regscale-cli 6.21.2.2__py3-none-any.whl → 6.22.0.0__py3-none-any.whl

regscale/integrations/public/fedramp/fedramp_cis_crm.py

@@ -8,7 +8,6 @@ import json
 import math
 import re
 import shutil
-import tempfile
 from collections import Counter
 from concurrent.futures import as_completed
 from concurrent.futures.thread import ThreadPoolExecutor
@@ -24,7 +23,6 @@ from regscale.core.app.api import Api
 from regscale.core.app.utils.api_handler import APIInsertionError, APIUpdateError
 from regscale.core.app.utils.app_utils import compute_hash, create_progress_object, error_and_exit, get_current_datetime
 from regscale.core.utils.graphql import GraphQLQuery
-from regscale.integrations.public.fedramp.parts_mapper import PartMapper
 from regscale.integrations.public.fedramp.ssp_logger import SSPLogger
 from regscale.models import ControlObjective, ImplementationObjective, ImportValidater, Parameter, Profile
 from regscale.models.regscale_models import (
@@ -49,8 +47,6 @@ from tempfile import gettempdir
 T = TypeVar("T")
 
 logger = SSPLogger()
-part_mapper_rev5 = PartMapper()
-part_mapper_rev4 = PartMapper()
 progress = create_progress_object()
 
 SERVICE_PROVIDER_CORPORATE = "Service Provider Corporate"
@@ -120,6 +116,133 @@ def get_pandas() -> ModuleType:
     return pd
 
