regscale-cli 6.16.4.0__py3-none-any.whl → 6.17.0.0__py3-none-any.whl

regscale/integrations/commercial/tenablev2/scanner.py

@@ -6,9 +6,9 @@ import datetime
 import json
 import linecache
 import logging
+from pathlib import Path
 from typing import Any, Dict, Iterator, List, Optional, Tuple
 
-from pathlib import Path
 from tenable.errors import TioExportsError
 
 from regscale.core.app.utils.app_utils import get_current_datetime

regscale/integrations/scanner_integration.py

@@ -2392,53 +2392,97 @@ class ScannerIntegration(ABC):
         :rtype: int
         """
         if not self.close_outdated_findings:
-            # This should normally be set to True, but on POAM import, we do not want to automatically close issues,
-            # unless the sheet specifies to do so
             logger.info("Skipping closing outdated issues.")
             return 0
 
         closed_count = 0
         affected_control_ids = set()
+        count_lock = threading.Lock()
 
-        # Get all open issues for this security plan
         open_issues = regscale_models.Issue.fetch_issues_by_ssp(
             None, ssp_id=self.plan_id, status=regscale_models.IssueStatus.Open.value
         )
-
-        # Create a progress bar
         task_id = self.finding_progress.add_task(
             f"[cyan]Analyzing {len(open_issues)} issue(s) and closing any outdated issue(s)...", total=len(open_issues)
         )
 
-        for issue in open_issues:
-            if self.should_close_issue(issue, current_vulnerabilities):
-                issue.status = regscale_models.IssueStatus.Closed
-                issue.dateCompleted = get_current_datetime()
-                changes_text = f"{get_current_datetime('%b %d, %Y')} - Closed by {self.title} for having no current vulnerabilities."
-                if issue.changes:
-                    issue.changes += f"\n{changes_text}"
-                else:
-                    issue.changes = changes_text
-                issue.save()
-                closed_count += 1
+        def _process_single_issue(iss: regscale_models.Issue):
+            """
+            Process a single issue and update its status if necessary.
 
-                # Track affected control implementations
-                if issue.controlImplementationIds:
-                    affected_control_ids.update(issue.controlImplementationIds)
+            :param regscale_models.Issue iss: The issue to process
+            """
+            if self.should_close_issue(iss, current_vulnerabilities):
+                self._close_issue(iss, count_lock, affected_control_ids)
+            with count_lock:
+                self.finding_progress.update(task_id, advance=1)
 
-            # Update the progress bar
-            self.finding_progress.update(task_id, advance=1)
+        max_workers = get_thread_workers_max()
+        if max_workers == 1:
+            for issue in open_issues:
+                _process_single_issue(issue)
+        else:
+            self._process_issues_multithreaded(open_issues, _process_single_issue, max_workers)
 
-        # Update status of affected control implementations
         for control_id in affected_control_ids:
             self.update_control_implementation_status_after_close(control_id)
 
-        if closed_count > 0:
+        (
             logger.info("Closed %d outdated issues.", closed_count)
-        else:
-            logger.info("No outdated issues to close.")
+            if closed_count > 0
+            else logger.info("No outdated issues to close.")
+        )
         return closed_count
 
