PyPI - regscale-cli - Versions diffs - 6.20.2.0__py3-none-any.whl → 6.20.3.0__py3-none-any.whl - Mend - Supply Chain Defender

regscale-cli 6.20.2.0py3-none-any.whl → 6.20.3.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of regscale-cli might be problematic. Click here for more details.

Files changed (29) hide show

regscale/models/integration_models/axonius_models/connectors/assets.py ADDED Viewed

@@ -0,0 +1,111 @@
+"""Assets Connector Model"""
+from typing import Iterator, Optional
+import pandas as pd
+import datetime
+from datetime import date
+import warnings
+import json
+import re
+from pydantic import ConfigDict
+from regscale.integrations.scanner_integration import (
+    IntegrationAsset,
+    IntegrationFinding,
+    ScannerIntegration,
+    ScannerIntegrationType,
+)
+from regscale.models.regscale_models import IssueSeverity, AssetStatus, ControlImplementation, SecurityControl
+from regscale.core.app.api import Api
+from regscale.core.app.application import Application
+class AxoniusIntegration(ScannerIntegration):
+    from regscale.integrations.variables import ScannerVariables
+    title = "Axonius"
+    # Required fields from ScannerIntegration
+    asset_identifier_field = "otherTrackingNumber"
+    finding_severity_map = {
+        "I": IssueSeverity.Critical,
+        "II": IssueSeverity.High,
+        "III": IssueSeverity.Moderate,
+        "IV": IssueSeverity.Low,
+    }
+    type = (
+        ScannerIntegrationType.CHECKLIST
+        if ScannerVariables.complianceCreation.lower() == "assessment"
+        else ScannerIntegrationType.CONTROL_TEST
+    )
+    app = Application()
+    def fetch_assets(self, *args, **kwargs) -> Iterator[IntegrationAsset]:
+        """
+        Fetches assets from Axonius
+        :yields: Iterator[IntegrationAsset]
+        """
+        # TEST: Parse Sample Axonius Object
+        axonius_object = pd.read_json("regscale/integrations/commercial/axonius/sample_axonius_object.json")
+        for ind, asset in axonius_object.iterrows():
+            integration_asset = IntegrationAsset(
+                name=asset["hostname"],
+                identifier=asset.COMPLIANCE_TABLE[0]["FISMA"],
+                serial_number=asset["serial"],
+                ip_address=asset["ip"],
+                status=AssetStatus.Active,
+                asset_category="Software",
+                asset_type="Other",
+            )
+            yield integration_asset
+    def fetch_findings(self, plan_id: int, *args, **kwargs) -> Iterator[IntegrationFinding]:
+        """
+        Unused method, but required by the parent class
+        :yields: Iterator[IntegrationFinding]
+        """
+        # TEST: Parse Sample Axonius Object
+        axonius_object = pd.read_json("regscale/integrations/commercial/axonius/sample_axonius_object.json")
+        for ind, asset in axonius_object.iterrows():
+            for finding in asset.COMPLIANCE_TABLE:
+                if finding["ComplianceResult"] != "PASSED":
+                    # Look for Control Title, Otherwise use Control ID
+                    existing_implementations = ControlImplementation.get_list_by_parent(
+                        regscale_id=plan_id, regscale_module="securityplans"
+                    )
+                    finding_control = re.search("[A-Z]{2}-\d+\d?(\(\d+\d?\))?", str(finding["800-53r5"]))[  # noqa: W605
+                        0
+                    ].lower()
+                    try:
+                        control_title = [
+                            control
+                            for control in existing_implementations
+                            if control["controlId"].lower() == finding_control
+                        ][0]["title"]
+                    except Exception:
+                        control_title = finding["800-53r5"]
+                    integration_finding = IntegrationFinding(
+                        title=f"Assessment Failure for Control ID: {control_title}",
+                        asset_identifier=finding["FISMA"],
+                        severity=self.finding_severity_map.get(finding["SEV"], IssueSeverity.NotAssigned),
+                        identification="Security Control Assessment",
+                        source_report="Axonius",
+                        status="Open",
+                        description=f"Issue for {finding['PLUGIN']}",
+                        plugin_name=finding["PLUGIN"],
+                        category="Other",
+                        control_labels=[finding["800-53r5"]],
+                        security_check=f"<strong>PLUGIN: </strong>{finding['PLUGIN']}<br><br><strong>FISMA: </strong>{finding['FISMA']}<br><br><strong>Compliance Result: </strong>{finding['ComplianceResult']}<br><br><strong>CCI: </strong>{finding['CCI']}<br><br><strong>800-53r5: </strong>{finding['800-53r5']}<br><br><strong>CSF: </strong>{finding['CSF']}<br><br><strong>VULID: </strong>{finding['VULID']}<br><br><strong>STIG: </strong>{finding['STIG']}",
+                        baseline=finding["STIG"],
+                        results=finding["ComplianceResult"],
+                        affected_controls=finding["800-53r5"],
+                    )
+                    yield integration_finding

