regscale-cli 6.18.0.0__py3-none-any.whl → 6.19.0.1__py3-none-any.whl

regscale/integrations/commercial/qualys/variables.py

@@ -0,0 +1,21 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""Qualys Integration Variables"""
+
+from regscale.integrations.variables import RsVariablesMeta, RsVariableType
+
+
+class QualysVariables(metaclass=RsVariablesMeta):
+    """
+    Qualys Variables class to define class-level attributes with type annotations and examples
+    """
+
+    # API Connection Settings
+    qualysUserName: RsVariableType(str, "qualys_username")  # type: ignore
+    qualysPassword: RsVariableType(str, "qualys_password", sensitive=True)  # type: ignore
+    qualysUrl: RsVariableType(str, "https://qualysapi.qualys.com", default="https://qualysapi.qualys.com")  # type: ignore
+
+    # Total Cloud Specific Settings
+    totalCloudTagFilter: RsVariableType(str, "tag_name", required=False)  # type: ignore
+    totalCloudIncludeTags: RsVariableType(str, "tag1,tag2,tag3", required=False)  # type: ignore
+    totalCloudExcludeTags: RsVariableType(str, "tag1,tag2,tag3", required=False)  # type: ignore

regscale/integrations/commercial/sicura/api.py

@@ -203,6 +203,7 @@ class SicuraAPI:
     FILTER_TYPE = "filter[type]"
     FILTER_REJECTED = "filter[rejected]"
     FILTER_TASK_ID = "filter[task_id]"
+    csrf_token: Optional[str] = None
 
     def __init__(self):
         """

regscale/integrations/commercial/stigv2/click_commands.py

@@ -7,6 +7,7 @@ RegScale STIG Integration
 import click
 
 from regscale.integrations.commercial.stigv2.stig_integration import StigIntegration
+from regscale.models.app_models.click import NotRequiredIf
 
 
 @click.group(name="stigv2")
@@ -21,7 +22,17 @@ def stigv2():
     type=click.INT,
     help="The ID number from RegScale of the System Security Plan",
     prompt="Enter RegScale System Security Plan ID",
-    required=True,
+    cls=NotRequiredIf,
+    not_required_if=["component_id"],
+)
+@click.option(
+    "-c",
+    "--component_id",
+    type=click.INT,
+    help="The ID number from RegScale of the Component",
+    prompt="Enter RegScale Component ID",
+    cls=NotRequiredIf,
+    not_required_if=["regscale_ssp_id"],
 )
 @click.option(
     "-d",
@@ -31,9 +42,12 @@ def stigv2():
     prompt="Enter STIG directory",
     required=True,
 )
-def sync_findings(regscale_ssp_id, stig_directory):
+def sync_findings(regscale_ssp_id, component_id, stig_directory):
     """Sync GCP Findings to RegScale."""
-    StigIntegration.sync_findings(plan_id=regscale_ssp_id, path=stig_directory)
+    if component_id:
+        StigIntegration.sync_findings(plan_id=component_id, path=stig_directory, is_component=True)
+    else:
+        StigIntegration.sync_findings(plan_id=regscale_ssp_id, path=stig_directory, is_component=False)
 
