regscale-cli 6.20.2.0__py3-none-any.whl → 6.20.3.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of regscale-cli might be problematic. Click here for more details.

Files changed (30) hide show
  1. regscale/__init__.py +1 -1
  2. regscale/integrations/commercial/__init__.py +13 -0
  3. regscale/integrations/commercial/axonius/__init__.py +0 -0
  4. regscale/integrations/commercial/axonius/axonius_integration.py +70 -0
  5. regscale/integrations/commercial/jira.py +6 -12
  6. regscale/integrations/commercial/synqly/assets.py +10 -0
  7. regscale/integrations/commercial/wizv2/constants.py +4 -0
  8. regscale/integrations/commercial/wizv2/scanner.py +67 -14
  9. regscale/integrations/commercial/wizv2/utils.py +24 -10
  10. regscale/integrations/commercial/wizv2/variables.py +7 -0
  11. regscale/integrations/public/fedramp/fedramp_cis_crm.py +67 -13
  12. regscale/integrations/scanner_integration.py +8 -2
  13. regscale/integrations/variables.py +1 -0
  14. regscale/models/app_models/import_validater.py +3 -1
  15. regscale/models/integration_models/axonius_models/__init__.py +0 -0
  16. regscale/models/integration_models/axonius_models/connectors/__init__.py +3 -0
  17. regscale/models/integration_models/axonius_models/connectors/assets.py +111 -0
  18. regscale/models/integration_models/cisa_kev_data.json +109 -6
  19. regscale/models/integration_models/synqly_models/capabilities.json +1 -1
  20. regscale/models/integration_models/synqly_models/param.py +1 -1
  21. regscale/models/regscale_models/__init__.py +2 -1
  22. regscale/models/regscale_models/issue.py +1 -0
  23. regscale/models/regscale_models/risk_issue_mapping.py +61 -0
  24. regscale/utils/graphql_client.py +4 -4
  25. {regscale_cli-6.20.2.0.dist-info → regscale_cli-6.20.3.1.dist-info}/METADATA +13 -9
  26. {regscale_cli-6.20.2.0.dist-info → regscale_cli-6.20.3.1.dist-info}/RECORD +30 -24
  27. {regscale_cli-6.20.2.0.dist-info → regscale_cli-6.20.3.1.dist-info}/LICENSE +0 -0
  28. {regscale_cli-6.20.2.0.dist-info → regscale_cli-6.20.3.1.dist-info}/WHEEL +0 -0
  29. {regscale_cli-6.20.2.0.dist-info → regscale_cli-6.20.3.1.dist-info}/entry_points.txt +0 -0
  30. {regscale_cli-6.20.2.0.dist-info → regscale_cli-6.20.3.1.dist-info}/top_level.txt +0 -0
regscale/models/integration_models/axonius_models/connectors/assets.py ADDED
@@ -0,0 +1,111 @@
1
+ """Assets Connector Model"""
2
+
3
+ from typing import Iterator, Optional
4
+ import pandas as pd
5
+ import datetime
6
+ from datetime import date
7
+ import warnings
8
+ import json
9
+ import re
10
+
11
+ from pydantic import ConfigDict
12
+
13
+ from regscale.integrations.scanner_integration import (
14
+ IntegrationAsset,
15
+ IntegrationFinding,
16
+ ScannerIntegration,
17
+ ScannerIntegrationType,
18
+ )
19
+ from regscale.models.regscale_models import IssueSeverity, AssetStatus, ControlImplementation, SecurityControl
20
+ from regscale.core.app.api import Api
21
+ from regscale.core.app.application import Application
22
+
23
+
24
+ class AxoniusIntegration(ScannerIntegration):
25
+ from regscale.integrations.variables import ScannerVariables
26
+
27
+ title = "Axonius"
28
+ # Required fields from ScannerIntegration
29
+ asset_identifier_field = "otherTrackingNumber"
30
+ finding_severity_map = {
31
+ "I": IssueSeverity.Critical,
32
+ "II": IssueSeverity.High,
33
+ "III": IssueSeverity.Moderate,
34
+ "IV": IssueSeverity.Low,
35
+ }
36
+ type = (
37
+ ScannerIntegrationType.CHECKLIST
38
+ if ScannerVariables.complianceCreation.lower() == "assessment"
39
+ else ScannerIntegrationType.CONTROL_TEST
