regscale-cli 6.25.0.1__py3-none-any.whl → 6.26.0.0__py3-none-any.whl

regscale/_version.py

@@ -33,7 +33,7 @@ def get_version_from_pyproject() -> str:
                     return match.group(1)
     except Exception:
         pass
-    return "6.25.0.1"  # fallback version
+    return "6.26.0.0"  # fallback version
 
 
 __version__ = get_version_from_pyproject()

regscale/airflow/hierarchy.py

@@ -2,9 +2,9 @@
 
 from typing import Optional
 
-from regscale.regscale import cli
-from regscale.models.click_models import ClickCommand
 from regscale.airflow.click_mixins import AirflowClickGroup
+from regscale.models.click_models import ClickCommand
+from regscale.regscale import cli
 
 AIRFLOW_CLICK_GROUP = AirflowClickGroup.from_group(cli, prefix="regscale")
 AIRFLOW_CLICK_OPERATORS = AIRFLOW_CLICK_GROUP.flatten_operator()

regscale/core/app/application.py

@@ -664,7 +664,8 @@ class Application(metaclass=Singleton):
 
     def save_config(self, conf: dict) -> None:
         """
-        Save Configuration to init.yaml
+        Save Configuration to init.yaml using atomic file operations to prevent corruption
+        during parallel writes.
 
         :param dict conf: Application configuration
         :rtype: None
@@ -681,8 +682,22 @@ class Application(metaclass=Singleton):
         try:
             self.logger.debug(f"Saving config to {self.config_file}.")
             with self._config_lock:
-                with open(self.config_file, "w", encoding="utf-8") as file:
-                    yaml.dump(conf, file)
+                # Use atomic file operations: write to temp file, then rename
+                # This prevents corruption when multiple processes write simultaneously
+                import tempfile
+
+                config_dir = os.path.dirname(self.config_file) or "."
+                temp_fd, temp_path = tempfile.mkstemp(dir=config_dir, prefix=".tmp_", suffix=".yaml", text=True)
+                try:
+                    with os.fdopen(temp_fd, "w", encoding="utf-8") as temp_file:
+                        yaml.dump(conf, temp_file)
+                    # Atomic rename - this is atomic on POSIX systems
+                    os.replace(temp_path, self.config_file)
+                except Exception:
+                    # Clean up temp file if something goes wrong
+                    with contextlib.suppress(OSError):
+                        os.unlink(temp_path)
+                    raise
         except OSError:
             self.logger.error(f"Could not save config to {self.config_file}.")
 

regscale/core/app/internal/login.py

@@ -136,7 +136,6 @@ def login(
         logger.info("New RegScale Token has been updated and saved in init.yaml")
         # Truncate token for logging purposes
         logger.debug("Token: %s", regscale_auth.token[:20])
-    config["domain"] = host
     app.save_config(config)
     return regscale_auth.token
 

regscale/core/app/utils/catalog_utils/common.py

@@ -87,5 +87,5 @@ def objective_to_control_dot(input_string: str) -> str:
     if match:
         return match.group(1)
     else:
-        logger.error(f"Failed to convert objective to control: {input_string}")
+        logger.debug(f"Failed to convert objective to control: {input_string}")
         return input_string

regscale/integrations/commercial/sicura/api.py

@@ -356,7 +356,7 @@ class SicuraAPI:
         try:
             response = self._make_request(
                 "GET",
-                "/backend/api/jaeger/v1/nodes",
+                "/api/jaeger/v1/nodes",
                 params={
                     "verbose": "true",
                     "attributes": "platforms,scannable_profiles,most_recent_scan",
@@ -425,7 +425,7 @@ class SicuraAPI:
                 "scanAttributes": {"platform": platform, "profile": profile},
             }
 
-            result = self._make_request("POST", "/backend/api/jaeger/v1/tasks/", data=payload)
+            result = self._make_request("POST", "/api/jaeger/v1/tasks/", data=payload)
 
             if result:
                 logger.info(f"Successfully created scan task with ID: {result}")
@@ -448,7 +448,7 @@ class SicuraAPI:
         """
         try:
             response = self._make_request(
-                "GET", "/backend/api/jaeger/v1/jobs", params={"verbose": "true", self.FILTER_TASK_ID: task_id}
+                "GET", "/api/jaeger/v1/jobs", params={"verbose": "true", self.FILTER_TASK_ID: task_id}
             )
 
             # Handle 404 or empty response
@@ -503,7 +503,7 @@ class SicuraAPI:
             if profile:
                 params["profile"] = profile
 
-            response = self._make_request("GET", "/backend/api/jaeger/v1/nodes", params=params)
+            response = self._make_request("GET", "/api/jaeger/v1/nodes", params=params)
 
             # Handle 404 or empty response
             if not response or (isinstance(response, list) and not response):
@@ -524,16 +524,17 @@ class SicuraAPI:
                     return None  # Return None if no scans available
 
                 # Calculate summary stats
-                pass_count = sum(1 for scan in device.get("scans", []) if scan.get("result") == "pass")
-                fail_count = sum(1 for scan in device.get("scans", []) if scan.get("result") == "fail")
-                total_count = len(device.get("scans", []))
+                scan_results = device.get("scans", {}).get("results", [])
+                pass_count = sum(1 for scan in scan_results if scan.get("result") == "pass")
+                fail_count = sum(1 for scan in scan_results if scan.get("result") == "fail")
+                total_count = len(scan_results)
 
                 # Create the raw result data
                 result_data = {
                     "device_id": device.get("id"),
                     "fqdn": device.get("fqdn"),
                     "ip_address": device.get("ip_address"),
-                    "scans": device.get("scans", []),
+                    "scans": scan_results,
                     "summary": {
                         "total": total_count,
                         "pass": pass_count,
@@ -638,7 +639,7 @@ class SicuraAPI:
             if ip_address:
                 params[self.FILTER_IP_ADDRESS] = ip_address
 
-            response = self._make_request("GET", "/backend/api/jaeger/v1/node_templates/", params=params)
+            response = self._make_request("GET", "/api/jaeger/v1/node_templates/", params=params)
 
             # Handle 404 or empty response
             if not response or (isinstance(response, dict) and "detail" in response):
@@ -670,7 +671,7 @@ class SicuraAPI:
             # Use PUT method with the correct endpoint and payload
             result = self._make_request(
                 "PUT",
-                f"/backend/api/jaeger/v1/node_templates/{device_id}",
+                f"/api/jaeger/v1/node_templates/{device_id}",
                 params={"verbose": "true", "include_controls": "true", "action": "promote"},
             )
 
@@ -697,7 +698,7 @@ class SicuraAPI:
             # Use PUT method with the correct endpoint and payload
             result = self._make_request(
                 "PUT",
-                f"/backend/api/jaeger/v1/node_templates/{device_id}",
+                f"/api/jaeger/v1/node_templates/{device_id}",
                 params={"verbose": "true", "include_controls": "true", "action": "reject"},
             )
 
@@ -721,7 +722,7 @@ class SicuraAPI:
         :rtype: bool
         """
         try:
-            result = self._make_request("DELETE", f"/backend/api/jaeger/v1/nodes/{device_id}")
+            result = self._make_request("DELETE", f"/api/jaeger/v1/nodes/{device_id}")
 
             # For DELETE operations, an empty result typically indicates success
             if result is None or result == "" or (isinstance(result, dict) and not result):
@@ -854,7 +855,7 @@ class SicuraAPI:
         }
 
         logger.info(f"Creating enforcement task for device {device_id} with {len(ce_names)} CE names")
-        result = self._make_request("POST", "/backend/api/jaeger/v1/tasks/", data=payload)
+        result = self._make_request("POST", "/api/jaeger/v1/tasks/", data=payload)
 
         if result:
             logger.info(f"Successfully created enforcement task with ID: {result}")

regscale/integrations/commercial/sicura/commands.py

@@ -46,7 +46,13 @@ def sync_assets(regscale_id: int):
 
 @sicura.command(name="sync_findings")
 @regscale_id(help="RegScale will create and update findings as children of this record.")
-def sync_findings(regscale_id: int):
+@click.option(
+    "--trigger_scan",
+    "-s",
+    is_flag=True,
+    help="Trigger a new scan on Sicura assets before syncing.",
+)
+def sync_findings(regscale_id: int, trigger_scan: bool):
     """
     Sync Sicura findings to RegScale.
 
@@ -60,7 +66,7 @@ def sync_findings(regscale_id: int):
         )
 
         # Using import_findings method which handles the synchronization
-        integration.sync_findings(plan_id=regscale_id)
+        integration.sync_findings(plan_id=regscale_id, trigger_scan=trigger_scan)
 
         logger.info("[bold green]Finding synchronization complete.")
 

regscale/integrations/commercial/sicura/scanner.py

@@ -74,6 +74,10 @@ class SicuraIntegration(ScannerIntegration):
             logger.warning("No devices found in Sicura")
             return
 
+        if kwargs.pop("trigger_scan", False):
+            logger.info(f"Triggering scans on Sicura {len(devices)} devices...")
+            self.trigger_scans(devices)
+
         self.num_findings_to_process = 0
         findings_count = 0
 
@@ -206,7 +210,8 @@ class SicuraIntegration(ScannerIntegration):
                 mitigation=mitigation,
             )
 
-    def _extract_scan_data(self, scan: Any) -> dict:
+    @staticmethod
+    def _extract_scan_data(scan: Any) -> dict:
         """
         Extract scan data from the scan object
 
@@ -235,7 +240,8 @@ class SicuraIntegration(ScannerIntegration):
                 "controls": scan.controls if hasattr(scan, "controls") else {},
             }
 
-    def _extract_control_refs(self, controls: dict) -> tuple:
+    @staticmethod
+    def _extract_control_refs(controls: dict) -> tuple:
         """
         Extract CCI and SRG references from controls
 
@@ -353,8 +359,9 @@ class SicuraIntegration(ScannerIntegration):
             baseline=platform,
         )
 
+    @staticmethod
     def _create_results_text(
-        self, title, ce_name, result, description, state, state_reason, cci_ref, srg_refs, is_cci_finding
+        title, ce_name, result, description, state, state_reason, cci_ref, srg_refs, is_cci_finding
     ) -> str:
         """
         Create the results text for a finding
@@ -401,42 +408,6 @@ class SicuraIntegration(ScannerIntegration):
         :rtype: Iterator[IntegrationAsset]
         """
         logger.info("Fetching assets from Sicura...")
-
-        # Get all devices
-        pending_devices = self.api.get_pending_devices()
-        for pending_device in pending_devices:
-            print(f"Pending device: {pending_device}")
-            self.api.accept_pending_device(pending_device.id)
-            task_id = self.api.create_scan_task(
-                device_id=pending_device.id,
-                platform=pending_device.platform,
-                profile=SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED,
-            )
-            if task_id:
-                self.api.wait_for_scan_results(
-                    task_id=task_id,
-                    fqdn=pending_device.fqdn,
-                    platform=pending_device.platform,
-                    profile=SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED,
-                )
-            else:
-                logger.warning(f"Failed to create scan task for device {pending_device.fqdn}")
-                continue  # Continue to next device if creating scan task failed
-
-            task_id = self.api.create_scan_task(
-                device_id=pending_device.id, platform=pending_device.platform, profile=SicuraProfile.LEVEL_1_SERVER
-            )
-            if task_id:
-                self.api.wait_for_scan_results(
-                    task_id=task_id,
-                    fqdn=pending_device.fqdn,
-                    platform=pending_device.platform,
-                    profile=SicuraProfile.LEVEL_1_SERVER,
-                )
-            else:
-                logger.warning(f"Failed to create scan task for device {pending_device.fqdn}")
-                # No continue needed here as we're at the end of the loop iteration
-
         devices = self.api.get_devices()
 
         if not devices:
@@ -479,3 +450,42 @@ class SicuraIntegration(ScannerIntegration):
             )
 
             self.asset_progress.update(loading_devices, advance=1)
+
+    def trigger_and_wait_for_scan(self, device: Device) -> None:
+        """
+        Trigger a scan and wait for the results
+
+        :param Device device: The device to trigger a scan for
+        :return: None
+        """
+        task_id = self.api.create_scan_task(
+            device_id=device.id,
+            platform=device.platforms,
+            profile=SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED,
+        )
+        if task_id:
+            self.api.wait_for_scan_results(
+                task_id=task_id,
+                fqdn=device.fqdn,
+                platform=device.platforms,
+                profile=SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED,
+            )
+        else:
+            logger.warning(f"Failed to create scan task for device {device.fqdn}")
+
+    def trigger_scans(self, devices: list[Device]) -> None:
+        """
+        Trigger scans for a list of devices
+
+        :param list[Device] devices: The devices to trigger scans for
+        :return: None
+        """
+        if len(devices) > 1:
+            from regscale.utils.threading import ThreadManager
+
+            # use multithreading to trigger scans for multiple devices
+            thread_manager = ThreadManager(max_workers=10)
+            thread_manager.submit_tasks_from_list(self.trigger_and_wait_for_scan, devices)
+            thread_manager.execute_and_verify()
+        else:
+            self.trigger_and_wait_for_scan(devices[0])

regscale/integrations/commercial/stigv2/ckl_parser.py

@@ -82,15 +82,15 @@ class STIGInfo(BaseModel):
     """Data model for STIG Information with optional and required attributes."""
 
     version: str
-    classification: str
+    classification: Optional[str] = None
     customname: Optional[str] = None
     stigid: str
     description: Optional[str] = None
     filename: Optional[str] = None
     releaseinfo: str
     title: str
-    uuid: str
-    notice: str
+    uuid: Optional[str] = None
+    notice: Optional[str] = None
     source: Optional[str] = None
 
