regscale-cli 6.21.2.0__py3-none-any.whl → 6.28.2.1__py3-none-any.whl

regscale/dev/code_gen.py

@@ -7,9 +7,13 @@ if TYPE_CHECKING:
 
 from regscale.models.integration_models.synqly_models.connector_types import ConnectorType
 from regscale.models.integration_models.synqly_models.param import Param
+from regscale.models.integration_models.synqly_models.filter_parser import FilterParser
 
 SUPPORTED_CONNECTORS = [ConnectorType.Ticketing, ConnectorType.Vulnerabilities, ConnectorType.Assets, ConnectorType.Edr]
 
+# Initialize FilterParser once at module level
+filter_parser = FilterParser()
+
 
 def generate_dags() -> None:
     """Generate Airflow DAGs for the platform"""
@@ -166,35 +170,49 @@ def _build_op_kwargs_and_docstring(
         capabilities=capabilities,
     )
 
-    if ConnectorType.Vulnerabilities.lower() in integration and param_type == "optional_params":
-        if param_type == "optional_params" and ConnectorType.Vulnerabilities in integration:
+    if ConnectorType.Vulnerabilities.lower() in integration:
+        vuln_params = {}
+        if param_type == "optional_params":
             vuln_params: dict[str, Param] = {
-                "vuln_filter": Param(
-                    name="vuln_filter",
-                    type="choice",
-                    description="Filter the vulnerabilities for the selected severity. (Options: critical, high, medium, low, info)",
-                    default=None,
-                ),
                 "scan_date": Param(
                     name="scan_date",
                     type="string",
                     description="The date of the scan to sync vulnerabilities into RegScale.",
-                    default="Critical",
+                    default=None,
                 ),
-                "all_scans": Param(
-                    name="all_scans",
-                    type="boolean",
-                    description="Whether to sync all vulnerabilities into RegScale.",
-                    default=False,
+            }
+        elif param_type == "expected_params":
+            vuln_params: dict[str, Param] = {
+                "minimum_severity_filter": Param(
+                    name="minimum_severity_filter",
+                    type="choice",
+                    description="Minimum severity of the vulnerabilities to sync. (Options: critical, high, medium, low, info, all), e.g. providing 'high' will sync all vulnerabilities with a severity of high and critical.",
+                    default=None,
                 ),
             }
-            config[param_type] = {**config[param_type], **vuln_params}
+        config[param_type] = {**config[param_type], **vuln_params}
+
+    # Add filter parameter for Assets and Vulnerabilities connectors
+    if (
+        ConnectorType.Assets.lower() in integration or ConnectorType.Vulnerabilities.lower() in integration
+    ) and param_type == "optional_params":
+        # Use 'asset_filter' for vulnerabilities, 'filter' for assets
+        param_name = "asset_filter" if ConnectorType.Vulnerabilities.lower() in integration else "filter"
+        filter_param = {
+            param_name: Param(
+                name=param_name,
+                type="string",
+                description="Semicolon separated filters of format filter[operator]value",
+                default=None,
+            )
+        }
+        config[param_type] = {**config.get(param_type, {}), **filter_param}
     if config.get(param_type):
         if proper_type not in doc_string:
             doc_string += f"{proper_type}:\n"
         for param in config[param_type]:
             op_kwargs, doc_string = _build_other_params(
-                config=config,
+                param_obj=config[param_type][param],
                 param=param,
                 param_type=param_type,
                 proper_type=proper_type,
@@ -238,11 +256,13 @@ def _build_expected_params(
 
 
 def _build_other_params(
-    config: dict, param: str, param_type: str, proper_type: str, integration: str, op_kwargs: str, doc_string: str
+    param_obj: Param, param: str, param_type: str, proper_type: str, integration: str, op_kwargs: str, doc_string: str
 ) -> tuple[str, str]:
     """
     Build the other params for the DAG by adding them to the op_kwargs and docstring
 
+    :param Param param_obj: The parameter object
+    :param str param: The name of the parameter
     :param str param_type: The type of parameter to build
     :param str integration: The name of the integration, typically connector_integration
     :param str op_kwargs: The op_kwargs to add to the DAG
@@ -250,7 +270,6 @@ def _build_other_params(
     :return: The op_kwargs and docstring
     :rtype: tuple[str, str]
     """
-    param_obj: Param = config[param_type][param]
     param_name = f"{integration.lower()}_{param}" if param_type == "required_secrets" else param
     jinja_key = f"'{param_name}'"
     if default := param_obj.default:
@@ -290,6 +309,7 @@ def add_connector_specific_params(
         sync_attachments_jinja = "'sync_attachments'"
         op_kwargs += f'\n        "sync_attachments": "{{{{ dag_run.conf[{sync_attachments_jinja}] if {sync_attachments_jinja} in dag_run.conf else False }}}}",'
         doc_string += "    sync_attachments: BOOLEAN Whether to sync attachments between integration and RegScale\n"
+
     return op_kwargs, doc_string
 
