regscale-cli 6.20.1.0__py3-none-any.whl → 6.20.2.0__py3-none-any.whl

regscale/integrations/public/fedramp/fedramp_cis_crm.py

@@ -49,11 +49,14 @@ progress = create_progress_object()
 
 SERVICE_PROVIDER_CORPORATE = "Service Provider Corporate"
 SERVICE_PROVIDER_SYSTEM_SPECIFIC = "Service Provider System Specific"
-SERVICE_PROVIDER_HYBRID = "Service Provider Hybrid"
+SERVICE_PROVIDER_HYBRID = "Service Provider Hybrid (Corporate and System Specific)"
 PROVIDER_SYSTEM_SPECIFIC = "Provider (System Specific)"
-CUSTOMER_PROVIDED = "Provided by Customer"
+CUSTOMER_PROVIDED = "Customer Provided"
 CUSTOMER_CONFIGURED = "Customer Configured"
-CONFIGURED_BY_CUSTOMER = "Configured by Customer"
+PROVIDED_BY_CUSTOMER = "Provided by Customer (Customer System Specific)"
+CONFIGURED_BY_CUSTOMER = "Configured by Customer (Customer System Specific)"
+INHERITED = "Inherited from pre-existing FedRAMP Authorization"
+SHARED = "Shared (Service Provider and Customer Responsibility)"
 NOT_IMPLEMENTED = ControlImplementationStatus.NotImplemented.value
 PARTIALLY_IMPLEMENTED = ControlImplementationStatus.PartiallyImplemented.value
 CONTROL_ID = "Control ID"
@@ -77,10 +80,10 @@ STATUS_MAPPING = {
 
 RESPONSIBILITY_MAP = {
     # Original keys
-    "SERVICE_PROVIDER_CORPORATE": "Provider",
+    SERVICE_PROVIDER_CORPORATE: SERVICE_PROVIDER_CORPORATE,
     SERVICE_PROVIDER_SYSTEM_SPECIFIC: PROVIDER_SYSTEM_SPECIFIC,
     SERVICE_PROVIDER_HYBRID: "Hybrid",
-    CUSTOMER_PROVIDED: "Customer",
+    PROVIDED_BY_CUSTOMER: "Customer",
     CONFIGURED_BY_CUSTOMER: CUSTOMER_CONFIGURED,
     "Shared": "Shared",
     "Inherited": "Inherited",
@@ -241,52 +244,44 @@ def map_implementation_status(control_id: str, cis_data: dict) -> str:
 
