regscale-cli 6.20.10.0__py3-none-any.whl → 6.21.1.0__py3-none-any.whl

regscale/models/integration_models/veracode.py

@@ -2,8 +2,8 @@ from typing import List, Optional, Union
 
 from regscale.core.app.logz import create_logger
 from regscale.core.app.utils.app_utils import get_current_datetime
-from regscale.integrations.scanner_integration import IntegrationFinding
-from regscale.models import Asset, Vulnerability, ImportValidater, IssueStatus
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
+from regscale.models import Asset, ImportValidater, IssueStatus, Vulnerability
 from regscale.models.integration_models.flat_file_importer import FlatFileImporter
 
 APP_NAME = "@app_name"
@@ -77,31 +77,26 @@ class Veracode(FlatFileImporter):
         else:
             name = self.mapping.get_value(dat, "Source", "")
             account_id = str(self.mapping.get_value(dat, "ID", ""))
-        asset = Asset(
+        asset = IntegrationAsset(
             **{
-                "id": 0,
                 "name": name,
-                "otherTrackingNumber": account_id,
-                "ipAddress": "0.0.0.0",
-                "isPublic": True,
+                "ip_address": "0.0.0.0",
+                "identifier": name,
+                "other_tracking_number": account_id,
                 "status": "Active (On Network)",
-                "assetCategory": "Software",
-                "bLatestScan": True,
-                "bAuthenticatedScan": True,
-                "scanningTool": self.name,
-                "assetOwnerId": self.config["userId"],
-                "assetType": "Other",
-                "softwareVendor": "Veracode",
-                "softwareName": name,
-                "softwareVersion": version,
-                "systemAdministratorId": self.config["userId"],
-                "parentId": self.attributes.parent_id,
-                "parentModule": self.attributes.parent_module,
+                "asset_category": "Hardware",
+                "software_vendor": "Veracode",
+                "software_name": name,
+                "software_version": version,
+                "asset_type": "Other",
+                "scanning_tool": self.name,
             }
         )
         return [asset]
 
-    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> Union[List[Vulnerability], List[IntegrationFinding]]:
+    def create_vuln(
+        self, dat: Optional[dict] = None, **kwargs
+    ) -> Union[List[IntegrationFinding], List[IntegrationFinding]]:
         """
         Create a RegScale vulnerability from a vulnerability in the Veracode export file
 

regscale/{integrations/commercial/wizv2/models.py → models/integration_models/wizv2.py}

@@ -1,19 +1,18 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
-"""Class for a Wiz.io integration"""
+"""Wiz v2 Integration Models (RegScale pattern)."""
 
-# standard python imports
 from enum import Enum
 from typing import Optional
+from datetime import datetime
 
 from pydantic import BaseModel, Field
-from datetime import datetime
 
 from regscale.models import regscale_models
 
 
 class AssetCategory(Enum):
-    """Map Wiz assetTypes with RegScale assetCategories"""
+    """Map Wiz assetTypes with RegScale assetCategories."""
 
     SERVICE_USAGE_TECHNOLOGY = regscale_models.AssetCategory.Hardware
     GATEWAY = regscale_models.AssetCategory.Hardware
@@ -90,6 +89,7 @@ class ComplianceReport(BaseModel):
     control_id: Optional[str] = Field(None, alias="Control ID")
     compliance_check: Optional[str] = Field(None, alias="Compliance Check Name (Wiz Subcategory)")
     control_description: Optional[str] = Field(None, alias="Control Description")
+    issue_finding_id: Optional[str] = Field(None, alias="Issue/Finding ID")
     severity: Optional[str] = Field(None, alias="Severity")
     result: str = Field(..., alias="Result")
     framework: Optional[str] = Field(None, alias="Framework")
@@ -102,11 +102,3 @@ class ComplianceReport(BaseModel):
     resource_id: str = Field(..., alias="Resource ID")
     resource_region: Optional[str] = Field(None, alias="Resource Region")
     resource_cloud_platform: Optional[str] = Field(None, alias="Resource Cloud Platform")
-
-
-# # Attempt to create an instance of the model again
-# example_row = data.iloc[0].to_dict()
-# example_compliance_report = ComplianceReport(**example_row)
-#
-# # Display the instance
-# example_compliance_report.dict()

regscale/models/integration_models/xray.py

@@ -1,16 +1,21 @@
 """
-Nexpose Scan information
+JFrog Xray Scan information
 """
 