+    def _close_issue(self, issue: regscale_models.Issue, count_lock: threading.Lock, affected_control_ids: set):
+        """
+        Close an issue and update related data.
+
+        :param regscale_models.Issue issue: The issue to close
+        :param threading.Lock count_lock: A lock to synchronize access to shared variables
+        :param set affected_control_ids: A set to store affected control implementation IDs
+        """
+        issue.status = regscale_models.IssueStatus.Closed
+        issue.dateCompleted = get_current_datetime()
+        changes_text = (
+            f"{get_current_datetime('%b %d, %Y')} - Closed by {self.title} for having no current vulnerabilities."
+        )
+        issue.changes = f"{issue.changes}\n{changes_text}" if issue.changes else changes_text
+        issue.save()
+
+        with count_lock:
+            self.closed_count += 1
+            if issue.controlImplementationIds:
+                affected_control_ids.update(issue.controlImplementationIds)
+
+    def _process_issues_multithreaded(self, open_issues: list, process_issue: callable, max_workers: int):
+        """
+        Process issues using multiple threads.
+
+        :param list open_issues: List of open issues to process
+        :param callable process_issue: Function to process an issue
+        :param int max_workers: Maximum number of threads
+        """
+        batch_size = max_workers * 2
+        with ThreadPoolExecutor(max_workers=max_workers) as executor:
+            batch = []
+            futures = []
+
+            for issue in open_issues:
+                batch.append(issue)
+                if len(batch) >= batch_size:
+                    futures.extend([executor.submit(process_issue, issue) for issue in batch])
+                    batch = []
+
+            if batch:
+                futures.extend([executor.submit(process_issue, issue) for issue in batch])
+
+            for future in concurrent.futures.as_completed(futures):
+                try:
+                    future.result()
+                except Exception as exc:
+                    self.log_error("Error processing issue: %s", exc)
+
     def update_control_implementation_status_after_close(self, control_id: int) -> None:
         """
         Updates the status of a control implementation after closing issues.
@@ -2520,6 +2564,8 @@ class ScannerIntegration(ABC):
             scan_history.vHigh += 1
         elif severity == regscale_models.IssueSeverity.Critical:
             scan_history.vCritical += 1
+        else:
+            scan_history.vInfo += 1
 
     @classmethod
     def cci_assessment(cls, plan_id: int) -> None:
@@ -2601,7 +2647,13 @@ class ScannerIntegration(ABC):
             logger.info("All findings have been processed successfully.")
 
         if scan_history := instance._results.get("scan_history"):
-            open_count = scan_history.vCritical + scan_history.vHigh + scan_history.vMedium + scan_history.vLow
+            open_count = (
+                scan_history.vCritical
+                + scan_history.vHigh
+                + scan_history.vMedium
+                + scan_history.vLow
+                + scan_history.vInfo
+            )
             closed_count = findings_processed - open_count
             logger.info(
                 "Processed %d total findings. Open vulnerabilities: %d & Closed vulnerabilities: %d",
@@ -2610,12 +2662,13 @@ class ScannerIntegration(ABC):
                 closed_count,
             )
             logger.info(
-                "%d Open vulnerabilities: Critical(s): %d, High(s): %d, Medium(s): %d, Low(s): %d",
+                "%d Open vulnerabilities: Critical(s): %d, High(s): %d, Medium(s): %d, Low(s): %d, and %d Info(s).",
                 open_count,
                 scan_history.vCritical,
                 scan_history.vHigh,
                 scan_history.vMedium,
                 scan_history.vLow,
+                scan_history.vInfo,
             )
         else:
             logger.info("Processed %d findings.", findings_processed)
@@ -2809,9 +2862,10 @@ class ScannerIntegration(ABC):
         :return: None
         :rtype: None
         """
-        logger.info(f"Updating scan history with scan_date {self.scan_date}")
-        scan_history.scanDate = datetime_str(self.scan_date)
-        scan_history.save()
+        if scan_history.scanDate != datetime_str(self.scan_date):
+            logger.debug("Updating scan history scan date to %s", datetime_str(self.scan_date))
+            scan_history.scanDate = datetime_str(self.scan_date)
+            scan_history.save()
 
     @staticmethod
     def get_date_completed(finding: IntegrationFinding, issue_status: regscale_models.IssueStatus) -> Optional[str]:

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,99 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.04.03",
-    "dateReleased": "2025-04-03T12:34:57.2906Z",
-    "count": 1313,
+    "catalogVersion": "2025.04.11",
+    "dateReleased": "2025-04-11T17:52:01.5722Z",
+    "count": 1319,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2024-53150",
+            "vendorProject": "Linux",
+            "product": "Kernel",
+            "vulnerabilityName": "Linux Kernel Out-of-Bounds Read Vulnerability",
+            "dateAdded": "2025-04-09",
+            "shortDescription": "Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attacker to obtain potentially sensitive information.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-30",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/lore.kernel.org\/linux-cve-announce\/2024122427-CVE-2024-53150-3a7d@gregkh\/ ; https:\/\/source.android.com\/docs\/security\/bulletin\/2025-04-01 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-53150",
+            "cwes": [
+                "CWE-125"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-53197",
+            "vendorProject": "Linux",
+            "product": "Kernel",
+            "vulnerabilityName": "Linux Kernel Out-of-Bounds Access Vulnerability",
+            "dateAdded": "2025-04-09",
+            "shortDescription": "Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate system memory, escalate privileges, or execute arbitrary code.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-30",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/lore.kernel.org\/linux-cve-announce\/2024122725-CVE-2024-53197-6aef@gregkh\/ ; https:\/\/source.android.com\/docs\/security\/bulletin\/2025-04-01 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-53197",
+            "cwes": [
+                "CWE-787"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-29824",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability",
+            "dateAdded": "2025-04-08",
+            "shortDescription": "Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-29",
+            "knownRansomwareCampaignUse": "Known",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-29824 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-29824",
+            "cwes": [
+                "CWE-416"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-30406",
+            "vendorProject": "Gladinet",
+            "product": "CentreStack",
+            "vulnerabilityName": "Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability",
+            "dateAdded": "2025-04-08",
+            "shortDescription": "Gladinet CentreStack contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-29",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/gladinetsupport.s3.us-east-1.amazonaws.com\/gladinet\/securityadvisory-cve-2005.pdf ; https:\/\/www.centrestack.com\/p\/gce_latest_release.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30406",
+            "cwes": [
+                "CWE-321"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-31161",
+            "vendorProject": "CrushFTP",
+            "product": "CrushFTP",
+            "vulnerabilityName": "CrushFTP Authentication Bypass Vulnerability",
+            "dateAdded": "2025-04-07",
+            "shortDescription": "CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise. ",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-04-28",
+            "knownRansomwareCampaignUse": "Known",
+            "notes": "https:\/\/www.crushftp.com\/crush11wiki\/Wiki.jsp?page=Update ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-31161",
+            "cwes": [
+                "CWE-305"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-22457",
+            "vendorProject": "Ivanti",
+            "product": "Connect Secure, Policy Secure and ZTA Gateways",
+            "vulnerabilityName": "Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability",
+            "dateAdded": "2025-04-04",
+            "shortDescription": "Ivanti Connect Secure, Policy Secure and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. ",
+            "requiredAction": "Apply mitigations as set forth in the CISA instructions linked below.",
+            "dueDate": "2025-04-11",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/cisa-mitigation-instructions-cve-2025-22457 ; Additional References: https:\/\/forums.ivanti.com\/s\/article\/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457) ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-22457",
+            "cwes": [
+                "CWE-121"
+            ]
+        },
         {
             "cveID": "CVE-2025-24813",
             "vendorProject": "Apache",
@@ -448,7 +538,7 @@
             "shortDescription": "Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.",
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-03-24",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2018-8639 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-8639",
             "cwes": [
                 "CWE-404"
@@ -1731,7 +1821,7 @@
             "shortDescription": "Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2024-11-12",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-38094 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-38094",
             "cwes": [
                 "CWE-502"
@@ -3104,7 +3194,7 @@
             "shortDescription": "Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2024-06-04",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-30051; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-30051",
             "cwes": [
                 "CWE-122"
@@ -3222,7 +3312,7 @@
             "shortDescription": "Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.",
             "requiredAction": "Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule.",
             "dueDate": "2024-04-19",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/security.paloaltonetworks.com\/CVE-2024-3400 ;   https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-3400",
             "cwes": [
                 "CWE-20",
@@ -4469,10 +4559,10 @@
             "vulnerabilityName": "HTTP\/2 Rapid Reset Attack Vulnerability",
             "dateAdded": "2023-10-10",
             "shortDescription": "HTTP\/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).",
-            "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2023-10-31",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status.   For more information, please see: https:\/\/blog.cloudflare.com\/technical-breakdown-http2-rapid-reset-ddos-attack\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-44487",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: CVE: Common Vulnerabilities and Exposures; https:\/\/blog.cloudflare.com\/technical-breakdown-http2-rapid-reset-ddos-attack\/;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-44487",
             "cwes": [
                 "CWE-400"
             ]
@@ -6709,7 +6799,7 @@
             "shortDescription": "Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2023-01-03",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/www.fortiguard.com\/psirt\/FG-IR-22-398;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-42475",
             "cwes": [
                 "CWE-197"