regscale-cli 6.20.3.1__py3-none-any.whl → 6.20.4.1__py3-none-any.whl

regscale/integrations/commercial/qualys/scanner.py

@@ -23,6 +23,7 @@ from regscale.integrations.scanner_integration import (
 )
 from regscale.integrations.variables import ScannerVariables
 from regscale.models import AssetStatus, IssueSeverity, IssueStatus
+from regscale.integrations.commercial.qualys.qualys_error_handler import QualysErrorHandler
 
 logger = logging.getLogger("regscale")
 
@@ -107,6 +108,13 @@ class QualysTotalCloudJSONLIntegration(JSONLScannerIntegration):
             logger.warning("Data is not a dictionary")
             return False, None
 
+        # Check for Qualys errors in the data
+        error_details = QualysErrorHandler.extract_error_details(data)
+        if error_details.get("has_error"):
+            logger.error("Data contains Qualys error response")
+            QualysErrorHandler.log_error_details(error_details)
+            return False, None
+
         if "HOST_LIST_VM_DETECTION_OUTPUT" not in data:
             logger.warning("Data does not contain HOST_LIST_VM_DETECTION_OUTPUT")
             return False, None
@@ -142,85 +150,164 @@ class QualysTotalCloudJSONLIntegration(JSONLScannerIntegration):
         :return: IntegrationAsset object
         :rtype: IntegrationAsset
         """
+        # Determine which host data to use
+        host_data = self._determine_host_data(file_path, data, host)
+
+        # Handle None input gracefully
+        if host_data is None:
+            return self._create_placeholder_asset()
+
+        # Convert XML Element to dict if necessary
+        if not isinstance(host_data, dict) and hasattr(host_data, "tag"):
+            host_data = self._xml_element_to_dict(host_data)
+
+        # Process dictionary data
+        if isinstance(host_data, dict):
+            return self._create_asset_from_dict(host_data)
+
+        # If we got here, we don't know how to handle the data
+        logger.error(f"Unexpected host data type: {type(host_data)}")
+        raise ValueError(f"Cannot parse asset from data type: {type(host_data)}")
+
+    def _determine_host_data(self, file_path, data, host):
+        """
+        Determine which host data to use based on provided parameters.
+
+        :param file_path: File path parameter (may contain host data)
+        :param data: Data parameter
+        :param host: Host parameter
+        :return: Host data to use
+        """
         # Handle the case when the file_path contains the host data (common in tests)
         if isinstance(file_path, dict) and not host and not data:
-            host = file_path
+            return file_path
 
         # Use host parameter if provided (for backward compatibility)
-        if host is None:
-            host = data  # In this implementation, we treat data as the host
+        if host is not None:
+            return host
 
-        # Handle None input gracefully
-        if host is None:
-            logger.warning("No host data provided to parse_asset")
-            # Generate a placeholder asset with minimal information
-            return IntegrationAsset(
-                name="Unknown-Qualys-Asset",
-                identifier=str(int(time.time())),  # Use timestamp as fallback ID
-                asset_type="Server",
-                asset_category="IT",
-                status=AssetStatus.Active,
-                parent_id=self.plan_id,
-                parent_module="securityplans",
-                notes="Generated for missing Qualys data",
-            )
+        # Fall back to data parameter
+        return data
 
-        # Convert XML Element to dict if necessary
-        if not isinstance(host, dict) and hasattr(host, "tag"):  # It's an XML Element
-            host = self._xml_element_to_dict(host)
+    def _create_placeholder_asset(self):
+        """
+        Create a placeholder asset when no valid host data is provided.
 