-from typing import List, Optional
+import logging
+import traceback
+from typing import Callable, Iterator, Optional
 
 from regscale.core.app.application import Application
 from regscale.core.app.logz import create_logger
-from regscale.core.app.utils.app_utils import epoch_to_datetime, get_current_datetime
-from regscale.models import ImportValidater, Mapping
+from regscale.core.app.utils.app_utils import epoch_to_datetime, get_current_datetime, is_valid_fqdn
+from regscale.exceptions import ValidationException
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
+from regscale.models import ImportValidater
 from regscale.models.integration_models.flat_file_importer import FlatFileImporter
-from regscale.models.regscale_models.asset import Asset
-from regscale.models.regscale_models.vulnerability import Vulnerability
+from regscale.models.regscale_models import IssueStatus, Vulnerability
+
+logger = logging.getLogger(__name__)
 
 
 class XRay(FlatFileImporter):
@@ -25,31 +30,46 @@ class XRay(FlatFileImporter):
     def __init__(self, **kwargs):
         self.name = kwargs.get("name")
         regscale_ssp_id = kwargs.get("regscale_ssp_id")
-        self.cvss3_score = "cvss_v3_score"
-        self.vuln_title = "cve"
-        self.required_headers = [
-            "impacted_artifact",
-        ]
-        self.mapping_file = kwargs.get("mappings_path")
-        self.disable_mapping = kwargs.get("disable_mapping")
+        # Combine related attributes to reduce instance attribute count
+        self.scanner_config = {
+            "cvss3_score": "cvss_v3_score",
+            "vuln_title": "cve",
+            "required_headers": ["impacted_artifact"],
+        }
+        # Combine mapping-related attributes
+        self.mapping_config = {
+            "mapping_file": kwargs.get("mappings_path"),
+            "disable_mapping": kwargs.get("disable_mapping"),
+        }
         self.validater = ImportValidater(
-            self.required_headers, kwargs.get("file_path"), self.mapping_file, self.disable_mapping
+            self.scanner_config["required_headers"],
+            kwargs.get("file_path"),
+            self.mapping_config["mapping_file"],
+            self.mapping_config["disable_mapping"],
         )
         self.headers = self.validater.parsed_headers
         self.mapping = self.validater.mapping
-        logger = create_logger()
+        xray_logger = create_logger()
+        # set vuln count and asset count in constructor
+        vuln_count = 0
+        asset_count = 0
+        for dat in self.validater.data:
+            vuln_count += len(self.mapping.get_value(dat, "cves", []))
+            asset_count += 1
         super().__init__(
-            logger=logger,
+            logger=xray_logger,
             app=Application(),
             headers=None,
             parent_id=regscale_ssp_id,
             parent_module="securityplans",
             asset_func=self.create_asset,
             vuln_func=self.create_vuln,
+            vuln_count=vuln_count,
+            asset_count=asset_count,
             **kwargs,
         )
 
-    def create_asset(self, dat: Optional[dict] = None) -> Optional[Asset]:
+    def create_asset(self, dat: Optional[dict] = None) -> Optional[IntegrationAsset]:
         """
         Create an asset from a row in the Xray JSON file
 
@@ -59,77 +79,251 @@ class XRay(FlatFileImporter):
         """
 
         if asset_name := self.mapping.get_value(dat, "impacted_artifact") if isinstance(dat, dict) else dat:
-            return Asset(
+            return IntegrationAsset(
                 **{
-                    "id": 0,
                     "name": asset_name,
-                    "ipAddress": "0.0.0.0",
-                    "isPublic": True,
+                    "ip_address": "0.0.0.0",
+                    "identifier": asset_name,
+                    "other_tracking_number": asset_name,
                     "status": "Active (On Network)",
-                    "assetCategory": "Software",
-                    "bLatestScan": True,
-                    "bAuthenticatedScan": True,
-                    "scanningTool": self.name,
-                    "assetOwnerId": self.config["userId"],
-                    "assetType": "Other",
-                    "fqdn": None,
-                    "operatingSystem": "Linux",
-                    "systemAdministratorId": self.config["userId"],
-                    "parentId": self.attributes.parent_id,
-                    "parentModule": self.attributes.parent_module,
+                    "asset_category": "Hardware",
+                    "asset_type": "Other",
+                    "scanning_tool": self.name,
+                    "fqdn": asset_name if is_valid_fqdn(asset_name) else None,
+                    "operating_system": "Linux",
                 }
             )
         return None
 
