regscale-cli 6.20.10.0__py3-none-any.whl → 6.21.1.0__py3-none-any.whl

regscale/models/regscale_models/issue.py

@@ -1270,6 +1270,129 @@ class Issue(RegScaleModel):
             raise ValueError(f"riskAdjustment must be one of {allowed_values}")
         return v
 
+    # New method to determine and set isPoam based on NIST/FedRAMP criteria
+    def set_is_poam(
+        self,
+        config: Optional[Dict[str, Any]] = None,
+        standard: str = "fedramp",
+        current_date: Optional[datetime] = None,
+    ) -> None:
+        """
+        Sets the isPoam field based on NIST 800-53 or FedRAMP criteria, preserving historical POAM status.
+
+        Criteria:
+        - Preserves isPoam=True for imported data, even if closed, for reporting purposes.
+        - For new issues:
+          - Skips if false positive, operational requirement, or deviation rationale exists.
+          - FedRAMP: High/Critical issues are POAMs if open; scan-based issues are POAMs if overdue; non-scan issues are POAMs if open.
+          - NIST: POAM for any open deficiency unless accepted as residual risk.
+          - Uses config thresholds (e.g., {'critical': 30, 'high': 90, 'medium': 90, 'low': 365, 'status': 'Open'}).
+
+        Args:
+            config: Optional dictionary with severity thresholds and status from init.yaml.
+                    Defaults to FedRAMP: {'critical': 30, 'high': 30, 'medium': 90, 'low': 180, 'status': 'Open'}.
+                    For NIST, uses {'critical': 30, 'high': 90, 'medium': 90, 'low': 180, 'status': 'Open'}.
+            standard: 'fedramp' (default) or 'nist'.
+            current_date: Optional datetime for calculation (defaults to current time).
+
+        Returns:
+            None: Sets the isPoam attribute directly.
+        """
+        # Use current time if not provided
+        current_date = current_date or datetime.datetime.now()
+
+        # Preserve historical POAM status for imported data
+        if self.isPoam:
+            return
+
+        # Define open statuses
+        open_statuses = {
+            IssueStatus.Open,
+            IssueStatus.Delayed,
+            IssueStatus.PendingVerification,
+            IssueStatus.VendorDependency,
+            IssueStatus.PendingApproval,
+        }
+
+        # Skip if issue is accepted as residual risk
+        if self.falsePositive or self.operationalRequirement or self.deviationRationale:
+            self.isPoam = False
+            return
+
+        # Load default thresholds based on standard if config is not provided
+        config = config or (
+            {"critical": 30, "high": 30, "medium": 90, "low": 180, "status": "Open"}
+            if standard == "fedramp"
+            else {"critical": 30, "high": 90, "medium": 90, "low": 180, "status": "Open"}
+        )
+
+        # Map severity to remediation days
+        severity_map = {
+            IssueSeverity.Critical: config.get("critical", 30),
+            IssueSeverity.High: config.get("high", 90),
+            IssueSeverity.Moderate: config.get("medium", 90),
+            IssueSeverity.Low: config.get("low", 365),
+            IssueSeverity.NotAssigned: config.get("low", 365),
+        }
+
+        # Normalize severity
+        severity = (
+            IssueSeverity(self.severityLevel)
+            if self.severityLevel in {s.value for s in IssueSeverity}
+            else IssueSeverity.NotAssigned
+        )
+        threshold_days = severity_map[severity]
+
+        # Get detection date
+        detection_date_str = self.dateFirstDetected or self.dateCreated
+        if not detection_date_str:
+            self.isPoam = False
+            return
+
+        try:
+            detection_date = datetime.datetime.strptime(detection_date_str, "%Y-%m-%dT%H:%M:%S")
+        except ValueError:
+            try:
+                detection_date = datetime.datetime.strptime(detection_date_str, "%Y-%m-%d")
+            except ValueError:
+                self.isPoam = False
+                return
+
+        days_since_detection = (current_date - detection_date).days
+
+        # Define scan sources
+        scan_sources = {"Vulnerability Assessment", "FDCC/USGCB", "Penetration Test"}
+        is_scan = self.identification in scan_sources
+
+        # Apply standard-specific logic
+        if standard == "fedramp":
+            # FedRAMP: High/Critical are always POAMs if open
+            if severity in {IssueSeverity.High, IssueSeverity.Critical}:
+                self.isPoam = self.status in open_statuses
+            # Scan-based: POAM if overdue
+            elif is_scan:
+                self.isPoam = days_since_detection > threshold_days
+            # Non-scan: POAM if open
+            else:
+                self.isPoam = self.status in open_statuses
+
+            # Handle vendor dependencies
+            if self.vendorDependency and self.vendorLastUpdate:
+                try:
+                    vendor_date = datetime.datetime.strptime(self.vendorLastUpdate, "%Y-%m-%dT%H:%M:%S")
+                    days_since_vendor = (current_date - vendor_date).days
+                    self.isPoam = days_since_vendor > threshold_days
+                except ValueError:
+                    pass  # Fall back to detection date logic
+
+        else:  # NIST 800-53
+            # NIST: POAM for any open deficiency
+            self.isPoam = self.status in open_statuses
+
+        # Apply status filter from config if specified
+        if "status" in config:
+            self.isPoam = self.isPoam and self.status == config["status"]
+
 
 def build_issue_dict_from_query(a: Dict[str, Any]) -> Dict[str, Any]:
     """

regscale/models/regscale_models/milestone.py

@@ -24,7 +24,7 @@ class Milestone(RegScaleModel):
     completed: Optional[bool] = False
     dateCompleted: Optional[str] = Field(default_factory=get_current_datetime)
     notes: Optional[str] = ""
-    parentID: Optional[str] = None
+    parentID: Optional[int] = None
     parentModule: str = ""
 