-        # Process dictionary
-        if isinstance(host, dict):
-            # Check if we got the full data structure or just a host dictionary
-            if "HOST_LIST_VM_DETECTION_OUTPUT" in host:
-                # Navigate to the HOST data within the nested structure
-                try:
-                    host = (
-                        host.get("HOST_LIST_VM_DETECTION_OUTPUT", {})
-                        .get("RESPONSE", {})
-                        .get("HOST_LIST", {})
-                        .get("HOST", {})
-                    )
-                except (AttributeError, KeyError):
-                    logger.error("Could not navigate to HOST data in dictionary")
-                    raise ValueError("Invalid host data structure")
-
-            # Extract host data from dictionary
-            host_id = host.get("ID", "")
-            ip = host.get("IP", "")
-            dns = host.get("DNS", "")
-            os = host.get("OS", "")
-            last_scan = host.get("LAST_SCAN_DATETIME", "")
-            network_id = host.get("NETWORK_ID", "")
-
-            # Try to get FQDN from DNS_DATA if available
-            fqdn = None
-            dns_data = host.get("DNS_DATA", {})
-            if dns_data:
-                fqdn = dns_data.get("FQDN", "")
-
-            asset = IntegrationAsset(
-                name=dns or ip or f"QualysAsset-{host_id}",
-                identifier=host_id,
-                asset_type="Server",
-                asset_category="IT",
-                ip_address=ip,
-                fqdn=fqdn,
-                operating_system=os,
-                status=AssetStatus.Active,
-                external_id=host_id,
-                date_last_updated=last_scan,
-                mac_address=None,
-                vlan_id=network_id,
-                notes=f"Qualys Asset ID: {host_id}",
-                parent_id=self.plan_id,
-                parent_module="securityplans",
+        :return: IntegrationAsset with placeholder data
+        :rtype: IntegrationAsset
+        """
+        logger.warning("No host data provided to parse_asset")
+        return IntegrationAsset(
+            name="Unknown-Qualys-Asset",
+            identifier=str(int(time.time())),  # Use timestamp as fallback ID
+            asset_type="Server",
+            asset_category="IT",
+            status=AssetStatus.Active,
+            parent_id=self.plan_id,
+            parent_module="securityplans",
+            notes="Generated for missing Qualys data",
+        )
+
+    def _create_asset_from_dict(self, host_data):
+        """
+        Create an IntegrationAsset from dictionary host data.
+
+        :param host_data: Dictionary containing host information
+        :return: IntegrationAsset object
+        :rtype: IntegrationAsset
+        """
+        # Navigate to host data if we have the full structure
+        processed_host = self._extract_host_from_structure(host_data)
+
+        # Extract host information
+        host_info = self._extract_host_information(processed_host)
+
+        # Create and return the asset
+        return IntegrationAsset(
+            name=host_info["name"],
+            identifier=host_info["host_id"],
+            asset_type="Server",
+            asset_category="IT",
+            ip_address=host_info["ip"],
+            fqdn=host_info["fqdn"],
+            operating_system=host_info["os"],
+            status=AssetStatus.Active,
+            external_id=host_info["host_id"],
+            date_last_updated=host_info["last_scan"],
+            mac_address=None,
+            vlan_id=host_info["network_id"],
+            notes=f"Qualys Asset ID: {host_info['host_id']}",
+            parent_id=self.plan_id,
+            parent_module="securityplans",
+        )
+
+    def _extract_host_from_structure(self, host_data):
+        """
+        Extract host data from nested structure if needed.
+
+        :param host_data: Host data dictionary
+        :return: Processed host data
+        """
+        # Check if we got the full data structure or just a host dictionary
+        if "HOST_LIST_VM_DETECTION_OUTPUT" not in host_data:
+            return host_data
+
+        # Navigate to the HOST data within the nested structure
+        try:
+            return (
+                host_data.get("HOST_LIST_VM_DETECTION_OUTPUT", {})
+                .get("RESPONSE", {})
+                .get("HOST_LIST", {})
+                .get("HOST", {})
             )
-            return asset
+        except (AttributeError, KeyError):
+            logger.error("Could not navigate to HOST data in dictionary")
+            raise ValueError("Invalid host data structure")
 
-        # If we got here, we don't know how to handle the data
-        logger.error(f"Unexpected host data type: {type(host)}")
-        raise ValueError(f"Cannot parse asset from data type: {type(host)}")
+    def _extract_host_information(self, host):
+        """
+        Extract host information from host dictionary.
+
+        :param host: Host dictionary
+        :return: Dictionary with extracted host information
+        :rtype: dict
+        """
+        host_id = host.get("ID", "")
+        ip = host.get("IP", "")
+        dns = host.get("DNS", "")
+        os = host.get("OS", "")
+        last_scan = host.get("LAST_SCAN_DATETIME", "")
+        network_id = host.get("NETWORK_ID", "")
+
+        # Try to get FQDN from DNS_DATA if available
+        fqdn = self._extract_fqdn(host)
+
+        # Determine asset name
+        name = dns or ip or f"QualysAsset-{host_id}"
+
+        return {
+            "host_id": host_id,
+            "ip": ip,
+            "dns": dns,
+            "os": os,
+            "last_scan": last_scan,
+            "network_id": network_id,
+            "fqdn": fqdn,
+            "name": name,
+        }
+
+    def _extract_fqdn(self, host):
+        """
+        Extract FQDN from host DNS_DATA if available.
+
+        :param host: Host dictionary
+        :return: FQDN string or None
+        :rtype: Optional[str]
+        """
+        dns_data = host.get("DNS_DATA", {})
+        if dns_data:
+            return dns_data.get("FQDN", "")
+        return None
 
     def parse_finding(
         self,
@@ -241,37 +328,66 @@ class QualysTotalCloudJSONLIntegration(JSONLScannerIntegration):
         :return: IntegrationFinding object
         :rtype: IntegrationFinding
         """
-        # For backward compatibility
-        detection_to_use = detection if detection is not None else item
-        host_id_to_use = host_id if host_id is not None else asset_identifier
+        # Determine which detection and host_id to use
+        detection_to_use, host_id_to_use = self._determine_finding_parameters(
+            detection, item, host_id, asset_identifier
+        )
 
