regscale-cli 6.20.9.1__py3-none-any.whl → 6.21.0.0__py3-none-any.whl

regscale/integrations/commercial/wizv2/utils.py

@@ -54,6 +54,7 @@ from regscale.models import (
     ControlImplementationStatus,
     ImplementationObjective,
 )
+from regscale.models.regscale_models.compliance_settings import ComplianceSettings
 from regscale.utils import PaginatedGraphQLClient
 from regscale.utils.decorators import deprecated
 
@@ -781,8 +782,6 @@ def _sync_compliance(
         fetch_regscale_data_job = compliance_job_progress.add_task(
             "[#f68d1f]Fetching RegScale Catalog info for framework...", total=1
         )
-        compliance_job_progress.update(report_job, completed=True, advance=1)
-
         framework_mapping = {
             "CSF": "NIST CSF v1.1",
             "NIST800-53R5": "NIST SP 800-53 Revision 5",
@@ -836,8 +835,14 @@ def _sync_compliance(
             finally:
                 compliance_job_progress.update(running_compliance_job, advance=1)
         try:
+            controls_with_data = len(controls_to_reports)
+            logger.info(f"Creating assessments for {controls_with_data} controls with compliance data")
+            if controls_with_data == 0:
+                logger.warning("No controls have compliance data from Wiz")
+                return report_models
+
             saving_regscale_data_job = compliance_job_progress.add_task(
-                "[#f68d1f]Saving RegScale data...", total=len(controls_to_reports)
+                "[#f68d1f]Saving RegScale data...", total=controls_with_data
             )
             create_assessment_from_compliance_report(
                 controls_to_reports=controls_to_reports,
@@ -851,8 +856,8 @@ def _sync_compliance(
         except Exception:
             error_message = traceback.format_exc()
             logger.error(f"Error creating ControlImplementations from compliance report: {error_message}")
-        finally:
-            compliance_job_progress.update(saving_regscale_data_job, completed=True, advance=len(controls_to_reports))
+            # Re-raise the exception so it's not silently swallowed
+            raise
         return report_models
 
 
@@ -932,50 +937,199 @@ def create_assessment_from_compliance_report(
     :rtype: None
     """
     implementations = ControlImplementation.get_all_by_parent(parent_module=regscale_module, parent_id=regscale_id)
+    total_controls = len(controls_to_reports)
+    processed_count = 0
+
     for control_id, reports in controls_to_reports.items():
-        control_record_id = None
-        for control in controls:
-            if control.get("controlId").lower() == control_id:
-                control_record_id = control.get("id")
-                break
-        filtered_results = [x for x in implementations if x.controlID == control_record_id]
-        create_report_assessment(filtered_results, reports, control_id)
-        progress.update(task, advance=1)
+        try:
+            processed_count += 1
+            logger.debug(f"Processing control {control_id} ({processed_count}/{total_controls})")
+
+            control_record_id = None
+            for control in controls:
+                if control.get("controlId").lower() == control_id:
+                    control_record_id = control.get("id")
+                    break
+
+            filtered_results = [x for x in implementations if x.controlID == control_record_id]
+
+            start_time = time.time()
+            create_report_assessment(filtered_results, reports, control_id)
+            end_time = time.time()
+            logger.debug(f"Assessment creation for {control_id} took {end_time - start_time:.2f} seconds")
+
+            progress.update(task, advance=1)
+            logger.debug(f"Updated progress: {processed_count}/{total_controls}")
+
+        except Exception as e:
+            logger.error(f"Error processing control {control_id}: {e}")
+            # Still update progress even if there's an error
+            progress.update(task, advance=1)
 
 
 def create_report_assessment(filtered_results: List, reports: List, control_id: str) -> None:
     """
-    Create report assessment
+    Create a single aggregated report assessment per control
 
     :param List filtered_results: Filtered results
-    :param List reports: Reports
+    :param List reports: List of ComplianceReport objects for this control
     :param str control_id: Control ID
     :return: None
     :rtype: None
     """
+    logger.debug(f"Creating assessment for control {control_id} with {len(reports)} reports")
+
     implementation = filtered_results[0] if len(filtered_results) > 0 else None
+    if not implementation or not reports:
+        logger.debug(
+            f"Skipping control {control_id}: implementation={bool(implementation)}, reports={len(reports) if reports else 0}"
+        )
+        return
+
+    # Aggregate results: Fail if ANY asset fails, Pass only if ALL pass
+    overall_result = "Pass"
+    pass_count = 0
+    fail_count = 0
+
+    # Collect detailed results for comprehensive reporting
+    asset_details = []
+
     for report in reports:
-        html_summary = format_dict_to_html(report.dict())
-        if implementation:
-            a = Assessment(
-                leadAssessorId=implementation.createdById,
-                title=f"Wiz compliance report assessment for {control_id}",
-                assessmentType="Control Testing",
-                plannedStart=get_current_datetime(),
-                plannedFinish=get_current_datetime(),
-                actualFinish=get_current_datetime(),
-                assessmentResult=report.result,
-                assessmentReport=html_summary,
-                status="Complete",
-                parentId=implementation.id,
-                parentModule="controls",
-                isPublic=True,
-            ).create()
-            update_implementation_status(
-                implementation=implementation,
-                result=report.result,
+        if report.result == ComplianceCheckStatus.FAIL.value:
+            overall_result = "Fail"
+            fail_count += 1
+        else:
+            pass_count += 1
+
+        # Collect asset details for the report
+        asset_details.append(
+            {
+                "resource_name": report.resource_name,
+                "resource_id": report.resource_id,
+                "cloud_provider": report.cloud_provider,
+                "subscription": report.subscription,
+                "result": report.result,
+                "policy_short_name": report.policy_short_name,
+                "compliance_check": report.compliance_check,
+                "severity": report.severity,
+                "assessed_at": report.assessed_at,
+            }
+        )
+
+    # Create comprehensive HTML summary
+    html_summary = _create_aggregated_assessment_report(
+        control_id=control_id,
+        overall_result=overall_result,
+        pass_count=pass_count,
+        fail_count=fail_count,
+        asset_details=asset_details,
+        total_assets=len(reports),
+    )
+
+    # Create single assessment for this control
+    assessment = Assessment(
+        leadAssessorId=implementation.createdById,
+        title=f"Wiz compliance assessment for {control_id}",
+        assessmentType="Control Testing",
+        plannedStart=get_current_datetime(),
+        plannedFinish=get_current_datetime(),
+        actualFinish=get_current_datetime(),
+        assessmentResult=overall_result,
+        assessmentReport=html_summary,
+        status="Complete",
+        parentId=implementation.id,
+        parentModule="controls",
+        isPublic=True,
+    ).create()
+
+    # Update implementation status once with aggregated result
+    update_implementation_status(
+        implementation=implementation,
+        result=overall_result,
+    )
+
+    logger.info(
+        f"Created aggregated assessment for {control_id}: {assessment.id} "
+        f"(Result: {overall_result}, Assets: {len(reports)}, Pass: {pass_count}, Fail: {fail_count})"
+    )
+
+
+def _create_aggregated_assessment_report(
+    control_id: str, overall_result: str, pass_count: int, fail_count: int, asset_details: List[Dict], total_assets: int
+) -> str:
+    """
+    Create a comprehensive HTML assessment report for aggregated compliance results
+
+    :param str control_id: Control identifier
+    :param str overall_result: Overall Pass/Fail result
+    :param int pass_count: Number of passing assets
+    :param int fail_count: Number of failing assets
+    :param List[Dict] asset_details: Detailed information about each asset
+    :param int total_assets: Total number of assets assessed
+    :return: HTML formatted assessment report
+    :rtype: str
+    """
+    # Create summary section
+    summary_html = f"""
+    <div style="margin-bottom: 20px; padding: 15px; border: 2px solid {'#d32f2f' if overall_result == 'Fail' else '#2e7d32'}; border-radius: 5px; background-color: {'#ffebee' if overall_result == 'Fail' else '#e8f5e8'};">
+        <h3 style="margin: 0 0 10px 0; color: {'#d32f2f' if overall_result == 'Fail' else '#2e7d32'};">
+            Assessment Summary for Control {control_id}
+        </h3>
+        <p><strong>Overall Result:</strong> <span style="color: {'#d32f2f' if overall_result == 'Fail' else '#2e7d32'}; font-weight: bold;">{overall_result}</span></p>
+        <p><strong>Total Assets Assessed:</strong> {total_assets}</p>
+        <p><strong>Passing Assets:</strong> <span style="color: #2e7d32;">{pass_count}</span></p>
+        <p><strong>Failing Assets:</strong> <span style="color: #d32f2f;">{fail_count}</span></p>
+        <p><strong>Assessment Date:</strong> {get_current_datetime()}</p>
+    </div>
+    """
+
+    # Create detailed asset results table
+    if asset_details:
+        table_rows = []
+        for asset in asset_details:
+            result_color = "#d32f2f" if asset["result"] == "Fail" else "#2e7d32"
+            table_rows.append(
+                f"""
+                <tr>
+                    <td style="padding: 8px; border-bottom: 1px solid #ddd;">{asset.get('resource_name', 'N/A')}</td>
+                    <td style="padding: 8px; border-bottom: 1px solid #ddd;">{asset.get('resource_id', 'N/A')}</td>
+                    <td style="padding: 8px; border-bottom: 1px solid #ddd;">{asset.get('cloud_provider', 'N/A')}</td>
+                    <td style="padding: 8px; border-bottom: 1px solid #ddd;">{asset.get('subscription', 'N/A')}</td>
+                    <td style="padding: 8px; border-bottom: 1px solid #ddd; color: {result_color}; font-weight: bold;">{asset.get('result', 'N/A')}</td>
+                    <td style="padding: 8px; border-bottom: 1px solid #ddd;">{asset.get('policy_short_name', 'N/A')}</td>
+                    <td style="padding: 8px; border-bottom: 1px solid #ddd;">{asset.get('compliance_check', 'N/A')}</td>
+                    <td style="padding: 8px; border-bottom: 1px solid #ddd;">{asset.get('severity', 'N/A')}</td>
+                </tr>
+            """
             )
-            logger.info(f"Created report assessment for {control_id}: {a.id}")
+
+        asset_table_html = f"""
+        <div style="margin-top: 20px;">
+            <h4>Detailed Asset Results</h4>
+            <table style="width: 100%; border-collapse: collapse; border: 1px solid #ddd;">
+                <thead>
+                    <tr style="background-color: #f5f5f5;">
+                        <th style="padding: 10px; border-bottom: 2px solid #ddd; text-align: left;">Resource Name</th>
+                        <th style="padding: 10px; border-bottom: 2px solid #ddd; text-align: left;">Resource ID</th>
+                        <th style="padding: 10px; border-bottom: 2px solid #ddd; text-align: left;">Cloud Provider</th>
+                        <th style="padding: 10px; border-bottom: 2px solid #ddd; text-align: left;">Subscription</th>
+                        <th style="padding: 10px; border-bottom: 2px solid #ddd; text-align: left;">Result</th>
+                        <th style="padding: 10px; border-bottom: 2px solid #ddd; text-align: left;">Policy</th>
+                        <th style="padding: 10px; border-bottom: 2px solid #ddd; text-align: left;">Compliance Check</th>
+                        <th style="padding: 10px; border-bottom: 2px solid #ddd; text-align: left;">Severity</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    {''.join(table_rows)}
+                </tbody>
+            </table>
+        </div>
+        """
+    else:
+        asset_table_html = "<p><em>No asset details available.</em></p>"
+
+    # Combine summary and details
+    return summary_html + asset_table_html
 
 
 def update_implementation_status(implementation: ControlImplementation, result: str) -> ControlImplementation:
@@ -1003,14 +1157,104 @@ def update_implementation_status(implementation: ControlImplementation, result:
     logger.info(f"Updated implementation status for {implementation.id}: {implementation.status}")
 
 
+def get_wiz_compliance_settings():
+    """
+    Get Wiz compliance settings for status mapping
+
+    :return: Compliance settings instance or None
+    :rtype: Optional[ComplianceSettings]
+    """
+    try:
+        settings = ComplianceSettings.get_by_current_tenant()
+        wiz_compliance_setting = next((comp for comp in settings if comp.title == "Wiz Compliance Setting"), None)
+        if not wiz_compliance_setting:
+            logger.debug("No Wiz Compliance Setting found, using default implementation status mapping")
+        else:
+            logger.debug("Using Wiz Compliance Setting for implementation status mapping")
+        return wiz_compliance_setting
+    except Exception as e:
+        logger.debug(f"Error getting Wiz Compliance Setting: {e}")
+        return None
+
+
 def report_result_to_implementation_status(result: str) -> str:
     """
-    Convert report result to implementation status
+    Convert report result to implementation status using compliance settings if available
 
     :param str result: Report result
     :return: Implementation status
     :rtype: str
     """
+    compliance_settings = get_wiz_compliance_settings()
+
+    if compliance_settings:
+        status = _get_status_from_compliance_settings(result, compliance_settings)
+        if status:
+            return status
+
+    # Fallback to default mapping
+    return _get_default_status_mapping(result)
+
+
+def _get_status_from_compliance_settings(result: str, compliance_settings) -> Optional[str]:
+    """
+    Get implementation status from compliance settings
+
+    :param str result: Report result
+    :param compliance_settings: Compliance settings object
+    :return: Implementation status or None if not found
+    :rtype: Optional[str]
+    """
+    try:
+        status_labels = compliance_settings.get_field_labels("implementationStatus")
+        result_lower = result.lower()
+
+        for label in status_labels:
+            status = _match_result_to_label(result_lower, label)
+            if status:
+                return status
+
+        logger.debug(f"No matching compliance setting found for result: {result}")
+        return None
+
+    except Exception as e:
+        logger.debug(f"Error using compliance settings for implementation status mapping: {e}")
+        return None
+
+
+def _match_result_to_label(result_lower: str, label: str) -> Optional[str]:
+    """
+    Match a result to a status label based on predefined mappings
+
+    :param str result_lower: Lowercase result string
+    :param str label: Status label to check
+    :return: Matched label or None
+    :rtype: Optional[str]
+    """
+    label_lower = label.lower()
+
+    if result_lower == ComplianceCheckStatus.PASS.value.lower():
+        return label if label_lower in ["implemented", "complete", "compliant"] else None
+
+    if result_lower == ComplianceCheckStatus.FAIL.value.lower():
+        return (
+            label
+            if label_lower in ["inremediation", "in remediation", "remediation", "failed", "non-compliant"]
+            else None
+        )
+
+    # Not implemented or other status
+    return label if label_lower in ["notimplemented", "not implemented", "pending", "planned"] else None
+
+
+def _get_default_status_mapping(result: str) -> str:
+    """
+    Get default status mapping for a result
+
+    :param str result: Report result
+    :return: Default implementation status
+    :rtype: str
+    """
     if result == ComplianceCheckStatus.PASS.value:
         return ControlImplementationStatus.Implemented.value
     elif result == ComplianceCheckStatus.FAIL.value:

regscale/integrations/commercial/wizv2/variables.py

@@ -3,6 +3,7 @@
 """Wiz Variables"""
 
 from regscale.core.app.utils.variables import RsVariableType, RsVariablesMeta
+from regscale.integrations.commercial.wizv2.constants import RECOMMENDED_WIZ_INVENTORY_TYPES
 
 
 class WizVariables(metaclass=RsVariablesMeta):
@@ -22,16 +23,7 @@ class WizVariables(metaclass=RsVariablesMeta):
     wizInventoryFilterBy: RsVariableType(
         str,
         '{"projectId": ["xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"], "type": ["API_GATEWAY"]}',
-        default="""{"type":
-  [ "API_GATEWAY", "BACKUP_SERVICE", "CDN", "CICD_SERVICE", "CLOUD_LOG_CONFIGURATION",
-  "CLOUD_ORGANIZATION", "CONTAINER", "CONTAINER_IMAGE", "CONTAINER_REGISTRY", "CONTAINER_SERVICE",
-  "CONTROLLER_REVISION", "DATABASE", "DATA_WORKLOAD", "DB_SERVER", "DOMAIN", "EMAIL_SERVICE", "ENCRYPTION_KEY",
-  "FILE_SYSTEM_SERVICE", "FIREWALL", "GATEWAY", "KUBERNETES_CLUSTER", "LOAD_BALANCER",
-  "MANAGED_CERTIFICATE", "MESSAGING_SERVICE", "NAMESPACE", "NETWORK_INTERFACE", "PRIVATE_ENDPOINT",
-  "PRIVATE_LINK", "RAW_ACCESS_POLICY", "REGISTERED_DOMAIN", "RESOURCE_GROUP", "SECRET",
-  "SECRET_CONTAINER", "SERVERLESS", "SERVERLESS_PACKAGE", "SERVICE_ACCOUNT", "SERVICE_CONFIGURATION",
-  "STORAGE_ACCOUNT", "SUBNET", "SUBSCRIPTION", "VIRTUAL_DESKTOP", "VIRTUAL_MACHINE",
-  "VIRTUAL_MACHINE_IMAGE", "VIRTUAL_NETWORK", "VOLUME", "WEB_SERVICE", "NETWORK_ADDRESS"] }""",
+        default="""{"type": ["%s"] }""" % '","'.join(RECOMMENDED_WIZ_INVENTORY_TYPES),  # type: ignore
     )  # type: ignore
     wizAccessToken: RsVariableType(str, "", sensitive=True, required=False)  # type: ignore
     wizClientId: RsVariableType(str, "", sensitive=True)  # type: ignore

regscale/integrations/integration_override.py

@@ -2,8 +2,6 @@
 A simple singleton class that loads custom integration mappings, if available
 """
 
-from regscale.core.app.application import Application
-
 # pylint: disable=C0415
 
 
@@ -74,9 +72,12 @@ class IntegrationOverride:
         :return: The mapped field name
         :rtype: Optional[str]
         """
-        if integration and self.mapping_exists(integration, field_name):
+        if integration and field_name and self.mapping_exists(integration, field_name):
             integration_map = self.mapping.get(integration.lower(), {})
-            return integration_map.get(field_name.lower())
+            # Find the actual key that matches case-insensitively
+            for key in integration_map.keys():
+                if key.lower() == field_name.lower():
+                    return integration_map.get(key)
         return None
 
     def mapping_exists(self, integration: str, field_name: str) -> bool:
@@ -88,8 +89,16 @@ class IntegrationOverride:
         :return: Whether the mapping exists
         :rtype: bool
         """
+        if not integration or not field_name:
+            return False
         the_map = self.mapping.get(integration.lower())
-        return the_map and field_name.lower() in the_map and the_map.get(field_name.lower()) != "default"
+        if not the_map:
+            return False
+        # Find the actual key that matches case-insensitively
+        for key in the_map.keys():
+            if key.lower() == field_name.lower():
+                return the_map.get(key) != "default"
+        return False
 
     def field_map_validation(self, obj: Any, model_type: str) -> Optional[str]:
         """
@@ -131,7 +140,7 @@ class IntegrationOverride:
                 },
             }
             # The type an associated fields we are able to override. Limited for now.
-            supported_fields = {"asset": {"ipAddress", "name", "fqdn", "dns"}}
+            supported_fields = {"asset": {"ipAddress", "name", "fqdn", "dns"}, "issue": {"dateFirstDetected"}}
             if regscale_field not in supported_fields.get(model_type.lower(), set()):
                 return match