PyPI - regscale-cli - Versions diffs - 6.20.4.1__py3-none-any.whl → 6.20.6.0__py3-none-any.whl - Mend

regscale-cli 6.20.4.1py3-none-any.whl → 6.20.6.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of regscale-cli might be problematic. Click here for more details.

Files changed (49) hide show

regscale/__init__.py +1 -1
regscale/_version.py +39 -0
regscale/core/app/internal/__init__.py +13 -0
regscale/core/app/internal/model_editor.py +3 -3
regscale/core/app/internal/set_permissions.py +173 -0
regscale/core/app/utils/file_utils.py +11 -1
regscale/core/app/utils/regscale_utils.py +34 -129
regscale/core/utils/date.py +86 -30
regscale/integrations/commercial/defender.py +3 -0
regscale/integrations/commercial/qualys/__init__.py +40 -14
regscale/integrations/commercial/qualys/containers.py +324 -0
regscale/integrations/commercial/qualys/scanner.py +203 -8
regscale/integrations/commercial/synqly/edr.py +10 -0
regscale/integrations/commercial/wizv2/click.py +11 -7
regscale/integrations/commercial/wizv2/constants.py +28 -0
regscale/integrations/commercial/wizv2/issue.py +3 -2
regscale/integrations/commercial/wizv2/parsers.py +23 -0
regscale/integrations/commercial/wizv2/scanner.py +89 -30
regscale/integrations/commercial/wizv2/utils.py +208 -75
regscale/integrations/commercial/wizv2/variables.py +2 -1
regscale/integrations/commercial/wizv2/wiz_auth.py +3 -3
regscale/integrations/public/fedramp/fedramp_cis_crm.py +98 -20
regscale/integrations/public/fedramp/fedramp_docx.py +2 -3
regscale/integrations/scanner_integration.py +7 -2
regscale/models/integration_models/cisa_kev_data.json +187 -5
regscale/models/integration_models/synqly_models/capabilities.json +1 -1
regscale/models/regscale_models/__init__.py +2 -0
regscale/models/regscale_models/asset.py +1 -1
regscale/models/regscale_models/catalog.py +16 -0
regscale/models/regscale_models/file.py +2 -1
regscale/models/regscale_models/form_field_value.py +59 -1
regscale/models/regscale_models/issue.py +47 -0
regscale/models/regscale_models/modules.py +88 -1
regscale/models/regscale_models/organization.py +30 -0
regscale/models/regscale_models/regscale_model.py +20 -6
regscale/models/regscale_models/security_control.py +47 -0
regscale/models/regscale_models/security_plan.py +32 -0
regscale/models/regscale_models/vulnerability.py +3 -3
regscale/models/regscale_models/vulnerability_mapping.py +2 -2
regscale/regscale.py +2 -0
{regscale_cli-6.20.4.1.dist-info → regscale_cli-6.20.6.0.dist-info}/METADATA +1 -1
{regscale_cli-6.20.4.1.dist-info → regscale_cli-6.20.6.0.dist-info}/RECORD +49 -44
tests/fixtures/test_fixture.py +33 -4
tests/regscale/core/test_app.py +53 -32
tests/regscale/test_init.py +94 -0
{regscale_cli-6.20.4.1.dist-info → regscale_cli-6.20.6.0.dist-info}/LICENSE +0 -0
{regscale_cli-6.20.4.1.dist-info → regscale_cli-6.20.6.0.dist-info}/WHEEL +0 -0
{regscale_cli-6.20.4.1.dist-info → regscale_cli-6.20.6.0.dist-info}/entry_points.txt +0 -0
{regscale_cli-6.20.4.1.dist-info → regscale_cli-6.20.6.0.dist-info}/top_level.txt +0 -0