         # Handle None input gracefully
         if detection_to_use is None:
-            logger.warning("No detection data provided to parse_finding")
-            # Use host_id or generate a placeholder if none provided
-            if not host_id_to_use:
-                host_id_to_use = f"unknown-host-{int(time.time())}"
-
-            # Generate a placeholder finding with minimal information
-            return IntegrationFinding(
-                title="Unknown Qualys Finding",
-                description="No detection data was provided",
-                severity=IssueSeverity.Low.value,
-                status=IssueStatus.Open,
-                plugin_name="QID-unknown",
-                plugin_id=self.title,
-                asset_identifier=host_id_to_use,
-                category="Vulnerability",
-                scan_date=self.scan_date or get_current_datetime(),
-                external_id=f"unknown-finding-{int(time.time())}",
-            )
+            return self._create_placeholder_finding(host_id_to_use)
 
         # Convert XML Element to dict if necessary
-        if not isinstance(detection_to_use, dict) and hasattr(detection_to_use, "tag"):  # It's an XML Element
+        if not isinstance(detection_to_use, dict) and hasattr(detection_to_use, "tag"):
             detection_to_use = self._xml_element_to_dict(detection_to_use)
 
         return self._parse_finding_from_dict(detection_to_use, host_id_to_use)
 
+    def _determine_finding_parameters(self, detection, item, host_id, asset_identifier):
+        """
+        Determine which detection and host_id to use based on provided parameters.
+
+        :param detection: Detection parameter
+        :param item: Item parameter (for compatibility)
+        :param host_id: Host ID parameter
+        :param asset_identifier: Asset identifier parameter (for compatibility)
+        :return: Tuple of (detection_to_use, host_id_to_use)
+        :rtype: tuple
+        """
+        # For backward compatibility
+        detection_to_use = detection if detection is not None else item
+        host_id_to_use = host_id if host_id is not None else asset_identifier
+
+        return detection_to_use, host_id_to_use
+
+    def _create_placeholder_finding(self, host_id_to_use):
+        """
+        Create a placeholder finding when no valid detection data is provided.
+
+        :param host_id_to_use: Host ID to use for the finding
+        :return: IntegrationFinding with placeholder data
+        :rtype: IntegrationFinding
+        """
+        logger.warning("No detection data provided to parse_finding")
+
+        # Use host_id or generate a placeholder if none provided
+        if not host_id_to_use:
+            host_id_to_use = f"unknown-host-{int(time.time())}"
+
+        # Generate a placeholder finding with minimal information
+        return IntegrationFinding(
+            title="Unknown Qualys Finding",
+            description="No detection data was provided",
+            severity=IssueSeverity.Low.value,
+            status=IssueStatus.Open,
+            plugin_name="QID-unknown",
+            plugin_id=self.title,
+            asset_identifier=host_id_to_use,
+            category="Vulnerability",
+            scan_date=self.scan_date or get_current_datetime(),
+            external_id=f"unknown-finding-{int(time.time())}",
+        )
+
     def _parse_finding_from_dict(self, detection, host_id):
         """
         Parse a finding from a dictionary representation.
@@ -725,13 +841,22 @@ class QualysTotalCloudJSONLIntegration(JSONLScannerIntegration):
         :return: Dictionary representation of the XML
         :rtype: Dict[str, Any]
         """
-        try:
-            root = ET.fromstring(xml_string)
-            return self._xml_element_to_dict(root)
-        except ET.ParseError as e:
-            logger.error(f"Error parsing XML: {str(e)}")
+        success, parsed_data, error_message = QualysErrorHandler.parse_xml_safely(xml_string)
+
+        if not success:
+            logger.error(f"Failed to parse XML string: {error_message}")
             return {}
 
