regscale-cli 6.20.9.1__py3-none-any.whl → 6.21.0.0__py3-none-any.whl

regscale/models/integration_models/aqua.py

@@ -10,10 +10,12 @@ from regscale.core.app.application import Application
 from regscale.core.app.logz import create_logger
 from regscale.core.app.utils.app_utils import get_current_datetime, is_valid_fqdn
 from regscale.core.utils.date import datetime_str
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
 from regscale.models.app_models import ImportValidater
 from regscale.models.integration_models.flat_file_importer import FlatFileImporter
-from regscale.models.regscale_models.asset import Asset
-from regscale.models.regscale_models.vulnerability import Vulnerability
+from regscale.models.regscale_models import AssetStatus, IssueSeverity, IssueStatus
+from regscale.models.regscale_models import AssetStatus, IssueSeverity, IssueStatus
 
 
 class Aqua(FlatFileImporter):
@@ -36,6 +38,7 @@ class Aqua(FlatFileImporter):
         self.vendor_cvss_v2_severity = "Vendor CVSS v2 Severity"
         self.vendor_cvss_v3_severity = "Vendor CVSS v3 Severity"
         self.vendor_cvss_v3_score = "Vendor CVSS v3 Score"
+        self.vendor_cvss_v2_score = "Vendor CVSS v2 Score"
         self.nvd_cvss_v2_severity = "NVD CVSS v2 Severity"
         self.nvd_cvss_v3_severity = "NVD CVSS v3 Severity"
         self.required_headers = [
@@ -63,40 +66,32 @@ class Aqua(FlatFileImporter):
             **kwargs,
         )
 
-    def create_asset(self, dat: Optional[dict] = None) -> Optional[Asset]:
+    def create_asset(self, dat: Optional[dict] = None) -> Optional[IntegrationAsset]:
         """
-        Create an asset from a row in the Aqua file
+        Create an IntegrationAsset from a row in the Aqua file
 
         :param Optional[dict] dat: Data row from CSV file, defaults to None
-        :return: RegScale Asset object or None
-        :rtype: Optional[Asset]
+        :return: RegScale IntegrationAsset object or None
+        :rtype: Optional[IntegrationAsset]
         """
         name = self.mapping.get_value(dat, self.image_name)
         if not name:
             return None
         os = self.mapping.get_value(dat, self.OS)
-        return Asset(
-            **{
-                "id": 0,
-                "name": name,
-                "description": "",
-                "operatingSystem": Asset.find_os(os),
-                "operatingSystemVersion": os,
-                "ipAddress": "0.0.0.0",
-                "isPublic": True,
-                "status": "Active (On Network)",
-                "assetCategory": "Hardware",
-                "bLatestScan": True,
-                "bAuthenticatedScan": True,
-                "scanningTool": self.name,
-                "assetOwnerId": self.config["userId"],
-                "assetType": "Other",
-                "fqdn": name if is_valid_fqdn(name) else None,
-                "systemAdministratorId": self.config["userId"],
-                "parentId": self.attributes.parent_id,
-                "parentModule": self.attributes.parent_module,
-                "extra_data": {"software_inventory": self.generate_software_inventory(name)},
-            }
+        return IntegrationAsset(
+            identifier=name,
+            name=name,
+            ip_address="0.0.0.0",
+            cpu=0,
+            ram=0,
+            status=AssetStatus.Active.value,
+            asset_type="Other",
+            asset_category="Hardware",
+            scanning_tool=self.name,
+            fqdn=name if is_valid_fqdn(name) else None,
+            operating_system=os,
+            other_tracking_number=name,
+            software_inventory=self.generate_software_inventory(name),
         )
 
     def generate_software_inventory(self, name: str) -> List[dict]:
@@ -137,64 +132,83 @@ class Aqua(FlatFileImporter):
         :rtype: str
         """
         self.logger.info(f"Unable to determine date for the '{field}' field, falling back to current date and time.")
-        return get_current_datetime()
+        return self.scan_date
+
+    def determine_first_seen(self, dat: dict) -> str:
+        """
+        Determine the first seen date and time of the vulnerability
+
+        :param dict dat: Data row from CSV file
+        :return: The first seen date and time
+        :rtype: str
+        """
+        first_detected = datetime_str(
+            self.mapping.get_value(dat, self.integration_mapping.load("aqua", "dateFirstDetected"))
+        )
+        ffi = datetime_str(self.mapping.get_value(dat, self.ffi)) or self.current_datetime_w_log(self.ffi)
+        if first_detected and first_detected != ffi:
+            ffi = first_detected
+        return ffi
 
-    def create_vuln(self, dat: Optional[dict] = None, **kwargs: dict) -> Optional[Vulnerability]:
+    def create_vuln(self, dat: Optional[dict] = None, **kwargs: dict) -> Optional[IntegrationFinding]:
         """
-        Create a vulnerability from a row in the Aqua csv file
+        Create a IntegrationFinding from a row in the Aqua csv file
 