40
+ )
41
+ app = Application()
42
+
43
+ def fetch_assets(self, *args, **kwargs) -> Iterator[IntegrationAsset]:
44
+ """
45
+ Fetches assets from Axonius
46
+
47
+ :yields: Iterator[IntegrationAsset]
48
+ """
49
+
50
+ # TEST: Parse Sample Axonius Object
51
+ axonius_object = pd.read_json("regscale/integrations/commercial/axonius/sample_axonius_object.json")
52
+
53
+ for ind, asset in axonius_object.iterrows():
54
+ integration_asset = IntegrationAsset(
55
+ name=asset["hostname"],
56
+ identifier=asset.COMPLIANCE_TABLE[0]["FISMA"],
57
+ serial_number=asset["serial"],
58
+ ip_address=asset["ip"],
59
+ status=AssetStatus.Active,
60
+ asset_category="Software",
61
+ asset_type="Other",
62
+ )
63
+ yield integration_asset
64
+
65
+ def fetch_findings(self, plan_id: int, *args, **kwargs) -> Iterator[IntegrationFinding]:
66
+ """
67
+ Unused method, but required by the parent class
68
+
69
+ :yields: Iterator[IntegrationFinding]
70
+
71
+ """
72
+ # TEST: Parse Sample Axonius Object
73
+ axonius_object = pd.read_json("regscale/integrations/commercial/axonius/sample_axonius_object.json")
74
+
75
+ for ind, asset in axonius_object.iterrows():
76
+ for finding in asset.COMPLIANCE_TABLE:
77
+ if finding["ComplianceResult"] != "PASSED":
78
+
79
+ # Look for Control Title, Otherwise use Control ID
80
+ existing_implementations = ControlImplementation.get_list_by_parent(
81
+ regscale_id=plan_id, regscale_module="securityplans"
82
+ )
83
+ finding_control = re.search("[A-Z]{2}-\d+\d?(\(\d+\d?\))?", str(finding["800-53r5"]))[ # noqa: W605
84
+ 0
85
+ ].lower()
86
+ try:
87
+ control_title = [
88
+ control
89
+ for control in existing_implementations
90
+ if control["controlId"].lower() == finding_control
91
+ ][0]["title"]
92
+ except Exception:
93
+ control_title = finding["800-53r5"]
94
+
95
+ integration_finding = IntegrationFinding(
96
+ title=f"Assessment Failure for Control ID: {control_title}",
97
+ asset_identifier=finding["FISMA"],
98
+ severity=self.finding_severity_map.get(finding["SEV"], IssueSeverity.NotAssigned),
99
+ identification="Security Control Assessment",
100
+ source_report="Axonius",
101
+ status="Open",
102
+ description=f"Issue for {finding['PLUGIN']}",
103
+ plugin_name=finding["PLUGIN"],
104
+ category="Other",
105
+ control_labels=[finding["800-53r5"]],
106
+ security_check=f"<strong>PLUGIN: </strong>{finding['PLUGIN']}<br><br><strong>FISMA: </strong>{finding['FISMA']}<br><br><strong>Compliance Result: </strong>{finding['ComplianceResult']}<br><br><strong>CCI: </strong>{finding['CCI']}<br><br><strong>800-53r5: </strong>{finding['800-53r5']}<br><br><strong>CSF: </strong>{finding['CSF']}<br><br><strong>VULID: </strong>{finding['VULID']}<br><br><strong>STIG: </strong>{finding['STIG']}",
107
+ baseline=finding["STIG"],
108
+ results=finding["ComplianceResult"],
109
+ affected_controls=finding["800-53r5"],
110
+ )
111
+ yield integration_finding
regscale/models/integration_models/cisa_kev_data.json CHANGED
@@ -1,9 +1,112 @@
1
1
  {
2
2
  "title": "CISA Catalog of Known Exploited Vulnerabilities",
3
- "catalogVersion": "2025.06.05",
4
- "dateReleased": "2025-06-05T18:02:07.1325Z",
5
- "count": 1360,
3
+ "catalogVersion": "2025.06.17",
4
+ "dateReleased": "2025-06-17T17:00:46.2025Z",
5
+ "count": 1367,
6
6
  "vulnerabilities": [
7
+ {
8
+ "cveID": "CVE-2023-0386",
9
+ "vendorProject": "Linux",
10
+ "product": "Kernel",
11
+ "vulnerabilityName": "Linux Kernel Improper Ownership Management Vulnerability",
12
+ "dateAdded": "2025-06-17",
13