     @staticmethod

regscale/models/regscale_models/rbac.py

@@ -28,6 +28,7 @@ class RBAC(RegScaleModel):
             add="/api/{model_slug}/add/{moduleId}/{parentId}/{groupId}/{permissionType}",
             public="/api/{model_slug}/public/{moduleId}/{parentId}/{public}",
             none_standard_delete="/api/{model_slug}/{moduleId}/{parentId}/{rbacId}",
+            reset="/api/{model_slug}/reset/{moduleId}/{parentId}",
         )
 
     @classmethod
@@ -129,3 +130,24 @@ class RBAC(RegScaleModel):
         else:
             cls.log_response_error(response=response)
             return False
+
+    @classmethod
+    def reset(cls, module_id: int, parent_id: int) -> bool:
+        """
+        Proliferates the RBAC entry to all its children
+
+        :param int module_id: The ID of the module
+        :param int parent_id: The ID of the parent
+        :return: True if the RBAC entry was added, False otherwise
+        :rtype: bool
+        """
+        response = cls._get_api_handler().get(
+            endpoint=cls.get_endpoint("reset").format(
+                model_slug=cls._module_slug, moduleId=module_id, parentId=parent_id
+            )
+        )
+        if response and response.ok:
+            return True
+        else:
+            cls.log_response_error(response=response)
+            return False

regscale/models/regscale_models/regscale_model.py

@@ -1279,7 +1279,9 @@ class RegScaleModel(BaseModel, ABC):
                 exc_info=True,
             )
             if response and not response.ok:
-                logger.error(f"Response Error: Code #{response.status_code}: {response.reason}\n{response.text}")
+                logger.error(
+                    f"Response Error: Code #{response.status_code}: {response.reason}\n{response.text}", exc_info=True
+                )
             if response is None:
                 error_msg = "Response was None"
                 logger.error(error_msg)
@@ -1522,7 +1524,7 @@ class RegScaleModel(BaseModel, ABC):
         :return: A list of objects
         :rtype: List[T]
         """
-        response = cls._get_api_handler().get(endpoint=cls.get_endpoint("list"))
+        response = cls._get_api_handler().get(endpoint=cls.get_endpoint("list").format(module_slug=cls._module_slug))
         if response.ok:
             return cast(List[T], [cls.get_object(object_id=sp["id"]) for sp in response.json()])
         else:

regscale/models/regscale_models/security_plan.py

@@ -176,7 +176,7 @@ class SecurityPlan(RegScaleModel):
         return {}
 
     @classmethod
-    def get_list(cls) -> list:
+    def get_ssp_list(cls) -> list:
         """
         Get a list of objects.
 

regscale/utils/graphql_client.py

@@ -5,6 +5,8 @@ A module for making paginated GraphQL queries.
 import logging
 from typing import List, Dict, Optional, Any
 
+import graphql
+
 from regscale.core.app.utils.app_utils import create_progress_object, error_and_exit
 
 logger = logging.getLogger(__name__)
@@ -90,7 +92,7 @@ class PaginatedGraphQLClient:
             return result
         except Exception as e:
             logger.error(f"An error occurred while executing the query: {str(e)}", exc_info=True)
-            logger.error(f"Query: {self.query}")
+            logger.error(f"Query: {graphql.print_ast(self.query)}")
             error_and_exit(f"Variable: {variables}")
 
     def fetch_results(self, variables: Optional[Dict[str, Any]] = None) -> Dict[str, Any]:

{regscale_cli-6.20.10.0.dist-info → regscale_cli-6.21.1.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: regscale-cli
-Version: 6.20.10.0
+Version: 6.21.1.0
 Summary: Command Line Interface (CLI) for bulk processing/loading data into RegScale
 Home-page: https://github.com/RegScale/regscale-cli
 Author: Travis Howerton
@@ -56,7 +56,7 @@ Requires-Dist: pydantic ~=2.11.0
 Requires-Dist: pypandoc
 Requires-Dist: pypandoc-binary
 Requires-Dist: pytest
-Requires-Dist: python-dateutil ~=2.8.2
+Requires-Dist: python-dateutil ~=2.9.0
 Requires-Dist: python-docx
 Requires-Dist: python-jwt ==4.1.0
 Requires-Dist: pyxnat ==1.5.*
@@ -137,7 +137,7 @@ Requires-Dist: pydantic ~=2.11.0 ; extra == 'airflow'
 Requires-Dist: pypandoc ; extra == 'airflow'
 Requires-Dist: pypandoc-binary ; extra == 'airflow'
 Requires-Dist: pytest ; extra == 'airflow'
-Requires-Dist: python-dateutil ~=2.8.2 ; extra == 'airflow'
+Requires-Dist: python-dateutil ~=2.9.0 ; extra == 'airflow'
 Requires-Dist: python-docx ; extra == 'airflow'
 Requires-Dist: python-jwt ==4.1.0 ; extra == 'airflow'
 Requires-Dist: pyxnat ==1.5.* ; extra == 'airflow'
@@ -222,7 +222,7 @@ Requires-Dist: pydantic ~=2.11.0 ; extra == 'airflow-azure'
 Requires-Dist: pypandoc ; extra == 'airflow-azure'
 Requires-Dist: pypandoc-binary ; extra == 'airflow-azure'
 Requires-Dist: pytest ; extra == 'airflow-azure'
-Requires-Dist: python-dateutil ~=2.8.2 ; extra == 'airflow-azure'
+Requires-Dist: python-dateutil ~=2.9.0 ; extra == 'airflow-azure'
 Requires-Dist: python-docx ; extra == 'airflow-azure'
 Requires-Dist: python-jwt ==4.1.0 ; extra == 'airflow-azure'
 Requires-Dist: pyxnat ==1.5.* ; extra == 'airflow-azure'
@@ -307,7 +307,7 @@ Requires-Dist: pyodbc ; extra == 'airflow-sqlserver'
 Requires-Dist: pypandoc ; extra == 'airflow-sqlserver'
 Requires-Dist: pypandoc-binary ; extra == 'airflow-sqlserver'
 Requires-Dist: pytest ; extra == 'airflow-sqlserver'
-Requires-Dist: python-dateutil ~=2.8.2 ; extra == 'airflow-sqlserver'
+Requires-Dist: python-dateutil ~=2.9.0 ; extra == 'airflow-sqlserver'
 Requires-Dist: python-docx ; extra == 'airflow-sqlserver'
 Requires-Dist: python-jwt ==4.1.0 ; extra == 'airflow-sqlserver'
 Requires-Dist: pyxnat ==1.5.* ; extra == 'airflow-sqlserver'
@@ -397,7 +397,7 @@ Requires-Dist: pydantic ~=2.11.0 ; extra == 'all'
 Requires-Dist: pypandoc ; extra == 'all'
 Requires-Dist: pypandoc-binary ; extra == 'all'
 Requires-Dist: pytest ; extra == 'all'
-Requires-Dist: python-dateutil ~=2.8.2 ; extra == 'all'
+Requires-Dist: python-dateutil ~=2.9.0 ; extra == 'all'
 Requires-Dist: python-docx ; extra == 'all'
 Requires-Dist: python-jwt ==4.1.0 ; extra == 'all'
 Requires-Dist: pyxnat ==1.5.* ; extra == 'all'
@@ -460,7 +460,7 @@ Requires-Dist: pydantic ~=2.11.0 ; extra == 'ansible'
 Requires-Dist: pypandoc ; extra == 'ansible'
 Requires-Dist: pypandoc-binary ; extra == 'ansible'
 Requires-Dist: pytest ; extra == 'ansible'
-Requires-Dist: python-dateutil ~=2.8.2 ; extra == 'ansible'
+Requires-Dist: python-dateutil ~=2.9.0 ; extra == 'ansible'
 Requires-Dist: python-docx ; extra == 'ansible'
 Requires-Dist: python-jwt ==4.1.0 ; extra == 'ansible'
 Requires-Dist: pyxnat ==1.5.* ; extra == 'ansible'
@@ -539,7 +539,7 @@ Requires-Dist: pytest-rerunfailures ; extra == 'dev'
 Requires-Dist: pytest-timeout ; extra == 'dev'
 Requires-Dist: pytest-xdist ; extra == 'dev'
 Requires-Dist: pytest >=5 ; extra == 'dev'
-Requires-Dist: python-dateutil ~=2.8.2 ; extra == 'dev'
+Requires-Dist: python-dateutil ~=2.9.0 ; extra == 'dev'
 Requires-Dist: python-docx ; extra == 'dev'
 Requires-Dist: python-jwt ==4.1.0 ; extra == 'dev'
 Requires-Dist: pyxnat ==1.5.* ; extra == 'dev'
@@ -612,7 +612,7 @@ Requires-Dist: pydantic ~=2.11.0 ; extra == 'server'
 Requires-Dist: pypandoc ; extra == 'server'
 Requires-Dist: pypandoc-binary ; extra == 'server'
 Requires-Dist: pytest ; extra == 'server'
-Requires-Dist: python-dateutil ~=2.8.2 ; extra == 'server'
+Requires-Dist: python-dateutil ~=2.9.0 ; extra == 'server'
 Requires-Dist: python-docx ; extra == 'server'
 Requires-Dist: python-jwt ==4.1.0 ; extra == 'server'
 Requires-Dist: pyxnat ==1.5.* ; extra == 'server'