regscale-cli 6.20.4.1__py3-none-any.whl → 6.20.5.0__py3-none-any.whl

regscale/integrations/public/fedramp/fedramp_cis_crm.py

@@ -7,9 +7,13 @@ from __future__ import annotations
 import json
 import math
 import re
+import shutil
+import tempfile
 from collections import Counter
 from concurrent.futures import as_completed
 from concurrent.futures.thread import ThreadPoolExecutor
+from datetime import datetime
+from pathlib import Path
 from threading import Thread
 from types import ModuleType
 from typing import TYPE_CHECKING, Any, Callable, Dict, List, Literal, Optional, Tuple, TypeVar
@@ -18,7 +22,7 @@ import click
 
 from regscale.core.app.api import Api
 from regscale.core.app.utils.api_handler import APIInsertionError, APIUpdateError
-from regscale.core.app.utils.app_utils import create_progress_object, error_and_exit, get_current_datetime
+from regscale.core.app.utils.app_utils import compute_hash, create_progress_object, error_and_exit, get_current_datetime
 from regscale.core.utils.graphql import GraphQLQuery
 from regscale.integrations.public.fedramp.parts_mapper import PartMapper
 from regscale.integrations.public.fedramp.ssp_logger import SSPLogger
@@ -229,19 +233,17 @@ def map_implementation_status(control_id: str, cis_data: dict) -> str:
         status = next(iter(status_counts))
         return STATUS_MAPPING.get(status, ControlImplementationStatus.NotImplemented)
 
-    # Priority-based status determination
-    if any(status in ["N/A", ALTERNATIVE_IMPLEMENTATION] for status in status_counts):
-        status_ret = ControlImplementationStatus.NA
-
     implemented_count = status_counts.get("Implemented", 0)
     total_count = sum(status_counts.values())
 
     if implemented_count == total_count:
-        status_ret = ControlImplementationStatus.FullyImplemented
+        return ControlImplementationStatus.FullyImplemented
     elif implemented_count > 0 or any(status == "Partially Implemented" for status in status_counts):
         status_ret = ControlImplementationStatus.PartiallyImplemented
     elif any(status == "Planned" for status in status_counts):
         status_ret = ControlImplementationStatus.Planned
+    elif any(status in ["N/A", ALTERNATIVE_IMPLEMENTATION] for status in status_counts):
+        status_ret = ControlImplementationStatus.NA
 
     return status_ret
 
@@ -271,7 +273,9 @@ def map_origination(control_id: str, cis_data: dict) -> dict:
 
     # Find matching CIS records
     matching_records = [
-        record for record in cis_data.values() if gen_key(record["regscale_control_id"]).lower() == control_id.lower()
+        record
+        for record in cis_data.values()
+        if record.get("regscale_control_id") and gen_key(record["regscale_control_id"]).lower() == control_id.lower()
     ]
 
     # Process each matching record
@@ -421,6 +425,7 @@ def update_imp_objective(
             ex_obj = next((obj for obj in existing_imp_obj if obj.objectiveId == objective.id), None)
             if ex_obj:
                 ex_obj.status = get_multi_status(cis_record)
+                ex_obj.responsibility = responsibility
                 if cloud_responsibility.strip():
                     logger.debug(
                         f"Updating Implementation Objective #{ex_obj.id} with responsibility: {responsibility}"
@@ -796,6 +801,12 @@ def process_single_record(**kwargs) -> Tuple[List[str], Optional[ImplementationO
     :rtype Tuple[List[str], Optional[ImplementationObjective]]
     :returns A list of errors and the Implementation Objective if successful, otherwise None
     """
+    # for pytest
+    if not part_mapper_rev5.data:
+        part_mapper_rev5.load_fedramp_version_5_mapping()
+    if not part_mapper_rev4.data:
+        part_mapper_rev4.load_fedramp_version_4_mapping()
+
     errors = []
     version = kwargs.get("version")
     leveraged_auth_id: int = kwargs.get("leveraged_auth_id")
@@ -879,6 +890,9 @@ def parse_crm_worksheet(file_path: click.Path, crm_sheet_name: str, version: Lit
         warn_extra_headers=False,
     )
 
