regscale-cli 6.24.0.0__py3-none-any.whl → 6.25.0.0__py3-none-any.whl

regscale/dev/code_gen.py

@@ -7,9 +7,13 @@ if TYPE_CHECKING:
 
 from regscale.models.integration_models.synqly_models.connector_types import ConnectorType
 from regscale.models.integration_models.synqly_models.param import Param
+from regscale.models.integration_models.synqly_models.filter_parser import FilterParser
 
 SUPPORTED_CONNECTORS = [ConnectorType.Ticketing, ConnectorType.Vulnerabilities, ConnectorType.Assets, ConnectorType.Edr]
 
+# Initialize FilterParser once at module level
+filter_parser = FilterParser()
+
 
 def generate_dags() -> None:
     """Generate Airflow DAGs for the platform"""
@@ -189,6 +193,22 @@ def _build_op_kwargs_and_docstring(
                 ),
             }
             config[param_type] = {**config[param_type], **vuln_params}
+
+    # Add filter parameter for Assets and Vulnerabilities connectors
+    if (
+        ConnectorType.Assets.lower() in integration or ConnectorType.Vulnerabilities.lower() in integration
+    ) and param_type == "optional_params":
+        # Use 'asset_filter' for vulnerabilities, 'filter' for assets
+        param_name = "asset_filter" if ConnectorType.Vulnerabilities.lower() in integration else "filter"
+        filter_param = {
+            param_name: Param(
+                name=param_name,
+                type="string",
+                description="Semicolon separated filters of format filter[operator]value",
+                default=None,
+            )
+        }
+        config[param_type] = {**config.get(param_type, {}), **filter_param}
     if config.get(param_type):
         if proper_type not in doc_string:
             doc_string += f"{proper_type}:\n"
@@ -290,6 +310,7 @@ def add_connector_specific_params(
         sync_attachments_jinja = "'sync_attachments'"
         op_kwargs += f'\n        "sync_attachments": "{{{{ dag_run.conf[{sync_attachments_jinja}] if {sync_attachments_jinja} in dag_run.conf else False }}}}",'
         doc_string += "    sync_attachments: BOOLEAN Whether to sync attachments between integration and RegScale\n"
+
     return op_kwargs, doc_string
 
 
@@ -353,6 +374,44 @@ def {connector}() -> None:
     pass
 """
 
+    # Add build-query command for Assets and Vulnerabilities connectors
+    if connector in [ConnectorType.Assets, ConnectorType.Vulnerabilities]:
+        cli_code += f"""
+
+@{connector}.command(name="build-query")
+@click.option(
+    '--provider',
+    required=False,
+    help='Provider ID (e.g., {connector}_armis_centrix). If not specified, starts interactive mode.'
+)
+@click.option(
+    '--validate',
+    help='Validate a filter string against provider capabilities'
+)
+@click.option(
+    '--list-fields',
+    is_flag=True,
+    default=False,
+    help='List all available fields for the provider'
+)
+def build_query(provider, validate, list_fields):
+    \"\"\"
+    Build and validate filter queries for {connector.capitalize()} connectors.
+
+    Examples:
+        # Build a filter query
+        regscale {connector} build-query
+
+        # List all fields for a specific provider
+        regscale {connector} build-query --provider {connector}_armis_centrix --list-fields
+
+        # Validate a filter string
+        regscale {connector} build-query --provider {connector}_armis_centrix --validate "device.ip[eq]192.168.1.1"
+    \"\"\"
+    from regscale.integrations.commercial.synqly.query_builder import handle_build_query
+    handle_build_query('{connector}', provider, validate, list_fields)
+"""
+
     # replace the integration config with a flattened version
     for integration, config in integration_configs.items():
         capabilities = config.get("capabilities", [])
@@ -363,6 +422,7 @@ def {connector}() -> None:
             connector=connector,
             integration_name=integration_name,
             capabilities=capabilities,
+            provider_id=integration,  # Pass the full provider ID for filter support
         )
         cli_code += f"\n\n{click_options_and_command}"
         integrations_count += 1
@@ -374,12 +434,15 @@ def {connector}() -> None:
     print(f"Generated click commands for {integrations_count} {connector} connector(s).")
 
 
-def _build_all_params(integration_name: str, connector: str) -> tuple[list[str], list[str], list[str]]:
+def _build_all_params(
+    integration_name: str, connector: str, provider_id: str = None
+) -> tuple[list[str], list[str], list[str]]:
     """
     Function to build the click options, function params, and function kwargs for the integration
 
