regscale-cli 6.25.0.1__py3-none-any.whl → 6.25.1.0__py3-none-any.whl

regscale/_version.py

@@ -33,7 +33,7 @@ def get_version_from_pyproject() -> str:
                     return match.group(1)
     except Exception:
         pass
-    return "6.25.0.1"  # fallback version
+    return "6.25.1.0"  # fallback version
 
 
 __version__ = get_version_from_pyproject()

regscale/integrations/commercial/synqly/assets.py

@@ -97,6 +97,23 @@ def sync_crowdstrike(regscale_ssp_id: int, filter: str, url: str) -> None:
     assets_crowdstrike.run_sync(regscale_ssp_id=regscale_ssp_id, filter=filter.split(";") if filter else [], url=url)
 
 
+@assets.command(name="sync_ivanti_neurons")
+@regscale_ssp_id()
+@click.option(
+    "--filter",
+    help='STRING: Apply filters to the query. Can be a single filter "field[operator]value" or semicolon-separated filters "field1[op]value1;field2[op]value2"',
+    required=False,
+    type=str,
+    default=None,
+)
+def sync_ivanti_neurons(regscale_ssp_id: int, filter: str) -> None:
+    """Sync Assets from Ivanti Neurons to RegScale."""
+    from regscale.models.integration_models.synqly_models.connectors import Assets
+
+    assets_ivanti_neurons = Assets("ivanti_neurons")
+    assets_ivanti_neurons.run_sync(regscale_ssp_id=regscale_ssp_id, filter=filter.split(";") if filter else [])
+
+
 @assets.command(name="sync_nozomi_vantage")
 @regscale_ssp_id()
 @click.option(

regscale/integrations/commercial/wizv2/constants.py

@@ -1171,85 +1171,24 @@ fragment SecuritySubCategoryDetails on SecuritySubCategory {
 }
 """
 DATA_FINDING_QUERY = """
-query DataFindingsGroupedByValueTable($groupBy: DataFindingsGroupedByValueField!, $after: String, $first: Int, $filterBy: DataFindingFilters, $orderBy: DataFindingsGroupedByValueOrder) {
-  dataFindingsGroupedByValue(
-    groupBy: $groupBy
+query DataFindingsTable($after: String, $first: Int, $filterBy: DataFindingFiltersV2, $orderBy: DataFindingOrder, $fetchTotalCount: Boolean = true) {
+  dataFindingsV2(
     filterBy: $filterBy
     first: $first
     after: $after
     orderBy: $orderBy
   ) {
     nodes {
-      categories
-      location {
-        countryCode
-        state
-      }
-      regionCount
-      graphEntityCount
-      graphEntity {
-        id
-        name
-        type
-        properties
-        projects {
-          id
-          name
-          slug
-          isFolder
-        }
-        issues(filterBy: {status: [OPEN, IN_PROGRESS]}) {
-          criticalSeverityCount
-          highSeverityCount
-          mediumSeverityCount
-          lowSeverityCount
-          informationalSeverityCount
-        }
-      }
-      cloudAccount {
-        id
-        name
-        externalId
-        cloudProvider
-      }
-      dataClassifiers {
-        id
-        name
-        category
-        matcherType
-        severity
-      }
-      securitySubCategories {
-        id
-        title
-        externalId
-        description
-        category {
-          id
-          name
-          description
-          framework {
-            id
-            name
-            description
-            enabled
-          }
-        }
-      }
-      findingsCount
-      dataFindings(first: 5) {
-        nodes {
-          ...DataFindingDetails
-        }
-      }
+      ...DataFindingDetails
     }
     pageInfo {
       hasNextPage
       endCursor
     }
-    totalCount
+    totalCount @include(if: $fetchTotalCount)
   }
 }
+
 fragment DataFindingDetails on DataFinding {
   id
   name
@@ -1257,10 +1196,10 @@ fragment DataFindingDetails on DataFinding {
     id
     name
     category
+    isTenantSpecific
     securitySubCategories {
       id
       title
-      externalId
       description
       category {
         id
@@ -1286,8 +1225,12 @@ fragment DataFindingDetails on DataFinding {
     state
   }
   severity
+  status
   totalMatchCount
   uniqueMatchCount
+  maxUniqueMatchesReached
+  uniqueLocationsCount
+  isEntityPublic
   graphEntity {
     id
     name
@@ -1301,6 +1244,12 @@ fragment DataFindingDetails on DataFinding {
     }
   }
   externalSource
+  details {
+    applicationServices {
+      id
+      displayName
+    }
+  }
 }
 """
 
@@ -1387,14 +1336,14 @@ def get_wiz_vulnerability_queries(project_id: str, filter_by: Optional[dict] = N
         {
             "type": WizVulnerabilityType.DATA_FINDING,
             "query": DATA_FINDING_QUERY,
-            "topic_key": "dataFindingsGroupedByValue",
+            "topic_key": "dataFindingsV2",
             "file_path": DATA_FINDINGS_FILE_PATH,
-            "asset_lookup": "resource",
+            "asset_lookup": "graphEntity",
             "variables": {
                 "first": 200,
+                "fetchTotalCount": True,
                 "filterBy": {"projectId": [project_id]},
-                "orderBy": {"field": "FINDING_COUNT", "direction": "DESC"},
-                "groupBy": "GRAPH_ENTITY",
+                "orderBy": {"field": "TOTAL_MATCHES", "direction": "DESC"},
             },
         },
         {

regscale/integrations/due_date_handler.py

@@ -7,13 +7,16 @@ from datetime import datetime
 from typing import Any, Dict, Optional
 
 from regscale.core.app.application import Application
-from regscale.core.utils.date import date_str, get_day_increment
+from regscale.core.utils.date import get_day_increment
 from regscale.integrations.public.cisa import pull_cisa_kev
 from regscale.models import regscale_models
 from regscale.utils.threading import ThreadSafeDict
 
 logger = logging.getLogger("regscale")
 
+# Date format constant for consistent datetime string formatting
+DATETIME_FORMAT = "%Y-%m-%dT%H:%M:%S"
+
 
 class DueDateHandler:
     """
@@ -21,6 +24,19 @@ class DueDateHandler:
     1. Init.yaml timeline configurations per integration
     2. KEV (Known Exploited Vulnerabilities) dates from CISA
     3. Default severity-based timelines
+    4. Configurable past due date validation (noPastDueDates setting)
+
+    Configuration Options:
+    - Global setting: issues.noPastDueDates (default: true)
+    - Per-integration: issues.{integration_name}.noPastDueDates
+
+    When noPastDueDates=true (default):
+    - Due dates calculated in the past are automatically adjusted to future dates
+    - Prevents API validation errors for past due dates
+
+    When noPastDueDates=false:
+    - Original due dates are preserved, even if they're in the past
+    - Useful for historical data or when past dates are intentionally required
     """
 
     def __init__(self, integration_name: str, config: Optional[Dict[str, Any]] = None):
@@ -45,6 +61,9 @@ class DueDateHandler:
         # Load integration-specific timelines from config
         self.integration_timelines = self._load_integration_timelines()
 
+        # Load noPastDueDates setting (defaults to True)
+        self.no_past_due_dates = self._load_no_past_due_dates_setting()
+
     def _load_integration_timelines(self) -> Dict[regscale_models.IssueSeverity, int]:
         """
         Load timeline configurations for this integration from init.yaml
@@ -75,6 +94,37 @@ class DueDateHandler:
 
         return timelines
 
+    def _load_no_past_due_dates_setting(self) -> bool:
+        """
+        Load noPastDueDates setting for this integration from init.yaml
+
+        Configuration hierarchy:
+        1. Integration-specific setting: issues.{integration_name}.noPastDueDates
+        2. Global setting: issues.noPastDueDates
+        3. Default: True
+
+        :return: True if past due dates should be automatically adjusted to future dates
+        :rtype: bool
+        """
+        issues_config = self.config.get("issues", {})
+        integration_config = issues_config.get(self.integration_name, {})
+
+        # Check integration-specific setting first
+        if "noPastDueDates" in integration_config:
+            setting = integration_config["noPastDueDates"]
+            logger.debug(f"Using integration-specific noPastDueDates={setting} for {self.integration_name}")
+            return bool(setting)
+
+        # Fall back to global setting
+        if "noPastDueDates" in issues_config:
+            setting = issues_config["noPastDueDates"]
+            logger.debug(f"Using global noPastDueDates={setting} for {self.integration_name}")
+            return bool(setting)
+
+        # Default to True (prevent past due dates)
+        logger.debug(f"Using default noPastDueDates=True for {self.integration_name}")
+        return True
+
     def _get_kev_data(self) -> ThreadSafeDict:
         """
         Get KEV data from CISA, using cache if available
@@ -160,17 +210,26 @@ class DueDateHandler:
                     kev_date = date_parse(kev_due_date).date()
                     created_dt = date_parse(created_date).date()
 
-                    # If KEV due date is after creation date, use KEV date
+                    # If KEV due date is after creation date, use KEV date but ensure it's not in the past
                     # If KEV due date is before creation date, add the difference to creation date
                     if kev_date >= created_dt:
-                        logger.debug(f"Using KEV due date {kev_due_date} for CVE {cve}")
-                        return kev_due_date
+                        # Ensure KEV due date is not in the past
+                        kev_due_validated = self._ensure_future_due_date(
+                            kev_due_date, 30
+                        )  # Use 30 days as fallback for KEV
+                        logger.debug(f"Using KEV due date {kev_due_validated} for CVE {cve}")
+                        return kev_due_validated
                     else:
                         # KEV date has passed, calculate new due date from creation
                         days_diff = (created_dt - kev_date).days
                         # Give at least 30 days from creation for critical KEV items
                         adjusted_days = max(30, days_diff)
-                        due_date = date_str(get_day_increment(start=created_date, days=adjusted_days))
+                        calculated_due_date_obj = get_day_increment(start=created_date, days=adjusted_days)
+                        calculated_due_date = datetime.combine(calculated_due_date_obj, datetime.min.time()).strftime(
+                            DATETIME_FORMAT
+                        )
+                        # Ensure the adjusted due date is not in the past
+                        due_date = self._ensure_future_due_date(calculated_due_date, adjusted_days)
                         logger.debug(f"KEV date passed, using adjusted due date {due_date} for CVE {cve}")
                         return due_date
 
@@ -179,12 +238,64 @@ class DueDateHandler:
 
         # Fall back to severity-based timeline from integration config
         days = self.integration_timelines.get(severity, self.default_timelines[severity])
-        due_date = date_str(get_day_increment(start=created_date, days=days))
+        calculated_due_date_obj = get_day_increment(start=created_date, days=days)
+        calculated_due_date = datetime.combine(calculated_due_date_obj, datetime.min.time()).strftime(DATETIME_FORMAT)
+
+        # Ensure due date is never in the past (allow yesterday for timezone differences)
+        due_date = self._ensure_future_due_date(calculated_due_date, days)
 
         logger.debug(f"Using {self.integration_name} timeline: {severity.name} = {days} days, due date = {due_date}")
 
         return due_date
 
+    def _ensure_future_due_date(self, calculated_due_date: str, original_days: int) -> str:
+        """
+        Ensure the due date is not in the past. If it is, set it to today + original timeline days.
+        Behavior is controlled by the noPastDueDates configuration setting.
+
+        :param str calculated_due_date: The originally calculated due date
+        :param int original_days: The original number of days for this severity
+        :return: A due date that respects the noPastDueDates setting
+        :rtype: str
+        """
+        # If noPastDueDates is disabled, return the original date without validation
+        if not self.no_past_due_dates:
+            logger.debug(
+                f"noPastDueDates=False for {self.integration_name}, returning original due date: {calculated_due_date}"
+            )
+            return calculated_due_date
+
+        from dateutil.parser import parse as date_parse
+        from datetime import date
+
+        try:
+            calculated_date = date_parse(calculated_due_date).date()
+            today = date.today()
+
+            if calculated_date >= today:
+                return calculated_due_date
+            else:
+                # Due date is in the past, calculate new due date from today
+                # Use minimum 1 day to ensure it's always in the future
+                safe_days = max(1, original_days)
+                new_due_date_obj = get_day_increment(start=today, days=safe_days)
+                new_due_date = datetime.combine(new_due_date_obj, datetime.min.time()).strftime(DATETIME_FORMAT)
+                logger.debug(
+                    f"Due date {calculated_due_date} was in the past for {self.integration_name}. "
+                    f"Adjusted to {new_due_date} ({safe_days} days from today)."
+                )
+                return new_due_date
+
+        except Exception as e:
+            logger.warning(f"Failed to validate due date {calculated_due_date}: {e}")
+            # If we can't parse the date, return a safe fallback only if noPastDueDates is enabled
+            if self.no_past_due_dates:
+                safe_days = max(1, original_days)
+                fallback_due_date_obj = get_day_increment(start=date.today(), days=safe_days)
+                return datetime.combine(fallback_due_date_obj, datetime.min.time()).strftime(DATETIME_FORMAT)
+            else:
+                return calculated_due_date
+
     def get_integration_config(self) -> Dict[str, Any]:
         """
         Get the full integration configuration from init.yaml
@@ -205,6 +316,7 @@ class DueDateHandler:
         return {
             "integration_name": self.integration_name,
             "use_kev": self._should_use_kev(),
+            "no_past_due_dates": self.no_past_due_dates,
             "timelines": {severity.name: days for severity, days in self.integration_timelines.items()},
             "config_source": "init.yaml",
         }

regscale/integrations/scanner_integration.py

@@ -48,6 +48,31 @@ def get_thread_workers_max() -> int:
     return ScannerVariables.threadMaxWorkers
 
 
+def _create_config_override(
+    config: Optional[Dict[str, Dict]],
+    integration_name: str,
+    critical: Optional[int],
+    high: Optional[int],
+    moderate: Optional[int],
+    low: Optional[int],
+) -> Dict[str, Dict]:
+    """Create a config override for legacy parameter support."""
+    override_config = config.copy() if config else {}
+    if "issues" not in override_config:
+        override_config["issues"] = {}
+    if integration_name not in override_config["issues"]:
+        override_config["issues"][integration_name] = {}
+
+    integration_config = override_config["issues"][integration_name]
+    severity_params = {"critical": critical, "high": high, "moderate": moderate, "low": low}
+
+    for param_name, param_value in severity_params.items():
+        if param_value is not None:
+            integration_config[param_name] = param_value
+
+    return override_config
+
+
 def issue_due_date(
     severity: regscale_models.IssueSeverity,
     created_date: str,
@@ -61,6 +86,9 @@ def issue_due_date(
     """
     Calculate the due date for an issue based on its severity and creation date.
 
+    DEPRECATED: This function is kept for backward compatibility. New code should use DueDateHandler directly.
+    This function now uses DueDateHandler internally to ensure consistent behavior and proper validation.
+
     :param regscale_models.IssueSeverity severity: The severity of the issue.
     :param str created_date: The creation date of the issue.
     :param Optional[int] critical: Days until due for high severity issues.
@@ -72,40 +100,19 @@ def issue_due_date(
     :return: The due date for the issue.
     :rtype: str
     """
-    if critical is None:
-        critical = ScannerVariables.issueDueDates.get("critical", 30)
-    if high is None:
-        high = ScannerVariables.issueDueDates.get("high", 60)
-    if moderate is None:
-        moderate = ScannerVariables.issueDueDates.get("moderate", 120)
-    if low is None:
-        low = ScannerVariables.issueDueDates.get("low", 364)
-
-    if config is None:
-        config = {}
-
-    due_date_map = {
-        regscale_models.IssueSeverity.Critical: critical,
-        regscale_models.IssueSeverity.High: high,
-        regscale_models.IssueSeverity.Moderate: moderate,
-        regscale_models.IssueSeverity.Low: low,
-    }
-
-    if title and config:
-        # if title in a config key, use that key
-        issues_dict = config.get("issues", {})
-        matching_key = next((key.lower() for key in issues_dict if title.lower() in key.lower()), None)
-        if matching_key:
-            title_config = issues_dict.get(matching_key, {})
-            due_date_map = {
-                regscale_models.IssueSeverity.Critical: title_config.get("critical", critical),
-                regscale_models.IssueSeverity.High: title_config.get("high", high),
-                regscale_models.IssueSeverity.Moderate: title_config.get("moderate", moderate),
-                regscale_models.IssueSeverity.Low: title_config.get("low", low),
-            }
-
-    days = due_date_map.get(severity, low)
-    return date_str(get_day_increment(start=created_date, days=days))
+    integration_name = title or "default"
+
+    # Check if individual parameters need config override
+    if any(param is not None for param in [critical, high, moderate, low]):
+        config = _create_config_override(config, integration_name, critical, high, moderate, low)
+
+    due_date_handler = DueDateHandler(integration_name, config=config)
+    return due_date_handler.calculate_due_date(
+        severity=severity,
+        created_date=created_date,
+        cve=None,  # Legacy function doesn't have CVE parameter
+        title=title,
+    )
 
 
 class ManagedDefaultDict(Generic[K, V]):
@@ -2106,7 +2113,9 @@ class ScannerIntegration(ABC):
 
     def _set_issue_due_date(self, issue: regscale_models.Issue, finding: IntegrationFinding) -> None:
         """Set the due date for the issue using DueDateHandler."""
+        # Always calculate or validate due date to ensure it's not in the past
         if not finding.due_date:
+            # No due date set, calculate new one
             try:
                 base_created = finding.date_created or issue.dateCreated
                 finding.due_date = self.due_date_handler.calculate_due_date(
@@ -2125,6 +2134,12 @@ class ScannerIntegration(ABC):
                     cve=finding.cve,
                     title=finding.title or self.title,
                 )
+        else:
+            # Due date already exists, but validate it's not in the past (if noPastDueDates is enabled)
+            finding.due_date = self.due_date_handler._ensure_future_due_date(
+                finding.due_date, self.due_date_handler.integration_timelines.get(finding.severity, 60)
+            )
+
         issue.dueDate = finding.due_date
 
     def _set_additional_issue_fields(

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,54 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.09.11",
-    "dateReleased": "2025-09-11T17:00:46.0046Z",
-    "count": 1414,
+    "catalogVersion": "2025.09.25",
+    "dateReleased": "2025-09-25T16:17:38.0447Z",
+    "count": 1417,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-20362",
+            "vendorProject": "Cisco",
+            "product": "Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense",
+            "vulnerabilityName": "Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability",
+            "dateAdded": "2025-09-25",
+            "shortDescription": "Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a missing authorization vulnerability. This vulnerability could be chained with CVE-2025-20333.",
+            "requiredAction": "The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor\u2019s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.",
+            "dueDate": "2025-09-26",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/directives\/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices ; https:\/\/www.cisa.gov\/news-events\/directives\/supplemental-direction-ed-25-03-core-dump-and-hunt-instructions ; https:\/\/www.cisa.gov\/eviction-strategies-tool\/create-from-template ; https:\/\/sec.cloudapps.cisco.com\/security\/center\/resources\/asa_ftd_continued_attacks ;   https:\/\/sec.cloudapps.cisco.com\/security\/center\/private\/resources\/asa_ftd_continued_attacks#Details ; https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-asaftd-webvpn-YROOTUW ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-20362",
+            "cwes": [
+                "CWE-862"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-20333",
+            "vendorProject": "Cisco",
+            "product": "Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense",
+            "vulnerabilityName": "Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability",
+            "dateAdded": "2025-09-25",
+            "shortDescription": "Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a buffer overflow vulnerability that allows for remote code execution. This vulnerability could be chained with CVE-2025-20362.",
+            "requiredAction": "The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor\u2019s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.",
+            "dueDate": "2025-09-26",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/news-events\/directives\/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices ; https:\/\/www.cisa.gov\/news-events\/directives\/supplemental-direction-ed-25-03-core-dump-and-hunt-instructions ; https:\/\/www.cisa.gov\/eviction-strategies-tool\/create-from-template ; https:\/\/sec.cloudapps.cisco.com\/security\/center\/resources\/asa_ftd_continued_attacks ;    https:\/\/sec.cloudapps.cisco.com\/security\/center\/private\/resources\/asa_ftd_continued_attacks#Details ; https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-asaftd-webvpn-z5xP8EUB ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-20333",
+            "cwes": [
+                "CWE-120"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-10585",
+            "vendorProject": "Google",
+            "product": "Chromium V8",
+            "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability",
+            "dateAdded": "2025-09-23",
+            "shortDescription": "Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-14",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/chromereleases.googleblog.com\/2025\/09\/stable-channel-update-for-desktop_17.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-10585",
+            "cwes": [
+                "CWE-843"
+            ]
+        },
         {
             "cveID": "CVE-2025-5086",
             "vendorProject": "Dassault Syst\u00e8mes",