regscale-cli 6.20.10.0__py3-none-any.whl → 6.21.0.0__py3-none-any.whl

regscale/models/integration_models/flat_file_importer/__init__.py

@@ -33,7 +33,7 @@ from regscale.core.app.utils.parser_utils import safe_datetime_str
 from regscale.integrations.scanner_integration import ScannerIntegration
 from regscale.models import IssueStatus, Metadata, regscale_models
 from regscale.models.app_models.mapping import Mapping
-from regscale.models.regscale_models import Asset, File, Vulnerability
+from regscale.models.regscale_models import Asset, File, IssueSeverity, Vulnerability
 
 logger = logging.getLogger(__name__)
 
@@ -41,6 +41,10 @@ DT_FORMAT = "%Y-%m-%d"
 
 
 class FlatFileIntegration(ScannerIntegration):
+    """
+    Flat File Integration
+    """
+
     title = "Flat File Integration"
     # Required fields from ScannerIntegration
     asset_identifier_field = "name"
@@ -53,13 +57,6 @@ class FlatFileIntegration(ScannerIntegration):
         finding_severity_map: Optional[dict] = None,
         **kwargs: Any,
     ):
-        """
-        Initialize the FlatFileIntegration
-
-        :param int plan_id: The plan id
-        :param str asset_identifier_field: The asset identifier field to use, defaults to "name"
-        :param dict kwargs: Additional keyword arguments
-        """
         self.asset_identifier_field = asset_identifier_field
         if finding_severity_map:
             self.finding_severity_map = finding_severity_map
@@ -68,6 +65,7 @@ class FlatFileIntegration(ScannerIntegration):
                 "Critical": regscale_models.IssueSeverity.Critical,
                 "High": regscale_models.IssueSeverity.High,
                 "Medium": regscale_models.IssueSeverity.Moderate,
+                "Moderate": regscale_models.IssueSeverity.Moderate,
                 "Low": regscale_models.IssueSeverity.Low,
             }
         super().__init__(plan_id=plan_id, **kwargs)
@@ -126,20 +124,12 @@ class FlatFileImporter(ABC):
                 "Critical": regscale_models.IssueSeverity.Critical,
                 "High": regscale_models.IssueSeverity.High,
                 "Medium": regscale_models.IssueSeverity.Moderate,
+                "Moderate": regscale_models.IssueSeverity.Moderate,
                 "Low": regscale_models.IssueSeverity.Low,
             }
 
-        # Set the parent_id, parent_module, and plan_id if they are not provided
-        if "parent_id" not in kwargs and "object_id" in kwargs:
-            kwargs["parent_id"] = kwargs["object_id"]
-            kwargs["plan_id"] = kwargs["object_id"]
-        if kwargs.get("is_component", False):
-            kwargs["parent_module"] = regscale_models.Component.get_module_string()
-        else:
-            kwargs["parent_module"] = regscale_models.SecurityPlan.get_module_string()
+        kwargs = self.update_kwargs(kwargs)
 
-        if "app" not in kwargs:
-            kwargs["app"] = Application()
         # empty generator
         self.integration_assets: Generator["IntegrationAsset", None, None] = (x for x in [])
         self.integration_findings: Generator["IntegrationAsset", None, None] = (x for x in [])
@@ -209,7 +199,7 @@ class FlatFileImporter(ABC):
             flat_int.num_assets_to_process = len(self.data["assets"])
         if vuln_count:
             flat_int.num_findings_to_process = vuln_count
-        elif isinstance(self.data["vulns"], list):
+        elif isinstance(self.data["vulns"], list) and not vuln_count:
             flat_int.num_findings_to_process = len(self.data["vulns"])
         flat_int.sync_assets(
             plan_id=self.attributes.plan_id,
@@ -229,6 +219,31 @@ class FlatFileImporter(ABC):
         )
         self.clean_up()
 