regscale/integrations/commercial/qualys/scanner.py CHANGED Viewed

@@ -7,23 +7,26 @@ import os
 import time
 import traceback
 import xml.etree.ElementTree as ET
-from typing import Any, Dict, Iterator, List, Optional, Tuple, Union, TextIO
+from datetime import date, datetime
+from io import TextIOWrapper
 from pathlib import Path
-from rich.progress import Progress, TextColumn, BarColumn, SpinnerColumn, TimeElapsedColumn, TaskID
+from typing import Any, Dict, Iterator, List, Optional, TextIO, Tuple, Union
+from rich.progress import BarColumn, Progress, SpinnerColumn, TaskID, TextColumn, TimeElapsedColumn
 from regscale.core.app.utils.app_utils import get_current_datetime
+from regscale.core.utils.date import date_obj, date_str, normalize_timestamp
+from regscale.integrations.commercial.qualys.qualys_error_handler import QualysErrorHandler
 from regscale.integrations.commercial.qualys.variables import QualysVariables
 from regscale.integrations.jsonl_scanner_integration import JSONLScannerIntegration
 from regscale.integrations.scanner_integration import (
     IntegrationAsset,
     IntegrationFinding,
-    issue_due_date,
     ScannerIntegrationType,
+    issue_due_date,
 )
 from regscale.integrations.variables import ScannerVariables
 from regscale.models import AssetStatus, IssueSeverity, IssueStatus
-from regscale.integrations.commercial.qualys.qualys_error_handler import QualysErrorHandler
 logger = logging.getLogger("regscale")
@@ -55,6 +58,8 @@ class QualysTotalCloudJSONLIntegration(JSONLScannerIntegration):
     # Constants for file paths
     ASSETS_FILE = "./artifacts/qualys_total_cloud_assets.jsonl"
     FINDINGS_FILE = "./artifacts/qualys_total_cloud_findings.jsonl"
+    CONTAINERS_FILE = "./artifacts/qualys_total_cloud_containers.jsonl"
+    CONTAINER_FINDINGS_FILE = "./artifacts/qualys_total_cloud_container_findings.jsonl"
     def __init__(self, *args, **kwargs):
         """
@@ -65,6 +70,7 @@ class QualysTotalCloudJSONLIntegration(JSONLScannerIntegration):
         """
         self.type = ScannerIntegrationType.VULNERABILITY
         self.xml_data = kwargs.pop("xml_data", None)
+        self.containers = kwargs.pop("containers", None)
         # Setting a dummy file path to avoid validation errors
         if self.xml_data and "file_path" not in kwargs:
             kwargs["file_path"] = None
@@ -875,7 +881,9 @@ class QualysTotalCloudJSONLIntegration(JSONLScannerIntegration):
         logger.info(f"Found {num_findings} total findings in XML dictionary data")
         # Process assets and findings
-        self._process_dict_assets_and_findings(hosts_data, all_findings)
+        self._process_dict_assets_and_findings(
+            hosts_data=hosts_data, all_findings=all_findings, containers_data=self.containers
+        )
     def _extract_hosts_from_dict(self):
         """Extract host data from XML dictionary structure."""
@@ -914,11 +922,19 @@ class QualysTotalCloudJSONLIntegration(JSONLScannerIntegration):
         return all_findings
-    def _process_dict_assets_and_findings(self, hosts_data, all_findings):
-        """Process assets and findings from dictionary data."""
+    def _process_dict_assets_and_findings(self, hosts_data, all_findings, containers_data=None):
+        """
+        Process assets and findings from dictionary data.
+        :param List[Dict[str, Any]] hosts_data: List of host data dictionaries
+        :param List[Dict[str, Any]] all_findings: List of findings dictionaries
+        :param List[Dict[str, Any]] containers_data: List of container data dictionaries
+        """
         with open(self.ASSETS_FILE, "w") as assets_file, open(self.FINDINGS_FILE, "w") as findings_file:
             self._write_assets_from_dict(assets_file, hosts_data)
             self._write_findings_from_dict(findings_file, all_findings)
+            if containers_data:
+                self._write_containers_from_dict(assets_file, containers_data)
+                self._write_container_findings_from_dict(findings_file, containers_data)
     def _write_assets_from_dict(self, assets_file, hosts_data):
         """Write assets from dictionary data to JSONL file."""
@@ -949,6 +965,160 @@ class QualysTotalCloudJSONLIntegration(JSONLScannerIntegration):
         logger.info(f"Wrote {findings_written} findings to {self.FINDINGS_FILE}")
+    def _write_containers_from_dict(
+        self, containers_file: TextIOWrapper, containers_data: List[Dict[str, Any]]
+    ) -> None:
+        """
+        Write containers from dictionary data to JSONL file.
+        :param TextIOWrapper containers_file: Open file handle to write containers to
+        :param List[Dict[str, Any]] containers_data: List of container dictionaries to process
+        """
+        containers_written = 0
+        for container in containers_data:
+            try:
+                if container_asset := self.parse_container_asset(container=container):
+                    self._write_item(containers_file, container_asset)
+                    containers_written += 1
+            except Exception as e:
+                logger.error(f"Error processing container: {str(e)}")
+                logger.debug(traceback.format_exc())
+        logger.info("Wrote %s containers to %s", containers_written, containers_file.name)
+    def _write_container_findings_from_dict(
+        self, container_findings_file: TextIOWrapper, container_findings_data: List[Dict[str, Any]]
+    ):
+        """
+        Write container findings from dictionary data to JSONL file.
+        :param TextIOWrapper container_findings_file: Path to the container findings file
+        :param List[Dict[str, Any]] container_findings_data: Dictionary of container findings data
+        """
+        findings_written = 0
+        for finding in container_findings_data:
+            try:
+                container_id = finding.get("containerId", "")
+                if parsed_finding := self.parse_container_finding(finding=finding, container_id=container_id):
+                    self._write_item(container_findings_file, parsed_finding)
+                    findings_written += 1
+            except Exception as e:
+                logger.error(f"Error processing container finding: {str(e)}")
+                logger.debug(traceback.format_exc())
+        logger.info("Wrote %s container findings to %s", findings_written, container_findings_file.name)