+ "shortDescription": "Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel\u2019s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.",
14
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
15
+ "dueDate": "2025-07-08",
16
+ "knownRansomwareCampaignUse": "Unknown",
17
+ "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=4f11ada10d0a ; https:\/\/access.redhat.com\/security\/cve\/cve-2023-0386 ; https:\/\/security.netapp.com\/advisory\/ntap-20230420-0004\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-0386",
18
+ "cwes": [
19
+ "CWE-282"
20
+ ]
21
+ },
22
+ {
23
+ "cveID": "CVE-2023-33538",
24
+ "vendorProject": "TP-Link",
25
+ "product": "Multiple Routers",
26
+ "vulnerabilityName": "TP-Link Multiple Routers Command Injection Vulnerability",
27
+ "dateAdded": "2025-06-16",
28
+ "shortDescription": "TP-Link TL-WR940N V2\/V4, TL-WR841N V8\/V10, and TL-WR740N V1\/V2 contain a command injection vulnerability via the component \/userRpm\/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
29
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
30
+ "dueDate": "2025-07-07",
31
+ "knownRansomwareCampaignUse": "Unknown",
32
+ "notes": "https:\/\/www.tp-link.com\/nordic\/support\/faq\/3562\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-33538",
33
+ "cwes": [
34
+ "CWE-77"
35
+ ]
36
+ },
37
+ {
38
+ "cveID": "CVE-2025-43200",
39
+ "vendorProject": "Apple",
40
+ "product": "Multiple Products",
41
+ "vulnerabilityName": "Apple Multiple Products Unspecified Vulnerability",
42
+ "dateAdded": "2025-06-16",
43
+ "shortDescription": "Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.",
44
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
45
+ "dueDate": "2025-07-07",
46
+ "knownRansomwareCampaignUse": "Unknown",
47
+ "notes": "https:\/\/support.apple.com\/en-us\/122174 ; https:\/\/support.apple.com\/en-us\/122173 ; https:\/\/support.apple.com\/en-us\/122900 ; https:\/\/support.apple.com\/en-us\/122901 ; https:\/\/support.apple.com\/en-us\/122902 ; https:\/\/support.apple.com\/en-us\/122903 ; https:\/\/support.apple.com\/en-us\/122904 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-43200",
48
+ "cwes": []
49
+ },
50
+ {
51
+ "cveID": "CVE-2025-33053",
52
+ "vendorProject": "Web Distributed Authoring and Versioning",
53
+ "product": "Web Distributed Authoring and Versioning (WebDAV)",
54
+ "vulnerabilityName": "Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability",
55
+ "dateAdded": "2025-06-10",
56
+ "shortDescription": "Web Distributed Authoring and Versioning (WebDAV) contains an external control of file name or path vulnerability. This vulnerability could allow an unauthorized attacker to execute code over a network. This vulnerability could affect various products that implement WebDAV, including but not limited to Microsoft Windows.",
57
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
58
+ "dueDate": "2025-07-01",
59
+ "knownRansomwareCampaignUse": "Unknown",
60
+ "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-33053 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-33053",
61
+ "cwes": [
62
+ "CWE-73"
63
+ ]
64
+ },
65
+ {
66
+ "cveID": "CVE-2025-24016",
67
+ "vendorProject": "Wazuh",
68
+ "product": "Wazuh Server",
69
+ "vulnerabilityName": "Wazuh Server Deserialization of Untrusted Data Vulnerability",
70
+ "dateAdded": "2025-06-10",
71
+ "shortDescription": "Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers.",
72
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
73
+ "dueDate": "2025-07-01",
74
+ "knownRansomwareCampaignUse": "Unknown",
75