+    def update_kwargs(self, kwargs: dict) -> dict:
+        """
+        Update the kwargs with the default values
+
+        :param dict kwargs: The kwargs to update
+        :return: The updated kwargs
+        :rtype: dicta
+        """
+        # Set the parent_id, parent_module, and plan_id if they are not provided
+        if "parent_id" not in kwargs and "object_id" in kwargs:
+            kwargs["parent_id"] = kwargs["object_id"]
+            kwargs["plan_id"] = kwargs["object_id"]
+        if kwargs.get("is_component", False):
+            kwargs["parent_module"] = regscale_models.Component.get_module_string()
+        else:
+            kwargs["parent_module"] = regscale_models.SecurityPlan.get_module_string()
+
+        # if plan id is still not set, set it to the object id
+        if "plan_id" not in kwargs or not kwargs["plan_id"]:
+            kwargs["plan_id"] = kwargs["object_id"]
+
+        if "app" not in kwargs:
+            kwargs["app"] = Application()
+        return kwargs
+
     def parse_finding(self, vuln: Union[Vulnerability, "IntegrationFinding"]) -> Optional["IntegrationFinding"]:
         """
         Parses a vulnerability object into an IntegrationFinding object
@@ -240,6 +255,8 @@ class FlatFileImporter(ABC):
         from regscale.integrations.scanner_integration import IntegrationFinding
 
         if isinstance(vuln, IntegrationFinding):
+            # We will store this in the properties subsystem of issue.
+            vuln.extra_data["source_file_path"] = self.attributes.file_path
             return vuln
 
         try:
@@ -543,21 +560,6 @@ class FlatFileImporter(ABC):
                 if asset not in self.data["assets"]:
                     self.data["assets"].append(asset)
 
-    def _check_vuln(self, vuln_to_check: Union[Vulnerability, "IntegrationFinding"]) -> None:
-        """
-        Check if the vuln is in the data
-
-        :param Union[Vulnerability, IntegrationFinding] vuln_to_check: The vulnerability to check to prevent duplicates
-        :rtype: None
-        """
-        from regscale.integrations.scanner_integration import IntegrationFinding
-
-        if isinstance(vuln_to_check, IntegrationFinding):
-            if vuln_to_check not in self.data["vulns"]:
-                self.data["vulns"].append(vuln_to_check)
-        elif (vuln_to_check and vuln_to_check not in self.data["vulns"]) and hasattr(vuln_to_check, "id"):
-            self.data["vulns"].append(vuln_to_check)
-
     def create_vulns(self, func: Callable) -> None:
         """
         Create vulns in RegScale from csv file
@@ -585,11 +587,12 @@ class FlatFileImporter(ABC):
                 if not vuln:
                     vuln_progress.advance(vuln_task, advance=1)
                     continue
-                if isinstance(vuln, Vulnerability) or isinstance(vuln, IntegrationFinding):
-                    self._check_vuln(vuln)
+
+                if isinstance(vuln, IntegrationFinding):
+                    self.data["vulns"].append(vuln)
                 if isinstance(vuln, list):
                     for v in vuln:
-                        self._check_vuln(v)
+                        self.data["vulns"].append(v)
                 if isinstance(vuln, Iterator):
                     self.integration_findings = vuln
                     self.data["vulns"] = vuln
@@ -936,10 +939,21 @@ class FlatFileImporter(ABC):
         :return: The severity
         :rtype: str
         """
+        mapping = {
+            "critical": IssueSeverity.Critical,
+            "high": IssueSeverity.High,
+            "medium": IssueSeverity.Moderate,
+            "moderate": IssueSeverity.Moderate,
+            "low": IssueSeverity.Low,
+            "informational": IssueSeverity.NotAssigned,
+            "none": IssueSeverity.NotAssigned,
+            "info": IssueSeverity.NotAssigned,
+            "unknown": IssueSeverity.NotAssigned,
+        }
         severity = "info"
         if s:
             severity = s.lower()
-        return severity
+        return mapping.get(severity, IssueSeverity.NotAssigned)
 