 
@@ -353,6 +373,44 @@ def {connector}() -> None:
     pass
 """
 
+    # Add build-query command for Assets and Vulnerabilities connectors
+    if connector in [ConnectorType.Assets, ConnectorType.Vulnerabilities]:
+        cli_code += f"""
+
+@{connector}.command(name="build-query")
+@click.option(
+    '--provider',
+    required=False,
+    help='Provider ID (e.g., {connector}_armis_centrix). If not specified, starts interactive mode.'
+)
+@click.option(
+    '--validate',
+    help='Validate a filter string against provider capabilities'
+)
+@click.option(
+    '--list-fields',
+    is_flag=True,
+    default=False,
+    help='List all available fields for the provider'
+)
+def build_query(provider, validate, list_fields):
+    \"\"\"
+    Build and validate filter queries for {connector.capitalize()} connectors.
+
+    Examples:
+        # Build a filter query
+        regscale {connector} build-query
+
+        # List all fields for a specific provider
+        regscale {connector} build-query --provider {connector}_armis_centrix --list-fields
+
+        # Validate a filter string
+        regscale {connector} build-query --provider {connector}_armis_centrix --validate "device.ip[eq]192.168.1.1"
+    \"\"\"
+    from regscale.integrations.commercial.synqly.query_builder import handle_build_query
+    handle_build_query('{connector}', provider, validate, list_fields)
+"""
+
     # replace the integration config with a flattened version
     for integration, config in integration_configs.items():
         capabilities = config.get("capabilities", [])
@@ -363,6 +421,7 @@ def {connector}() -> None:
             connector=connector,
             integration_name=integration_name,
             capabilities=capabilities,
+            provider_id=integration,  # Pass the full provider ID for filter support
         )
         cli_code += f"\n\n{click_options_and_command}"
         integrations_count += 1
@@ -374,40 +433,65 @@ def {connector}() -> None:
     print(f"Generated click commands for {integrations_count} {connector} connector(s).")
 
 
-def _build_all_params(integration_name: str, connector: str) -> tuple[list[str], list[str], list[str]]:
+def _build_all_params(
+    integration_name: str, connector: str, provider_id: str = None
+) -> tuple[list[str], list[str], list[str]]:
     """
     Function to build the click options, function params, and function kwargs for the integration
 
     :param str integration_name: The name of the integration
     :param str connector: The connector type
+    :param str provider_id: The provider ID for filter support (e.g., 'assets_armis_centrix')
     :return: The click options, function params, and function kwargs
     :rtype: tuple[list[str], list[str], list[str]]
     """
     if connector == ConnectorType.Vulnerabilities:
-        vuln_filter_option = "@click.option(\n    '--vuln_filter',\n    help='Filter the vulnerabilities for the selected severity. (Options: critical, high, medium, low, info)',\n    required=False,\n    type=click.Choice(['critical', 'high', 'medium', 'low', 'info']),\n    default=None)\n"
+        vuln_filter_option = "@click.option(\n    '--minimum_severity_filter','-s',\n    help='Minimum severity of the vulnerabilities to sync. (Options: critical, high, medium, low, info), e.g. providing high will sync all vulnerabilities with a severity of high and critical.',\n    required=False,\n    type=click.Choice(['critical', 'high', 'medium', 'low', 'info']),\n    default=None)\n"
         scan_date_option = f"@click.option(\n    '--scan_date',\n    help='The date of the scan to sync vulnerabilities from {integration_name}',\n    required=False,\n    type=click.DateTime(formats=['%Y-%m-%d']),\n    default=None)\n"
         all_vulns_flag = f"@click.option(\n    '--all_scans',\n    help='Whether to sync all vulnerabilities from {integration_name}',\n    required=False,\n    is_flag=True,\n    default=False)\n"
         click_options = ["@regscale_ssp_id()", vuln_filter_option, scan_date_option, all_vulns_flag]
-        function_params = ["regscale_ssp_id: int", "vuln_filter: str", "scan_date: datetime", "all_scans: bool"]
+        function_params = [
+            "regscale_ssp_id: int",
+            "minimum_severity_filter: str",
+            "scan_date: datetime",
+            "all_scans: bool",
+        ]
         function_kwargs = [
             "regscale_ssp_id=regscale_ssp_id",
-            "vuln_filter=vuln_filter",
+            "minimum_severity_filter=minimum_severity_filter",
             "scan_date=scan_date",
             "all_scans=all_scans",
         ]
+
+        # Add filter option if provider supports filtering
+        if provider_id and filter_parser.has_filters(provider_id):
+            filter_option = "@click.option(\n    '--asset_filter',\n    help='STRING: Apply filters to asset queries. Can be a single filter \"field[operator]value\" or semicolon-separated filters \"field1[op]value1;field2[op]value2\"',\n    required=False,\n    type=str,\n    default=None)\n"
+            click_options.append(filter_option)
+            function_params.append("asset_filter: str")
+            function_kwargs.append("filter=asset_filter.split(';') if asset_filter else []")
+
     elif connector == ConnectorType.Ticketing:
         click_options = ["@regscale_id()", "@regscale_module()"]
         function_params = ["regscale_id: int", "regscale_module: str"]
         function_kwargs = ["regscale_id=regscale_id", "regscale_module=regscale_module"]
     else:
+        # Assets and other connectors
         click_options = ["@regscale_ssp_id()"]
         function_params = ["regscale_ssp_id: int"]
         function_kwargs = ["regscale_ssp_id=regscale_ssp_id"]
+
+        # Add filter option for Assets if provider supports filtering
+        if connector == ConnectorType.Assets and provider_id and filter_parser.has_filters(provider_id):
+            filter_option = "@click.option(\n    '--filter',\n    help='STRING: Apply filters to the query. Can be a single filter \"field[operator]value\" or semicolon-separated filters \"field1[op]value1;field2[op]value2\"',\n    required=False,\n    type=str,\n    default=None)\n"
+            click_options.append(filter_option)
+            function_params.append("filter: str")
+            function_kwargs.append("filter=filter.split(';') if filter else []")
+
     return click_options, function_params, function_kwargs
 