-    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> List[Vulnerability]:
+    def create_asset_from_name(self, asset_name: str) -> IntegrationAsset:
+        """Create an IntegrationAsset from an asset name
+
+        :param str asset_name: The name of the asset
+        :return: IntegrationAsset object
+        :rtype: IntegrationAsset
         """
-        Create a vulnerability from a row in the JFrog Xray JSON file
+        return IntegrationAsset(
+            **{
+                "name": asset_name,
+                "ip_address": "0.0.0.0",
+                "identifier": asset_name,
+                "other_tracking_number": asset_name,
+                "status": "Active (On Network)",
+                "asset_category": "Hardware",
+                "asset_type": "Other",
+                "scanning_tool": self.name,
+                "fqdn": asset_name if is_valid_fqdn(asset_name) else None,
+                "operating_system": "Linux",
+            }
+        )
 
-        :param Optional[dict] dat: Data row from JSON file, defaults to None
-        :return: List of RegScale Vulnerability object, if any
-        :rtype: List[Vulnerability]
-        """
-        asset_match = [
-            asset for asset in self.data["assets"] if asset.name == self.mapping.get_value(dat, "impacted_artifact")
-        ]
-        asset = asset_match[0] if asset_match else None
-        vulns = []
-        for vuln in self.mapping.get_value(dat, "cves", []):
-            # CVE IS A VULN, A VULN IS A CVE, Finkle is Einhorn
-            regscale_vuln = None
-            severity = (
-                Vulnerability.determine_cvss3_severity_text(float(vuln[self.cvss3_score]))
-                if vuln.get(self.cvss3_score)
-                else "low"
-            )
-            if asset_match:
-                cves = [c["cve"] for c in self.mapping.get_value(dat, "cves", []) if c.get("cve")]
-                for cve in cves:
-                    regscale_vuln = Vulnerability(
-                        id=0,
-                        scanId=0,  # set later
-                        parentId=asset.id,
-                        parentModule="assets",
-                        ipAddress="0.0.0.0",  # No ip address available
-                        lastSeen=self.scan_date,
-                        firstSeen=epoch_to_datetime(self.create_epoch),
-                        daysOpen=None,
-                        dns=self.mapping.get_value(dat, "impacted_artifact"),
-                        mitigated=None,
-                        operatingSystem="Linux",
-                        severity=severity,
-                        plugInName=self.mapping.get_value(dat, "issue_id", "XRay"),
-                        plugInId=int(self.mapping.get_value(dat, "issue_id", "Xray-0000")[5:]),
-                        cve=cve,
-                        vprScore=None,
-                        tenantsId=0,  # Need a way to figure this out programmatically
-                        title=f"{self.mapping.get_value(dat, 'issue_id') or self.mapping.get_value(dat, 'summary', f'XRay Vulnerability from Import {get_current_datetime()}')} on asset {asset.name}",
-                        description=self.mapping.get_value(dat, "summary"),
-                        plugInText=vuln.get("cve"),
-                        extra_data={
-                            "references": self.mapping.get_value(dat, "references", "None"),
-                            "solution": self.mapping.get_value(dat, "fixed_versions", "None"),
-                        },
-                    )
-                vulns.append(regscale_vuln)
-        return vulns
+    def _extract_asset_name(self, data_item) -> Optional[str]:
+        """Extract asset name from data item
+
+        :param data_item: Data item to extract asset name from
+        :return: Asset name if found, None otherwise
+        :rtype: Optional[str]
+        """
+        if isinstance(data_item, dict):
+            return self.mapping.get_value(data_item, "impacted_artifact")
+        return data_item if data_item else None
+
+    def _process_list_data(self) -> Iterator[IntegrationAsset]:
+        """Process list data and yield assets
+
+        :return: Iterator of IntegrationAsset objects
+        :rtype: Iterator[IntegrationAsset]
+        """
+        for data_item in self.file_data:
+            if asset_name := self._extract_asset_name(data_item):
+                yield self.create_asset_from_name(asset_name)
+
+    def _process_dict_data(self) -> Iterator[IntegrationAsset]:
+        """Process dict data and yield assets
+
+        :return: Iterator of IntegrationAsset objects
+        :rtype: Iterator[IntegrationAsset]
+        """
+        if asset_name := self._extract_asset_name(self.file_data):
+            yield self.create_asset_from_name(asset_name)
+
+    def asset_generator(self) -> Iterator[IntegrationAsset]:
+        """Generate IntegrationAsset objects from the data
+
+        :return: Iterator of IntegrationAsset objects
+        :rtype: Iterator[IntegrationAsset]
+        """
+        if isinstance(self.file_data, list):
+            yield from self._process_list_data()
+        elif isinstance(self.file_data, dict):
+            yield from self._process_dict_data()
+
+    def process_assets(self, func: Callable) -> None:
+        """
+        Process the assets in the data and create an iterator of IntegrationAsset objects
+
+        :param Callable func: Function to create asset (not used)
+        :return: None
+        """
+
+        # Set the assets as an iterator directly
+        self.data["assets"] = self.asset_generator()
+        self.integration_assets = self.data["assets"]
+
+    def create_vuln(self, _dat: Optional[dict] = None, **kwargs) -> Iterator[IntegrationFinding]:
+        """
+        Fetches findings from the processed json files
+
+        :param Optional[dict] _dat: Data row from JSON file (unused, kept for compatibility)
+        :param **kwargs: Additional keyword arguments including index
+        :return: A list of findings