 def map_origination(control_id: str, cis_data: dict) -> dict:
     """
-    Function to map the responsibility for a control implementation from the CRM worksheet
-
-    :param str control_id: RegScale control ID
-    :param dict cis_data: Data from the CRM worksheet
-    :return: The responsibility information in regscale format
-    :rtype: dict
-    """
-    origination_bools = {
-        "bInherited": False,
-        "bServiceProviderCorporate": False,
-        "bServiceProviderSystemSpecific": False,
-        "bServiceProviderHybrid": False,
-        "bConfiguredByCustomer": False,
-        "bProvidedByCustomer": False,
-        "bShared": False,
-        "record_text": "",
+    Map control implementation responsibility from CRM worksheet data.
+
+    :param control_id: RegScale control ID
+    :param cis_data: Data from the CRM worksheet
+    :return: Responsibility information in regscale format
+    """
+    # Define mapping of origination strings to boolean keys
+    origination_mapping = {
+        SERVICE_PROVIDER_CORPORATE: "bServiceProviderCorporate",
+        SERVICE_PROVIDER_SYSTEM_SPECIFIC: "bServiceProviderSystemSpecific",
+        SERVICE_PROVIDER_HYBRID: "bServiceProviderHybrid",
+        PROVIDED_BY_CUSTOMER: "bProvidedByCustomer",
+        CONFIGURED_BY_CUSTOMER: "bConfiguredByCustomer",
+        SHARED: "bShared",
+        INHERITED: "bInherited",
     }
-    cis_records = [
-        value for _, value in cis_data.items() if gen_key(value["regscale_control_id"]).lower() == control_id.lower()
+
+    # Initialize result with all flags set to False
+    result = {key: False for key in origination_mapping.values()}
+    result["record_text"] = ""
+
+    # Find matching CIS records
+    matching_records = [
+        record for record in cis_data.values() if gen_key(record["regscale_control_id"]).lower() == control_id.lower()
     ]
-    for record in cis_records:
-        # Create the implementation objective, and save.
+
+    # Process each matching record
+    for record in matching_records:
         control_origination = record.get("control_origination", "")
-        if SERVICE_PROVIDER_CORPORATE in control_origination:
-            # responsibility = "Provider"
-            origination_bools["bServiceProviderCorporate"] = True
-        if SERVICE_PROVIDER_SYSTEM_SPECIFIC in control_origination:
-            # responsibility = "Provider (System Specific)"
-            origination_bools["bServiceProviderSystemSpecific"] = True
-        if SERVICE_PROVIDER_HYBRID in control_origination:
-            # responsibility = "Hybrid"
-            origination_bools["bServiceProviderHybrid"] = True
-        if CUSTOMER_PROVIDED in control_origination:
-            # responsibility = "Customer"
-            origination_bools["bProvidedByCustomer"] = True
-        if CONFIGURED_BY_CUSTOMER in control_origination:
-            # responsibility = "Customer Configured"
-            origination_bools["bConfiguredByCustomer"] = True
-        if "Shared" in control_origination:
-            # responsibility = "Shared"
-            origination_bools["bShared"] = True
-        if "Inherited" in control_origination:
-            # responsibility = "Inherited"
-            origination_bools["bInherited"] = True
-        origination_bools["record_text"] += control_origination
-    return origination_bools
+
+        # Set flags based on origination string content
+        for origination_str, bool_key in origination_mapping.items():
+            if origination_str in control_origination:
+                result[bool_key] = True
+
+        result["record_text"] += control_origination
+
+    return result
 
 
 def clean_customer_responsibility(value: str):
@@ -331,16 +326,6 @@ def update_imp_objective(
         NOT_IMPLEMENTED: NOT_IMPLEMENTED,
     }
 
-    responsibility_map = {
-        "Provider": SERVICE_PROVIDER_CORPORATE,
-        PROVIDER_SYSTEM_SPECIFIC: SERVICE_PROVIDER_SYSTEM_SPECIFIC,
-        "Customer": "Provided by Customer (Customer System Specific)",
-        "Hybrid": "Service Provider Hybrid (Corporate and System Specific)",
-        CUSTOMER_CONFIGURED: "Configured by Customer (Customer System Specific)",
-        "Shared": "Shared (Service Provider and Customer Responsibility)",
-        "Inherited": "Inherited from pre-existing FedRAMP Authorization",
-    }
-
     cis_record = record.get("cis", {})
     crm_record = record.get("crm", {})
     # There could be multiples, take the first one as regscale will not allow multiples at the objective level.
@@ -349,17 +334,18 @@ def update_imp_objective(
         control_originations[ix] = control_origination.strip()
 
     try:
-        responsibility = RESPONSIBILITY_MAP.get(
-            next(origin for origin in control_originations), SERVICE_PROVIDER_CORPORATE
-        )
+        responsibility = next(origin for origin in control_originations)
+
     except StopIteration:
-        responsibility = SERVICE_PROVIDER_CORPORATE
+        if imp.responsibility:
+            responsibility = imp.responsibility.split(",")[0]  # only one responsiblity allowed here.
+        else:
+            responsibility = SERVICE_PROVIDER_CORPORATE
 