     :param str integration_name: The name of the integration
     :param str connector: The connector type
+    :param str provider_id: The provider ID for filter support (e.g., 'assets_armis_centrix')
     :return: The click options, function params, and function kwargs
     :rtype: tuple[list[str], list[str], list[str]]
     """
@@ -395,19 +458,36 @@ def _build_all_params(integration_name: str, connector: str) -> tuple[list[str],
             "scan_date=scan_date",
             "all_scans=all_scans",
         ]
+
+        # Add filter option if provider supports filtering
+        if provider_id and filter_parser.has_filters(provider_id):
+            filter_option = "@click.option(\n    '--asset_filter',\n    help='STRING: Apply filters to asset queries. Can be a single filter \"field[operator]value\" or semicolon-separated filters \"field1[op]value1;field2[op]value2\"',\n    required=False,\n    type=str,\n    default=None)\n"
+            click_options.append(filter_option)
+            function_params.append("asset_filter: str")
+            function_kwargs.append("filter=asset_filter.split(';') if asset_filter else []")
+
     elif connector == ConnectorType.Ticketing:
         click_options = ["@regscale_id()", "@regscale_module()"]
         function_params = ["regscale_id: int", "regscale_module: str"]
         function_kwargs = ["regscale_id=regscale_id", "regscale_module=regscale_module"]
     else:
+        # Assets and other connectors
         click_options = ["@regscale_ssp_id()"]
         function_params = ["regscale_ssp_id: int"]
         function_kwargs = ["regscale_ssp_id=regscale_ssp_id"]
+
+        # Add filter option for Assets if provider supports filtering
+        if connector == ConnectorType.Assets and provider_id and filter_parser.has_filters(provider_id):
+            filter_option = "@click.option(\n    '--filter',\n    help='STRING: Apply filters to the query. Can be a single filter \"field[operator]value\" or semicolon-separated filters \"field1[op]value1;field2[op]value2\"',\n    required=False,\n    type=str,\n    default=None)\n"
+            click_options.append(filter_option)
+            function_params.append("filter: str")
+            function_kwargs.append("filter=filter.split(';') if filter else []")
+
     return click_options, function_params, function_kwargs
 
 
 def _build_click_options_and_command(
-    config: dict, connector: str, integration_name: str, capabilities: list[str]
+    config: dict, connector: str, integration_name: str, capabilities: list[str], provider_id: str = None
 ) -> str:
     """
     Function to use the config to build the click options and command for the integration
@@ -416,12 +496,13 @@ def _build_click_options_and_command(
     :param str connector: The connector type
     :param str integration_name: The name of the integration
     :param list[str] capabilities: The capabilities of the integration
+    :param str provider_id: The provider ID for filter support (e.g., 'assets_armis_centrix')
     :return: The click options as a string
     :rtype: str
     """
     doc_string_name = integration_name.replace("_", " ").title()
     # add regscale_ssp_id as a default option
-    click_options, function_params, function_kwargs = _build_all_params(doc_string_name, connector)
+    click_options, function_params, function_kwargs = _build_all_params(doc_string_name, connector, provider_id)
     for param_type in ["expected_params", "optional_params"]:
         for param in config.get(param_type, []):
             param_data = config[param_type][param]

regscale/integrations/commercial/__init__.py

@@ -118,6 +118,8 @@ def crowdstrike():
         "sync_cloud_alerts": "regscale.integrations.commercial.microsoft_defender.defender.sync_cloud_alerts",
         "sync_cloud_recommendations": "regscale.integrations.commercial.microsoft_defender.defender.sync_cloud_recommendations",
         "import_alerts": "regscale.integrations.commercial.microsoft_defender.defender.import_alerts",
+        "collect_entra_evidence": "regscale.integrations.commercial.microsoft_defender.defender.collect_entra_evidence",
+        "show_entra_mappings": "regscale.integrations.commercial.microsoft_defender.defender.show_entra_mappings",
     },
     name="defender",
 )

regscale/integrations/commercial/jira.py

@@ -719,10 +719,7 @@ def create_and_update_regscale_issues(args: Tuple, thread: int) -> None:
                 parent_module=parent_module,
             )
             # create the issue in RegScale
-            if regscale_issue := Issue.insert_issue(
-                app=app,
-                issue=issue,
-            ):
+            if regscale_issue := issue.create():
                 logger.debug(
                     "Created issue #%i-%s in RegScale.",
                     regscale_issue.id,
@@ -812,7 +809,7 @@ def fetch_jira_objects(
     jira_client: JIRA, jira_project: str, jira_issue_type: str, jql_str: str = None, sync_tasks_only: bool = False
 ) -> list[jiraIssue]:
     """
-    Fetch all issues from Jira for the provided project
+    Fetch all issues from Jira for the provided project using the enhanced search API.
 