+ "notes": "https:\/\/wazuh.com\/blog\/addressing-the-cve-2025-24016-vulnerability\/ ; https:\/\/github.com\/wazuh\/wazuh\/security\/advisories\/GHSA-hcrc-79hj-m3qh ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24016",
76
+ "cwes": [
77
+ "CWE-502"
78
+ ]
79
+ },
80
+ {
81
+ "cveID": "CVE-2024-42009",
82
+ "vendorProject": "Roundcube",
83
+ "product": "Webmail",
84
+ "vulnerabilityName": "RoundCube Webmail Cross-Site Scripting Vulnerability",
85
+ "dateAdded": "2025-06-09",
86
+ "shortDescription": "RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program\/actions\/mail\/show.php.",
87
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
88
+ "dueDate": "2025-06-30",
89
+ "knownRansomwareCampaignUse": "Unknown",
90
+ "notes": "https:\/\/roundcube.net\/news\/2024\/08\/04\/security-updates-1.6.8-and-1.5.8 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-42009",
91
+ "cwes": [
92
+ "CWE-79"
93
+ ]
94
+ },
95
+ {
96
+ "cveID": "CVE-2025-32433",
97
+ "vendorProject": "Erlang",
98
+ "product": "Erlang\/OTP",
99
+ "vulnerabilityName": "Erlang Erlang\/OTP SSH Server Missing Authentication for Critical Function Vulnerability",
100
+ "dateAdded": "2025-06-09",
101
+ "shortDescription": "Erlang Erlang\/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang\/OTP SSH server, including\u2014but not limited to\u2014Cisco, NetApp, and SUSE.",
102
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
103
+ "dueDate": "2025-06-30",
104
+ "knownRansomwareCampaignUse": "Unknown",
105
+ "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https:\/\/github.com\/erlang\/otp\/security\/advisories\/GHSA-37cp-fgq5-7wc2 ; https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-erlang-otp-ssh-xyZZy ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32433",
106
+ "cwes": [
107
+ "CWE-306"
108
+ ]
109
+ },
7
110
  {
8
111
  "cveID": "CVE-2025-5419",
9
112
  "vendorProject": "Google",
@@ -131,7 +234,7 @@
131
234
  "product": "RT-AX55 Routers",
132
235
  "vulnerabilityName": "ASUS RT-AX55 Routers OS Command Injection Vulnerability",
133
236
  "dateAdded": "2025-06-02",
134
- "shortDescription": "ASUS RT-AX55 devices contain a OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands.",
237
+ "shortDescription": "ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands. As represented by CVE-2023-41346.",
135
238
  "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
136
239
  "dueDate": "2025-06-23",
137
240
  "knownRansomwareCampaignUse": "Unknown",
@@ -1344,7 +1447,7 @@
1344
1447
  "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
1345
1448
  "dueDate": "2025-03-06",
1346
1449
  "knownRansomwareCampaignUse": "Known",
1347
- "notes": "https:\/\/simple-help.com\/kb---security-vulnerabilities-01-2025 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-57727",
1450
+ "notes": "https:\/\/simple-help.com\/kb---security-vulnerabilities-01-2025 ; Additional CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa25-163a ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-57727",
1348
1451
  "cwes": [
1349
1452
  "CWE-22"
1350
1453
  ]
@@ -4253,7 +4356,7 @@
4253
4356
  "shortDescription": "Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.",
4254
4357
  "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
4255
4358
  "dueDate": "2024-02-16",
4256
- "knownRansomwareCampaignUse": "Unknown",
4359
+ "knownRansomwareCampaignUse": "Known",
4257
4360
  "notes": "https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-24-015 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-21762",
4258
4361
  "cwes": [
4259
4362
  "CWE-787"