     @staticmethod
     def map_status_to_issue_status(status: str) -> IssueStatus:

regscale/models/integration_models/ibm.py

@@ -8,9 +8,10 @@ from urllib.parse import urlparse
 from regscale.core.app.application import Application
 from regscale.core.app.logz import create_logger
 from regscale.core.app.utils.app_utils import epoch_to_datetime, get_current_datetime, is_valid_fqdn
-from regscale.models import ImportValidater, Mapping
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
+from regscale.models import ImportValidater
 from regscale.models.integration_models.flat_file_importer import FlatFileImporter
-from regscale.models.regscale_models import Asset, Vulnerability
+from regscale.models.regscale_models import Asset, IssueSeverity, IssueStatus
 
 ISSUE_TYPE = "Issue Type"
 VULNERABILITY_TITLE = ISSUE_TYPE
@@ -53,74 +54,55 @@ class AppScan(FlatFileImporter):
             **kwargs,
         )
 
-    def create_asset(self, dat: Optional[dict] = None) -> Asset:
+    def create_asset(self, dat: Optional[dict] = None) -> IntegrationAsset:
         """
         Create an asset from a row in the IBM csv file
 
         :param Optional[dict] dat: Data row from CSV file, defaults to None
-        :return: RegScale Asset object
-        :rtype: Asset
+        :return: RegScale IntegrationAsset object
+        :rtype: IntegrationAsset
         """
         parsed_url = urlparse(self.mapping.get_value(dat, "URL"))
         hostname: str = f"{parsed_url.scheme}://{parsed_url.netloc}"
-        return Asset(
+        return IntegrationAsset(
             **{
-                "id": 0,
                 "name": hostname,
-                "isPublic": True,
+                "identifier": hostname,
                 "status": "Active (On Network)",
-                "assetCategory": "Software",
-                "bLatestScan": True,
-                "bAuthenticatedScan": True,
-                "scanningTool": self.name,
-                "assetOwnerId": self.config["userId"],
-                "assetType": "Other",
+                "asset_category": "Software",
+                "scanning_tool": self.name,
+                "asset_type": "Other",
                 "fqdn": hostname if is_valid_fqdn(hostname) else None,
-                "systemAdministratorId": self.config["userId"],
-                "parentId": self.attributes.parent_id,
-                "parentModule": self.attributes.parent_module,
             }
         )
 
-    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> Optional[Vulnerability]:
+    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> Optional[IntegrationFinding]:
         """
-        Create a vulnerability from a row in the IBM csv file
-
+        Create an IntegrationFinding from a row in the IBM csv file
         :param Optional[dict] dat: Data row from CSV file, defaults to None
-        :return: RegScale Vulnerability object or None
-        :rtype: Optional[Vulnerability]
+        :return: RegScale IntegrationFinding object or None
+        :rtype: Optional[IntegrationFinding]
         """
+
         regscale_vuln = None
         parsed_url = urlparse(self.mapping.get_value(dat, "URL"))
         hostname: str = f"{parsed_url.scheme}://{parsed_url.netloc}"
         description: str = self.mapping.get_value(dat, ISSUE_TYPE)
         app_scan_severity = self.mapping.get_value(dat, "Severity")
         severity = self.severity_map.get(app_scan_severity, "Informational")
-        config = self.attributes.app.config
-        asset_match = [asset for asset in self.data["assets"] if asset.name == hostname]
-        asset = asset_match[0] if asset_match else None
-        if dat and asset_match:
-            regscale_vuln = Vulnerability(
-                id=0,
-                scanId=0,  # set later
-                parentId=asset.id,
-                parentModule="assets",
-                ipAddress="0.0.0.0",  # No ip address available
-                lastSeen=get_current_datetime(),
-                firstSeen=epoch_to_datetime(self.create_epoch),
-                daysOpen=None,
-                dns=hostname,
-                mitigated=None,
-                severity=severity,
-                plugInName=description,
-                cve="",
-                vprScore=None,
-                tenantsId=0,
-                title=description[:255] if description else "No Title",
+        if dat:
+            return IntegrationFinding(
+                title=self.mapping.get_value(dat, self.vuln_title),
                 description=description,
-                plugInText=description,
-                createdById=config["userId"],
-                lastUpdatedById=config["userId"],
-                dateCreated=get_current_datetime(),
+                cve="",
+                severity=self.determine_severity(severity),
+                asset_identifier=hostname,
+                plugin_name=description,
+                plugin_text=description[:255],
+                control_labels=[],
+                category="Hardware",
+                status=IssueStatus.Open,
+                last_seen=get_current_datetime(),
+                first_seen=epoch_to_datetime(self.create_epoch),
             )
         return regscale_vuln

regscale/models/integration_models/nexpose.py

@@ -2,43 +2,47 @@
 Nexpose Scan information
 """
 
