PyPI - regscale-cli - Versions diffs - 6.25.0.1__py3-none-any.whl → 6.26.0.0__py3-none-any.whl - Mend

regscale-cli 6.25.0.1py3-none-any.whl → 6.26.0.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of regscale-cli might be problematic. Click here for more details.

Files changed (84) hide show

regscale/integrations/commercial/wizv2/compliance_report.py CHANGED Viewed

@@ -17,8 +17,10 @@ from regscale.integrations.commercial.wizv2.reports import WizReportManager
 from regscale.integrations.commercial.wizv2.variables import WizVariables
 from regscale.integrations.commercial.wizv2.wiz_auth import wiz_authenticate
 from regscale.integrations.compliance_integration import ComplianceIntegration, ComplianceItem
+from regscale.integrations.control_matcher import ControlMatcher
 from regscale.models import regscale_models
-from regscale.models.regscale_models.control_implementation import ControlImplementation, ControlImplementationStatus
+from regscale.models.regscale_models.control_implementation import ControlImplementation
+from regscale.models.regscale_models.issue import IssueIdentification
 logger = logging.getLogger("regscale")
@@ -135,7 +137,12 @@ class WizComplianceReportItem(ComplianceItem):
     def _format_control_id(self, base_control: str, enhancement: str) -> str:
         """Format control ID with optional enhancement."""
         if enhancement:
-            return f"{base_control}({enhancement})"
+            # Normalize enhancement number to remove leading zeros
+            try:
+                normalized_enhancement = str(int(enhancement))
+            except ValueError:
+                normalized_enhancement = enhancement
+            return f"{base_control}({normalized_enhancement})"
         else:
             return base_control
@@ -277,6 +284,10 @@ class WizComplianceReportProcessor(ComplianceIntegration):
         self.report_manager = WizReportManager(WizVariables.wizUrl, access_token)
+        # Initialize control matcher for robust control ID matching (inherited from parent but ensure it's set)
+        if not hasattr(self, "_control_matcher"):
+            self._control_matcher = ControlMatcher()
     def parse_csv_report(self, file_path: str) -> List[WizComplianceReportItem]:
         """
         Parse CSV compliance report.
@@ -783,7 +794,7 @@ class WizComplianceReportProcessor(ComplianceIntegration):
         """
         try:
             # Filter for compliance reports for this specific project
-            filter_by = {"project": [self.wiz_project_id], "type": ["COMPLIANCE_ASSESSMENTS"]}
+            filter_by = {"projectId": [self.wiz_project_id], "type": ["COMPLIANCE_ASSESSMENTS"]}
             logger.debug(f"Searching for existing compliance reports with filter: {filter_by}")
             reports = self.report_manager.list_reports(filter_by=filter_by)
@@ -876,76 +887,66 @@ class WizComplianceReportProcessor(ComplianceIntegration):
         """
         Update passing controls to 'Implemented' status in RegScale.
+        Uses ControlMatcher for robust control ID matching with leading zero normalization.