 
+def smart_find_by_source(
+    source: str, control_objectives: List[ControlObjective]
+) -> Tuple[Optional[str], List[str], str]:
+    """
+    Smart algorithm to find mapping by source, checking ControlObjective table only.
+
+    :param str source: The source control ID (e.g., "AC-1(a)", "AC-01 (a)")
+    :param List[ControlObjective] control_objectives: List of ControlObjective objects to search
+    :return: Tuple of (primary_oscal_id, sub_parts, status_message)
+    :rtype: Tuple[Optional[str], List[str], str]
+    """
+    # Step 1: Convert control name to OSCAL identifier
+    expected_oscal = _convert_to_oscal_identifier(source)
+
+    if not expected_oscal:
+        return None, [], f"Unable to convert control {source} to OSCAL format"
+
+    # Step 2: Search otherId field in ControlObjective table for exact match
+    if _find_exact_objective_by_other_id(expected_oscal, control_objectives):
+        return expected_oscal, [], f"Found exact match: {expected_oscal}"
+
+    # Step 3: Search for subparts (pattern: expected_oscal + ".*")
+    if sub_parts := _find_subpart_objectives_by_other_id(expected_oscal, control_objectives):
+        return None, sub_parts, f"Control exists with {len(sub_parts)} sub-parts. Update import file."
+
+    # Step 4: No match found
+    return None, [], f"No database match found for {source} (expected: {expected_oscal})"
+
+
+def _convert_to_oscal_identifier(source: str) -> Optional[str]:
+    """
+    Convert control name to OSCAL identifier using algorithmic patterns.
+
+    :param str source: The source control ID (e.g., "AC-1(a)", "AC-01 (a)", "AC-6(1)")
+    :return: Generated OSCAL identifier or None
+    :rtype: Optional[str]
+    """
+    # Remove extra spaces and normalize
+    source = source.strip()
+
+    # Pattern 1: Control enhancement - AC-6(1), AC-02 (01), AC-6 ( 1 )
+    if match := re.match(r"^([A-Z]{2})-(\d{1,2})\s*\(\s*(\d{1,2})\s*\)$", source, re.IGNORECASE):
+        family, number, enhancement = match.groups()
+        return f"{family.lower()}-{int(number)}.{int(enhancement)}_smt"
+
+    # Pattern 2: Control part - AC-1(a), AC-01 (a), AC-1 ( a )
+    if match := re.match(r"^([A-Z]{2})-(\d{1,2})\s*\(\s*([a-z])\s*\)$", source, re.IGNORECASE):
+        family, number, part = match.groups()
+        return f"{family.lower()}-{int(number)}_smt.{part.lower()}"
+
+    # Pattern 3: Control enhancement part - AC-6(1)(a), AC-02 (07) (a), AC-6 ( 1 ) ( a )
+    if match := re.match(r"^([A-Z]{2})-(\d{1,2})\s*\(\s*(\d{1,2})\s*\)\s*\(\s*([a-z])\s*\)$", source, re.IGNORECASE):
+        family, number, enhancement, part = match.groups()
+        return f"{family.lower()}-{int(number)}.{int(enhancement)}_smt.{part.lower()}"
+
+    # Pattern 4: Base control - AC-1, AC-01
+    if match := re.match(r"^([A-Z]{2})-(\d{1,2})$", source, re.IGNORECASE):
+        family, number = match.groups()
+        return f"{family.lower()}-{int(number)}_smt"
+
+    return None
+
+
+def _find_exact_objective_by_other_id(expected_oscal: str, control_objectives: List[ControlObjective]) -> bool:
+    """
+    Check if exact OSCAL identifier exists in ControlObjective otherId field.
+
+    :param str expected_oscal: The expected OSCAL identifier
+    :param List[ControlObjective] control_objectives: List of ControlObjective objects
+    :return: True if exact match found
+    :rtype: bool
+    """
+    for obj in control_objectives:
+        if hasattr(obj, "otherId") and obj.otherId == expected_oscal:
+            return True
+    return False
+
+
+def _convert_oscal_to_rev4_control_label(oscal_control_id: str) -> str:
+    """
+    Convert OSCAL control ID to Rev4 control label format.
+
+    Examples:
+    - "ac-1" -> "ac-01"
+    - "ac-10" -> "ac-10"
+    - "ac-2.7" -> "ac-02"
+
+    :param str oscal_control_id: OSCAL control ID (e.g., "ac-1", "ac-2.7")
+    :return: Rev4 control label (e.g., "ac-01", "ac-02")
+    :rtype: str
+    """
+    # Handle control enhancements by taking just the base control
+    base_control = oscal_control_id.split(".")[0]  # "ac-2.7" -> "ac-2"
+
+    # Split into family and number
+    parts = base_control.split("-")
+    if len(parts) != 2:
+        return oscal_control_id  # Return as-is if not in expected format
+
+    family, number = parts
+
+    # Convert single digit to zero-padded format: "1" -> "01"
+    if len(number) == 1:
+        number = f"0{number}"
+
+    return f"{family}-{number}"
+
+
+def _find_subpart_objectives_by_other_id(base_oscal: str, control_objectives: List[ControlObjective]) -> List[str]:
+    """
+    Find sub-part objectives that start with the base OSCAL identifier pattern.
+
+    :param str base_oscal: The base OSCAL identifier (e.g., "ac-2.7_smt")
+    :param List[ControlObjective] control_objectives: List of ControlObjective objects
+    :return: List of sub-part OSCAL identifiers
+    :rtype: List[str]
+    """
+    sub_parts = []
+    base_pattern = base_oscal + "."
+
+    for obj in control_objectives:
+        if hasattr(obj, "otherId") and obj.otherId.startswith(base_pattern):
+            sub_parts.append(obj.otherId)
+
+    return sorted(sub_parts)
+
+
 def transform_control(control: str) -> str:
     """
     Function to parse the control string and transform it to the RegScale format
@@ -129,8 +252,8 @@ def transform_control(control: str) -> str:
     :return: Transformed control ID to match RegScale control ID format
     :rtype: str
     """
-    # Use regex to match the pattern and capture the parts
-    match = re.match(r"([A-Za-z]+)-(\d+)\s\((\d+|[a-z])\)", control)
+    # Use regex to match the pattern and capture the parts (handle extra spaces)
+    match = re.match(r"([A-Za-z]+)-(\d+)\s*\(\s*(\d+|[a-z])\s*\)", control)
     if match:
         control_name = match.group(1).lower()
         control_number = match.group(2)
@@ -190,8 +313,8 @@ def gen_key(control_id: str):
     # Match pattern: captures everything up to either:
     # 1. The last (number) if it exists
     # 2. The main control number if no enhancement exists
-    # And excludes any trailing (letter)
-    pattern = r"^((?:\w+-\d+(?:\(\d+\))?))(?:\([a-zA-Z]\))?$"
+    # And excludes any trailing (letter) - handles extra spaces like AC-6 ( 1 ) ( a )
+    pattern = r"^((?:\w+-\d+(?:\s*\(\s*\d+\s*\))?))(?:\s*\(\s*[a-zA-Z]\s*\))?$"
 
