "CWE-912"
+            ]
+        },
         {
             "cveID": "CVE-2025-2783",
             "vendorProject": "Google",
@@ -54,7 +85,7 @@
             "vulnerabilityName": "reviewdog\/action-setup GitHub Action Embedded Malicious Code Vulnerability",
             "dateAdded": "2025-03-24",
             "shortDescription": "reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs.",
-            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "requiredAction": "Apply mitigations as set forth in the CISA instructions linked below. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-04-14",
             "knownRansomwareCampaignUse": "Unknown",
             "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/03\/18\/supply-chain-compromise-third-party-tj-actionschanged-files-cve-2025-30066-and-reviewdogaction ; Additional References: https:\/\/github.com\/reviewdog\/reviewdog\/security\/advisories\/GHSA-qmg3-hpqr-gqvc ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30154",
@@ -114,7 +145,7 @@
             "vulnerabilityName": "tj-actions\/changed-files GitHub Action Embedded Malicious Code Vulnerability",
             "dateAdded": "2025-03-18",
             "shortDescription": "tj-actions\/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens (PATs), npm tokens, and private RSA keys.",
-            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "requiredAction": "Apply mitigations as set forth in the CISA instructions linked below. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-04-08",
             "knownRansomwareCampaignUse": "Unknown",
             "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/03\/18\/supply-chain-compromise-third-party-tj-actionschanged-files-cve-2025-30066-and-reviewdogaction ; Additional References: https:\/\/github.com\/tj-actions\/changed-files\/blob\/45fb12d7a8bedb4da42342e52fe054c6c2c3fd73\/README.md?plain=1#L20-L28 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30066",
@@ -252,7 +283,7 @@
             "shortDescription": "Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.",
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-04-01",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-26633 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-26633",
             "cwes": [
                 "CWE-707"
@@ -7732,7 +7763,7 @@
             "shortDescription": "Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-09-01",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/blog.zimbra.com\/2022\/08\/authentication-bypass-in-mailboximportservlet-vulnerability\/;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-27925",
             "cwes": [
                 "CWE-22"
@@ -7747,7 +7778,7 @@
             "shortDescription": "Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-09-01",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/blog.zimbra.com\/2022\/08\/authentication-bypass-in-mailboximportservlet-vulnerability\/;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-37042",
             "cwes": [
                 "CWE-23"