 
 @stigv2.command(name="sync_assets")
@@ -41,9 +55,18 @@ def sync_findings(regscale_ssp_id, stig_directory):
     "-p",
     "--regscale_ssp_id",
     type=click.INT,
-    help="The ID number from RegScale of the System Security Plan",
-    prompt="Enter RegScale System Security Plan ID",
-    required=True,
+    help="The ID number from RegScale of the System Security Plan to sync assets to.",
+    cls=NotRequiredIf,
+    not_required_if=["component_id"],
+)
+@click.option(
+    "-c",
+    "--component_id",
+    type=click.INT,
+    help="The ID number from RegScale of the Component to sync assets to.",
+    cls=NotRequiredIf,
+    not_required_if=["regscale_ssp_id"],
+    default=None,
 )
 @click.option(
     "-d",
@@ -53,9 +76,14 @@ def sync_findings(regscale_ssp_id, stig_directory):
     prompt="Enter STIG directory",
     required=True,
 )
-def sync_assets(regscale_ssp_id, stig_directory):
+def sync_assets(regscale_ssp_id, component_id, stig_directory):
     """Sync GCP Assets to RegScale."""
-    StigIntegration.sync_assets(plan_id=regscale_ssp_id, path=stig_directory)
+    if component_id:
+        StigIntegration.sync_assets(plan_id=component_id, path=stig_directory, is_component=True)
+    elif regscale_ssp_id:
+        StigIntegration.sync_assets(plan_id=regscale_ssp_id, path=stig_directory, is_component=False)
+    else:
+        raise click.UsageError("Either --regscale_ssp_id or --component_id must be provided.")
 
 
 @stigv2.command(name="process_checklist")

regscale/integrations/commercial/stigv2/stig_integration.py

@@ -4,7 +4,13 @@
 RegScale STIG Integration
 """
 import datetime
-from typing import Iterator, Optional, Generator
+import logging
+from typing import Iterator, Optional, Generator, TYPE_CHECKING
+
+from regscale.core.app.utils.app_utils import error_and_exit
+
+if TYPE_CHECKING:
+    from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
 
 from pathlib import Path
 
@@ -24,6 +30,9 @@ from regscale.integrations.scanner_integration import (
 from regscale.models import regscale_models
 
 
+logger = logging.getLogger("regscale")
+
+
 class StigIntegration(ScannerIntegration):
     options_map_assets_to_components = True
 
@@ -59,10 +68,10 @@ class StigIntegration(ScannerIntegration):
             logger.info(f"Processing '{stig_file}'")
             checklist = parse_checklist(stig_file)
             logger.info(f"Found {len(checklist.stigs[0].vulns)} Vulnerabilities in '{stig_file}'")
+            self.num_findings_to_process += len(checklist.stigs[0].vulns)
             for stig in checklist.stigs:
                 for vuln in stig.vulns:
                     for finding in self.process_vulnerabilities(checklist, vuln, stig):
-                        self.num_findings_to_process += 1
                         yield finding
 
     def process_vulnerabilities(
@@ -149,7 +158,44 @@ class StigIntegration(ScannerIntegration):
                 impact=vuln.potential_impact or "",
             )
 
-    def fetch_assets(self, path: Optional[Path] = None) -> Iterator["IntegrationAsset"]:
+    @staticmethod
+    def get_component_names(checklist: Checklist, component_title: Optional[str] = None) -> list[str]:
+        """
+        Extracts component names from the checklist and STIG.
+
+        :param Checklist checklist: The checklist containing assets to process.
+        :param Optional[str] component_title: The title of the component to filter by, defaults to None
+        :return: A list of component names associated with the STIG.
+        :rtype: list[str]
+        """
+        component_names = []
+        if component_title:
+            component_names.append(component_title)
+        else:
+            for stig in checklist.stigs:
+                component_names.append(stig.component_title)
+        return component_names
+
+    def should_process_asset(
+        self, stig_asset: regscale_models.Asset, is_component: bool, component_names: Optional[list[str]] = None
+    ) -> bool:
+        """
+        Determines if an asset should be processed based on the provided parameters.
+
+        :param Asset stig_asset: The asset to be processed.
+        :param bool is_component: Whether the asset is a component.
+        :param Optional[list[str]] component_names: The list of component names to filter by, defaults to None
+        :return: True if the asset should be processed, False otherwise.
+        :rtype: bool
+        """
+        if not stig_asset.host_name and not stig_asset.host_fqdn:
+            self.log_error(f"Failed to extract asset from {stig_asset}")
+            return False
+        elif is_component and not component_names:
+            return False
+        return True
+
+    def fetch_assets(self, path: Optional[Path] = None, **kwargs) -> Iterator["IntegrationAsset"]:
         """
         Fetches GCP assets using the AssetServiceClient
 
