regscale-cli 6.21.0.0__py3-none-any.whl → 6.21.2.0__py3-none-any.whl

regscale/integrations/commercial/wizv2/utils.py

@@ -24,14 +24,15 @@ from regscale.core.app.utils.app_utils import (
     error_and_exit,
     check_file_path,
     get_current_datetime,
-    format_dict_to_html,
     create_progress_object,
 )
 from regscale.core.utils.date import datetime_obj
+from regscale.integrations.commercial.cpe import extract_product_name_and_version
 from regscale.integrations.commercial.wizv2.constants import (
     BEARER,
     CHECK_INTERVAL_FOR_DOWNLOAD_REPORT,
     CONTENT_TYPE,
+    CPE_PART_TO_CATEGORY_MAPPING,
     CREATE_REPORT_QUERY,
     DOWNLOAD_QUERY,
     MAX_RETRIES,
@@ -39,7 +40,7 @@ from regscale.integrations.commercial.wizv2.constants import (
     REPORTS_QUERY,
     RERUN_REPORT_QUERY,
 )
-from regscale.integrations.commercial.wizv2.models import ComplianceReport, ComplianceCheckStatus
+from regscale.models.integration_models.wizv2 import ComplianceReport, ComplianceCheckStatus
 from regscale.integrations.commercial.wizv2.variables import WizVariables
 from regscale.integrations.commercial.wizv2.wiz_auth import wiz_authenticate
 from regscale.models import (
@@ -151,36 +152,49 @@ def create_asset_type(asset_type: str) -> str:
     return asset_type
 
 
-def map_category(asset_string: Union[set[str], str]) -> regscale_models.AssetCategory:
+def map_category(node: dict[str, Any]) -> regscale_models.AssetCategory:
     """
-    Map the asset category based on the asset string. If the asset string is not found in the wizHardwareAssetTypes or
-    in the AssetCategory enum, it will be mapped to "Software"
+    Map the asset category based on the given node. The node should be a CloudResoruce response from
+    the Wiz inventory query.
 
-    :param Union[set[str], str] asset_string: Set of strings from the Wiz asset's technologies.deploymentModel or
-     the node's type
+    If the CloudResource type or any of the technologies deploymentModel entries match those in the
+    config parameter wizHardwareAssetTypes, "Hardware" will be returned, otherwise "Software".
+
+    :param dict[str, Any] node: A single node results from the Wiz CloudResource invenotty query.
+        It should have a 'type' key with the string asset type and a 'graphEntity' eky with a dict
+        which, in turn, has a 'technologies' key whose value is a dict with a 'deploymentModel' key
+        with a string value.
     :return: RegScale AssetCategory
     :rtype: regscale_models.AssetCategory
     """
-    try:
-        if isinstance(asset_string, set):
-            hardware_count = sum(
-                asset.lower() == type.lower() for type in WizVariables.wizHardwareAssetTypes for asset in asset_string
-            )
-            software_count = len(asset_string) - hardware_count
-            return (
-                regscale_models.AssetCategory.Hardware
-                if hardware_count > software_count
-                else regscale_models.AssetCategory.Software
-            )
-        if asset_string in WizVariables.wizHardwareAssetTypes:
+
+    # First check if there is a CPE which can tell us the category directly.
+    cpe = node.get("graphEntity", {}).get("properties", {}).get("cpe", "")
+    cpe_part = extract_product_name_and_version(cpe).get("part", "")
+    if cpe_part and cpe_part.lower() in CPE_PART_TO_CATEGORY_MAPPING:
+        return CPE_PART_TO_CATEGORY_MAPPING[cpe_part]
+
+    # Then try mapping by the configured Wiz hardware asset and technology deployment model types.
+    asset_type = node.get("type", "")
+    if WizVariables.useWizHardwareAssetTypes:
+        if asset_type in WizVariables.wizHardwareAssetTypes:
             return regscale_models.AssetCategory.Hardware
-        elif asset_category := getattr(regscale_models.AssetCategory, asset_string):
+        if (graph_entity := node.get("graphEntity", {})) and (techs := graph_entity.get("technologies", [])):
+            for tech in techs:
+                # We double check just in case we get an explicit None for the technologies.
+                if tech and tech.get("deploymentModel", None) in WizVariables.wizHardwareAssetTypes:
+                    return regscale_models.AssetCategory.Hardware
+        else:
+            logger.debug("No graphEntity set for node %r, default to Software.", node)
+
+    # Finally try matching the asset type directly by name.
+    if hasattr(regscale_models.AssetCategory, asset_type):
+        if asset_category := getattr(regscale_models.AssetCategory, asset_type):
             return asset_category
-        return regscale_models.AssetCategory.Software
-    except (KeyError, AttributeError) as ex:
-        # why map AssetCategory of everything is software?
-        logger.debug("Unable to find %s in AssetType enum. Defaulting to Software\n", ex)
-        return regscale_models.AssetCategory.Software
+        logger.debug("Unknown AssetType %r for node %r. Defaulting to Software.", asset_type, node)
+
+    # If all else fails, default to software.
+    return regscale_models.AssetCategory.Software
 
 
 def convert_first_seen_to_days(first_seen: str) -> int:
@@ -674,9 +688,44 @@ def create_compliance_report(
             "type": "COMPLIANCE_ASSESSMENTS",
             "csvDelimiter": "US",
             "projectId": wiz_project_id,
-            "complianceAssessmentsParams": {"securityFrameworkIds": [framework_id]},
+            "complianceAssessmentsParams": {
+                "securityFrameworkIds": [framework_id],
+            },
             "emailTargetParams": None,
             "exportDestinations": None,
+            "columnSelection": [
+                "Assessed At",
+                "Category",
+                "Cloud Provider",
+                "Cloud Provider ID",
+                "Compliance Check Name (Wiz Subcategory)",
+                "Created At",
+                "Framework",
+                "Ignore Reason",
+                "Issue/Finding ID",
+                "Native Type",
+                "Object Type",
+                "Policy Description",
+                "Policy ID",
+                "Policy Name",
+                "Policy Short Name",
+                "Policy Type",
+                "Projects",
+                "Remediation Steps",
+                "Resource Cloud Platform",
+                "Resource Group Name",
+                "Resource ID",
+                "Resource Name",
+                "Resource Region",
+                "Result",
+                "Severity",
+                "Subscription",
+                "Subscription Name",
+                "Subscription Provider ID",
+                "Subscription Status",
+                "Tags",
+                "Updated At",
+            ],
         }
     }
 
@@ -749,6 +798,8 @@ def rerun_expired_report(variables: Dict) -> requests.Response:
     return response
 
 
+# Compliance functions moved to wiz_compliance.py
+# This is a deprecated function - use WizComplianceIntegration instead
 def _sync_compliance(
     wiz_project_id: str,
     regscale_id: int,
@@ -757,6 +808,7 @@ def _sync_compliance(
     client_secret: str,
     catalog_id: Optional[int] = None,
     framework: Optional[str] = "NIST800-53R5",
+    update_control_status: bool = True,
 ) -> List[ComplianceReport]:
     """
     Sync compliance posture from Wiz to RegScale
@@ -768,6 +820,7 @@ def _sync_compliance(
     :param str client_secret: Wiz Client Secret
     :param Optional[int] catalog_id: Catalog ID, defaults to None
     :param Optional[str] framework: Framework, defaults to NIST800-53R5
+    :param bool update_control_status: Update control implementation status based on compliance results, defaults to True
     :return: List of ComplianceReport objects
     :rtype: List[ComplianceReport]
     """
@@ -851,6 +904,7 @@ def _sync_compliance(
                 controls=controls,
                 progress=compliance_job_progress,
                 task=saving_regscale_data_job,
+                update_control_status=update_control_status,
             )
             logger.info("Completed saving RegScale data.")
         except Exception:
@@ -922,7 +976,13 @@ def _clean_passing_list(passing: Dict, failing: Dict) -> None:
 
 
 def create_assessment_from_compliance_report(
-    controls_to_reports: Dict, regscale_id: int, regscale_module: str, controls: List, progress: Progress, task: TaskID
+    controls_to_reports: Dict,
+    regscale_id: int,
+    regscale_module: str,
+    controls: List,
+    progress: Progress,
+    task: TaskID,
+    update_control_status: bool = True,
 ) -> None:
     """
     Create assessment from compliance report
@@ -933,6 +993,7 @@ def create_assessment_from_compliance_report(
     :param List controls: Controls
     :param Progress progress: Progress object, used for progress bar updates
     :param TaskID task: Task ID, used for progress bar updates
+    :param bool update_control_status: Update control implementation status based on compliance results, defaults to True
     :return: None
     :rtype: None
     """
@@ -954,7 +1015,12 @@ def create_assessment_from_compliance_report(
             filtered_results = [x for x in implementations if x.controlID == control_record_id]
 
             start_time = time.time()
-            create_report_assessment(filtered_results, reports, control_id)
+            create_report_assessment(
+                filtered_results,
+                reports,
+                control_id,
+                update_control_status=update_control_status,
+            )
             end_time = time.time()
             logger.debug(f"Assessment creation for {control_id} took {end_time - start_time:.2f} seconds")
 
@@ -967,13 +1033,19 @@ def create_assessment_from_compliance_report(
             progress.update(task, advance=1)
 
 
-def create_report_assessment(filtered_results: List, reports: List, control_id: str) -> None:
+def create_report_assessment(
+    filtered_results: List,
+    reports: List,
+    control_id: str,
+    update_control_status: bool = True,
+) -> None:
     """
     Create a single aggregated report assessment per control
 
     :param List filtered_results: Filtered results
     :param List reports: List of ComplianceReport objects for this control
     :param str control_id: Control ID
+    :param bool update_control_status: Update control implementation status based on compliance results, defaults to True
     :return: None
     :rtype: None
     """
@@ -1042,11 +1114,15 @@ def create_report_assessment(filtered_results: List, reports: List, control_id:
         isPublic=True,
     ).create()
 
-    # Update implementation status once with aggregated result
-    update_implementation_status(
-        implementation=implementation,
-        result=overall_result,
-    )
+    # Update implementation status once with aggregated result (if enabled)
+    if update_control_status:
+        update_implementation_status(
+            implementation=implementation,
+            result=overall_result,
+        )
+        logger.debug(f"Updated implementation status for {control_id}: {overall_result}")
+    else:
+        logger.debug(f"Skipping implementation status update for {control_id} (disabled via parameter)")
 
     logger.info(
         f"Created aggregated assessment for {control_id}: {assessment.id} "
@@ -1188,76 +1264,173 @@ def report_result_to_implementation_status(result: str) -> str:
     compliance_settings = get_wiz_compliance_settings()
 
     if compliance_settings:
-        status = _get_status_from_compliance_settings(result, compliance_settings)
-        if status:
-            return status
+        try:
+            # Get implementation status labels from compliance settings
+            status_labels = compliance_settings.get_field_labels("implementationStatus")
+
+            # Map compliance check result to implementation status
+            result_lower = result.lower()
+            for label in status_labels:
+                label_lower = label.lower()
+                if result_lower == ComplianceCheckStatus.PASS.value.lower():
+                    if label_lower in ["implemented", "complete", "compliant"]:
+                        return label
+                elif result_lower == ComplianceCheckStatus.FAIL.value.lower():
+                    if label_lower in ["inremediation", "in remediation", "remediation", "failed", "non-compliant"]:
+                        return label
+                else:  # Not implemented or other status
+                    if label_lower in ["notimplemented", "not implemented", "pending", "planned"]:
+                        return label
+
+            logger.debug(f"No matching compliance setting found for result: {result}")
+        except Exception as e:
+            logger.debug(f"Error using compliance settings for implementation status mapping: {e}")
 
     # Fallback to default mapping
-    return _get_default_status_mapping(result)
+    if result == ComplianceCheckStatus.PASS.value:
+        return ControlImplementationStatus.Implemented.value
+    elif result == ComplianceCheckStatus.FAIL.value:
+        return ControlImplementationStatus.InRemediation.value
+    else:
+        return ControlImplementationStatus.NotImplemented.value
 
 
-def _get_status_from_compliance_settings(result: str, compliance_settings) -> Optional[str]:
+def create_vulnerabilities_from_wiz_findings(
+    wiz_project_id: str,
+    regscale_plan_id: int,
+    client_id: Optional[str] = None,
+    client_secret: Optional[str] = None,
+    filter_by_override: Optional[str] = None,
+) -> int:
+    """
+    Create vulnerabilities from Wiz findings using the WizVulnerabilityIntegration class.
+
+    This function properly uses the ScannerIntegration framework to create vulnerabilities
+    and associated mappings, following the established patterns.
+
+    :param str wiz_project_id: Wiz project ID to scan
+    :param int regscale_plan_id: RegScale security plan ID
+    :param Optional[str] client_id: Wiz client ID (optional, uses WizVariables if not provided)
+    :param Optional[str] client_secret: Wiz client secret (optional, uses WizVariables if not provided)
+    :param Optional[str] filter_by_override: Optional filter override for findings
+    :return: Number of vulnerabilities processed
+    :rtype: int
     """
-    Get implementation status from compliance settings
+    # Import here to avoid circular imports
+    from regscale.integrations.commercial.wizv2.scanner import WizVulnerabilityIntegration
 
-    :param str result: Report result
-    :param compliance_settings: Compliance settings object
-    :return: Implementation status or None if not found
-    :rtype: Optional[str]
-    """
     try:
-        status_labels = compliance_settings.get_field_labels("implementationStatus")
-        result_lower = result.lower()
+        logger.info(f"Starting vulnerability creation for Wiz project {wiz_project_id}")
 
-        for label in status_labels:
-            status = _match_result_to_label(result_lower, label)
-            if status:
-                return status
+        # Create the integration instance
+        wiz_integration = WizVulnerabilityIntegration(plan_id=regscale_plan_id)
 
-        logger.debug(f"No matching compliance setting found for result: {result}")
-        return None
+        # Authenticate if credentials provided
+        if client_id and client_secret:
+            wiz_integration.authenticate(client_id=client_id, client_secret=client_secret)
+        elif not WizVariables.wizAccessToken:
+            # Try to authenticate with stored credentials
+            wiz_integration.authenticate()
+
+        # Set up any filter overrides
+        if filter_by_override:
+            try:
+                filter_dict = json.loads(filter_by_override)
+                logger.info(f"Using filter override: {filter_dict}")
+            except json.JSONDecodeError:
+                logger.warning(f"Invalid filter override JSON: {filter_by_override}")
+                filter_dict = {}
+        else:
+            filter_dict = {"projectId": wiz_project_id}
+
+        # Use the sync_findings class method which handles the complete workflow:
+        # 1. Creates ScanHistory
+        # 2. Fetches findings from Wiz
+        # 3. Creates vulnerabilities and vulnerability mappings
+        # 4. Creates associated issues (if configured)
+        # 5. Closes outdated vulnerabilities
+        # 6. Updates scan history with results
+        vulnerabilities_processed = WizVulnerabilityIntegration.sync_findings(
+            plan_id=regscale_plan_id,
+            wiz_project_id=wiz_project_id,
+            filter_by_override=json.dumps(filter_dict) if filter_dict else None,
+        )
+
+        logger.info(f"Successfully processed {vulnerabilities_processed} vulnerabilities from Wiz")
+        return vulnerabilities_processed
 
     except Exception as e:
-        logger.debug(f"Error using compliance settings for implementation status mapping: {e}")
-        return None
+        logger.error(f"Error creating vulnerabilities from Wiz findings: {e}", exc_info=True)
+        raise
 
 
-def _match_result_to_label(result_lower: str, label: str) -> Optional[str]:
+def create_single_vulnerability_from_wiz_data(
+    wiz_finding_data: Dict[str, Any],
+    asset_id: str,
+    regscale_plan_id: int,
+    scan_history_id: Optional[int] = None,
+) -> Optional[regscale_models.Vulnerability]:
     """
-    Match a result to a status label based on predefined mappings
+    Create a single vulnerability from Wiz finding data.
+
+    This is a lower-level function for creating individual vulnerabilities when you have
+    specific Wiz finding data and want more control over the process.
 
-    :param str result_lower: Lowercase result string
-    :param str label: Status label to check
-    :return: Matched label or None
-    :rtype: Optional[str]
+    :param Dict[str, Any] wiz_finding_data: Raw Wiz finding data
+    :param str asset_id: Asset identifier for the vulnerability
+    :param int regscale_plan_id: RegScale security plan ID
+    :param Optional[int] scan_history_id: Scan history ID (creates new if not provided)
+    :return: Created vulnerability or None if creation failed
+    :rtype: Optional[regscale_models.Vulnerability]
     """
-    label_lower = label.lower()
+    # Import here to avoid circular imports
+    from regscale.integrations.commercial.wizv2.scanner import WizVulnerabilityIntegration
+    from regscale.integrations.commercial.wizv2.constants import WizVulnerabilityType
 