+        :rtype: Iterator[IntegrationFinding]
+        """
+        if findings := self.fetch_findings(**kwargs):
+            yield from findings
+
+    def _validate_cve_data(self, cve_data) -> bool:
+        """Validate CVE data structure
+
+        :param cve_data: CVE data to validate
+        :return: True if valid, False otherwise
+        :rtype: bool
+        """
+        if not isinstance(cve_data, list):
+            logger.warning("CVE data is not a list, skipping vulnerability creation")
+            return False
+        return True
+
+    def _get_valid_cve_data(self, cve_data: list) -> list:
+        """Filter CVE data to only include valid entries
+
+        :param list cve_data: Raw CVE data
+        :return: Filtered CVE data with actual CVE IDs
+        :rtype: list
+        """
+        return [c for c in cve_data if c.get("cve")]
+
+    def _determine_severity_from_cve(self, cve_dat: dict) -> str:
+        """Determine severity from CVE data
+
+        :param dict cve_dat: CVE data dictionary
+        :return: Severity string
+        :rtype: str
+        """
+        cvss3_score = cve_dat.get("cvss_v3_score", 0.0)
+        if cve_dat.get(self.scanner_config["cvss3_score"]):
+            return Vulnerability.determine_cvss3_severity_text(float(cvss3_score))
+        return "low"
+
+    def _extract_plugin_id(self, data_item: dict) -> int:
+        """Extract plugin ID from issue ID
+
+        :param dict data_item: Data item containing issue information
+        :return: Plugin ID as integer
+        :rtype: int
+        """
+        issue_id = self.mapping.get_value(data_item, "issue_id", "Xray-0000")
+        try:
+            if len(issue_id) > 5:
+                return int(issue_id[5:])
+            return 0
+        except (ValueError, TypeError):
+            logger.warning("Could not parse plugin_id from issue_id: %s", issue_id)
+            return 0
+
+    def _get_title_base(self, data_item: dict) -> str:
+        """Get title base for the finding
+
+        :param dict data_item: Data item containing issue information
+        :return: Title base string
+        :rtype: str
+        """
+        return self.mapping.get_value(data_item, "issue_id") or self.mapping.get_value(
+            data_item, "summary", f"XRay Vulnerability from Import {get_current_datetime()}"
+        )
+
+    def _create_finding_from_cve(self, data_item: dict, asset_name: str, cve_dat: dict) -> IntegrationFinding:
+        """Create a single finding from CVE data
+
+        :param dict data_item: Data item containing vulnerability information
+        :param str asset_name: Asset name for the finding
+        :param dict cve_dat: CVE data dictionary
+        :return: IntegrationFinding object
+        :rtype: IntegrationFinding
+        """
+        cve = cve_dat.get("cve")
+        cvss3_score = cve_dat.get("cvss_v3_score", 0.0)
+        severity = self._determine_severity_from_cve(cve_dat)
+        plugin_id = self._extract_plugin_id(data_item)
+        title_base = self._get_title_base(data_item)
+
+        return IntegrationFinding(
+            title=f"{title_base} on asset {asset_name}",
+            description=self.mapping.get_value(data_item, "summary"),
+            severity=self.determine_severity(severity),
+            status=IssueStatus.Open.value,
+            cvss_v3_score=cvss3_score,
+            cvss_v3_vector=cve_dat.get("cvss_v3_vector", ""),
+            plugin_name=self.mapping.get_value(data_item, "issue_id", "XRay"),
+            plugin_id=plugin_id,
+            asset_identifier=asset_name,
+            cve=cve,
+            first_seen=epoch_to_datetime(self.create_epoch),
+            last_seen=self.scan_date,
+            scan_date=self.scan_date,
+            category="Software",
+            control_labels=[],
+        )
+
+    def _create_findings_from_data_item(self, data_item: dict, asset_name: str) -> Iterator[IntegrationFinding]:
+        """Create findings from a single data item
+
+        :param dict data_item: The data item containing vulnerability information
+        :param str asset_name: The asset name for the finding
+        :yields: IntegrationFinding objects
+        """
+        cve_data = self.mapping.get_value(data_item, "cves", [])
+        if not self._validate_cve_data(cve_data):
+            return
+
+        valid_cve_data = self._get_valid_cve_data(cve_data)
+        for cve_dat in valid_cve_data:
+            yield self._create_finding_from_cve(data_item, asset_name, cve_dat)
+
+    def _process_list_findings(self) -> Iterator[IntegrationFinding]:
+        """Process findings from list data
+
+        :yields: IntegrationFinding objects
+        """
+        for data_item in self.file_data:
+            if isinstance(data_item, list):
+                continue
+            asset_name = self._extract_asset_name(data_item)
+            if asset_name:
+                yield from self._create_findings_from_data_item(data_item, asset_name)
+
+    def _process_dict_findings(self) -> Iterator[IntegrationFinding]:
+        """Process findings from dict data
+
+        :yields: IntegrationFinding objects
+        """
+        asset_name = self._extract_asset_name(self.file_data)
+        if asset_name:
+            yield from self._create_findings_from_data_item(self.file_data, asset_name)
+
+    def fetch_findings(self, **_) -> Iterator[IntegrationFinding]:
+        """
+        Fetch findings from Xray scan data.
+
+        :raises ValidationException: If there is an error fetching/parsing findings
+        :yields: Iterator[IntegrationFinding]
+        """
+        try:
+            if isinstance(self.file_data, list):
+                yield from self._process_list_findings()
+            elif isinstance(self.file_data, dict):
+                yield from self._process_dict_findings()
+        except Exception as exc:
+            error_message = traceback.format_exc()
+            logger.error("Error fetching findings: %s", error_message)
+            raise ValidationException(f"Error fetching findings: {error_message}") from exc