         :param list[str] passing_control_ids: List of control IDs that passed
         """
         if not passing_control_ids:
             return
-        # Initialize Application for control implementation updates
-        # app = Application()  # Will be used through self.app
         try:
-            # Use the existing method that works for getting control name to implementation ID mapping
-            control_impl_map = ControlImplementation.get_control_label_map_by_parent(
-                parent_id=self.plan_id, parent_module=self.parent_module
-            )
-            logger.debug(
-                f"Built control implementation map with {len(control_impl_map)} entries using get_control_label_map_by_parent"
-            )
-            if control_impl_map:
-                sample_keys = list(control_impl_map.keys())[:10]
-                logger.debug(f"Sample control names in map: {sample_keys}")
             logger.debug(f"Looking for passing control IDs: {passing_control_ids}")
             # Prepare batch updates for passing controls
             implementations_to_update = []
-            # Debug: Show what keys are actually in the control_impl_map
-            if control_impl_map:
-                logger.debug(f"Control implementation map keys: {list(control_impl_map.keys())[:20]}")
+            controls_not_found = []
             for control_id in passing_control_ids:
-                control_id_lower = control_id.lower()
-                logger.debug(f"Looking for control '{control_id_lower}' in implementation map")
-                if control_id_lower in control_impl_map:
-                    impl_id = control_impl_map[control_id_lower]
-                    logger.debug(f"Found matching implementation for '{control_id_lower}': {impl_id}")
-                    # Get the ControlImplementation object
-                    impl = ControlImplementation.get_object(object_id=impl_id)
-                    if impl:
-                        # Update status using compliance settings
-                        new_status = self._get_implementation_status_from_result("Pass")
-                        logger.debug(f"Setting control {control_id} status from 'Pass' result to: {new_status}")
-                        impl.status = new_status
-                        impl.dateLastAssessed = get_current_datetime()
-                        impl.lastAssessmentResult = "Pass"
-                        impl.bStatusImplemented = True
-                        # Ensure required fields are set if empty
-                        if not impl.responsibility:
-                            impl.responsibility = ControlImplementation.get_default_responsibility(
-                                parent_id=impl.parentId
-                            )
-                            logger.debug(
-                                f"Setting default responsibility for control {control_id}: {impl.responsibility}"
-                            )
-                        if not impl.implementation:
-                            impl.implementation = f"Implementation details for {control_id} will be documented."
-                            logger.debug(f"Setting default implementation statement for control {control_id}")
-                        # Set audit fields if available
-                        user_id = self.app.config.get("userId")
-                        if user_id:
-                            impl.lastUpdatedById = user_id
-                            impl.dateLastUpdated = get_current_datetime()
-                        implementations_to_update.append(impl.dict())
-                        logger.info(f"Marking control {control_id} as {new_status}")
+                # Use ControlMatcher to find implementation with robust control ID matching
+                impl = self._control_matcher.find_control_implementation(
+                    control_id=control_id, parent_id=self.plan_id, parent_module=self.parent_module
+                )
+                if impl:
+                    logger.debug(f"Found matching implementation for '{control_id}': {impl.id}")
+                    # Update status using compliance settings
+                    new_status = self._get_implementation_status_from_result("Pass")
+                    logger.debug(f"Setting control {control_id} status from 'Pass' result to: {new_status}")
+                    impl.status = new_status
+                    impl.dateLastAssessed = get_current_datetime()
+                    impl.lastAssessmentResult = "Pass"
+                    impl.bStatusImplemented = True
+                    # Ensure required fields are set if empty
+                    if not impl.responsibility:
+                        impl.responsibility = ControlImplementation.get_default_responsibility(parent_id=impl.parentId)
+                        logger.debug(f"Setting default responsibility for control {control_id}: {impl.responsibility}")
+                    if not impl.implementation:
+                        impl.implementation = f"Implementation details for {control_id} will be documented."
+                        logger.debug(f"Setting default implementation statement for control {control_id}")
+                    # Set audit fields if available
+                    user_id = self.app.config.get("userId")
+                    if user_id:
+                        impl.lastUpdatedById = user_id
+                        impl.dateLastUpdated = get_current_datetime()
+                    implementations_to_update.append(impl.dict())
+                    logger.info(f"Marking control {control_id} as {new_status}")
+                else:
+                    logger.debug(f"Control '{control_id}' not found in implementation map")
+                    controls_not_found.append(control_id)
+            # Log summary
+            if controls_not_found:
+                logger.info(f"Passing control IDs not found in plan: {', '.join(sorted(controls_not_found))}")
+            logger.info(
+                f"Control implementation status update summary: {len(implementations_to_update)} found, "
+                f"{len(controls_not_found)} not in plan"
+            )
             # Batch update all implementations
             if implementations_to_update:
@@ -957,104 +958,47 @@ class WizComplianceReportProcessor(ComplianceIntegration):
         except Exception as e:
             logger.error(f"Error updating control implementation status: {e}")
-    def _update_failing_controls_to_in_remediation(self, control_ids: List[str]) -> None:
-        """
-        Update control implementation status to In Remediation for failing controls.