 
@@ -115,10 +115,10 @@ class Vuln(BaseModel):
     check_content: Optional[str] = None
     fix_text: str
     check_content_ref: Optional[str] = None
-    weight: str
+    weight: Optional[str] = None
     stigref: Optional[str] = None
     targetkey: Optional[str] = None
-    stig_uuid: str
+    stig_uuid: Optional[str] = None
     vuln_discuss: Optional[str] = None
     ia_controls: Optional[str] = None
     class_: Optional[str] = None

regscale/integrations/commercial/synqly/assets.py

@@ -97,6 +97,23 @@ def sync_crowdstrike(regscale_ssp_id: int, filter: str, url: str) -> None:
     assets_crowdstrike.run_sync(regscale_ssp_id=regscale_ssp_id, filter=filter.split(";") if filter else [], url=url)
 
 
+@assets.command(name="sync_ivanti_neurons")
+@regscale_ssp_id()
+@click.option(
+    "--filter",
+    help='STRING: Apply filters to the query. Can be a single filter "field[operator]value" or semicolon-separated filters "field1[op]value1;field2[op]value2"',
+    required=False,
+    type=str,
+    default=None,
+)
+def sync_ivanti_neurons(regscale_ssp_id: int, filter: str) -> None:
+    """Sync Assets from Ivanti Neurons to RegScale."""
+    from regscale.models.integration_models.synqly_models.connectors import Assets
+
+    assets_ivanti_neurons = Assets("ivanti_neurons")
+    assets_ivanti_neurons.run_sync(regscale_ssp_id=regscale_ssp_id, filter=filter.split(";") if filter else [])
+
+
 @assets.command(name="sync_nozomi_vantage")
 @regscale_ssp_id()
 @click.option(

regscale/integrations/commercial/wizv2/click.py

@@ -45,7 +45,7 @@ def authenticate(client_id, client_secret):
     "--client_id",
     "-ci",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -53,7 +53,7 @@ def authenticate(client_id, client_secret):
     "--client_secret",
     "-cs",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -77,9 +77,9 @@ def inventory(
     """Process inventory from Wiz and create assets in RegScale."""
     from regscale.integrations.commercial.wizv2.scanner import WizVulnerabilityIntegration
 
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
 
     scanner = WizVulnerabilityIntegration(plan_id=regscale_ssp_id)
@@ -104,14 +104,14 @@ def inventory(
 @click.option(
     "--client_id",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
 @click.option(
     "--client_secret",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=True,
     required=False,
 )
@@ -140,9 +140,9 @@ def issues(
     from regscale.integrations.commercial.wizv2.issue import WizIssue
     import json
 
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
 
     check_license()
@@ -166,7 +166,7 @@ def issues(
     "--client_id",
     "-ci",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -174,7 +174,7 @@ def issues(
     "--client_secret",
     "-cs",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=True,
     required=False,
 )
@@ -194,9 +194,9 @@ def attach_sbom(
     from regscale.integrations.commercial.wizv2.wiz_auth import wiz_authenticate
     from regscale.integrations.commercial.wizv2.utils import fetch_sbom_report
 
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
 
     wiz_authenticate(
@@ -234,7 +234,7 @@ def threats():
     "--client_id",
     "-ci",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -242,7 +242,7 @@ def threats():
     "--client_secret",
     "-cs",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=True,
     required=False,
 )
@@ -266,9 +266,9 @@ def vulnerabilities(
     """Process vulnerabilities from Wiz"""
     from regscale.integrations.commercial.wizv2.scanner import WizVulnerabilityIntegration
 
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
 
     scanner = WizVulnerabilityIntegration(plan_id=regscale_ssp_id)
@@ -286,7 +286,7 @@ def vulnerabilities(
     "--client_id",
     "-ci",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -294,7 +294,7 @@ def vulnerabilities(
     "--client_secret",
     "-cs",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=True,
     required=False,
 )
@@ -314,9 +314,9 @@ def add_report_evidence(
     from regscale.integrations.commercial.wizv2.wiz_auth import wiz_authenticate
     from regscale.integrations.commercial.wizv2.utils import fetch_report_by_id
 
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
 
     wiz_authenticate(
@@ -346,7 +346,7 @@ def add_report_evidence(
     "--client_id",
     "-i",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -354,7 +354,7 @@ def add_report_evidence(
     "--client_secret",
     "-s",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=True,
     required=False,
 )
@@ -444,9 +444,9 @@ def sync_compliance(
         return
 
     # Use environment variables if not provided
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
 
     # Resolve framework ID using the enhanced framework resolution
@@ -582,9 +582,9 @@ def compliance_report(
     from regscale.integrations.commercial.wizv2.compliance_report import WizComplianceReportProcessor
 
     # Use environment variables if not provided
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
 
     # Create and run the compliance report processor