     customer_responsibility = clean_customer_responsibility(
         crm_record.get("specific_inheritance_and_customer_agency_csp_responsibilities")
     )
     existing_pairs = {(obj.objectiveId, obj.implementationId) for obj in existing_imp_obj}
-    responsibility = responsibility_map.get(responsibility, responsibility)
     logger.debug(f"CRM Record: {crm_record}")
     can_be_inherited_from_csp: str = crm_record.get("can_be_inherited_from_csp") or ""
     for objective in objectives:
@@ -452,9 +438,14 @@ def parse_control_details(
     control_imp.bServiceProviderHybrid = origination_bool["bServiceProviderHybrid"]
     control_imp.bConfiguredByCustomer = origination_bool["bConfiguredByCustomer"]
     control_imp.bProvidedByCustomer = origination_bool["bProvidedByCustomer"]
-    # NOTE Dale was concerned with overwriting the responsibility text, so we will only update if empty
-    if not control_imp.responsibility:
-        control_imp.responsibility = get_responsibility(origination_bool)
+    control_imp.responsibility = get_responsibility(origination_bool)
+    logger.debug(f"Control Implementation Responsibility: {control_imp.responsibility}")
+    logger.debug(f"Control Implementation Status: {control_imp.status}")
+    if status == ControlImplementationStatus.Planned:
+        control_imp.stepsToImplement = "PLANNED"
+        control_imp.plannedImplementationDate = get_current_datetime("%Y-%m-%d")
+    if status in [ControlImplementationStatus.Planned, ControlImplementationStatus.NotImplemented]:
+        control_imp.exclusionJustification = "Imported from FedRAMP CIS CRM Workbook"
     if updated_control := control_imp.save():
         logger.debug("Control Implementation #%s updated successfully", control_imp.id)
         return updated_control
@@ -465,29 +456,31 @@ def parse_control_details(
 def get_responsibility(origination_bool: dict) -> str:
     """
     Function to map the responsibility based on origination booleans.
+    Returns comma-separated string of all responsibilities for True booleans.
 
     :param dict origination_bool: Dictionary containing origination booleans
-    :return: Responsibility string
+    :return: Comma-separated responsibility string
     :rtype: str
     """
-    responsibility = ControlImplementationStatus.NA.value
+    responsibilities = []
 
-    if origination_bool["bServiceProviderCorporate"]:
-        responsibility = SERVICE_PROVIDER_CORPORATE
-    if origination_bool["bServiceProviderSystemSpecific"]:
-        responsibility = SERVICE_PROVIDER_SYSTEM_SPECIFIC
-    if origination_bool["bServiceProviderHybrid"]:
-        responsibility = "Service Provider Hybrid"
-    if origination_bool["bProvidedByCustomer"]:
-        responsibility = "Provided by Customer"
-    if origination_bool["bConfiguredByCustomer"]:
-        responsibility = "Configured by Customer (Customer System Specific)"
-    if origination_bool["bInherited"]:
-        responsibility = "Inherited from pre-existing FedRAMP Authorization"
-    if origination_bool["bShared"]:
-        responsibility = "Shared (Service Provider and Customer Responsibility)"
+    if origination_bool.get("bServiceProviderCorporate", False):
+        responsibilities.append(SERVICE_PROVIDER_CORPORATE)
+    if origination_bool.get("bServiceProviderSystemSpecific", False):
+        responsibilities.append(SERVICE_PROVIDER_SYSTEM_SPECIFIC)
+    if origination_bool.get("bServiceProviderHybrid", False):
+        responsibilities.append(SERVICE_PROVIDER_HYBRID)
+    if origination_bool.get("bProvidedByCustomer", False):
+        responsibilities.append(PROVIDED_BY_CUSTOMER)
+    if origination_bool.get("bConfiguredByCustomer", False):
+        responsibilities.append(CONFIGURED_BY_CUSTOMER)
+    if origination_bool.get("bInherited", False):
+        responsibilities.append(INHERITED)
+    if origination_bool.get("bShared", False):
+        responsibilities.append(SHARED)
 