         :param Optional[dict] dat: Data row from CSV file, defaults to None
         :param dict **kwargs: Additional keyword arguments
-        :return: RegScale Vulnerability object or None
-        :rtype: Optional[Vulnerability]
+        :return: RegScale IntegrationFinding object or None
+        :rtype: Optional[IntegrationFinding]
         """
 
-        hostname = self.mapping.get_value(dat, self.image_name)
+        try:
+            hostname = self.mapping.get_value(dat, self.image_name)
 
-        # Custom Integration Mapping fields
-        remediation = self.mapping.get_value(dat, self.integration_mapping.load("aqua", "remediation")) or (
-            self.mapping.get_value(dat, self.description) or "Upgrade affected package"
-        )  # OLDTODO: BMC would like this to use "Solution" column
-        description = self.mapping.get_value(dat, self.integration_mapping.load("aqua", "description")) or (
-            self.mapping.get_value(dat, self.description)
-        )
-        title = self.mapping.get_value(dat, self.integration_mapping.load("aqua", "title")) or (
-            description[:255] if description else f"Vulnerability on {hostname}"
-        )  # OLDTODO: BMC Would like the CVE here
-
-        regscale_vuln = None
-        severity = self.determine_cvss_severity(dat)
-        config = self.attributes.app.config
-        asset_match = [asset for asset in self.data["assets"] if asset.name == hostname]
-        asset = asset_match[0] if asset_match else None
-        if asset_match and self.validate(ix=kwargs.get("index"), dat=dat):
-            regscale_vuln = Vulnerability(
-                id=0,
-                scanId=0,
-                parentId=asset.id,
-                parentModule="assets",
-                ipAddress="0.0.0.0",
-                lastSeen=datetime_str(self.mapping.get_value(dat, self.last_image_scan))
-                or self.current_datetime_w_log(self.last_image_scan),
-                firstSeen=datetime_str(self.mapping.get_value(dat, self.ffi)) or self.current_datetime_w_log(self.ffi),
-                daysOpen=None,
-                dns=hostname,
-                mitigated=None,
-                operatingSystem=asset.operatingSystem,
-                severity=severity,
-                plugInName=description,
-                cve=self.mapping.get_value(dat, self.vuln_title),
-                cvsSv3BaseScore=self.mapping.get_value(dat, self.vendor_cvss_v3_score, 0.0),
-                tenantsId=0,
-                title=title,
-                description=description,
-                plugInText=self.mapping.get_value(dat, self.vuln_title),
-                createdById=config["userId"],
-                lastUpdatedById=config["userId"],
-                dateCreated=get_current_datetime(),
-                extra_data={"solution": remediation},
+            # Custom Integration Mapping fields
+            remediation = self.mapping.get_value(dat, self.integration_mapping.load("aqua", "remediation")) or (
+                self.mapping.get_value(dat, self.description) or "Upgrade affected package"
+            )  # OLDTODO: BMC would like this to use "Solution" column
+            description = self.mapping.get_value(dat, self.integration_mapping.load("aqua", "description")) or (
+                self.mapping.get_value(dat, self.description)
             )
-        return regscale_vuln
+            title = self.mapping.get_value(dat, self.integration_mapping.load("aqua", "title")) or (
+                description[:255] if description else f"Vulnerability on {hostname}"
+            )  # OLDTODO: BMC Would like the CVE here
+
+            cvss3_score = self.mapping.get_value(dat, self.vendor_cvss_v3_score) or 0.0
+            cvss_v2_score = self.mapping.get_value(dat, self.vendor_cvss_v2_score) or 0.0
+
+            regscale_finding = None
+            severity = self.determine_cvss_severity(dat)
+            # Create IntegrationFinding if we have valid data and asset match
+
+            if dat:
+                return IntegrationFinding(
+                    control_labels=[],  # Add an empty list for control_labels
+                    title=title,
+                    description=description,
+                    ip_address="0.0.0.0",
+                    cve=self.mapping.get_value(dat, self.vuln_title, "").upper(),
+                    severity=severity,
+                    asset_identifier=hostname,
+                    plugin_name=description,
+                    plugin_id=self.mapping.get_value(dat, self.vuln_title),
+                    cvss_score=cvss_v2_score or 0.0,
+                    cvss_v3_score=cvss3_score or 0.0,
+                    cvss_v2_score=cvss_v2_score or 0.0,
+                    plugin_text=self.mapping.get_value(dat, self.vuln_title),
+                    remediation=remediation,
+                    category="Hardware",
+                    status=IssueStatus.Open,
+                    first_seen=self.determine_first_seen(dat),
+                    last_seen=datetime_str(self.mapping.get_value(dat, self.last_image_scan))
+                    or self.current_datetime_w_log(self.last_image_scan),
+                    vulnerability_type="Vulnerability Scan",
+                    baseline=f"{self.name} Host",
+                )
+            return regscale_finding
+        except AttributeError as e:
+            self.logger.error(f"Error creating finding: {e}")
+            return None
 
     def determine_cvss_severity(self, dat: dict) -> str:
         """
@@ -217,7 +231,7 @@ class Aqua(FlatFileImporter):
                 severity = self.mapping.get_value(dat, key).lower()
                 break
 