     match = re.match(pattern, control_id)
     if match:
@@ -221,6 +344,7 @@ def map_implementation_status(control_id: str, cis_data: dict) -> str:
     logger.debug("Found %d CIS records for control %s", len(cis_records), control_id)
 
     if not cis_records:
+        # Alerts if a control exists in regscale but is missing from CIS worksheet
         logger.warning(f"No CIS records found for control {control_id}")
         return status_ret
 
@@ -766,18 +890,12 @@ def gen_filtered_records(
             sheet_data.values(),
         )
     else:
-        try:
-            control_label = next(
-                dat
-                for dat in part_mapper_rev4.data
-                if dat.get("Oscal Control ID") == security_control.controlId.lower()
-            ).get("CONTROLLABEL")
-        except StopIteration:
-            control_label = None
-        if control_label:
-            filtered_records = [r for r in sheet_data.values() if r["cis"]["regscale_control_id"] == control_label]
-        else:
-            filtered_records = []
+        # For rev4, convert OSCAL control ID to control label format and match against original control_id
+        # e.g., "ac-1" -> "ac-01", then match "AC-01 (a)", "AC-01 (b)", etc.
+        control_label = _convert_oscal_to_rev4_control_label(security_control.controlId)
+        filtered_records = filter(
+            lambda r: r["cis"]["regscale_control_id"].lower() == control_label.lower(), sheet_data.values()
+        )
 
     return existing_objectives, filtered_records
 
@@ -801,11 +919,7 @@ def process_single_record(**kwargs) -> Tuple[List[str], Optional[ImplementationO
     :rtype Tuple[List[str], Optional[ImplementationObjective]]
     :returns A list of errors and the Implementation Objective if successful, otherwise None
     """
-    # for pytest
-    if not part_mapper_rev5.data:
-        part_mapper_rev5.load_fedramp_version_5_mapping()
-    if not part_mapper_rev4.data:
-        part_mapper_rev4.load_fedramp_version_4_mapping()
+    # No longer need to load JSON mappings - using smart algorithm only
 
     errors = []
     version = kwargs.get("version")
@@ -816,27 +930,21 @@ def process_single_record(**kwargs) -> Tuple[List[str], Optional[ImplementationO
     existing_objectives: List[ImplementationObjective] = kwargs.get("existing_objectives")
     mapped_objectives: List[ControlObjective] = []
     result = None
-    parts = []
-    # Note: The Control ID from the CIS/CRM can be in non-standard formats, as compared to the example sheet on fedramp.
-    if version == "rev5":
-        key = record["cis"]["control_id"].replace(" ", "")
-        source = part_mapper_rev5.find_by_source(key)
-    else:
-        key = record["cis"]["control_id"]
-        source = part_mapper_rev4.find_by_source(key)
-        if parts := part_mapper_rev4.find_sub_parts(key):
-            for part in parts:
-                try:
-                    if version == "rev5":
-                        mapped_objectives.append(next(obj for obj in control_objectives if obj.name == part))
-                    else:
-                        mapped_objectives.append(next(obj for obj in control_objectives if obj.otherId == part))
-                except StopIteration:
-                    errors.append(f"Unable to find part {part} for control {key}")
-    if not source and not parts:
-        errors.append(f"Unable to find source and part for control {key}")
 