-    return responsibility
+    # Return comma-separated string, or NA if no responsibilities found
+    return ",".join(responsibilities) if responsibilities else ControlImplementationStatus.NA.value
 
 
 def fetch_and_update_imps(
@@ -706,6 +699,7 @@ def process_implementation(
             errors.extend(method_errors)
         if result:
             processed_objectives.append(result)
+    # Update Control Origin at the Implementation Level
     return errors, processed_objectives
 
 
@@ -930,9 +924,9 @@ def parse_cis_worksheet(file_path: click.Path, cis_sheet_name: str) -> dict:
         SERVICE_PROVIDER_SYSTEM_SPECIFIC,
         SERVICE_PROVIDER_HYBRID,
         CONFIGURED_BY_CUSTOMER,
-        CUSTOMER_PROVIDED,
-        "Shared Responsibility",
-        "Inherited Authorization",
+        PROVIDED_BY_CUSTOMER,
+        SHARED,
+        INHERITED,
     ]
 
     # Fill NaN values with an empty string for processing
@@ -973,9 +967,9 @@ def parse_cis_worksheet(file_path: click.Path, cis_sheet_name: str) -> dict:
             SERVICE_PROVIDER_SYSTEM_SPECIFIC,
             SERVICE_PROVIDER_HYBRID,
             CONFIGURED_BY_CUSTOMER,
-            CUSTOMER_PROVIDED,
-            "Shared Responsibility",
-            "Inherited Authorization",
+            PROVIDED_BY_CUSTOMER,
+            SHARED,
+            INHERITED,
         ]:
             if data_row[col]:
                 selected_origination.append(col)
@@ -1102,15 +1096,15 @@ def parse_instructions_worksheet(
     return instructions_df.to_dict(orient="records")
 
 
-def update_responsiblity_text():
+def update_customer_text():
     """
     Update the implementation responsibility texts from the objective data
     """
     with ThreadPoolExecutor() as executor:
-        executor.map(_update_imp_responsibility, EXISTING_IMPLEMENTATIONS.values())
+        executor.map(_update_imp_customer, EXISTING_IMPLEMENTATIONS.values())
 
 
-def _update_imp_responsibility(imp: ControlImplementation):
+def _update_imp_customer(imp: ControlImplementation):
     """
     Update the implementation responsibility text for a given implementation
 
@@ -1207,7 +1201,7 @@ def parse_and_map_data(
             crm_data=crm_data,
             version=version,
         )
-        update_responsiblity_text()
+        update_customer_text()
 
     report(error_set)
 
@@ -1339,6 +1333,7 @@ def create_new_security_plan(profile_id: int, system_name: str):
 
     else:
         ret = next((plan for plan in existing_plan), None)
+        logger.info(f"Found existing SSP# {ret.id}")
         existing_imps = ControlImplementation.get_list_by_plan(ret.id)
         for imp in existing_imps:
             EXISTING_IMPLEMENTATIONS[imp.controlID] = imp

regscale/integrations/scanner_integration.py

@@ -633,6 +633,8 @@ class ScannerIntegration(ABC):
         self.plan_id: int = plan_id
         self.tenant_id: int = tenant_id
         self.is_component: bool = is_component
+        if self.is_component:
+            self.component = regscale_models.Component.get_object(self.plan_id)
         self.components: ThreadSafeList[Any] = ThreadSafeList()
         self.asset_map_by_identifier: ThreadSafeDict[str, regscale_models.Asset] = ThreadSafeDict()
         self.software_to_create: ThreadSafeList[regscale_models.SoftwareInventory] = ThreadSafeList()
@@ -819,11 +821,12 @@ class ScannerIntegration(ABC):
     @abstractmethod
     def fetch_findings(self, *args, **kwargs) -> Iterator[IntegrationFinding]:
         """
-        Fetches findings from the integration
+        Fetches findings from the integration.
 