-    if result_lower == ComplianceCheckStatus.PASS.value.lower():
-        return label if label_lower in ["implemented", "complete", "compliant"] else None
+    try:
+        # Create integration instance
+        wiz_integration = WizVulnerabilityIntegration(plan_id=regscale_plan_id)
+
+        # Create or get scan history
+        if scan_history_id:
+            scan_history = regscale_models.ScanHistory.get_by_id(scan_history_id)
+            if not scan_history:
+                logger.error(f"Scan history with ID {scan_history_id} not found")
+                return None
+        else:
+            scan_history = wiz_integration.create_scan_history()
 
-    if result_lower == ComplianceCheckStatus.FAIL.value.lower():
-        return (
-            label
-            if label_lower in ["inremediation", "in remediation", "remediation", "failed", "non-compliant"]
-            else None
-        )
+        # Parse the Wiz finding data into an IntegrationFinding
+        integration_finding = wiz_integration.parse_finding(wiz_finding_data, WizVulnerabilityType.VULNERABILITY)
 
-    # Not implemented or other status
-    return label if label_lower in ["notimplemented", "not implemented", "pending", "planned"] else None
+        if not integration_finding:
+            logger.warning("Failed to parse Wiz finding data into IntegrationFinding")
+            return None
 
+        # Set the asset identifier
+        integration_finding.asset_identifier = asset_id
 
-def _get_default_status_mapping(result: str) -> str:
-    """
-    Get default status mapping for a result
+        # Get the asset
+        asset = wiz_integration.get_asset_by_identifier(asset_id)
+        if not asset:
+            logger.error(f"Asset with identifier {asset_id} not found")
+            return None
 
-    :param str result: Report result
-    :return: Default implementation status
-    :rtype: str
-    """
-    if result == ComplianceCheckStatus.PASS.value:
-        return ControlImplementationStatus.Implemented.value
-    elif result == ComplianceCheckStatus.FAIL.value:
-        return ControlImplementationStatus.InRemediation.value
-    else:
-        return ControlImplementationStatus.NotImplemented.value
+        # Handle the vulnerability creation using the integration framework
+        vulnerability_id = wiz_integration.handle_vulnerability(
+            finding=integration_finding,
+            asset=asset,
+            scan_history=scan_history,
+        )
+
+        if vulnerability_id:
+            vulnerability = regscale_models.Vulnerability.get_by_id(vulnerability_id)
+            logger.info(f"Successfully created vulnerability {vulnerability_id}")
+            return vulnerability
+        else:
+            logger.warning("Failed to create vulnerability")
+            return None
+
+    except Exception as e:
+        logger.error(f"Error creating single vulnerability: {e}", exc_info=True)
+        return None

regscale/integrations/commercial/wizv2/variables.py

@@ -3,7 +3,7 @@
 """Wiz Variables"""
 
 from regscale.core.app.utils.variables import RsVariableType, RsVariablesMeta
-from regscale.integrations.commercial.wizv2.constants import RECOMMENDED_WIZ_INVENTORY_TYPES
+from regscale.integrations.commercial.wizv2.constants import RECOMMENDED_WIZ_INVENTORY_TYPES, DEFAULT_WIZ_HARDWARE_TYPES
 
 
 class WizVariables(metaclass=RsVariablesMeta):
@@ -32,8 +32,9 @@ class WizVariables(metaclass=RsVariablesMeta):
     useWizHardwareAssetTypes: RsVariableType(bool, False, required=False)  # type: ignore
     wizHardwareAssetTypes: RsVariableType(
         list,
-        '["SERVER_APPLICATION", "CLIENT_APPLICATION", "VIRTUAL_APPLIANCE"]',
-        default=["SERVER_APPLICATION", "CLIENT_APPLICATION", "VIRTUAL_APPLIANCE"],
+        '["CONTAINER", "CONTAINER_IMAGE", "VIRTUAL_MACHINE", "VIRTUAL_MACHINE_IMAGE", "DB_SERVER", '
+        '"CLIENT_APPLICATION", "SERVER_APPLICATION", "VIRTUAL_APPLIANCE"]',
+        default=DEFAULT_WIZ_HARDWARE_TYPES,
         required=False,
     )  # type: ignore
     wizReportAge: RsVariableType(int, "14", default=14, required=False)  # type: ignore