regscale/models/integration_models/cisa_kev_data.json CHANGED Viewed

@@ -1,9 +1,69 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.06.05",
-    "dateReleased": "2025-06-05T18:02:07.1325Z",
-    "count": 1360,
+    "catalogVersion": "2025.06.13",
+    "dateReleased": "2025-06-13T16:08:40.4237Z",
+    "count": 1364,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-33053",
+            "vendorProject": "Web Distributed Authoring and Versioning",
+            "product": "Web Distributed Authoring and Versioning (WebDAV)",
+            "vulnerabilityName": "Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability",
+            "dateAdded": "2025-06-10",
+            "shortDescription": "Web Distributed Authoring and Versioning (WebDAV) contains an external control of file name or path vulnerability. This vulnerability could allow an unauthorized attacker to execute code over a network. This vulnerability could affect various products that implement WebDAV, including but not limited to Microsoft Windows.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-01",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-33053 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-33053",
+            "cwes": [
+                "CWE-73"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-24016",
+            "vendorProject": "Wazuh",
+            "product": "Wazuh Server",
+            "vulnerabilityName": "Wazuh Server Deserialization of Untrusted Data Vulnerability",
+            "dateAdded": "2025-06-10",
+            "shortDescription": "Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-01",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/github.com\/wazuh\/wazuh\/security\/advisories\/GHSA-hcrc-79hj-m3qh ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24016",
+            "cwes": [
+                "CWE-502"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-42009",
+            "vendorProject": "Roundcube",
+            "product": "Webmail",
+            "vulnerabilityName": "RoundCube Webmail Cross-Site Scripting Vulnerability",
+            "dateAdded": "2025-06-09",
+            "shortDescription": "RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program\/actions\/mail\/show.php.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-30",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/roundcube.net\/news\/2024\/08\/04\/security-updates-1.6.8-and-1.5.8 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-42009",
+            "cwes": [
+                "CWE-79"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-32433",
+            "vendorProject": "Erlang",
+            "product": "Erlang\/OTP",
+            "vulnerabilityName": "Erlang Erlang\/OTP SSH Server Missing Authentication for Critical Function Vulnerability",
+            "dateAdded": "2025-06-09",
+            "shortDescription": "Erlang Erlang\/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang\/OTP SSH server, including\u2014but not limited to\u2014Cisco, NetApp, and SUSE.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-30",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https:\/\/github.com\/erlang\/otp\/security\/advisories\/GHSA-37cp-fgq5-7wc2 ; https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-erlang-otp-ssh-xyZZy ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32433",
+            "cwes": [
+                "CWE-306"
+            ]
+        },
         {
             "cveID": "CVE-2025-5419",
             "vendorProject": "Google",
@@ -131,7 +191,7 @@
             "product": "RT-AX55 Routers",
             "vulnerabilityName": "ASUS RT-AX55 Routers OS Command Injection Vulnerability",
             "dateAdded": "2025-06-02",
-            "shortDescription": "ASUS RT-AX55 devices contain a OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands.",
+            "shortDescription": "ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands. As represented by CVE-2023-41346.",
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-06-23",
             "knownRansomwareCampaignUse": "Unknown",
@@ -1344,7 +1404,7 @@
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-03-06",
             "knownRansomwareCampaignUse": "Known",
-            "notes": "https:\/\/simple-help.com\/kb---security-vulnerabilities-01-2025 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-57727",
+            "notes": "https:\/\/simple-help.com\/kb---security-vulnerabilities-01-2025 ; Additional CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa25-163a ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-57727",
             "cwes": [
                 "CWE-22"
             ]
@@ -4253,7 +4313,7 @@
             "shortDescription": "Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2024-02-16",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-24-015 ;   https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-21762",
             "cwes": [
                 "CWE-787"