+    def parse_container_asset(self, container: dict) -> Optional[IntegrationAsset]:
+        """
+        Parse a single container asset from Qualys container data.
+        :param container: Dictionary representing a container
+        :return: IntegrationAsset object
+        :rtype: Optional[IntegrationAsset]
+        """
+        state_map = {
+            "running": AssetStatus.Active,
+            "stopped": AssetStatus.Inactive,
+            "paused": AssetStatus.Inactive,
+            "restarting": AssetStatus.Active,
+            "exited": AssetStatus.Inactive,
+        }
+        try:
+            # Extract container information
+            container_id = container.get("containerId", "")
+            name = container.get("name", "Unknown Container")
+            image_id = container.get("imageId", "")
+            state = container.get("state", "stopped")
+            sha = container.get("sha", "")
+            state_changed = self._convert_timestamp_to_date_str(container.get("stateChanged", ""))
+            return IntegrationAsset(
+                name=name,
+                identifier=container_id,
+                asset_type="Virtual Machine (VM)",
+                asset_category="Hardware",
+                operating_system="Linux",
+                status=state_map.get((state or "running").lower(), AssetStatus.Inactive),
+                external_id=container_id,
+                date_last_updated=state_changed,
+                mac_address=None,
+                notes=f"Qualys Container ID: {container_id}. Image ID: {image_id}. SHA: {sha}",
+                parent_id=self.plan_id,
+                parent_module="securityplans",
+                is_virtual=True,
+            )
+        except Exception as e:
+            logger.error(f"Error parsing container asset: {str(e)}")
+            logger.debug(traceback.format_exc())
+    def parse_container_finding(self, finding: dict, container_id: str):
+        """
+        Parse a single container finding from Qualys container vulnerability data.
+        :param dict finding: Dictionary representing a container vulnerability
+        :param str container_id: Container ID associated with the finding
+        :return: IntegrationFinding object
+        :rtype: Optional[IntegrationFinding]
+        """
+        vulns: List[dict] = finding.get("vulnerabilities")
+        severity_map = {
+            "1": IssueSeverity.Critical,
+            "2": IssueSeverity.High,
+            "3": IssueSeverity.Moderate,
+            "4": IssueSeverity.Low,
+            "5": IssueSeverity.NotAssigned,
+        }
+        for vuln in vulns:
+            try:
+                # Extract finding information
+                title = vuln.get("title", "Unknown Container Vulnerability")
+                severity_num = vuln.get("severity", 0)
+                severity = severity_map.get(str(severity_num), IssueSeverity.NotAssigned)
+                description = vuln.get("result", "No description available")
+                status = vuln.get("status", "New")
+                vuln_id = vuln.get("id", "")
+                qid = vuln.get("qid", "")
+                # Get current time for any missing date fields
+                current_time = self.scan_date or get_current_datetime()
+                # Convert timestamp to datetime if needed
+                first_found = vuln.get("firstFound", current_time)
+                last_found = vuln.get("lastFound", current_time)
+                # Handle timestamp conversion if it's a numeric timestamp
+                first_found = self._convert_timestamp_to_date_str(first_found)
+                last_found = self._convert_timestamp_to_date_str(last_found)
+                cve = next(iter(vuln.get("cveids", [])), "")
+                # Create finding object
+                return IntegrationFinding(
+                    title=title,
+                    description=description,
+                    severity=severity,
+                    status=self.get_finding_status(status),
+                    external_id=vuln_id,
+                    asset_identifier=container_id,
+                    cve=cve,
+                    category="Vulnerability",
+                    plugin_name=cve or f"QID-{qid}",
+                    control_labels=[f"QID-{qid}"],
+                    cvss_v3_base_score=vuln.get("cvss3Info", {}).get("baseScore"),
+                    cvss_v3_vector=vuln.get("cvss3Info", {}).get("temporalScore"),
+                    first_seen=first_found,
+                    last_seen=last_found,
+                    evidence=vuln.get("result", "No evidence available"),
+                )
+            except Exception as e:
+                logger.error(f"Error parsing container finding: {str(e)}")
+                logger.debug(traceback.format_exc())
+                continue  # Continue to next vulnerability if this one fails
     def _process_xml_elements(self, hosts):
         """Process XML element hosts and detections with progress tracking."""
         # Convert XML elements to dictionaries first
@@ -1154,6 +1324,31 @@ class QualysTotalCloudJSONLIntegration(JSONLScannerIntegration):
         return unique_id
+    def _convert_timestamp_to_date_str(self, timestamp_value: Any) -> str:
+        """
+        Convert a timestamp value to a date string with validation.
+        :param Any timestamp_value: The timestamp value to convert
+        :return: Date string in ISO format
+        :raises ValueError: If the timestamp is not numeric
+        :rtype: str
+        """
+        try:
+            # Handle empty or None values early
+            if not timestamp_value and timestamp_value != 0:
+                raise ValueError(f"Invalid timestamp value: {timestamp_value}, defaulting to current datetime")
+            # Convert to integer timestamp
+            timestamp_int = normalize_timestamp(timestamp_value)
+            s = date_obj(timestamp_int)
+            if not s or timestamp_int == 0:
+                raise ValueError(f"Invalid timestamp value: {timestamp_value}, defaulting to current datetime")
+            return date_str(s)
+        except ValueError as e:
+            logger.error(f"Error converting timestamp to date string: {str(e)}")
+            return get_current_datetime()
     def get_finding_status(self, status: Optional[str]) -> IssueStatus:
         """
         Convert the Qualys status to a RegScale issue status.