-        :param List[str] control_ids: List of control IDs that are failing
-        :return: None
-        :rtype: None
+    def _prepare_failing_control_update(self, control_id: str) -> Optional[dict]:
         """
-        if not control_ids:
-            return
-        try:
-            control_impl_map = self._get_control_implementation_map()
-            if not control_impl_map:
-                return
-            implementations_to_update, controls_not_found = self._process_failing_control_ids(
-                control_ids, control_impl_map
-            )
-            self._log_update_summary(implementations_to_update, controls_not_found)
-            self._batch_update_implementations(implementations_to_update)
-        except Exception as e:
-            logger.error(f"Error updating failing control implementation status: {e}")
-    def _get_control_implementation_map(self) -> dict:
-        """Get control implementation map and validate it exists."""
-        control_impl_map = ControlImplementation.get_control_label_map_by_parent(
-            parent_id=self.plan_id, parent_module=self.parent_module
-        )
-        if not control_impl_map:
-            logger.warning("No control implementation mapping found for security plan")
-            return {}
+        Prepare a single failing control for update.
-        logger.debug(f"Control implementation map contains {len(control_impl_map)} entries")
-        return control_impl_map
-    def _process_failing_control_ids(self, control_ids: List[str], control_impl_map: dict) -> tuple[list, list]:
-        """Process failing control IDs and return implementations to update and controls not found."""
-        logger.debug(f"Looking for failing control IDs: {control_ids}")
-        implementations_to_update = []
-        controls_not_found = []
-        # Debug: Show what keys are actually in the control_impl_map for comparison
-        if control_impl_map:
-            logger.debug(f"Control implementation map keys (first 20): {list(control_impl_map.keys())[:20]}")
-        for control_id in control_ids:
-            control_id_normalized = control_id.lower()
-            logger.debug(f"Looking for control '{control_id_normalized}' in implementation map")
-            if control_id_normalized in control_impl_map:
-                impl = self._update_single_control_implementation(
-                    control_id, control_id_normalized, control_impl_map[control_id_normalized]
-                )
-                if impl:
-                    implementations_to_update.append(impl)
-                else:
-                    controls_not_found.append(control_id)
-            else:
-                logger.debug(f"Control '{control_id_normalized}' not found in implementation map")
-                controls_not_found.append(control_id)
-        return implementations_to_update, controls_not_found
-    def _update_single_control_implementation(
-        self, control_id: str, control_id_normalized: str, impl_id: int
-    ) -> Optional[dict]:
-        """Update a single control implementation to In Remediation status.
-        :param str control_id: ID of the control to update
-        :param str control_id_normalized: ID of the control to update
-        :param int impl_id: ID of the implementation to update
-        :return: Updated implementation status if implementation exists
+        :param str control_id: Control ID to update
+        :return: Dictionary representation of updated implementation, or None if not found
         :rtype: Optional[dict]
         """
-        from regscale.core.app.utils.app_utils import get_current_datetime
-        from regscale.models.regscale_models import ControlImplementationStatus
-        logger.debug(f"Found matching implementation for '{control_id_normalized}': {impl_id}")
+        impl = self._control_matcher.find_control_implementation(
+            control_id=control_id, parent_id=self.plan_id, parent_module=self.parent_module
+        )
-        impl = ControlImplementation.get_object(object_id=impl_id)
         if not impl:
-            logger.warning(f"Could not retrieve implementation object for ID {impl_id}")
+            logger.debug(f"Control '{control_id}' not found in implementation map")
             return None
-        # Update status using compliance settings
+        logger.debug(f"Found matching implementation for '{control_id}': {impl.id}")
         new_status = self._get_implementation_status_from_result("Fail")
         logger.debug(f"Setting control {control_id} status from 'Fail' result to: {new_status}")
         impl.status = new_status
         impl.dateLastAssessed = get_current_datetime()
         impl.lastAssessmentResult = "Fail"
         impl.bStatusImplemented = False
-        # Ensure required fields are set if empty
+        self._set_default_fields_if_empty(impl, control_id)
+        self._set_audit_fields(impl)
+        logger.info(f"Marking control {control_id} as {new_status}")
+        return impl.dict()
+    def _set_default_fields_if_empty(self, impl: ControlImplementation, control_id: str) -> None:
+        """
+        Set default values for required fields if they are empty.
