regscale-cli 6.20.3.0__py3-none-any.whl → 6.20.4.0__py3-none-any.whl

regscale/integrations/public/fedramp/fedramp_cis_crm.py

@@ -33,6 +33,7 @@ from regscale.models.regscale_models import (
 from regscale.models.regscale_models.compliance_settings import ComplianceSettings
 from regscale.models.regscale_models.control_implementation import ControlImplementationStatus
 from regscale.utils.threading import ThreadSafeDict, ThreadSafeSet
+from regscale.utils.version import RegscaleVersion
 
 # For type annotations only
 if TYPE_CHECKING:
@@ -62,6 +63,7 @@ NOT_IMPLEMENTED = ControlImplementationStatus.NotImplemented.value
 PARTIALLY_IMPLEMENTED = ControlImplementationStatus.PartiallyImplemented.value
 CONTROL_ID = "Control ID"
 ALT_IMPLEMENTATION = "Alternate Implementation"
+ALTERNATIVE_IMPLEMENTATION = "Alternative Implementation"
 CAN_BE_INHERITED_CSP = "Can Be Inherited from CSP"
 IMPACT_LEVEL = "Impact Level"
 SYSTEM_NAME = "System Name"
@@ -75,7 +77,7 @@ STATUS_MAPPING = {
     PARTIALLY_IMPLEMENTED: ControlImplementationStatus.PartiallyImplemented,
     ControlImplementationStatus.Planned.value: ControlImplementationStatus.Planned,
     "N/A": ControlImplementationStatus.NA,
-    "Alternative Implementation": ControlImplementationStatus.Alternative,
+    ALTERNATIVE_IMPLEMENTATION: ControlImplementationStatus.Alternative,
     ALT_IMPLEMENTATION: ControlImplementationStatus.Alternative,
 }
 
@@ -98,6 +100,7 @@ RESPONSIBILITY_MAP = {
     "bInherited": "Inherited",
 }
 REGSCALE_SSP_ID: int = 0
+INITIAL_IMPORT = True
 
 
 @lru_cache(maxsize=1)
@@ -227,7 +230,7 @@ def map_implementation_status(control_id: str, cis_data: dict) -> str:
         return STATUS_MAPPING.get(status, ControlImplementationStatus.NotImplemented)
 
     # Priority-based status determination
-    if any(status in ["N/A", "Alternative Implementation"] for status in status_counts):
+    if any(status in ["N/A", ALTERNATIVE_IMPLEMENTATION] for status in status_counts):
         status_ret = ControlImplementationStatus.NA
 
     implemented_count = status_counts.get("Implemented", 0)
@@ -301,6 +304,43 @@ def clean_customer_responsibility(value: str):
         return str(value)
 
 
+def get_multi_status(record: dict) -> str:
+    """
+    Function to get the multi-select status from the record
+    """
+    status_list = []
+    status_map = {
+        "Implemented": ControlImplementationStatus.Implemented.value,
+        "Planned": ControlImplementationStatus.Implemented.Planned.value,
+        PARTIALLY_IMPLEMENTED: PARTIALLY_IMPLEMENTED,
+        "N/A": ControlImplementationStatus.NA.value,
+        NOT_IMPLEMENTED: NOT_IMPLEMENTED,
+        "Not Applicable": ControlImplementationStatus.NA.value,
+        ALTERNATIVE_IMPLEMENTATION: ControlImplementationStatus.Alternative.value,
+        ALT_IMPLEMENTATION: ControlImplementationStatus.Alternative.value,
+    }
+    # Get implementation status with default value
+    implementation_status = record.get("implementation_status", NOT_IMPLEMENTED)
+
+    # Handle empty or None status
+    if not implementation_status:
+        return NOT_IMPLEMENTED
+
+    if RegscaleVersion.meets_minimum_version("6.20.17.0"):
+        # Process multiple statuses
+        status_list = []
+        for status in implementation_status.split(","):
+            status = status.strip()
+            if status not in status_map:
+                logger.warning(f"Unknown implementation status: {status}")
+                continue
+            status_list.append(status_map[status])
+        return ",".join(status_list) if status_list else NOT_IMPLEMENTED
+    else:
+        # Legacy method - single status
+        return status_map.get(implementation_status, NOT_IMPLEMENTED)
+
+
 def update_imp_objective(
     leverage_auth_id: int,
     existing_imp_obj: List[ImplementationObjective],
@@ -319,13 +359,6 @@ def update_imp_objective(
     :rtype: None
     :return: None
     """
-    status_map = {
-        "Implemented": ControlImplementationStatus.Implemented.value,
-        "Planned": ControlImplementationStatus.Implemented.Planned.value,
-        PARTIALLY_IMPLEMENTED: PARTIALLY_IMPLEMENTED,
-        "N/A": ControlImplementationStatus.NA.value,
-        NOT_IMPLEMENTED: NOT_IMPLEMENTED,
-    }
 