regscale/integrations/commercial/synqly/edr.py CHANGED Viewed

@@ -87,4 +87,14 @@ def sync_sophos(regscale_ssp_id: int, url: str) -> None:
     edr_sophos.run_sync(regscale_ssp_id=regscale_ssp_id, url=url)
+@edr.command(name="sync_tanium")
+@regscale_ssp_id()
+def sync_tanium(regscale_ssp_id: int) -> None:
+    """Sync Edr from Tanium to RegScale."""
+    from regscale.models.integration_models.synqly_models.connectors import Edr
+    edr_tanium = Edr("tanium")
+    edr_tanium.run_sync(regscale_ssp_id=regscale_ssp_id)
 # pylint: enable=line-too-long

regscale/integrations/commercial/wizv2/click.py CHANGED Viewed

@@ -4,7 +4,6 @@
 # standard python imports
 import logging
-import os
 from typing import Optional
 import click
@@ -343,16 +342,16 @@ def add_report_evidence(
 @click.option(  # type: ignore
     "--client_id",
     "-i",
-    help="Wiz Client ID. Can also be set as an environment variable: WIZ_CLIENT_ID",
-    default=os.environ.get("WIZ_CLIENT_ID"),
+    help="Wiz Client ID, or can be set as environment variable wizClientId",
+    default="",
     hide_input=False,
     required=False,
 )
 @click.option(  # type: ignore
     "--client_secret",
     "-s",
-    help="Wiz Client Secret. Can also be set as an environment variable: WIZ_CLIENT_SECRET",
-    default=os.environ.get("WIZ_CLIENT_SECRET"),
+    help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
+    default="",
     hide_input=True,
     required=False,
 )
@@ -360,9 +359,9 @@ def add_report_evidence(
     "--catalog_id",
     "-c",
     help="RegScale Catalog ID for the selected framework.",
-    prompt="RegScale Catalog ID",
     hide_input=False,
-    required=True,
+    required=False,
+    default=None,
 )
 @click.option(  # type: ignore
     "--framework",
@@ -384,6 +383,11 @@ def sync_compliance(
     """Sync compliance posture from Wiz to RegScale"""
     from regscale.integrations.commercial.wizv2.utils import _sync_compliance
+    if not client_secret:
+        client_secret = WizVariables.wizClientSecret
+    if not client_id:
+        client_id = WizVariables.wizClientId
     _sync_compliance(
         wiz_project_id=wiz_project_id,
         regscale_id=regscale_id,