+        # Check for Qualys-specific errors
+        if parsed_data:
+            error_details = QualysErrorHandler.extract_error_details(parsed_data)
+            if error_details.get("has_error"):
+                logger.error("XML contains Qualys error response")
+                QualysErrorHandler.log_error_details(error_details)
+                return {}
+
+        return parsed_data or {}
+
     def _process_xml_dict(self):
         """Process XML data provided as a dictionary."""
         logger.debug("Using already parsed XML data (dict)")

regscale/integrations/commercial/synqly/assets.py

@@ -38,7 +38,7 @@ def sync_axonius(regscale_ssp_id: int) -> None:
 @click.option(
     "--url",
     type=click.STRING,
-    help="The root domain where your CrowdStrike Falcon tenant is located.",
+    help="Base URL for the CrowdStrike Falcon Spotlight API.",
     required=False,
 )
 def sync_crowdstrike(regscale_ssp_id: int, url: str) -> None:
@@ -79,6 +79,16 @@ def sync_servicenow(regscale_ssp_id: int) -> None:
     assets_servicenow.run_sync(regscale_ssp_id=regscale_ssp_id)
 
 
+@assets.command(name="sync_sevco")
+@regscale_ssp_id()
+def sync_sevco(regscale_ssp_id: int) -> None:
+    """Sync Assets from Sevco to RegScale."""
+    from regscale.models.integration_models.synqly_models.connectors import Assets
+
+    assets_sevco = Assets("sevco")
+    assets_sevco.run_sync(regscale_ssp_id=regscale_ssp_id)
+
+
 @assets.command(name="sync_tanium_cloud")
 @regscale_ssp_id()
 def sync_tanium_cloud(regscale_ssp_id: int) -> None:

regscale/integrations/commercial/synqly/edr.py

@@ -18,7 +18,7 @@ def edr() -> None:
 @click.option(
     "--url",
     type=click.STRING,
-    help="The root domain where your CrowdStrike Falcon tenant is located.",
+    help="Base URL for the CrowdStrike Falcon® API.",
     required=False,
 )
 def sync_crowdstrike(regscale_ssp_id: int, url: str) -> None:
@@ -44,7 +44,7 @@ def sync_defender(regscale_ssp_id: int) -> None:
 @click.option(
     "--url",
     type=click.STRING,
-    help="URL for the Malwarebytes EDR Provider",
+    help="Base URL for the ThreatDown EDR API.",
     required=False,
 )
 def sync_malwarebytes(regscale_ssp_id: int, url: str) -> None:
@@ -60,7 +60,7 @@ def sync_malwarebytes(regscale_ssp_id: int, url: str) -> None:
 @click.option(
     "--edr_events_url",
     type=click.STRING,
-    help="Base URL for the SentinelOne Singularity Data Lake API. This URL is required if you plan to use the EDR Events API.",
+    help="Base URL for the SentinelOne Singularity Data Lake API. This URL is required is required when querying EDR events.",
     required=False,
 )
 def sync_sentinelone(regscale_ssp_id: int, edr_events_url: str) -> None:
@@ -76,7 +76,7 @@ def sync_sentinelone(regscale_ssp_id: int, edr_events_url: str) -> None:
 @click.option(
     "--url",
     type=click.STRING,
-    help="Optional root domain where your Sophos tenant is located.",
+    help="Base URL for the Sophos Endpoint API.",
     required=False,
 )
 def sync_sophos(regscale_ssp_id: int, url: str) -> None:

regscale/integrations/commercial/synqly/ticketing.py

@@ -134,7 +134,7 @@ def sync_pagerduty(regscale_id: int, regscale_module: str, project: str, name: s
 @click.option(
     "--default_project",
     type=click.STRING,
-    help="Default Project for the integration. This maps to the custom table for tickets. This table should be derived from Incident table. If not provided, defaults to the incident table.",
+    help="Default Project for the integration. This maps to the custom table for tickets. This table should be derived from Incident table. Defaults to the incident table if not specified.",
     required=False,
 )
 def sync_servicenow(regscale_id: int, regscale_module: str, issue_type: str, default_project: str) -> None:

regscale/integrations/commercial/synqly/vulnerabilities.py

@@ -40,7 +40,7 @@ def vulnerabilities() -> None:
 @click.option(
     "--url",
     type=click.STRING,
-    help="The root domain where your CrowdStrike Falcon tenant is located.",
+    help="Base URL for the CrowdStrike Falcon® Spotlight API.",
     required=False,
 )
 def sync_crowdstrike(regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, all_scans: bool, url: str) -> None:
@@ -207,7 +207,7 @@ def sync_tanium_cloud(regscale_ssp_id: int, vuln_filter: str, scan_date: datetim
 @click.option(
     "--url",
     type=click.STRING,
-    help='URL for the Tenable Cloud API. This should be the base URL for the API, without any path components and must be HTTPS. If not provided, defaults to "https://cloud.tenable.com".',
+    help="Base URL for the Tenable Cloud API.",
     required=False,
 )
 def sync_tenable_cloud(regscale_ssp_id: int, vuln_filter: str, scan_date: datetime, all_scans: bool, url: str) -> None: