regscale-cli 6.20.9.1__py3-none-any.whl → 6.21.0.0__py3-none-any.whl

regscale/models/integration_models/nexpose.py

@@ -2,43 +2,47 @@
 Nexpose Scan information
 """
 
-from pathlib import Path
 from typing import Optional
 
 from regscale.core.app.application import Application
 from regscale.core.app.logz import create_logger
-from regscale.core.app.utils.app_utils import epoch_to_datetime, get_current_datetime, is_valid_fqdn
+from regscale.core.app.utils.app_utils import epoch_to_datetime, is_valid_fqdn
+from regscale.core.utils.date import date_str
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
 from regscale.models import ImportValidater
-from regscale.models.app_models.mapping import Mapping
 from regscale.models.integration_models.flat_file_importer import FlatFileImporter
-from regscale.models.regscale_models import Asset, Issue, Vulnerability
+from regscale.models.regscale_models import Asset, IssueSeverity, IssueStatus
 
 VULNERABILITY_TITLE = "Vulnerability Title"
 VULNERABILITY_ID = "Vulnerability ID"
 CVSS3_SCORE = "CVSSv3 Score"
-IP_ADDRESS = "IP Address"
+CVSS2_SCORE = "CVSSv2 Score"
+IP_ADDRESS = "IP_Address"
+FIRST_SEEN = "first_seen"
+SCAN_DATE = "scan_start_time"
+CVE = "CVEs"
 
 
-class Nexpose(FlatFileImporter):
+class Nexpose(FlatFileImporter):  # pylint: disable=too-many-instance-attributes
     """
-    Prisma/Nexpose Scan information
+    Nexpose Scan information
     """
 
-    def __init__(self, **kwargs):
+    def __init__(self, **kwargs):  # pylint: disable=R0902
         self.name = kwargs.get("name")
         self.vuln_title = VULNERABILITY_TITLE
         self.vuln_id = VULNERABILITY_ID
         self.cvss3_score = CVSS3_SCORE
+        self.first_seen = FIRST_SEEN
+        self.scan_date_field = SCAN_DATE
+        self.cve = CVE
         self.required_headers = [
-            "IP Address",
             "Hostname",
-            "OS",
             "Vulnerability Title",
             "Vulnerability ID",
             "CVSSv2 Score",
             "CVSSv3 Score",
             "Description",
-            "Proof",
             "Solution",
             "CVEs",
         ]
@@ -60,81 +64,165 @@ class Nexpose(FlatFileImporter):
             **kwargs,
         )
 
-    def create_asset(self, dat: Optional[dict] = None) -> Optional[Asset]:
+    def create_asset(self, dat: Optional[dict] = None) -> Optional[IntegrationAsset]:
         """
         Create an asset from a row in the Nexpose csv file
 
         :param Optional[dict] dat: Data row from CSV file, defaults to None
-        :return: RegScale Asset object, if it has a hostname
-        :rtype: Optional[Asset]
+        :return: RegScale IntegrationAsset object, if it has a hostname
+        :rtype: Optional[IntegrationAsset]
         """
         if hostname := self.mapping.get_value(dat, "Hostname"):
-            return Asset(
+            return IntegrationAsset(
                 **{
-                    "id": 0,
                     "name": hostname,
-                    "ipAddress": self.mapping.get_value(dat, IP_ADDRESS),
-                    "isPublic": True,
+                    "ip_address": self.mapping.get_value(dat, IP_ADDRESS, "0.0.0.0"),
+                    "identifier": hostname,
+                    "other_tracking_number": hostname,
                     "status": "Active (On Network)",
-                    "assetCategory": "Hardware",
-                    "bLatestScan": True,
-                    "bAuthenticatedScan": True,
-                    "scanningTool": self.name,
-                    "assetOwnerId": self.config["userId"],
-                    "assetType": "Other",
+                    "asset_category": "Hardware",
+                    "asset_type": "Other",
+                    "scanning_tool": self.name,
                     "fqdn": hostname if is_valid_fqdn(hostname) else None,
-                    "operatingSystem": Asset.find_os(self.mapping.get_value(dat, "OS")),
-                    "systemAdministratorId": self.config["userId"],
-                    "parentId": self.attributes.parent_id,
-                    "parentModule": self.attributes.parent_module,
+                    "operating_system": Asset.find_os(self.mapping.get_value(dat, "OS")),
                 }
             )
+        return None
 
-    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> Optional[Vulnerability]:
+    @staticmethod
+    def determine_severity_from_cvss_score(cvss_score: float, cvss_version: str = "v3") -> IssueSeverity:
         """
-        Create a vulnerability from a row in the Prisma/Nexpose csv file
+        Determine CVSS Severity Text from CVSS Base Score
+
+        :param float cvss_score: CVSS Base Score
+        :param str cvss_version: CVSS version ("v2" or "v3"), defaults to "v3"
+        :return: CVSS Severity Text
+        :rtype: IssueSeverity
+        """
+        results = IssueSeverity.Low
+
+        if cvss_version.lower() == "v3":
+            # CVSSv3 severity ranges
+            if 4.0 <= cvss_score <= 6.9:
+                results = IssueSeverity.Moderate
+            elif 7.0 <= cvss_score <= 8.9:
+                results = IssueSeverity.High
+            elif cvss_score > 8.9:
+                results = IssueSeverity.Critical
+        elif cvss_version.lower() == "v2":
+            # CVSSv2 severity ranges
+            if 4.0 <= cvss_score <= 6.9:
+                results = IssueSeverity.Moderate
+            elif 7.0 <= cvss_score <= 10.0:
+                results = IssueSeverity.High
+            # CVSSv2 doesn't have a "Critical" category, High is the highest
+
+        return results
+
+    def severity_from_text(self, text_severity: str) -> Optional[IssueSeverity]:
+        """
+        Determine severity from text severity
+
+        :param str text_severity: Text severity
+        :return: IssueSeverity or None
+        :rtype: Optional[IssueSeverity]
+        """
+        if text_severity.lower() == "low":
+            return IssueSeverity.Low
+        if text_severity.lower() in ["medium", "moderate"]:
+            return IssueSeverity.Moderate
+        if text_severity.lower() == "high":
+            return IssueSeverity.High
+        if text_severity.lower() in ["critical", "severe"]:
+            return IssueSeverity.Critical
+        return None
+
+    def _determine_severity(self, dat: Optional[dict] = None) -> IssueSeverity:
+        """
+        Determine severity using the priority order: text severity > CVSSv3 > CVSSv2 > default
+
+        :param Optional[dict] dat: Data row from CSV file, defaults to None
+        :return: Determined IssueSeverity
+        :rtype: IssueSeverity
+        """
+        # Default severity
+        severity = IssueSeverity.Low
+
+        # Extract CVSS scores
+        cvss3_score = self.mapping.get_value(dat, self.cvss3_score) or 0.0
+        cvss2_score = self.mapping.get_value(dat, CVSS2_SCORE) or 0.0
+
+        # Priority 1: Check for text-based severity (client-specific)
+        # This is client specific, need to be able to override the severity source
+        text_severity = self.severity_from_text(
+            self.mapping.get_value(dat, "adobe_severity")
+        ) or self.severity_from_text(self.mapping.get_value(dat, "nexpose_severity"))
+
+        if text_severity:
+            severity = text_severity
+        else:
+            # Priority 2: Use CVSSv3 score if available and valid
+            if cvss3_score and cvss3_score > 0:
+                severity = self.determine_severity_from_cvss_score(float(cvss3_score), "v3")
+            # Priority 3: Fall back to CVSSv2 score if available and valid
+            elif cvss2_score and cvss2_score > 0:
+                severity = self.determine_severity_from_cvss_score(float(cvss2_score), "v2")
+
+        return severity
+
+    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> Optional[IntegrationFinding]:
+        """
+        Create an IntegrationFinding from a row in the Prisma/Nexpose csv file
 
         :param Optional[dict] dat: Data row from CSV file, defaults to None
-        :return: RegScale Vulnerability object or None
-        :rtype: Optional[Vulnerability]
+        :param kwargs: Additional keyword arguments
+        :return: RegScale IntegrationFinding object or None
+        :rtype: Optional[IntegrationFinding]
         """
-        regscale_vuln = None
-        cvss3_score = self.mapping.get_value(dat, self.cvss3_score)
+        regscale_finding = None
+
+        # Extract basic data
         hostname: str = self.mapping.get_value(dat, "Hostname")
-        os: str = self.mapping.get_value(dat, "OS")
         description: str = self.mapping.get_value(dat, "Description")
-        severity = Vulnerability.determine_cvss3_severity_text(float(cvss3_score)) if cvss3_score else "low"
-        config = self.attributes.app.config
-        asset_match = [asset for asset in self.data["assets"] if asset.name == hostname]
-        asset = asset_match[0] if asset_match else None
-        if dat and asset_match:
-            return Vulnerability(
-                id=0,
-                scanId=0,  # set later
-                parentId=asset.id,
-                parentModule="assets",
-                ipAddress="0.0.0.0",  # No ip address available
-                lastSeen=get_current_datetime(),
-                firstSeen=epoch_to_datetime(self.create_epoch),
-                daysOpen=None,
-                dns=hostname,
-                mitigated=None,
-                operatingSystem=(Asset.find_os(os) if Asset.find_os(os) else None),
-                severity=severity,
-                plugInName=self.mapping.get_value(dat, self.vuln_title),
-                plugInId=self.mapping.get_value(dat, self.vuln_id),
-                cve=self.mapping.get_value(dat, "CVEs"),
-                vprScore=None,
-                tenantsId=0,
-                title=description[:255],
+        cvss3_score = self.mapping.get_value(dat, self.cvss3_score) or 0.0
+
+        # Determine severity using priority logic
+        severity = self._determine_severity(dat)
+
+        # Find matching asset
+
+        # Extract date information
+        first_seen = (
+            self.mapping.get_value(dat, self.first_seen)
+            or self.mapping.get_value(dat, "first_seen")
+            or epoch_to_datetime(self.create_epoch)
+        )
+
+        if scan_date := self.mapping.get_value(dat, SCAN_DATE):
+            self.scan_date = scan_date
+        cvss_score = self.mapping.get_value(dat, CVSS2_SCORE)
+
+        # Create IntegrationFinding if we have valid data and asset match
+        if dat:
+            return IntegrationFinding(
+                control_labels=[],  # Add an empty list for control_labels
+                title=self.mapping.get_value(dat, self.vuln_title),
                 description=description,
-                plugInText=self.mapping.get_value(dat, self.vuln_title),
-                createdById=config["userId"],
-                lastUpdatedById=config["userId"],
-                dateCreated=get_current_datetime(),
-                extra_data={
-                    "solution": self.mapping.get_value(dat, "Solution"),
-                    "proof": self.mapping.get_value(dat, "Proof"),
-                },
+                cve=self.mapping.get_value(dat, self.cve, "").upper(),
+                severity=severity,
+                asset_identifier=hostname,
+                plugin_name=self.mapping.get_value(dat, self.vuln_title),
+                plugin_id=str(self.mapping.get_value(dat, self.vuln_id)),
+                cvss_score=cvss_score or 0.0,
+                cvss_v3_score=cvss3_score or 0.0,
+                cvss_v2_score=cvss_score or 0.0,
+                plugin_text=description[:255],
+                remediation=self.mapping.get_value(dat, "Solution"),
+                category="Hardware",
+                status=IssueStatus.Open,
+                first_seen=self.scan_date or date_str(first_seen),
+                scan_date=date_str(scan_date) or self.scan_date,
+                vulnerability_type="Vulnerability Scan",
+                baseline=f"{self.name} Host",
             )
-        return regscale_vuln
+        return regscale_finding

regscale/models/integration_models/prisma.py

@@ -10,11 +10,10 @@ from typing import Any, List, Optional
 from regscale.core.app.application import Application
 from regscale.core.app.logz import create_logger
 from regscale.core.app.utils.app_utils import epoch_to_datetime, get_current_datetime, is_valid_fqdn
+from regscale.integrations.scanner_integration import IntegrationAsset, IntegrationFinding
 from regscale.models import ImportValidater
 from regscale.models.integration_models.flat_file_importer import FlatFileImporter
-from regscale.models.regscale_models import SoftwareInventory
-from regscale.models.regscale_models.asset import Asset
-from regscale.models.regscale_models.vulnerability import Vulnerability
+from regscale.models.regscale_models import Asset, IssueSeverity, IssueStatus, SoftwareInventory, Vulnerability
 
 FIX_STATUS = "Fix Status"
 VULNERABILITY_ID = "Vulnerability ID"
@@ -38,7 +37,7 @@ class Prisma(FlatFileImporter):
 
     def __init__(self, **kwargs):
         self.name = kwargs.get("name")
-        regscale_ssp_id = kwargs.get("regscale_ssp_id")
+        regscale_ssp_id = kwargs.get("object_id")
         self.image_name = "Id"
         self.vuln_title = CVE_ID
         self.cvss3_score = "CVSS"
@@ -63,94 +62,75 @@ class Prisma(FlatFileImporter):
             ignore_validation=True,
             **kwargs,
         )
-        self.create_software_inventory()
+        # self.create_software_inventory()
 
-    def create_asset(self, dat: Optional[dict] = None) -> Asset:
+    def create_asset(self, dat: Optional[dict] = None) -> IntegrationAsset:
         """
         Create an asset from a row in the Prisma csv file
 
         :param Optional[dict] dat: Data row from CSV file, defaults to None
-        :return: RegScale Asset object
-        :rtype: Asset
+        :return: RegScale IntegrationAsset object
+        :rtype: IntegrationAsset
         """
         hostname = self.mapping.get_value(dat, "Hostname")
         distro = self.mapping.get_value(dat, "Distro")
 