regscale/integrations/commercial/wizv2/constants.py CHANGED Viewed

@@ -131,6 +131,9 @@ INVENTORY_QUERY = """
     graphEntity{
       id
       providerUniqueId
+      publicExposures(first: 5) {
+          totalCount
+      }
       name
       type
       projects {
@@ -304,6 +307,19 @@ DOWNLOAD_QUERY = """
         }
     }
     """
+RERUN_REPORT_QUERY = """
+    mutation RerunReport($reportId: ID!) {
+        rerunReport(input: {id: $reportId}) {
+            report {
+                id
+                lastRun {
+                    url
+                    status
+                }
+            }
+        }
+    }
+    """
 ISSUE_QUERY = """query IssuesTable(
   $filterBy: IssueFilters
   $first: Int
@@ -422,6 +438,18 @@ VULNERABILITY_QUERY = """
       name
       detailedName
       description
+      commentThread {
+        comments(first:100) {
+          edges {
+            node {
+              body,
+              author {
+                name
+              }
+            }
+          }
+        }
+      },
       severity: vendorSeverity
       weightedSeverity
       status

regscale/integrations/commercial/wizv2/issue.py CHANGED Viewed

@@ -5,8 +5,9 @@ import re
 from typing import List, Dict, Any, Iterator, Optional
 from regscale.core.app.utils.parser_utils import safe_datetime_str
-from regscale.integrations.scanner_integration import issue_due_date, IntegrationFinding
+from regscale.integrations.scanner_integration import IntegrationFinding
 from regscale.utils.dict_utils import get_value
+from regscale.models import Issue
 from .constants import (
     get_wiz_issue_queries,
     WizVulnerabilityType,
@@ -353,7 +354,7 @@ class WizIssue(WizVulnerabilityIntegration):
             source_rule_id=source_rule_id,
             vulnerability_type=vulnerability_type.value,
             date_created=date_created,
-            due_date=issue_due_date(severity, date_created),
+            due_date=Issue.get_due_date(severity, self.app.config, "wiz", date_created),
             recommendation_for_mitigation=source_rule.get("resolutionRecommendation")
             or wiz_issue.get("description", ""),
             poam_comments=None,

regscale/integrations/commercial/wizv2/parsers.py CHANGED Viewed

@@ -271,6 +271,29 @@ def get_ip_address_from_props(network_dict: Dict) -> Optional[str]:
     return network_dict.get("ip4_address") or network_dict.get("ip6_address")
+def get_ip_v4_from_props(network_dict: Dict) -> Optional[str]:
+    """
+    Get IPv4 address from properties
+    :param Dict network_dict: Network dictionary
+    :return: IPv4 address if it can be parsed from the network dictionary
+    :rtype: Optional[str]
+    """
+    ip = network_dict.get("address")
+    if ip:
+        logger.info("get_ip_v4_from_props: %s", ip)
+    return network_dict.get("address")
+def get_ip_v6_from_props(network_dict: Dict) -> Optional[str]:
+    """
+    Get IPv6 address from properties
+    :param Dict network_dict: Network dictionary
+    :return: IPv6 address if it can be parsed from the network dictionary
+    :rtype: Optional[str]
+    """
+    return network_dict.get("ip6_address")
 def fetch_wiz_data(
     query: str,
     variables: dict,

regscale-cli 6.20.4.1__py3-none-any.whl → 6.20.6.0__py3-none-any.whl

Potentially problematic release.

regscale-cli 6.20.4.1py3-none-any.whl → 6.20.6.0py3-none-any.whl