regscale-cli 6.20.7.0__py3-none-any.whl → 6.20.9.0__py3-none-any.whl

regscale/_version.py

@@ -33,7 +33,7 @@ def get_version_from_pyproject() -> str:
                     return match.group(1)
     except Exception:
         pass
-    return "6.20.7.0"  # fallback version
+    return "6.20.9.0"  # fallback version
 
 
 __version__ = get_version_from_pyproject()

regscale/core/app/api.py

@@ -432,7 +432,14 @@ class Api:
         if json_list and len(json_list) > 0:
             with Progress(transient=False) as progress:
                 task = progress.add_task(message, total=len(json_list))
-                with concurrent.futures.ThreadPoolExecutor(max_workers=self.config["maxThreads"]) as executor:
+                # Ensure maxThreads is an integer for ThreadPoolExecutor
+                max_workers = self.config.get("maxThreads", 100)
+                if not isinstance(max_workers, int):
+                    try:
+                        max_workers = int(max_workers)
+                    except (ValueError, TypeError):
+                        max_workers = 100
+                with concurrent.futures.ThreadPoolExecutor(max_workers=max_workers) as executor:
                     if method.lower() == "post":
                         result_futures = list(
                             map(

regscale/core/app/application.py

@@ -298,7 +298,19 @@ class Application(metaclass=Singleton):
         self.config = self._gen_config(config)
         self.os = platform.system()
         self.input_host = ""
-        self.thread_manager = ThreadManager(self.config.get("maxThreads", 100))
+        # Ensure maxThreads is an integer for ThreadManager
+        max_threads = self.config.get("maxThreads", 100)
+        if not isinstance(max_threads, int):
+            logger.debug(f"maxThreads is not an integer: {max_threads} (type: {type(max_threads)})")
+            try:
+                max_threads = int(max_threads)
+                logger.debug(f"Converted maxThreads to integer: {max_threads}")
+            except (ValueError, TypeError) as e:
+                logger.warning(
+                    f"Failed to convert maxThreads '{max_threads}' to integer: {e}. Using default value 100."
+                )
+                max_threads = 100
+        self.thread_manager = ThreadManager(max_threads)
         logger.debug("Finished Initializing Application")
         logger.debug("*" * 80)
 
@@ -387,10 +399,10 @@ class Application(metaclass=Singleton):
         if config is None:
             config = {}
         self.logger.debug(f"Provided config in _fetch_config_from_regscale is: {type(config)}")
-        token = config.get("token") or os.getenv("REGSCALE_TOKEN")
-        domain = config.get("domain") or os.getenv("REGSCALE_DOMAIN")
+        token = config.get("token", os.getenv("REGSCALE_TOKEN"))
+        domain = config.get("domain", os.getenv("REGSCALE_DOMAIN"))
         if domain is None or "http" not in domain or domain == self.template["domain"]:
-            domain = self.retrieve_domain()[:-1] if self.retrieve_domain().endswith("/") else self.retrieve_domain()
+            domain = self.retrieve_domain().rstrip("/")
         self.logger.debug(f"domain: {domain}, token: {token}")
         if domain is not None and token is not None:
             self.logger.info(f"Fetching config from {domain}...")
@@ -404,23 +416,87 @@ class Application(metaclass=Singleton):
                     },
                 )
                 self.logger.debug(f"status_code: {response.status_code} text: {response.text}")
-                res_data = response.json()
-                if config := res_data.get("cliConfig"):
-                    parsed_dict = yaml.safe_load(config)
-                    self.logger.debug(f"parsed_dict: {parsed_dict}")
-                    parsed_dict["token"] = token
-                    parsed_dict["domain"] = domain
-                    from regscale.core.app.internal.login import parse_user_id_from_jwt
-
-                    parsed_dict["userId"] = res_data.get("userId") or parse_user_id_from_jwt(self, token)
-                    self.logger.debug(f"Updated domain, token and userId: {parsed_dict}")
-                    self.logger.info("Successfully fetched config from RegScale.")
-                    # fill in any missing keys with the template
-                    return {**self.template, **parsed_dict}
+
+                # Get the encrypted config from the response
+                fetched_config = response.json()
+                if not fetched_config or response.text == "":
+                    self.logger.warning("No secrets found in %s", domain)
+                    return {}
+                # see if it's just a dictionary
+                if isinstance(fetched_config, dict):
+                    parsed_dict = fetched_config
+                else:
+                    decrypted_config = self._decrypt_config(fetched_config, token)
+                    parsed_dict = json.loads(decrypted_config)
+
+                parsed_dict["token"] = token
+                parsed_dict["domain"] = domain
+                from regscale.core.app.internal.login import parse_user_id_from_jwt
+
+                parsed_dict["userId"] = parsed_dict.get("userId") or parse_user_id_from_jwt(self, token)
+                self.logger.info("Successfully fetched config from RegScale.")
+                # fill in any missing keys with the template
+                return {**self.template, **parsed_dict}
             except Exception as ex:
-                self.logger.error("Unable to fetch config from RegScale.\n%s", ex)
+                self.logger.error("Unable to fetch config from RegScale.\n%s", str(ex))
         return {}
 