 
 def _build_click_options_and_command(
-    config: dict, connector: str, integration_name: str, capabilities: list[str]
+    config: dict, connector: str, integration_name: str, capabilities: list[str], provider_id: str = None
 ) -> str:
     """
     Function to use the config to build the click options and command for the integration
@@ -416,12 +500,13 @@ def _build_click_options_and_command(
     :param str connector: The connector type
     :param str integration_name: The name of the integration
     :param list[str] capabilities: The capabilities of the integration
+    :param str provider_id: The provider ID for filter support (e.g., 'assets_armis_centrix')
     :return: The click options as a string
     :rtype: str
     """
     doc_string_name = integration_name.replace("_", " ").title()
     # add regscale_ssp_id as a default option
-    click_options, function_params, function_kwargs = _build_all_params(doc_string_name, connector)
+    click_options, function_params, function_kwargs = _build_all_params(doc_string_name, connector, provider_id)
     for param_type in ["expected_params", "optional_params"]:
         for param in config.get(param_type, []):
             param_data = config[param_type][param]

regscale/dev/version.py

@@ -0,0 +1,72 @@
+#!/usr/bin/env python3
+"""Version management script for regscale-cli."""
+
+import re
+import sys
+from pathlib import Path
+from rich.console import Console
+
+console = Console()
+
+
+def update_version_in_pyproject_toml(version: str) -> None:
+    """
+    Update the version in pyproject.toml.
+
+    :param str version: The version to update to
+    """
+    pyproject_file = "pyproject.toml"
+
+    pyproject_path = Path(pyproject_file)
+    content = pyproject_path.read_text()
+
+    # Update the version
+    pattern = r'version\s*=\s*["\']([^"\']+)["\']'
+    replacement = f'version = "{version}"'
+
+    if re.search(pattern, content):
+        content = re.sub(pattern, replacement, content)
+        pyproject_path.write_text(content)
+        console.print(f"[green]Updated version to {version} in {pyproject_file}")
+    else:
+        console.print(f"[red]Could not find version in {pyproject_file}")
+
+
+def update_fallback_version_in_version_py(version: str) -> None:
+    """
+    Update the fallback version in regscale/_version.py.
+
+    :param str version: The version to update to
+    """
+    version_py_path = Path("regscale/_version.py")
+    content = version_py_path.read_text()
+    pattern = r'return\s*["\'](\d+\.\d+\.\d+\.\d+)["\']\s*# fallback version'
+    replacement = f'return "{version}"  # fallback version'
+    if re.search(pattern, content):
+        content = re.sub(pattern, replacement, content)
+        version_py_path.write_text(content)
+        console.print(f"[green]Updated fallback version to {version} in regscale/_version.py")
+    else:
+        console.print("[red]Could not find fallback version in regscale/_version.py")
+
+
+def get_current_version() -> str:
+    """
+    Get the current version from the package.
+
+    :return: The current version
+    :rtype: str
+    """
+    try:
+        # Add the project root to Python path to ensure we can import regscale
+        project_root = Path(__file__).parent.parent
+        if str(project_root) not in sys.path:
+            sys.path.insert(0, str(project_root))
+
+        from regscale import __version__
+
+        return __version__
+    except ImportError as e:
+        console.print(f"[red]Could not import version from regscale package: {e}")
+        console.print("[yellow]Make sure you're running this script from the project root directory")
+        sys.exit(1)