-from pathlib import Path
 from typing import Optional
 
 from regscale.core.app.application import Application
 from regscale.core.app.logz import create_logger
-from regscale.core.app.utils.app_utils import epoch_to_datetime, get_current_datetime, is_valid_fqdn
+from regscale.core.app.utils.app_utils import epoch_to_datetime, is_valid_fqdn
+from regscale.core.utils.date import date_str
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
 from regscale.models import ImportValidater
-from regscale.models.app_models.mapping import Mapping
 from regscale.models.integration_models.flat_file_importer import FlatFileImporter
-from regscale.models.regscale_models import Asset, Issue, Vulnerability
+from regscale.models.regscale_models import Asset, IssueSeverity, IssueStatus
 
 VULNERABILITY_TITLE = "Vulnerability Title"
 VULNERABILITY_ID = "Vulnerability ID"
 CVSS3_SCORE = "CVSSv3 Score"
-IP_ADDRESS = "IP Address"
+CVSS2_SCORE = "CVSSv2 Score"
+IP_ADDRESS = "IP_Address"
+FIRST_SEEN = "first_seen"
+SCAN_DATE = "scan_start_time"
+CVE = "CVEs"
 
 
-class Nexpose(FlatFileImporter):
+class Nexpose(FlatFileImporter):  # pylint: disable=too-many-instance-attributes
     """
-    Prisma/Nexpose Scan information
+    Nexpose Scan information
     """
 
-    def __init__(self, **kwargs):
+    def __init__(self, **kwargs):  # pylint: disable=R0902
         self.name = kwargs.get("name")
         self.vuln_title = VULNERABILITY_TITLE
         self.vuln_id = VULNERABILITY_ID
         self.cvss3_score = CVSS3_SCORE
+        self.first_seen = FIRST_SEEN
+        self.scan_date_field = SCAN_DATE
+        self.cve = CVE
         self.required_headers = [
-            "IP Address",
             "Hostname",
-            "OS",
             "Vulnerability Title",
             "Vulnerability ID",
             "CVSSv2 Score",
             "CVSSv3 Score",
             "Description",
-            "Proof",
             "Solution",
             "CVEs",
         ]
@@ -60,81 +64,165 @@ class Nexpose(FlatFileImporter):
             **kwargs,
         )
 
-    def create_asset(self, dat: Optional[dict] = None) -> Optional[Asset]:
+    def create_asset(self, dat: Optional[dict] = None) -> Optional[IntegrationAsset]:
         """
         Create an asset from a row in the Nexpose csv file
 
         :param Optional[dict] dat: Data row from CSV file, defaults to None
-        :return: RegScale Asset object, if it has a hostname
-        :rtype: Optional[Asset]
+        :return: RegScale IntegrationAsset object, if it has a hostname
+        :rtype: Optional[IntegrationAsset]
         """
         if hostname := self.mapping.get_value(dat, "Hostname"):
-            return Asset(
+            return IntegrationAsset(
                 **{
-                    "id": 0,
                     "name": hostname,
-                    "ipAddress": self.mapping.get_value(dat, IP_ADDRESS),
-                    "isPublic": True,
+                    "ip_address": self.mapping.get_value(dat, IP_ADDRESS, "0.0.0.0"),
+                    "identifier": hostname,
+                    "other_tracking_number": hostname,
                     "status": "Active (On Network)",
-                    "assetCategory": "Hardware",
-                    "bLatestScan": True,
-                    "bAuthenticatedScan": True,
-                    "scanningTool": self.name,
-                    "assetOwnerId": self.config["userId"],
-                    "assetType": "Other",
+                    "asset_category": "Hardware",
+                    "asset_type": "Other",
+                    "scanning_tool": self.name,
                     "fqdn": hostname if is_valid_fqdn(hostname) else None,
-                    "operatingSystem": Asset.find_os(self.mapping.get_value(dat, "OS")),
-                    "systemAdministratorId": self.config["userId"],
-                    "parentId": self.attributes.parent_id,
-                    "parentModule": self.attributes.parent_module,
+                    "operating_system": Asset.find_os(self.mapping.get_value(dat, "OS")),
                 }
             )
+        return None
 