     cis_record = record.get("cis", {})
     crm_record = record.get("crm", {})
@@ -335,7 +368,10 @@ def update_imp_objective(
         control_originations[ix] = control_origination.strip()
 
     try:
-        responsibility = next(origin for origin in control_originations)
+        if RegscaleVersion.meets_minimum_version("6.20.17.0"):
+            responsibility = ",".join(control_originations)
+        else:
+            responsibility = next(origin for origin in control_originations)
 
     except StopIteration:
         if imp.responsibility:
@@ -349,25 +385,28 @@ def update_imp_objective(
     existing_pairs = {(obj.objectiveId, obj.implementationId) for obj in existing_imp_obj}
     logger.debug(f"CRM Record: {crm_record}")
     can_be_inherited_from_csp: str = crm_record.get("can_be_inherited_from_csp") or ""
+    cloud_responsibility = customer_responsibility if can_be_inherited_from_csp.lower() == "yes" else ""
+    customer_responsibility = customer_responsibility if can_be_inherited_from_csp.lower() != "yes" else ""
     for objective in objectives:
         current_pair = (objective.id, imp.id)
         if current_pair not in existing_pairs:
             if objective.securityControlId != imp.controlID:
                 # This is a bad match, do not save.
                 continue
+
             imp_obj = ImplementationObjective(
                 id=0,
                 uuid="",
                 inherited=can_be_inherited_from_csp in ["Yes", "Partial"],
                 implementationId=imp.id,
-                status=status_map.get(cis_record.get("implementation_status", NOT_IMPLEMENTED), NOT_IMPLEMENTED),
+                status=get_multi_status(cis_record),
                 objectiveId=objective.id,
                 notes=objective.name,
                 securityControlId=objective.securityControlId,
                 securityPlanId=REGSCALE_SSP_ID,
                 responsibility=responsibility,
-                cloudResponsibility=customer_responsibility if can_be_inherited_from_csp.lower() == "yes" else "",
-                customerResponsibility=(customer_responsibility if can_be_inherited_from_csp.lower() != "yes" else ""),
+                cloudResponsibility=cloud_responsibility,
+                customerResponsibility=customer_responsibility,
                 authorizationId=leverage_auth_id,
                 parentObjectiveId=objective.parentObjectiveId,
             )
@@ -379,34 +418,20 @@ def update_imp_objective(
             )
             UPDATED_IMPLEMENTATION_OBJECTIVES.add(imp_obj)
         else:
-            # NOTE: Don't overwrite the responsibility text and only append.
             ex_obj = next((obj for obj in existing_imp_obj if obj.objectiveId == objective.id), None)
             if ex_obj:
-                ex_obj.status = status_map.get(
-                    cis_record.get("implementation_status", NOT_IMPLEMENTED), NOT_IMPLEMENTED
-                )
-                try:
-                    seperator = " \n---------------\n "
-                    if ex_obj.responsibility:
-                        ex_obj.responsibility = (
-                            seperator.join([ex_obj.responsibility, responsibility])
-                            if ex_obj.responsibility != responsibility
-                            else ex_obj.responsibility
-                        )
-                    if ex_obj.cloudResponsibility:
-                        ex_obj.cloudResponsibility = (
-                            seperator.join([ex_obj.cloudResponsibility, customer_responsibility])
-                            if ex_obj.cloudResponsibility != responsibility
-                            else ex_obj.cloudResponsibility
-                        )
-                    if ex_obj.customerResponsibility:
-                        ex_obj.customerResponsibility = (
-                            seperator.join([ex_obj.customerResponsibility, customer_responsibility])
-                            if ex_obj.cloudResponsibility != responsibility
-                            else ex_obj.customerResponsibility
-                        )
-                except TypeError:
-                    logger.warning(f"Failed to update responsibility on Implementation Objective #{ex_obj.id}")
+                ex_obj.status = get_multi_status(cis_record)
+                if cloud_responsibility.strip():
+                    logger.debug(
+                        f"Updating Implementation Objective #{ex_obj.id} with responsibility: {responsibility}"
+                    )
+                    ex_obj.cloudResponsibility = cloud_responsibility
+                if customer_responsibility.strip():
+                    logger.debug(
+                        f"Updating Implementation Objective #{ex_obj.id} with cloud responsibility: {cloud_responsibility}"
+                    )
+                    ex_obj.customerResponsibility = customer_responsibility
+
                 UPDATED_IMPLEMENTATION_OBJECTIVES.add(ex_obj)
 