+    if validator.data.empty:
+        return {}
+
     # find index of row where the first column == Control ID
     skip_rows = determine_skip_row(original_df=validator.data, text_to_find=CONTROL_ID, original_skip=skip_rows)
 
@@ -942,15 +956,18 @@ def parse_crm_worksheet(file_path: click.Path, crm_sheet_name: str, version: Lit
         clean_control_id = re.sub(r"\W+", "", control_id)
         clean_control_id = re.sub("([a-z0-9])([A-Z])", r"\1_\2", clean_control_id).lower()
 
+        # Handle NaN values for the specific inheritance field
+        inheritance_field = row["Specific Inheritance and Customer Agency/CSP Responsibilities"]
+        if get_pandas().isna(inheritance_field):
+            inheritance_field = ""
+
         # Use clean_control_id as the key to avoid overwriting
         formatted_crm[control_id] = {
             "control_id": control_id,
             "clean_control_id": clean_control_id,
             "regscale_control_id": transform_control(control_id),
             "can_be_inherited_from_csp": row[CAN_BE_INHERITED_CSP],
-            "specific_inheritance_and_customer_agency_csp_responsibilities": row[
-                "Specific Inheritance and Customer Agency/CSP Responsibilities"
-            ],
+            "specific_inheritance_and_customer_agency_csp_responsibilities": inheritance_field,
         }
 
     return formatted_crm
@@ -979,6 +996,9 @@ def parse_cis_worksheet(file_path: click.Path, cis_sheet_name: str) -> dict:
         worksheet_name=cis_sheet_name,
         warn_extra_headers=False,
     )
+    if validator.data.empty:
+        return {}
+
     skip_rows = determine_skip_row(original_df=validator.data, text_to_find=CONTROL_ID, original_skip=skip_rows)
 
     # Parse the worksheet named 'CIS GovCloud U.S.+DoD (H)', skipping the initial rows
@@ -1128,14 +1148,14 @@ def _drop_rows_nan(instructions_df: "pd.DataFrame") -> "pd.DataFrame":
 
 
 def parse_instructions_worksheet(
-    df: "pd.DataFrame",
+    df: Dict[str, "pd.DataFrame"],
     version: Literal["rev4", "rev5"],
     instructions_sheet_name: str = "Instructions",
 ) -> list[dict]:
     """
     Function to parse the instructions sheet from the FedRAMP Rev5 CIS/CRM workbook
 
-    :param pd.DataFrame df: The dataframe to parse
+    :param Dict[str, "pd.DataFrame"] df: The dataframe to parse
     :param Literal["rev4", "rev5"] version: The version of the FedRAMP CIS CRM workbook
     :param str instructions_sheet_name: The name of the instructions sheet to parse, defaults to "Instructions"
     :return: List of formatted instructions content as a dictionary
@@ -1143,6 +1163,8 @@ def parse_instructions_worksheet(
     """
     pd = get_pandas()
     df = df[instructions_sheet_name].iloc[2:]
+    if len(df) == 0:
+        return []
     instructions_df = df.dropna(axis=1, how="all")
 
     if version == "rev5":
@@ -1356,6 +1378,25 @@ def build_implementations_dict(security_plan_id) -> None:
     logger.debug("Built %s implementations", len(imps))
 