+        :param ControlImplementation impl: Implementation to update
+        :param str control_id: Control ID for logging
+        :return: None
+        :rtype: None
+        """
         if not impl.responsibility:
             impl.responsibility = ControlImplementation.get_default_responsibility(parent_id=impl.parentId)
             logger.debug(f"Setting default responsibility for control {control_id}: {impl.responsibility}")
@@ -1063,27 +1007,76 @@ class WizComplianceReportProcessor(ComplianceIntegration):
             impl.implementation = f"Implementation details for {control_id} will be documented."
             logger.debug(f"Setting default implementation statement for control {control_id}")
-        # Set audit fields if available
+    def _set_audit_fields(self, impl: ControlImplementation) -> None:
+        """
+        Set audit fields on implementation if user ID is available.
+        :param ControlImplementation impl: Implementation to update
+        :return: None
+        :rtype: None
+        """
         user_id = self.app.config.get("userId")
         if user_id:
             impl.lastUpdatedById = user_id
             impl.dateLastUpdated = get_current_datetime()
-        logger.info(f"Marking control {control_id} as {new_status}")
-        return impl.dict()
+    def _update_failing_controls_to_in_remediation(self, control_ids: List[str]) -> None:
+        """
+        Update control implementation status to In Remediation for failing controls.
+        Uses ControlMatcher for robust control ID matching with leading zero normalization.
+        :param List[str] control_ids: List of control IDs that are failing
+        :return: None
+        :rtype: None
+        """
+        if not control_ids:
+            return
-    def _log_update_summary(self, implementations_to_update: list, controls_not_found: list) -> None:
-        """Log summary of control implementation updates."""
+        try:
+            logger.debug(f"Looking for failing control IDs: {control_ids}")
+            implementations_to_update = []
+            controls_not_found = []
+            for control_id in control_ids:
+                impl_dict = self._prepare_failing_control_update(control_id)
+                if impl_dict:
+                    implementations_to_update.append(impl_dict)
+                else:
+                    controls_not_found.append(control_id)
+            self._log_update_summary(controls_not_found, implementations_to_update)
+            self._batch_update_implementations(implementations_to_update)
+        except Exception as e:
+            logger.error(f"Error updating failing control implementation status: {e}")
+    def _log_update_summary(self, controls_not_found: List[str], implementations_to_update: List[dict]) -> None:
+        """
+        Log summary of control update operation.
+        :param List[str] controls_not_found: List of controls not found
+        :param List[dict] implementations_to_update: List of implementations to update
+        :return: None
+        :rtype: None
+        """
         if controls_not_found:
-            skipped_list = ", ".join(controls_not_found[:5])
-            more_indicator = "..." if len(controls_not_found) > 5 else ""
-            logger.info(
-                f"Control implementation status update summary: {len(implementations_to_update)} found, "
-                f"{len(controls_not_found)} not in plan (skipped: {skipped_list}{more_indicator})"
-            )
+            logger.info(f"Control IDs not found in plan: {', '.join(sorted(controls_not_found))}")
+        logger.info(
+            f"Control implementation status update summary: {len(implementations_to_update)} found, "
+            f"{len(controls_not_found)} not in plan"
+        )
+    def _batch_update_implementations(self, implementations_to_update: List[dict]) -> None:
+        """
+        Perform batch update of control implementations.