-        :return: A list of findings
-        :rtype: List[IntegrationFinding]
+        :return: An iterator of findings
+        :yield: Iterator[IntegrationFinding]
         """
+        pass
 
     @abstractmethod
     def fetch_assets(self, *args, **kwargs) -> Iterator[IntegrationAsset]:
@@ -831,7 +834,7 @@ class ScannerIntegration(ABC):
         Fetches assets from the integration
 
         :return: An iterator of assets
-        :rtype: Iterator[IntegrationAsset]
+        :yield: Iterator[IntegrationAsset]
         """
 
     def get_finding_status(self, status: Optional[str]) -> regscale_models.IssueStatus:
@@ -1024,10 +1027,10 @@ class ScannerIntegration(ABC):
             logger.warning("Asset has no identifier, skipping")
             return
 
-        component = None
+        component = getattr(self, "component") if self.is_component else None
         if component_name:
             logger.debug("Searching for component: %s...", component_name)
-            component = self.components_by_title.get(component_name)
+            component = component or self.components_by_title.get(component_name)
             if not component:
                 logger.debug("No existing component found with name %s, proceeding to create it...", component_name)
                 component = regscale_models.Component(
@@ -2702,6 +2705,7 @@ class ScannerIntegration(ABC):
         logger.info("Syncing %s findings...", kwargs.get("title", cls.title))
         instance = cls(plan_id=plan_id, **kwargs)
         instance.set_keys(**kwargs)
+        instance.ensure_data_types()
         # If a progress object was passed, use it instead of creating a new one
         instance.finding_progress = kwargs.pop("progress") if "progress" in kwargs else create_progress_object()
         instance.enable_finding_date_update = kwargs.get("enable_finding_date_update", False)
@@ -2771,6 +2775,7 @@ class ScannerIntegration(ABC):
         logger.info("Syncing %s assets...", kwargs.get("title", cls.title))
         instance = cls(plan_id=plan_id, **kwargs)
         instance.set_keys(**kwargs)
+        instance.ensure_data_types()
         instance.asset_progress = kwargs.pop("progress") if "progress" in kwargs else create_progress_object()
         if asset_count := kwargs.get("asset_count"):
             instance.num_assets_to_process = asset_count
@@ -2813,6 +2818,17 @@ class ScannerIntegration(ABC):
             else:
                 logger.debug("Unable to set the %s attribute", key)
 
+    def ensure_data_types(self) -> None:
+        """
+        A method to enforce kwarg data types.
+
+        :return: None
+        :rtype: None
+        """
+        # Ensure scan_date is a string
+        if not isinstance(self.scan_date, str):
+            self.scan_date = date_str(self.scan_date)
+
     def log_error(self, msg: str, *args) -> None:
         """
         Logs an error message

regscale/models/app_models/click.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 """Module to allow dynamic click arguments and store commonly used click commands"""
 
-from typing import Tuple, Any, Optional
+from typing import Any, Callable, Optional, Tuple
 
 import click
 from pathlib import Path
@@ -128,6 +128,54 @@ def regscale_ssp_id(
     )
 