 
+def create_backup_file(security_plan_id: int):
+    """
+    Create a backup file for the given security plan ID.
+
+    :param int security_plan_id: The security plan ID
+    """
+    logger.info("Creating a CIS/CRM Backup file of the current SSP state ..")
+    # Export CIS/CRM to file system, and save to artifacts folder
+    res = SecurityPlan.export_cis_crm(security_plan_id)
+    status = res.get("status")
+    if status and status == "complete":
+        file_name = res.get("trustedDisplayName")
+        logger.info(f"A CIS/CRM Backup file saved to SSP# {security_plan_id} file subsystem as {file_name}!")
+        return
+    continue_anyway = click.prompt("Unable to create a backup file. Would you like to continue?", type=bool)
+    if not continue_anyway:
+        error_and_exit("Backup file creation failed.")
+
+
 def create_new_security_plan(profile_id: int, system_name: str):
     """
     Create a new FedRamp security plan and map controls based on the profile id.
@@ -1425,6 +1466,7 @@ def create_new_security_plan(profile_id: int, system_name: str):
         INITIAL_IMPORT = False
         ret = next((plan for plan in existing_plan), None)
         logger.info(f"Found existing SSP# {ret.id}")
+        create_backup_file(ret.id)
         existing_imps = ControlImplementation.get_list_by_plan(ret.id)
         for imp in existing_imps:
             EXISTING_IMPLEMENTATIONS[imp.controlID] = imp
@@ -1503,6 +1545,43 @@ def _check_sheet_names_exist(
     return df
 
 
+def copy_and_rename_file(file_path: Path, new_name: str) -> Path:
+    """
+    Copy and rename a file.
+    """
+    temp_folder = Path(tempfile.gettempdir()) / "regscale"
+    temp_folder.mkdir(exist_ok=True)  # Ensure directory exists
+
+    new_file_path = temp_folder / new_name
+    shutil.copy(file_path, new_file_path)
+    return new_file_path
+
+
+def upload_file(file_path: Path, ssp_id: int, parent_module: str, api: Api) -> None:
+    """
+    Upload a file to RegScale
+
+    :param Path file_path: The path to the file to upload
+    :param int ssp_id: The ID of the SSP to upload the file to
+    :param str parent_module: The module to upload the file to
+    :param Api api: The API object to use to upload the file
+    :rtype: None
+    """
+    file_hash = None
+    with open(file_path, "rb") as f:
+        file_hash = compute_hash(f)
+    existing_files = File.get_files_for_parent_from_regscale(ssp_id, parent_module)
+    identical_file = next((file for file in existing_files if file.shaHash == file_hash), None)
+    if file_hash and identical_file:
+        logger.info(
+            f"An identical file {identical_file.trustedDisplayName} already exists in RegScale, skipping upload."
+        )
+        return
+    File.upload_file_to_regscale(
+        file_name=file_path.absolute(), parent_id=ssp_id, parent_module=parent_module, api=api, tags="cis-crm"
+    )
+
+
 def parse_and_import_ciscrm(
     file_path: click.Path,
     version: Literal["rev4", "rev5", "4", "5"],
@@ -1595,11 +1674,10 @@ def parse_and_import_ciscrm(
         crm_data=crm_data,
         version=version,  # type: ignore
     )
-
-    # upload workbook to the SSP
-    File.upload_file_to_regscale(
-        file_name=str(file_path),
-        parent_id=ssp.id,
-        parent_module="securityplans",
-        api=api,
-    )
+    file_path = Path(file_path)
+    file_name = f"{file_path.stem}_update_{datetime.now().strftime('%Y%m%d')}{file_path.suffix}"
+    if INITIAL_IMPORT:
+        file_name = f"{file_path.stem}_initial_import{file_path.suffix}"
+        # upload workbook to the SSP
+    file_path = copy_and_rename_file(file_path, file_name)
+    upload_file(file_path, ssp.id, "securityplans", api)