-    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> Optional[Vulnerability]:
+    @staticmethod
+    def determine_severity_from_cvss_score(cvss_score: float, cvss_version: str = "v3") -> IssueSeverity:
         """
-        Create a vulnerability from a row in the Prisma/Nexpose csv file
+        Determine CVSS Severity Text from CVSS Base Score
+
+        :param float cvss_score: CVSS Base Score
+        :param str cvss_version: CVSS version ("v2" or "v3"), defaults to "v3"
+        :return: CVSS Severity Text
+        :rtype: IssueSeverity
+        """
+        results = IssueSeverity.Low
+
+        if cvss_version.lower() == "v3":
+            # CVSSv3 severity ranges
+            if 4.0 <= cvss_score <= 6.9:
+                results = IssueSeverity.Moderate
+            elif 7.0 <= cvss_score <= 8.9:
+                results = IssueSeverity.High
+            elif cvss_score > 8.9:
+                results = IssueSeverity.Critical
+        elif cvss_version.lower() == "v2":
+            # CVSSv2 severity ranges
+            if 4.0 <= cvss_score <= 6.9:
+                results = IssueSeverity.Moderate
+            elif 7.0 <= cvss_score <= 10.0:
+                results = IssueSeverity.High
+            # CVSSv2 doesn't have a "Critical" category, High is the highest
+
+        return results
+
+    def severity_from_text(self, text_severity: str) -> Optional[IssueSeverity]:
+        """
+        Determine severity from text severity
+
+        :param str text_severity: Text severity
+        :return: IssueSeverity or None
+        :rtype: Optional[IssueSeverity]
+        """
+        if text_severity.lower() == "low":
+            return IssueSeverity.Low
+        if text_severity.lower() in ["medium", "moderate"]:
+            return IssueSeverity.Moderate
+        if text_severity.lower() == "high":
+            return IssueSeverity.High
+        if text_severity.lower() in ["critical", "severe"]:
+            return IssueSeverity.Critical
+        return None
+
+    def _determine_severity(self, dat: Optional[dict] = None) -> IssueSeverity:
+        """
+        Determine severity using the priority order: text severity > CVSSv3 > CVSSv2 > default
+
+        :param Optional[dict] dat: Data row from CSV file, defaults to None
+        :return: Determined IssueSeverity
+        :rtype: IssueSeverity
+        """
+        # Default severity
+        severity = IssueSeverity.Low
+
+        # Extract CVSS scores
+        cvss3_score = self.mapping.get_value(dat, self.cvss3_score) or 0.0
+        cvss2_score = self.mapping.get_value(dat, CVSS2_SCORE) or 0.0
+
+        # Priority 1: Check for text-based severity (client-specific)
+        # This is client specific, need to be able to override the severity source
+        text_severity = self.severity_from_text(
+            self.mapping.get_value(dat, "adobe_severity")
+        ) or self.severity_from_text(self.mapping.get_value(dat, "nexpose_severity"))
+
+        if text_severity:
+            severity = text_severity
+        else:
+            # Priority 2: Use CVSSv3 score if available and valid
+            if cvss3_score and cvss3_score > 0:
+                severity = self.determine_severity_from_cvss_score(float(cvss3_score), "v3")
+            # Priority 3: Fall back to CVSSv2 score if available and valid
+            elif cvss2_score and cvss2_score > 0:
+                severity = self.determine_severity_from_cvss_score(float(cvss2_score), "v2")
+
+        return severity
+
+    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> Optional[IntegrationFinding]:
+        """
+        Create an IntegrationFinding from a row in the Prisma/Nexpose csv file
 