regscale/models/regscale_models/control_implementation.py

@@ -70,6 +70,7 @@ class ControlImplementation(RegScaleModel):
 
     _module_slug = "controlImplementation"
     _module_string = "controls"
+    _unique_fields = [["controlID", "parentId", "parentModule"]]
     _get_objects_for_list = True
 
     controlOwnerId: str = Field(default_factory=RegScaleModel.get_user_id)
@@ -248,18 +249,19 @@ class ControlImplementation(RegScaleModel):
             return response.json()
         return None
 
-    def find_by_unique(self, **kwargs: dict) -> Optional["ControlImplementation"]:
-        """
-        Find an object by unique query.
-
-        :param dict **kwargs: The unique query parameters
-        :return: The object or None if not found
-        :rtype: Optional[ControlImplementation]
-        """
-
-        for instance in self.get_by_security_control_id(security_control_id=self.controlID):
-            return instance
-        return None
+    # Removed for now, will need to be added back once platform changes are made
+    # def find_by_unique(self, **kwargs: dict) -> Optional["ControlImplementation"]:
+    #     """
+    #     Find an object by unique query.
+    #
+    #     :param dict **kwargs: The unique query parameters
+    #     :return: The object or None if not found
+    #     :rtype: Optional[ControlImplementation]
+    #     """
+    #
+    #     for instance in self.get_by_security_control_id(security_control_id=self.controlID):
+    #         return instance
+    #     return None
 
     def _get_status_enum(self) -> List["ControlImplementationStatus"]:
         """

regscale/models/regscale_models/file.py

@@ -375,6 +375,10 @@ class File(BaseModel):
         except KeyError:
             if file_type == ".xlsx":
                 file_type_header = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
+            elif file_type == ".docx":
+                file_type_header = "application/vnd.openxmlformats-officedocument.wordprocessingml.document"
+            elif file_type == ".pptx":
+                file_type_header = "application/vnd.openxmlformats-officedocument.presentationml.presentation"
             elif file_type == ".nessus":
                 file_type_header = "text/xml"
             elif file_type == ".gz":