regscale/integrations/commercial/__init__.py

@@ -43,13 +43,27 @@ show_mapping(aqua, "aqua")
     cls=LazyGroup,
     lazy_subcommands={
         "sync_assets": "regscale.integrations.commercial.aws.cli.sync_assets",
+        "sync_findings": "regscale.integrations.commercial.aws.cli.sync_findings",
         "sync_findings_and_assets": "regscale.integrations.commercial.aws.cli.sync_findings_and_assets",
+        "sync_compliance": "regscale.integrations.commercial.aws.cli.sync_compliance",
+        "sync_config_compliance": "regscale.integrations.commercial.aws.cli.sync_config_compliance",
+        "sync_kms": "regscale.integrations.commercial.aws.cli.sync_kms",
+        "sync_org": "regscale.integrations.commercial.aws.cli.sync_org",
+        "sync_iam": "regscale.integrations.commercial.aws.cli.sync_iam",
+        "sync_guardduty": "regscale.integrations.commercial.aws.cli.sync_guardduty",
+        "sync_s3": "regscale.integrations.commercial.aws.cli.sync_s3",
+        "sync_cloudtrail": "regscale.integrations.commercial.aws.cli.sync_cloudtrail",
+        "sync_cloudwatch": "regscale.integrations.commercial.aws.cli.sync_cloudwatch",
+        "sync_ssm": "regscale.integrations.commercial.aws.cli.sync_ssm",
+        "inventory": "regscale.integrations.commercial.aws.cli.inventory",
+        "findings": "regscale.integrations.commercial.aws.cli.findings",
+        "auth": "regscale.integrations.commercial.aws.cli.auth",
         "inspector": "regscale.integrations.commercial.aws.cli.inspector",
     },
     name="aws",
 )
 def aws():
-    """AWS Integrations"""
+    """AWS Integrations - Asset sync, findings, compliance, and inventory collection"""
     pass
 
 
@@ -118,6 +132,8 @@ def crowdstrike():
         "sync_cloud_alerts": "regscale.integrations.commercial.microsoft_defender.defender.sync_cloud_alerts",
         "sync_cloud_recommendations": "regscale.integrations.commercial.microsoft_defender.defender.sync_cloud_recommendations",
         "import_alerts": "regscale.integrations.commercial.microsoft_defender.defender.import_alerts",
+        "collect_entra_evidence": "regscale.integrations.commercial.microsoft_defender.defender.collect_entra_evidence",
+        "show_entra_mappings": "regscale.integrations.commercial.microsoft_defender.defender.show_entra_mappings",
     },
     name="defender",
 )
@@ -319,6 +335,18 @@ def qualys():
 show_mapping(group=qualys, import_name="qualys", file_type="csv")
 
 
+@click.group(
+    cls=LazyGroup,
+    lazy_subcommands={
+        "import": "regscale.integrations.commercial.sarif.sarif_converter.import_sarif",
+    },
+    name="sarif",
+)
+def sarif():
+    """Convert SARIF files to OCSF format via API."""
+    pass
+
+
 @click.group(
     cls=LazyGroup,
     lazy_subcommands={
@@ -475,10 +503,10 @@ show_mapping(veracode, "veracode")
         "inventory": "regscale.integrations.commercial.wizv2.click.inventory",
         "issues": "regscale.integrations.commercial.wizv2.click.issues",
         "attach_sbom": "regscale.integrations.commercial.wizv2.click.attach_sbom",
-        "threats": "regscale.integrations.commercial.wizv2.click.threats",
         "vulnerabilities": "regscale.integrations.commercial.wizv2.click.vulnerabilities",
         "add_report_evidence": "regscale.integrations.commercial.wizv2.click.add_report_evidence",
         "sync_compliance": "regscale.integrations.commercial.wizv2.click.sync_compliance",
+        "compliance_report": "regscale.integrations.commercial.wizv2.click.compliance_report",
     },
     name="wiz",
 )