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,146 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.06.25",
-    "dateReleased": "2025-06-25T16:52:26.9744Z",
-    "count": 1370,
+    "catalogVersion": "2025.07.10",
+    "dateReleased": "2025-07-10T16:05:09.522Z",
+    "count": 1379,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-5777",
+            "vendorProject": "Citrix",
+            "product": "NetScaler ADC and Gateway",
+            "vulnerabilityName": "Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability",
+            "dateAdded": "2025-07-10",
+            "shortDescription": "Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-11",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.citrix.com\/support-home\/kbsearch\/article?articleNumber=CTX693420 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-5777",
+            "cwes": [
+                "CWE-125"
+            ]
+        },
+        {
+            "cveID": "CVE-2019-9621",
+            "vendorProject": "Synacor",
+            "product": "Zimbra Collaboration Suite (ZCS)",
+            "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability",
+            "dateAdded": "2025-07-07",
+            "shortDescription": "Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery (SSRF) vulnerability via the ProxyServlet component.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-28",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Security_Advisories ; https:\/\/wiki.zimbra.com\/wiki\/Security_Center ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-9621",
+            "cwes": [
+                "CWE-918",
+                "CWE-807"
+            ]
+        },
+        {
+            "cveID": "CVE-2019-5418",
+            "vendorProject": "Rails",
+            "product": "Ruby on Rails",
+            "vulnerabilityName": "Rails Ruby on Rails Path Traversal Vulnerability",
+            "dateAdded": "2025-07-07",
+            "shortDescription": "Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-28",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/web.archive.org\/web\/20190313201629\/https:\/\/weblog.rubyonrails.org\/2019\/3\/13\/Rails-4-2-5-1-5-1-6-2-have-been-released\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-5418",
+            "cwes": [
+                "CWE-22"
+            ]
+        },
+        {
+            "cveID": "CVE-2016-10033",
+            "vendorProject": "PHP",
+            "product": "PHPMailer",
+            "vulnerabilityName": "PHPMailer Command Injection Vulnerability",
+            "dateAdded": "2025-07-07",
+            "shortDescription": "PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-28",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https:\/\/github.com\/PHPMailer\/PHPMailer\/releases\/tag\/v5.2.18 ; https:\/\/github.com\/advisories\/GHSA-5f37-gxvh-23v6 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-10033",
+            "cwes": [
+                "CWE-77",
+                "CWE-88"
+            ]
+        },
+        {
+            "cveID": "CVE-2014-3931",
+            "vendorProject": "Looking Glass",
+            "product": "Multi-Router Looking Glass (MRLG)",
+            "vulnerabilityName": "Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability",
+            "dateAdded": "2025-07-07",
+            "shortDescription": "Multi-Router Looking Glass (MRLG) contains a buffer overflow vulnerability that could allow remote attackers to cause an arbitrary memory write and memory corruption.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-28",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/mrlg.op-sec.us\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-3931",
+            "cwes": [
+                "CWE-119"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-6554",
+            "vendorProject": "Google",
+            "product": "Chromium V8",
+            "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability",
+            "dateAdded": "2025-07-02",
+            "shortDescription": "Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read\/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/chromereleases.googleblog.com\/2025\/06\/stable-channel-update-for-desktop_30.html?m=1 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-6554",
+            "cwes": [
+                "CWE-843"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-48928",
+            "vendorProject": "TeleMessage",
+            "product": "TM SGNL",
+            "vulnerabilityName": "TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability",
+            "dateAdded": "2025-07-01",
+            "shortDescription": "TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a \"core dump\" in which a password previously sent over HTTP would be included in this dump.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-22",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "It is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue use of the product. ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-48928",
+            "cwes": [
+                "CWE-528"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-48927",
+            "vendorProject": "TeleMessage",
+            "product": "TM SGNL",
+            "vulnerabilityName": "TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability",
+            "dateAdded": "2025-07-01",
+            "shortDescription": "TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a \/heapdump URI.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-22",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "It is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue use of the product. ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-48927",
+            "cwes": [
+                "CWE-1188"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-6543",
+            "vendorProject": "Citrix",
+            "product": "NetScaler ADC and Gateway",
+            "vulnerabilityName": "Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability",
+            "dateAdded": "2025-06-30",
+            "shortDescription": "Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-07-21",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.citrix.com\/support-home\/kbsearch\/article?articleNumber=CTX694788 ; https:\/\/www.netscaler.com\/blog\/news\/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777\/ ;   https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-6543",
+            "cwes": [
+                "CWE-119"
+            ]
+        },
         {
             "cveID": "CVE-2019-6693",
             "vendorProject": "Fortinet",