-        return severity
+        return self.determine_severity(severity)
 
     def validate(self, ix: Optional[int], dat: dict) -> bool:
         """

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,52 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.07.29",
-    "dateReleased": "2025-07-29T12:46:00.2038Z",
-    "count": 1391,
+    "catalogVersion": "2025.08.05",
+    "dateReleased": "2025-08-05T18:03:16.7522Z",
+    "count": 1394,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2020-25078",
+            "vendorProject": "D-Link",
+            "product": "DCS-2530L and DCS-2670L Devices",
+            "vulnerabilityName": "D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability",
+            "dateAdded": "2025-08-05",
+            "shortDescription": "D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-26",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.dlink.com\/productinfo.aspx?m=DCS-2530L ; https:\/\/supportannouncement.us.dlink.com\/announcement\/publication.aspx?name=SAP10180 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-25078",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2020-25079",
+            "vendorProject": "D-Link",
+            "product": "DCS-2530L and DCS-2670L Devices",
+            "vulnerabilityName": "D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability",
+            "dateAdded": "2025-08-05",
+            "shortDescription": "D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin\/ddns_enc.cgi. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-26",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/support.dlink.com\/productinfo.aspx?m=DCS-2530L ; https:\/\/supportannouncement.us.dlink.com\/announcement\/publication.aspx?name=SAP10180 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-25079",
+            "cwes": [
+                "CWE-77"
+            ]
+        },
+        {
+            "cveID": "CVE-2022-40799",
+            "vendorProject": "D-Link",
+            "product": "DNR-322L",
+            "vulnerabilityName": "D-Link DNR-322L Download of Code Without Integrity Check Vulnerability",
+            "dateAdded": "2025-08-05",
+            "shortDescription": "D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-08-26",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.dlink.com\/uk\/en\/products\/dnr-322l-cloud-network-video-recorder ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-40799",
+            "cwes": [
+                "CWE-494"
+            ]
+        },
         {
             "cveID": "CVE-2023-2533",
             "vendorProject": "PaperCut",
@@ -148,7 +191,7 @@
             "shortDescription": "Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.",
             "requiredAction": "Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.",
             "dueDate": "2025-07-21",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/07\/22\/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities\/ ; https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53770 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-53770",
             "cwes": [
                 "CWE-502"

regscale/models/integration_models/defenderimport.py

@@ -3,13 +3,14 @@ Integration model to import data from Defender .csv export
 """
 
 import json
-from typing import Optional
+from typing import Iterator, List, Optional
 
 from regscale.core.app.application import Application
 from regscale.core.app.logz import create_logger
-from regscale.core.app.utils.app_utils import get_current_datetime, is_valid_fqdn
+from regscale.core.app.utils.app_utils import is_valid_fqdn
 from regscale.core.utils.date import datetime_obj, datetime_str
-from regscale.models import Asset, ImportValidater, Vulnerability
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
+from regscale.models import Asset, ImportValidater, IssueSeverity, IssueStatus
 from regscale.models.integration_models.flat_file_importer import FlatFileImporter
 
 
@@ -60,7 +61,7 @@ class DefenderImport(FlatFileImporter):
 
         return datetime_str(dt_object, self.dt_format)
 
-    def create_asset(self, dat: Optional[dict] = None) -> Asset:
+    def create_asset(self, dat: Optional[dict] = None) -> IntegrationAsset:
         """
         Create an asset from a row in the Snyk file
 
@@ -72,72 +73,76 @@ class DefenderImport(FlatFileImporter):
         os = Asset.find_os(additional_data.get("imageDetails", {}).get("osDetails", ""))
         name = additional_data.get("repositoryName", "")
         valid_name = is_valid_fqdn(name)
-        return Asset(
-            **{
-                "id": 0,
-                "name": name,
-                "ipAddress": "0.0.0.0",
-                "isPublic": True,
-                "status": "Active (On Network)",
-                "assetCategory": "Software",
-                "bLatestScan": True,
-                "bAuthenticatedScan": True,
-                "scanningTool": self.name,
-                "assetOwnerId": self.config["userId"],
-                "assetType": "Other",
-                "fqdn": name if valid_name else None,
-                "systemAdministratorId": self.config["userId"],
-                "parentId": self.attributes.parent_id,
-                "parentModule": self.attributes.parent_module,
-                "operatingSystem": os,
-            }
+        return IntegrationAsset(
+            identifier=name,
+            name=name,
+            ip_address="0.0.0.0",
+            status="Active (On Network)",
+            asset_category="Software",
+            scanning_tool=self.name,
+            asset_type="Other",
+            fqdn=name if valid_name else None,
+            operating_system=os,
         )
 