+    def _decrypt_config(self, encrypted_text: str, bearer_token: str) -> str:
+        """
+        Decrypt the configuration using AES encryption with the bearer token as key
+
+        :param str encrypted_text: Base64 encoded encrypted text
+        :param str bearer_token: Bearer token used as encryption key
+        :return: Decrypted configuration string
+        :rtype: str
+        """
+        import base64
+        import hashlib
+        from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+        from cryptography.hazmat.backends import default_backend
+
+        try:
+            # Convert from base64
+            combined = base64.b64decode(encrypted_text)
+
+            # Extract IV (first 16 bytes) and cipher text
+            iv = combined[:16]
+            cipher_text = combined[16:]
+
+            # Generate key from bearer token using SHA256
+            key = hashlib.sha256(bearer_token.encode()).digest()
+
+            # Create cipher
+            cipher = Cipher(algorithms.AES(key), modes.GCM(iv), backend=default_backend())
+
+            # Decrypt
+            decryptor = cipher.decryptor()
+            decrypted = decryptor.update(cipher_text) + decryptor.finalize()
+
+            # Remove padding and convert to string
+            decoded = decrypted.decode("utf-8")
+            # Remove all trailing whitespace and control characters
+            cleaned = decoded.rstrip()
+            # Also remove any trailing null bytes that might remain
+            while cleaned.endswith("\0"):
+                cleaned = cleaned[:-1]
+            # Use regex to remove any ending backslash-like pattern and characters after it
+            import re
+
+            # Remove any trailing backslash followed by any characters until the end
+            # This handles both literal backslashes and control characters like \x0e
+            cleaned = re.sub(r"\\[^\\]*$", "", cleaned)
+            # Also remove any trailing control characters that might remain
+            # Avoid regex for trailing control character removal to prevent potential catastrophic backtracking.
+            # Instead, use rstrip with a string of control characters.
+            cleaned = cleaned.rstrip(
+                "".join([chr(i) for i in range(0x00, 0x20)]) + "".join([chr(i) for i in range(0x7F, 0xA0)])
+            )
+            return cleaned
+        except Exception as err:
+            self.logger.error("Unable to decrypt config: %s", err)
+            return "{}"
+
     def _load_config_from_click_context(self) -> Optional[dict]:
         """
         Load configuration from Click context
@@ -654,12 +730,46 @@ class Application(metaclass=Singleton):
         for key, template_value in template.items():
             config_value = config.get(key)
 
-            # If key missing or value type mismatch, use template value
-            if config_value is None or config_value == "" or not isinstance(config_value, type(template_value)):
+            # If key missing or empty, use template value
+            if config_value is None or config_value == "":
                 updated_config[key] = template_value
             # If value is a dict, recurse
             elif isinstance(template_value, dict):
                 updated_config[key] = self.verify_config(template_value, config.get(key, {}))
+            # If type mismatch, try to convert the value to the expected type
+            elif not isinstance(config_value, type(template_value)):
+                self.logger.debug(
+                    f"Type mismatch for key '{key}': expected {type(template_value).__name__}, got {type(config_value).__name__} with value '{config_value}'"
+                )
+                try:
+                    if isinstance(template_value, int):
+                        updated_config[key] = int(config_value)
+                        self.logger.debug(
+                            f"Converted '{key}' from {type(config_value).__name__} to int: {config_value} -> {updated_config[key]}"
+                        )
+                    elif isinstance(template_value, float):
+                        updated_config[key] = float(config_value)
+                        self.logger.debug(
+                            f"Converted '{key}' from {type(config_value).__name__} to float: {config_value} -> {updated_config[key]}"
+                        )
+                    elif isinstance(template_value, bool):
+                        if isinstance(config_value, str):
+                            updated_config[key] = config_value.lower() in ("true", "1", "yes", "on")
+                        else:
+                            updated_config[key] = bool(config_value)
+                        self.logger.debug(
+                            f"Converted '{key}' from {type(config_value).__name__} to bool: {config_value} -> {updated_config[key]}"
+                        )
+                    else:
+                        # For other types, use template value as fallback
+                        updated_config[key] = template_value
+                        self.logger.debug(f"Using template value for '{key}': {template_value}")
+                except (ValueError, TypeError) as e:
+                    # If conversion fails, use template value
+                    self.logger.warning(
+                        f"Failed to convert '{key}' from '{config_value}' to {type(template_value).__name__}: {e}. Using template value: {template_value}"
+                    )
+                    updated_config[key] = template_value
             # Else, retain the config value
             else:
                 updated_config[key] = config_value

regscale/core/utils/date.py

@@ -24,20 +24,23 @@ def date_str(date_object: Union[str, datetime.datetime, datetime.date, None], da
     :param Optional[str] date_format: The format to use for the date string.
     :return: The date as a string.
     """
-    if isinstance(date_object, str):
-        date_object = date_obj(date_object)
+    try:
+        if isinstance(date_object, str):
+            date_object = date_obj(date_object)
 
-    # Handles passed None and date_obj returning None
-    if not date_object:
-        return ""
+        # Handles passed None and date_obj returning None
+        if not date_object:
+            return ""
 
-    if isinstance(date_object, (datetime.datetime, Timestamp)):
-        date_object = date_object.date()
+        if isinstance(date_object, (datetime.datetime, Timestamp)):
+            date_object = date_object.date()
 
-    if date_format:
-        return date_object.strftime(date_format)
+        if date_format:
+            return date_object.strftime(date_format)
 
-    return date_object.isoformat()
+        return date_object.isoformat()
+    except Exception:
+        return ""
 
 
 def datetime_str(
@@ -52,14 +55,11 @@ def datetime_str(
     """
     if not date_format:
         date_format = default_date_format
-
     if isinstance(date_object, str):
         date_object = datetime_obj(date_object)
-
-    if not date_object:
-        return ""
-
-    return date_object.strftime(date_format)
+    if isinstance(date_object, datetime.date):
+        return date_object.strftime(date_format)
+    return ""
 
 
 def date_obj(date_str: Union[str, datetime.datetime, datetime.date, int, None]) -> Optional[datetime.date]:

regscale/integrations/commercial/aqua/aqua.py

@@ -80,7 +80,7 @@ def import_aqua_scan(
         import_name="Aqua",
         file_types=[".csv", ".xlsx"],
         folder_path=folder_path,
-        regscale_ssp_id=regscale_ssp_id,
+        object_id=regscale_ssp_id,
         scan_date=scan_date,
         mappings_path=mappings_path,
         disable_mapping=disable_mapping,

regscale/integrations/commercial/aws/cli.py

@@ -249,7 +249,7 @@ def import_aws_scans(
         import_name="AWS Inspector",
         file_types=[".csv", ".json"],
         folder_path=folder_path,
-        regscale_ssp_id=regscale_ssp_id,
+        object_id=regscale_ssp_id,
         scan_date=scan_date,
         mappings_path=mappings_path,
         disable_mapping=disable_mapping,

regscale/integrations/commercial/defender.py

@@ -251,7 +251,7 @@ def import_defender_alerts(
         import_name="Defender",
         file_types=".csv",
         folder_path=folder_path,
-        regscale_ssp_id=regscale_ssp_id,
+        object_id=regscale_ssp_id,
         scan_date=scan_date,
         mappings_path=mappings_path,
         disable_mapping=disable_mapping,

regscale/integrations/commercial/ecr.py

@@ -79,7 +79,7 @@ def import_ecr_scans(
         import_name="ECR",
         file_types=[".csv", ".json"],
         folder_path=folder_path,
-        regscale_ssp_id=regscale_ssp_id,
+        object_id=regscale_ssp_id,
         scan_date=scan_date,
         mappings_path=mappings_path,
         disable_mapping=disable_mapping,

regscale/integrations/commercial/ibm.py

@@ -79,7 +79,7 @@ def import_appscan_files(
         import_name="IBM AppScan",
         file_types=".csv",
         folder_path=folder_path,
-        regscale_ssp_id=regscale_ssp_id,
+        object_id=regscale_ssp_id,
         scan_date=scan_date,
         mappings_path=mappings_path,
         disable_mapping=disable_mapping,

regscale/integrations/commercial/nexpose.py

@@ -79,7 +79,7 @@ def import_nexpose_files(
         import_name="Nexpose",
         file_types=".csv",
         folder_path=folder_path,
-        regscale_ssp_id=regscale_ssp_id,
+        object_id=regscale_ssp_id,
         scan_date=scan_date,
         mappings_path=mappings_path,
         disable_mapping=disable_mapping,

regscale/integrations/commercial/prisma.py

@@ -80,7 +80,7 @@ def import_prisma_data(
         import_name="Prisma",
         file_types=".csv",
         folder_path=folder_path,
-        regscale_ssp_id=regscale_ssp_id,
+        object_id=regscale_ssp_id,
         scan_date=scan_date,
         mappings_path=mappings_path,
         disable_mapping=disable_mapping,