     :param JIRA jira_client: Jira client to use for the request
     :param str jira_project: Name of the project in Jira
@@ -822,15 +819,77 @@ def fetch_jira_objects(
     :return: List of Jira issues
     :rtype: list[jiraIssue]
     """
-    start_pointer = 0
-    page_size = 100
-    jira_objects = []
     if sync_tasks_only:
         validate_issue_type(jira_client, jira_issue_type)
         output_str = "task"
     else:
         output_str = "issue"
     logger.info("Fetching %s(s) from Jira...", output_str.lower())
+    try:
+        max_results = 100  # 100 is the max allowed by Jira
+        jira_issues = []
+        issue_response = jira_client.enhanced_search_issues(
+            jql_str=jql_str or f"project = {jira_project}",
+            maxResults=max_results,
+        )
+        jira_issues.extend(issue_response)
+        logger.info(
+            "%i Jira %s(s) retrieved.",
+            len(jira_issues),
+            output_str.lower(),
+        )
+        # Handle pagination if there are more issues to fetch
+        while issue_response.nextPageToken:
+            issue_response = jira_client.enhanced_search_issues(
+                jql_str=jql_str, maxResults=max_results, nextPageToken=issue_response.nextPageToken
+            )
+            jira_issues.extend(issue_response)
+            logger.info(
+                "%i Jira %s(s) retrieved.",
+                len(jira_issues),
+                output_str.lower(),
+            )
+        # Save artifacts file and log final result if we have issues
+        if jira_issues:
+            save_jira_issues(jira_issues, jira_project, jira_issue_type)
+        logger.info("%i %s(s) retrieved from Jira.", len(jira_issues), output_str.lower())
+        return jira_issues
+    except Exception as e:
+        logger.warning(
+            "An error occurred while fetching Jira issues using the enhanced_search_issues method: %s", str(e)
+        )
+        logger.info("Falling back to the deprecated fetch method...")
+
+    try:
+        return deprecated_fetch_jira_objects(
+            jira_client=jira_client,
+            jira_project=jira_project,
+            jira_issue_type=jira_issue_type,
+            jql_str=jql_str,
+            output_str=output_str,
+        )
+    except JIRAError as e:
+        error_and_exit(f"Unable to fetch issues from Jira: {e}")
+
+
+def deprecated_fetch_jira_objects(
+    jira_client: JIRA, jira_project: str, jira_issue_type: str, jql_str: str = None, output_str: str = "issue"
+) -> list[jiraIssue]:
+    """
+    Fetch all issues from Jira for the provided project using the old API method, used as a fallback method.
+
+    :param JIRA jira_client: Jira client to use for the request
+    :param str jira_project: Name of the project in Jira
+    :param str jira_issue_type: Type of issue to fetch from Jira
+    :param str jql_str: JQL string to use for the request, default None
+    :param str output_str: String to use for logging, either "issue" or "task"
+    :return: List of Jira issues
+    :rtype: list[jiraIssue]
+    """
+    start_pointer = 0
+    page_size = 100
+    jira_objects = []
+    logger.info("Fetching %s(s) from Jira...", output_str.lower())
     # get all issues for the Jira project
     while True:
         start = start_pointer * page_size
@@ -851,24 +910,36 @@ def fetch_jira_objects(
             output_str.lower(),
         )
     if jira_objects:
-        check_file_path("artifacts")
-        file_name = f"{jira_project.lower()}_existingJira{jira_issue_type}.json"
-        file_path = Path(f"./artifacts/{file_name}")
-        save_data_to(
-            file=file_path,
-            data=[issue.raw for issue in jira_objects],
-            output_log=False,
-        )
-        logger.info(
-            "Saved %i Jira %s(s), see %s",
-            len(jira_objects),
-            jira_issue_type.lower(),
-            str(file_path.absolute()),
-        )
+        save_jira_issues(jira_objects, jira_project, jira_issue_type)
     logger.info("%i %s(s) retrieved from Jira.", len(jira_objects), output_str.lower())
     return jira_objects
 
 
+def save_jira_issues(jira_issues: list[jiraIssue], jira_project: str, jira_issue_type: str) -> None:
+    """
+    Save Jira issues to a JSON file in the artifacts directory
+
+    :param list[jiraIssue] jira_issues: List of Jira issues to save
+    :param str jira_project: Name of the project in Jira
+    :param str jira_issue_type: Type of issue to fetch from Jira
+    :rtype: None
+    """
+    check_file_path("artifacts")
+    file_name = f"{jira_project.lower()}_existingJira{jira_issue_type}.json"
+    file_path = Path(f"./artifacts/{file_name}")
+    save_data_to(
+        file=file_path,
+        data=[issue.raw for issue in jira_issues],
+        output_log=False,
+    )
+    logger.info(
+        "Saved %i Jira %s(s), see %s",
+        len(jira_issues),
+        jira_issue_type.lower(),
+        str(file_path.absolute()),
+    )
+
+
 def map_jira_to_regscale_issue(jira_issue: jiraIssue, config: dict, parent_id: int, parent_module: str) -> Issue:
     """
     Map Jira issues to RegScale issues
@@ -893,6 +964,8 @@ def map_jira_to_regscale_issue(jira_issue: jiraIssue, config: dict, parent_id: i
         ),
         status=("Closed" if jira_issue.fields.status.name.lower() == "done" else config["issues"]["jira"]["status"]),
         jiraId=jira_issue.key,
+        identification="Jira Sync",
+        sourceReport="Jira",
         parentId=parent_id,
         parentModule=parent_module,
         dateCreated=get_current_datetime(),