-    def create_vuln(self, dat: Optional[dict] = None, **kwargs: dict) -> Optional[Vulnerability]:
+    def create_vuln(self, dat: Optional[dict] = None, **kwargs: dict) -> Iterator[IntegrationFinding]:
         """
         Create a vulnerability from a row in the Snyk csv file
 
         :param Optional[dict] dat: Data row from CSV file, defaults to None
         :param dict **kwargs: Additional keyword arguments
-        :return: RegScale Vulnerability object or None
-        :rtype: Optional[Vulnerability]
+        :return: RegScale Iterator of findings
+        :rtype: Iterator[IntegrationFinding]
         """
-        regscale_vuln = None
-        severity = self.mapping.get_value(dat, "SEVERITY", "").lower()
+        regscale_findings: List[IntegrationFinding] = []
+        severity = self.determine_severity(self.mapping.get_value(dat, "SEVERITY", "").lower())
         additional_data = json.loads(self.mapping.get_value(dat, "ADDITIONALDATA", {}))
         hostname = additional_data.get("repositoryName", "")
         description = self.mapping.get_value(dat, self.vuln_title)
         solution = self.mapping.get_value(dat, self.vuln_id)
-        config = self.attributes.app.config
-        asset_match = [asset for asset in self.data["assets"] if asset.name == hostname]
-        asset = asset_match[0] if asset_match else None
         cves = [cve.get("title", "") for cve in additional_data.get("cve", [])]
         cvss_v3_score = float(additional_data.get("cvssV30Score", 0))
-        if dat and asset_match:
-            regscale_vuln = Vulnerability(
-                id=0,
-                scanId=0,  # set later
-                parentId=asset.id,
-                parentModule="assets",
-                ipAddress="0.0.0.0",  # No ip address available
-                lastSeen=get_current_datetime(),
-                firstSeen=self.determine_first_seen(dat),
-                daysOpen=None,
-                dns=hostname,
-                mitigated=None,
-                operatingSystem=None,
-                severity=severity,
-                plugInName=description,
-                cve=", ".join(cves) if cves else self.mapping.get_value(dat, self.vuln_title),
-                vprScore=None,
-                cvsSv3BaseScore=cvss_v3_score,
-                tenantsId=0,
-                title=f"{description} on asset {asset.name}",
-                description=description,
-                plugInText=self.mapping.get_value(dat, self.vuln_title),
-                createdById=config["userId"],
-                lastUpdatedById=config["userId"],
-                dateCreated=get_current_datetime(),
-                extra_data={"solution": solution},
-            )
-        return regscale_vuln
+        if dat:
+            if cves and isinstance(cves, list):
+                for cve in cves:
+                    regscale_finding = IntegrationFinding(
+                        title=f"{description} on asset {hostname}",
+                        asset_identifier=hostname,
+                        description=description,
+                        severity=severity,
+                        status=IssueStatus.Open.value,
+                        cvss_v3_score=cvss_v3_score,
+                        cvss_v3_base_score=cvss_v3_score,
+                        plugin_name=description,
+                        plugin_text=self.mapping.get_value(dat, self.vuln_title),
+                        cve=cve,
+                        recommendation_for_mitigation=solution,
+                        first_seen=self.determine_first_seen(dat),
+                        last_seen=self.scan_date,
+                        scan_date=self.scan_date,
+                        category="Software",
+                        control_labels=[],
+                    )
+                    regscale_findings.append(regscale_finding)
+            else:
+                regscale_finding = IntegrationFinding(
+                    title=f"{description} on asset {hostname}",
+                    description=description,
+                    severity=severity,
+                    status=IssueStatus.Open.value,
+                    cvss_v3_score=cvss_v3_score,
+                    cvss_v3_base_score=cvss_v3_score,
+                    plugin_name=description,
+                    plugin_text=self.mapping.get_value(dat, self.vuln_title),
+                    asset_identifier=hostname,
+                    cve=self.mapping.get_value(dat, self.vuln_title),
+                    recommendation_for_mitigation=solution,
+                    first_seen=self.determine_first_seen(dat),
+                    last_seen=self.scan_date,
+                    scan_date=self.scan_date,
+                    category="Software",
+                    control_labels=[],
+                )
+                regscale_findings.append(regscale_finding)
+
+        yield from regscale_findings