-        return Asset(
+        return IntegrationAsset(
             **{
-                "id": 0,
                 "name": hostname,
-                "ipAddress": self.mapping.get_value(dat, "IP Address"),
-                "isPublic": True,
+                "ip_address": self.mapping.get_value(dat, "IP Address"),
+                "identifier": hostname,
+                "other_tracking_number": hostname,
                 "status": "Active (On Network)",
-                "assetCategory": "Hardware",
-                "bLatestScan": True,
-                "bAuthenticatedScan": True,
-                "scanningTool": self.name,
-                "assetOwnerId": self.config["userId"],
-                "assetType": "Other",
+                "asset_category": "Hardware",
+                "asset_type": "Other",
+                "scanning_tool": self.name,
                 "fqdn": hostname if is_valid_fqdn(hostname) else None,
-                "operatingSystem": Asset.find_os(distro),
-                "systemAdministratorId": self.config["userId"],
-                "parentId": self.attributes.parent_id,
-                "parentModule": self.attributes.parent_module,
+                "operating_system": Asset.find_os(distro),
             }
         )
 
-    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> Optional[Vulnerability]:
+    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> Optional[IntegrationFinding]:
         """
-        Create a vulnerability from a row in the Prisma csv file
+        Create a IntegrationFinding from a row in the Prisma csv file
 
         :param Optional[dict] dat: Data row from CSV file, defaults to None
-        :return: RegScale Vulnerability object or None
-        :rtype: Optional[Vulnerability]
+        :return: RegScale IntegrationFinding object or None
+        :rtype: Optional[IntegrationFinding]
         """
         cvss3_score = self.mapping.get_value(dat, self.cvss3_score)
         hostname: str = self.mapping.get_value(dat, "Hostname")
-        distro: str = self.mapping.get_value(dat, "Distro")
         cve: str = self.mapping.get_value(dat, CVE_ID)
         description: str = self.mapping.get_value(dat, "Description")
-        title = self.mapping.get_value(dat, self.vuln_title)
-        regscale_vuln = None
-        severity = Vulnerability.determine_cvss3_severity_text(float(cvss3_score)) if cvss3_score else "low"
-        config = self.attributes.app.config
-        asset_match = [asset for asset in self.data["assets"] if asset.name == hostname]
-        asset = asset_match[0] if asset_match else None
-        if dat and asset_match:
-            return Vulnerability(
-                id=0,
-                scanId=0,  # set later
-                parentId=asset.id,
-                parentModule="assets",
-                ipAddress="0.0.0.0",  # No ip address available
-                lastSeen=epoch_to_datetime(self.create_epoch),
-                firstSeen=epoch_to_datetime(self.create_epoch),
-                daysOpen=None,
-                dns=hostname,
-                mitigated=None,
-                operatingSystem=(Asset.find_os(distro) if Asset.find_os(distro) else None),
+        regscale_finding: Optional[IntegrationFinding] = None
+        severity = (
+            self.determine_severity(Vulnerability.determine_cvss3_severity_text(float(cvss3_score)))
+            if cvss3_score
+            else IssueSeverity.NotAssigned
+        )
+        seen = epoch_to_datetime(self.create_epoch)
+        if dat:
+            return IntegrationFinding(
+                control_labels=[],  # Add an empty list for control_labels
+                title=self.mapping.get_value(dat, self.vuln_title),
+                description=description,
+                cve=cve.upper(),
                 severity=severity,
-                plugInName=self.mapping.get_value(dat, self.vuln_title),
-                plugInId=(
-                    self.mapping.get_value(dat, VULNERABILITY_ID)
-                    if self.mapping.get_value(dat, VULNERABILITY_ID)
-                    else None
-                ),
-                cve=cve,
-                vprScore=None,
-                tenantsId=0,
-                title=title,
-                description=description[:255],
-                plugInText=title,
-                createdById=config["userId"],
-                lastUpdatedById=config["userId"],
-                dateCreated=get_current_datetime(),
-                extra_data={
-                    "solution": self.mapping.get_value(dat, FIX_STATUS),
-                    "proof": self.mapping.get_value(dat, FIX_STATUS),
-                },
+                asset_identifier=hostname,
+                plugin_name=self.mapping.get_value(dat, self.vuln_title),
+                plugin_id=self.mapping.get_value(dat, VULNERABILITY_ID),
+                cvss_v3_score=cvss3_score or 0.0,
+                plugin_text=description[:255],
+                remediation=self.mapping.get_value(dat, "Solution"),
+                category="Hardware",
+                status=IssueStatus.Open,
+                first_seen=seen,
+                scan_date=seen,
+                vulnerability_type="Vulnerability Scan",
+                baseline=f"{self.name} Host",
+                recommendation_for_mitigation=self.mapping.get_value(dat, FIX_STATUS),
             )
-        return regscale_vuln
+        return regscale_finding
 
     def create_software_inventory(self) -> List[SoftwareInventory]:
         """