 
@@ -995,6 +1020,7 @@ def parse_cis_worksheet(file_path: click.Path, cis_sheet_name: str) -> dict:
         :return: The implementation status
         :rtype: str
         """
+        selected_status = []
         for col in [
             "Implemented",
             ControlImplementationStatus.PartiallyImplemented,
@@ -1003,8 +1029,8 @@ def parse_cis_worksheet(file_path: click.Path, cis_sheet_name: str) -> dict:
             ControlImplementationStatus.NA,
         ]:
             if data_row[col]:
-                return col
-        return ""
+                selected_status.append(col)
+        return ", ".join(selected_status) if selected_status else ""
 
     # Function to extract the first non-empty control origination
     def _extract_origination(data_row: pd.Series) -> str:
@@ -1227,7 +1253,8 @@ def _save_implementation_text(imp: ControlImplementation, customer_text: str, cl
     imp.cloudImplementation = cloud_text
 
     # Update parameters in background thread
-    _spin_off_thread(parameter_merge, imp.id, imp.controlID)
+    if INITIAL_IMPORT:
+        _spin_off_thread(parameter_merge, imp.id, imp.controlID)
 
     # Save implementation changes
     imp.save()
@@ -1255,6 +1282,7 @@ def parse_and_map_data(
             crm_data=crm_data,
             version=version,
         )
+        # Don't call this on re-import
         update_customer_text()
 
     report(error_set)
@@ -1330,6 +1358,7 @@ def create_new_security_plan(profile_id: int, system_name: str):
     :rtype: SecurityPlan
     :return: The created security plan
     """
+    global INITIAL_IMPORT
     compliance_settings = ComplianceSettings.get_by_current_tenant()
     try:
         compliance_setting = next(
@@ -1386,6 +1415,7 @@ def create_new_security_plan(profile_id: int, system_name: str):
         build_implementations_dict(security_plan_id=ret.id)
 
     else:
+        INITIAL_IMPORT = False
         ret = next((plan for plan in existing_plan), None)
         logger.info(f"Found existing SSP# {ret.id}")
         existing_imps = ControlImplementation.get_list_by_plan(ret.id)

regscale/models/app_models/import_validater.py

@@ -185,10 +185,28 @@ class ImportValidater:
                 df = pandas.read_csv(file_path, skiprows=self.skip_rows - 1, on_bad_lines="warn")
             else:
                 df = pandas.read_csv(file_path, on_bad_lines="warn")
+
+            # Check if the DataFrame is empty or has no columns
+            if df.empty or len(df.columns) == 0:
+                raise ValidationException(
+                    f"The CSV file '{file_path}' appears to be empty or has no parseable columns. "
+                    f"Please check that:\n"
+                    f"1. The file contains data\n"
+                    f"2. The file has proper column headers\n"
+                    f"3. The skip_rows parameter ({self.skip_rows}) is correct for this file format"
+                )
+
             if self.ignore_unnamed:
                 df = df.loc[:, ~df.columns.str.contains("^Unnamed")]
-        except pandas.errors.ParserError:
-            raise ValidationException(f"Unable to parse the {CSV} file: {file_path}")
+        except pandas.errors.EmptyDataError as e:
+            raise ValidationException(
+                f"The CSV file '{file_path}' is empty or contains no data. "
+                f"Please verify the file contains valid CSV data with headers. "
+                f"If using skip_rows ({self.skip_rows}), ensure there are enough rows in the file."
+            ) from e
+        except pandas.errors.ParserError as e:
+            raise ValidationException(f"Unable to parse the {CSV} file: {file_path}. Error: {e}") from e
+
         self.validate_headers(df.columns)
         df = df.fillna("")
         return df