         :param Optional[dict] dat: Data row from CSV file, defaults to None
-        :return: RegScale Vulnerability object or None
-        :rtype: Optional[Vulnerability]
+        :param kwargs: Additional keyword arguments
+        :return: RegScale IntegrationFinding object or None
+        :rtype: Optional[IntegrationFinding]
         """
-        regscale_vuln = None
-        cvss3_score = self.mapping.get_value(dat, self.cvss3_score)
+        regscale_finding = None
+
+        # Extract basic data
         hostname: str = self.mapping.get_value(dat, "Hostname")
-        os: str = self.mapping.get_value(dat, "OS")
         description: str = self.mapping.get_value(dat, "Description")
-        severity = Vulnerability.determine_cvss3_severity_text(float(cvss3_score)) if cvss3_score else "low"
-        config = self.attributes.app.config
-        asset_match = [asset for asset in self.data["assets"] if asset.name == hostname]
-        asset = asset_match[0] if asset_match else None
-        if dat and asset_match:
-            return Vulnerability(
-                id=0,
-                scanId=0,  # set later
-                parentId=asset.id,
-                parentModule="assets",
-                ipAddress="0.0.0.0",  # No ip address available
-                lastSeen=get_current_datetime(),
-                firstSeen=epoch_to_datetime(self.create_epoch),
-                daysOpen=None,
-                dns=hostname,
-                mitigated=None,
-                operatingSystem=(Asset.find_os(os) if Asset.find_os(os) else None),
-                severity=severity,
-                plugInName=self.mapping.get_value(dat, self.vuln_title),
-                plugInId=self.mapping.get_value(dat, self.vuln_id),
-                cve=self.mapping.get_value(dat, "CVEs"),
-                vprScore=None,
-                tenantsId=0,
-                title=description[:255],
+        cvss3_score = self.mapping.get_value(dat, self.cvss3_score) or 0.0
+
+        # Determine severity using priority logic
+        severity = self._determine_severity(dat)
+
+        # Find matching asset
+
+        # Extract date information
+        first_seen = (
+            self.mapping.get_value(dat, self.first_seen)
+            or self.mapping.get_value(dat, "first_seen")
+            or epoch_to_datetime(self.create_epoch)
+        )
+
+        if scan_date := self.mapping.get_value(dat, SCAN_DATE):
+            self.scan_date = scan_date
+        cvss_score = self.mapping.get_value(dat, CVSS2_SCORE)
+
+        # Create IntegrationFinding if we have valid data and asset match
+        if dat:
+            return IntegrationFinding(
+                control_labels=[],  # Add an empty list for control_labels
+                title=self.mapping.get_value(dat, self.vuln_title),
                 description=description,
-                plugInText=self.mapping.get_value(dat, self.vuln_title),
-                createdById=config["userId"],
-                lastUpdatedById=config["userId"],
-                dateCreated=get_current_datetime(),
-                extra_data={
-                    "solution": self.mapping.get_value(dat, "Solution"),
-                    "proof": self.mapping.get_value(dat, "Proof"),
-                },
+                cve=self.mapping.get_value(dat, self.cve, "").upper(),
+                severity=severity,
+                asset_identifier=hostname,
+                plugin_name=self.mapping.get_value(dat, self.vuln_title),
+                plugin_id=str(self.mapping.get_value(dat, self.vuln_id)),
+                cvss_score=cvss_score or 0.0,
+                cvss_v3_score=cvss3_score or 0.0,
+                cvss_v2_score=cvss_score or 0.0,
+                plugin_text=description[:255],
+                remediation=self.mapping.get_value(dat, "Solution"),
+                category="Hardware",
+                status=IssueStatus.Open,
+                first_seen=self.scan_date or date_str(first_seen),
+                scan_date=date_str(scan_date) or self.scan_date,
+                vulnerability_type="Vulnerability Scan",
+                baseline=f"{self.name} Host",
             )
-        return regscale_vuln
+        return regscale_finding