-    if source and not parts:
+    # Get the control ID from the CIS/CRM record
+    key = record["cis"]["control_id"]
+
+    # Use smart algorithm to find mapping
+    source, parts, status = smart_find_by_source(key, control_objectives)
+
+    logger.debug(f"Smart mapping result for {key}: {status}")
+
+    # Add to errors list if status does not start with "Found"
+    if not status.startswith("Found"):
+        errors.append(f"{key}: {status}")
+
+    # Process exact match if found
+    if source:
         try:
             objective = next(
                 obj
@@ -848,6 +956,23 @@ def process_single_record(**kwargs) -> Tuple[List[str], Optional[ImplementationO
             logger.debug(f"Missing Source: {source}")
             errors.append(f"Unable to find objective for control {key} ({source})")
 
+    # Process sub-parts if found
+    if parts:
+        for part in parts:
+            try:
+                if version == "rev5":
+                    mapped_objectives.append(next(obj for obj in control_objectives if obj.otherId == part))
+                else:
+                    mapped_objectives.append(
+                        next(obj for obj in control_objectives if obj.otherId == part or obj.name == part)
+                    )
+            except StopIteration:
+                errors.append(f"Unable to find part {part} for control {key}")
+
+    # Report if no mapping found at all
+    if not source and not parts:
+        errors.append(f"Unable to find source and part for control {key}")
+
     if mapped_objectives:
         update_imp_objective(
             leverage_auth_id=leveraged_auth_id,
@@ -1325,7 +1450,7 @@ def extract_control_name(control_string: str) -> str:
     :return: The extracted control name
     :rtype: str
     """
-    pattern = r"^[A-Za-z]{2}-\d{1,3}(?:\(\d+\))?"
+    pattern = r"^[A-Za-z]{2}-\d{1,3}(?:\s*\(\s*\d+\s*\))?"
     match = re.match(pattern, control_string.upper())
     return match.group() if match else ""
 
@@ -1338,8 +1463,8 @@ def rev_4_map(control_id: str) -> Optional[str]:
     :return: The mapped control ID or None if not found
     :rtype: Optional[str]
     """
-    # Regex pattern to match different control ID formats
-    pattern = r"^([A-Z]{2})-(\d{2})\s*(?:\((\d{2})\))?\s*(?:\(([a-z])\))?$"
+    # Regex pattern to match different control ID formats - handles extra spaces like AC-6 ( 1 ) ( a )
+    pattern = r"^([A-Z]{2})-(\d{2})\s*(?:\(\s*(\d{2})\s*\))?\s*(?:\(\s*([a-z])\s*\))?$"
 
     match = re.match(pattern, control_id, re.IGNORECASE)
 
@@ -1549,7 +1674,7 @@ def copy_and_rename_file(file_path: Path, new_name: str) -> Path:
     """
     Copy and rename a file.
     """
-    temp_folder = Path(tempfile.gettempdir()) / "regscale"
+    temp_folder = Path(gettempdir()) / "regscale"
     temp_folder.mkdir(exist_ok=True)  # Ensure directory exists
 
     new_file_path = temp_folder / new_name
@@ -1610,10 +1735,9 @@ def parse_and_import_ciscrm(
 
     if "5" in version:
         version = "rev5"
-        part_mapper_rev5.load_fedramp_version_5_mapping()
     else:
         version = "rev4"
-        part_mapper_rev4.load_fedramp_version_4_mapping()
+    # No longer loading JSON mappings - using smart algorithm only
     # parse the instructions worksheet to get the csp name, system name, and other data
     instructions_data = parse_instructions_worksheet(df=df, version=version)  # type: ignore