regscale/models/integration_models/cisa_kev_data.json

@@ -1,20 +1,108 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.06.13",
-    "dateReleased": "2025-06-13T16:08:40.4237Z",
-    "count": 1364,
+    "catalogVersion": "2025.06.25",
+    "dateReleased": "2025-06-25T16:52:26.9744Z",
+    "count": 1370,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2019-6693",
+            "vendorProject": "Fortinet",
+            "product": "FortiOS",
+            "vulnerabilityName": "Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability",
+            "dateAdded": "2025-06-25",
+            "shortDescription": "Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key. ",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-16",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/fortiguard.com\/advisory\/FG-IR-19-007 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-6693",
+            "cwes": [
+                "CWE-798"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-0769",
+            "vendorProject": "D-Link",
+            "product": "DIR-859 Router",
+            "vulnerabilityName": " D-Link DIR-859 Router Path Traversal Vulnerability",
+            "dateAdded": "2025-06-25",
+            "shortDescription": "D-Link DIR-859 routers contain a path traversal vulnerability in the file \/hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ..\/..\/..\/..\/htdocs\/webinc\/getcfg\/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling privilege escalation and unauthorized control of the device. This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-16",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/supportannouncement.us.dlink.com\/announcement\/publication.aspx?name=SAP10371 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-0769",
+            "cwes": [
+                "CWE-22"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-54085",
+            "vendorProject": "AMI",
+            "product": "MegaRAC SPx",
+            "vulnerabilityName": "AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability",
+            "dateAdded": "2025-06-25",
+            "shortDescription": "AMI MegaRAC SPx contains an authentication bypass by spoofing vulnerability in the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and\/or availability.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-16",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https:\/\/go.ami.com\/hubfs\/Security%20Advisories\/2025\/AMI-SA-2025003.pdf ; https:\/\/security.netapp.com\/advisory\/ntap-20250328-0003\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-54085",
+            "cwes": [
+                "CWE-290"
+            ]
+        },
+        {
+            "cveID": "CVE-2023-0386",
+            "vendorProject": "Linux",
+            "product": "Kernel",
+            "vulnerabilityName": "Linux Kernel Improper Ownership Management Vulnerability",
+            "dateAdded": "2025-06-17",
+            "shortDescription": "Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel\u2019s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-08",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=4f11ada10d0a ; https:\/\/access.redhat.com\/security\/cve\/cve-2023-0386 ; https:\/\/security.netapp.com\/advisory\/ntap-20230420-0004\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-0386",
+            "cwes": [
+                "CWE-282"
+            ]
+        },
+        {
+            "cveID": "CVE-2023-33538",
+            "vendorProject": "TP-Link",
+            "product": "Multiple Routers",
+            "vulnerabilityName": "TP-Link Multiple Routers Command Injection Vulnerability",
+            "dateAdded": "2025-06-16",
+            "shortDescription": "TP-Link TL-WR940N V2\/V4, TL-WR841N V8\/V10, and TL-WR740N V1\/V2 contain a command injection vulnerability via the component \/userRpm\/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-07",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.tp-link.com\/nordic\/support\/faq\/3562\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-33538",
+            "cwes": [
+                "CWE-77"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-43200",
+            "vendorProject": "Apple",
+            "product": "Multiple Products",
+            "vulnerabilityName": "Apple Multiple Products Unspecified Vulnerability",
+            "dateAdded": "2025-06-16",
+            "shortDescription": "Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-07",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.apple.com\/en-us\/122174 ; https:\/\/support.apple.com\/en-us\/122173 ; https:\/\/support.apple.com\/en-us\/122900 ; https:\/\/support.apple.com\/en-us\/122901 ; https:\/\/support.apple.com\/en-us\/122902 ; https:\/\/support.apple.com\/en-us\/122903 ; https:\/\/support.apple.com\/en-us\/122904 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-43200",
+            "cwes": []
+        },
         {
             "cveID": "CVE-2025-33053",
-            "vendorProject": "Web Distributed Authoring and Versioning",
-            "product": "Web Distributed Authoring and Versioning (WebDAV)",
-            "vulnerabilityName": "Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": " Microsoft Windows External Control of File Name or Path Vulnerability",
             "dateAdded": "2025-06-10",
-            "shortDescription": "Web Distributed Authoring and Versioning (WebDAV) contains an external control of file name or path vulnerability. This vulnerability could allow an unauthorized attacker to execute code over a network. This vulnerability could affect various products that implement WebDAV, including but not limited to Microsoft Windows.",
+            "shortDescription": "Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files.",
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-07-01",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-33053 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-33053",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-33053 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-33053",
             "cwes": [
                 "CWE-73"
             ]
@@ -29,7 +117,7 @@
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-07-01",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "https:\/\/github.com\/wazuh\/wazuh\/security\/advisories\/GHSA-hcrc-79hj-m3qh ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24016",
+            "notes": "https:\/\/wazuh.com\/blog\/addressing-the-cve-2025-24016-vulnerability\/ ; https:\/\/github.com\/wazuh\/wazuh\/security\/advisories\/GHSA-hcrc-79hj-m3qh ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24016",
             "cwes": [
                 "CWE-502"
             ]