@@ -166,7 +212,14 @@ class StigIntegration(ScannerIntegration):
             raise ValueError("Path to STIG files is required.")
         logger.info("Fetching assets...")
         stig_files = find_stig_files(path)
+        component_title = ""
+        if is_component := kwargs.get("is_component", False):
+            from regscale.validation.record import validate_regscale_object
 
+            if not validate_regscale_object(parent_id=self.plan_id, parent_module="components"):
+                raise error_and_exit("The provided Component ID is not valid.")
+            component = regscale_models.Component.get_object(self.plan_id)
+            component_title = component.title
         self.num_assets_to_process = len(stig_files)
 
         loading_stig_files = self.asset_progress.add_task(
@@ -177,12 +230,9 @@ class StigIntegration(ScannerIntegration):
             logger.info(f"Processing '{stig_file}'")
             checklist = parse_checklist(stig_file)
             for stig_asset in checklist.assets:
-                component_names = []
-                for stig in checklist.stigs:
-                    component_names.append(stig.component_title)
+                component_names = self.get_component_names(checklist, component_title)
 
-                if not stig_asset.host_name and not stig_asset.host_fqdn:
-                    self.log_error(f"Failed to extract asset from {stig_asset}")
+                if not self.should_process_asset(stig_asset, is_component, component_names):
                     continue
 
                 yield IntegrationAsset(
@@ -193,7 +243,11 @@ class StigIntegration(ScannerIntegration):
                     asset_type=stig_asset.asset_type,
                     asset_owner_id=self.assessor_id,
                     parent_id=self.plan_id,
-                    parent_module=regscale_models.SecurityPlan.get_module_slug(),
+                    parent_module=(
+                        regscale_models.Component.get_module_slug()
+                        if kwargs.get("is_component", False)
+                        else regscale_models.SecurityPlan.get_module_slug()
+                    ),
                     asset_category=regscale_models.AssetCategory.Hardware,
                     component_names=component_names,
                     # TODO: Determine correct component type

regscale/integrations/commercial/tenablev2/__init__.py

@@ -0,0 +1,9 @@
+"""
+Tenable integration for RegScale CLI.
+
+This module provides functionality for scanning assets and findings from Tenable.io and Tenable SC.
+"""
+
+from regscale.integrations.commercial.tenablev2.commands import tenable, sync_vulns, sync_jsonl
+
+__all__ = ["tenable", "sync_vulns", "sync_jsonl"]

regscale/integrations/commercial/tenablev2/authenticate.py

@@ -6,6 +6,7 @@ from regscale.integrations.commercial.tenablev2.variables import TenableVariable
 # Delay import of Tenable libraries
 if TYPE_CHECKING:
     from tenable.io import TenableIO  # type: ignore
+    from tenable.sc import TenableSC  # type: ignore
 
 REGSCALE_INC = "RegScale, Inc."
 REGSCALE_CLI = "RegScale CLI"
@@ -13,9 +14,9 @@ REGSCALE_CLI = "RegScale CLI"
 
 def gen_tio() -> "TenableIO":
     """
-    Generate Tenable Object
+    Generate Tenable IO Object
 
-    :return: Tenable client
+    :return: Tenable IO client
     :rtype: "TenableIO"
     """
 
@@ -29,3 +30,23 @@ def gen_tio() -> "TenableIO":
         product=REGSCALE_CLI,
         build=__version__,
     )
+
+
+def gen_tsc() -> "TenableSC":
+    """
+    Generate Tenable SC Object
+
+    :return: Tenable SC client
+    :rtype: "TenableSC"
+    """
+
+    from tenable.sc import TenableSC
+
+    return TenableSC(
+        url=TenableVariables.tenableUrl,
+        access_key=TenableVariables.tenableAccessKey,
+        secret_key=TenableVariables.tenableSecretKey,
+        vendor=REGSCALE_INC,
+        product=REGSCALE_CLI,
+        build=__version__,
+    )