 
+def ssp_or_component_id(
+    ssp_kwargs: Optional[dict] = None,
+    component_kwargs: Optional[dict] = None,
+) -> Tuple[click.option, click.option]:
+    """
+    Function to return click.option for RegScale Component ID and SSP ID, user must provide either SSP ID or Component ID
+
+    :param Optional[dict] ssp_kwargs: kwargs to pass to click.option for RegScale SSP ID
+    :param Optional[dict] component_kwargs: kwargs to pass to click.option for RegScale Component ID
+    :return: click.option for RegScale Component ID and SSP ID
+    :rtype: click.option
+    """
+    if ssp_kwargs is None:
+        ssp_kwargs = {}
+    if component_kwargs is None:
+        component_kwargs = {}
+
+    def decorator(this_func) -> Callable[[Callable], click.option]:
+        """
+        Decorator to return click.option for RegScale Component ID and SSP ID
+        """
+        this_func = click.option(
+            "-id",
+            "-p",
+            "--regscale_ssp_id",
+            "--plan_id",
+            type=click.INT,
+            help=ssp_kwargs.pop("help", "The ID number from RegScale of the System Security Plan."),
+            prompt=ssp_kwargs.pop("prompt", None),
+            cls=NotRequiredIf,
+            not_required_if=["component_id"],
+            **ssp_kwargs,
+        )(this_func)
+        this_func = click.option(
+            "-c",
+            "--component_id",
+            type=click.INT,
+            help=component_kwargs.pop("help", "The ID number from RegScale of the Component."),
+            prompt=component_kwargs.pop("prompt", None),
+            cls=NotRequiredIf,
+            not_required_if=["regscale_ssp_id"],
+            **component_kwargs,
+        )(this_func)
+        return this_func
+
+    return decorator
+
+
 def regscale_id(
     help: str = "Enter the desired ID # from RegScale.",
     required: bool = True,

regscale/models/integration_models/burp.py

@@ -9,10 +9,10 @@ from pathlib import Path
 from typing import Any, Generator, List, Optional, TextIO
 from urllib.parse import urlparse
 from xml.etree.ElementTree import Element, ParseError, fromstring, parse
+from logging import getLogger
 
 from regscale.core.app.api import Api
 from regscale.core.app.application import Application
-from regscale.core.app.logz import create_logger
 from regscale.core.app.utils.app_utils import check_file_path, get_current_datetime
 from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
 from regscale.models.integration_models.burp_models import BurpRequest, BurpResponse, Issue, RequestResponse
@@ -26,7 +26,7 @@ class Burp:
     """Burp Scan information"""
 
     def __init__(self, app: Application, file_path: str, encoding="utf-8", **kwargs) -> "Burp":
-        logger = create_logger("Burp")
+        logger = getLogger("regscale")
         logger.info("Now processing %s", file_path)
         self.integration_assets: Generator[IntegrationAsset, None, None] = (x for x in [])
         self.integration_findings: Generator[IntegrationFinding, None, None] = (x for x in [])
@@ -293,10 +293,10 @@ class Burp:
         :rtype: RequestResponse
         """
         request_data = item.find(".//request")
-        if response_data := item.find(".//response"):
-            base64_dat = bool(request_data.attrib["base64"]) if "base64" in item.attrib else False
+        if (response_data := item.find(".//response")) is not None:
+            base64_dat = request_data.attrib.get("base64", "false").lower() == "true"
             response_data_is_base64 = BurpResponse.is_base64(response_data.text)
-            method = request_data.attrib["method"] if "method" in item.attrib else "GET"
+            method = request_data.attrib.get("method", "GET")
             request = (
                 BurpRequest(dataString=request_data.text, base64=base64_dat, method=method)
                 if BurpRequest.is_base64(request_data.text)
@@ -395,7 +395,8 @@ class Burp:
         root = fromstring(html)
         return [link.text.strip() for link in root.iter("a")]
 
-    def get_domain_name(self, url: str) -> str:
+    @staticmethod
+    def get_domain_name(url: str) -> str:
         """
         Get the domain name from a URL
 
@@ -407,7 +408,8 @@ class Burp:
         domain_name = parsed_url.hostname
         return domain_name
 
-    def strip_html_tags(self, text: str) -> str:
+    @staticmethod
+    def strip_html_tags(text: str) -> str:
         """
         Strip HTML tags from a string.
 
@@ -420,7 +422,8 @@ class Burp:
         clean = re.sub(r"<.*?>", "", text)
         return clean
 
-    def extract_cve(self, input_string: str) -> Optional[str]:
+    @staticmethod
+    def extract_cve(input_string: str) -> Optional[str]:
         """
         Extract CVEs from a string.