-    def _batch_update_implementations(self, implementations_to_update: list) -> None:
-        """Perform batch update of control implementations."""
+        :param List[dict] implementations_to_update: List of implementations to update
+        :return: None
+        :rtype: None
+        """
         if implementations_to_update:
             ControlImplementation.put_batch_implementation(self.app, implementations_to_update)
             logger.debug(f"Updated {len(implementations_to_update)} Control Implementations, Successfully!")
@@ -1551,6 +1544,7 @@ class WizComplianceReportProcessor(ComplianceIntegration):
             rule_id=control_id,
             baseline=representative_item.framework,
             affected_controls=control_id,
+            identification=IssueIdentification.SecurityControlAssessment.value,
         )
     def _create_finding_from_compliance_item(self, compliance_item: ComplianceItem) -> Optional[Any]:
@@ -1587,6 +1581,7 @@ class WizComplianceReportProcessor(ComplianceIntegration):
                 rule_id=compliance_item.control_id,
                 baseline=compliance_item.framework,
                 affected_controls=compliance_item.affected_controls,  # Use our property with all control IDs
+                identification=IssueIdentification.SecurityControlAssessment.value,
             )
             return finding

regscale/integrations/commercial/wizv2/constants.py CHANGED Viewed

@@ -1171,85 +1171,24 @@ fragment SecuritySubCategoryDetails on SecuritySubCategory {
 }
 """
 DATA_FINDING_QUERY = """
-query DataFindingsGroupedByValueTable($groupBy: DataFindingsGroupedByValueField!, $after: String, $first: Int, $filterBy: DataFindingFilters, $orderBy: DataFindingsGroupedByValueOrder) {
-  dataFindingsGroupedByValue(
-    groupBy: $groupBy
+query DataFindingsTable($after: String, $first: Int, $filterBy: DataFindingFiltersV2, $orderBy: DataFindingOrder, $fetchTotalCount: Boolean = true) {
+  dataFindingsV2(
     filterBy: $filterBy
     first: $first
     after: $after
     orderBy: $orderBy
   ) {
     nodes {
-      categories
-      location {
-        countryCode
-        state
-      }
-      regionCount
-      graphEntityCount
-      graphEntity {
-        id
-        name
-        type
-        properties
-        projects {
-          id
-          name
-          slug
-          isFolder
-        }
-        issues(filterBy: {status: [OPEN, IN_PROGRESS]}) {
-          criticalSeverityCount
-          highSeverityCount
-          mediumSeverityCount
-          lowSeverityCount
-          informationalSeverityCount
-        }
-      }
-      cloudAccount {
-        id
-        name
-        externalId
-        cloudProvider
-      }
-      dataClassifiers {
-        id
-        name
-        category
-        matcherType
-        severity
-      }
-      securitySubCategories {
-        id
-        title
-        externalId
-        description
-        category {
-          id
-          name
-          description
-          framework {
-            id
-            name
-            description
-            enabled
-          }
-        }
-      }
-      findingsCount
-      dataFindings(first: 5) {
-        nodes {
-          ...DataFindingDetails
-        }
-      }
+      ...DataFindingDetails
     }
     pageInfo {
       hasNextPage
       endCursor
     }
-    totalCount
+    totalCount @include(if: $fetchTotalCount)
   }
 }
 fragment DataFindingDetails on DataFinding {
   id
   name
@@ -1257,10 +1196,10 @@ fragment DataFindingDetails on DataFinding {
     id
     name
     category
+    isTenantSpecific
     securitySubCategories {
       id
       title
-      externalId
       description
       category {
         id
@@ -1286,8 +1225,12 @@ fragment DataFindingDetails on DataFinding {
     state
   }
   severity
+  status
   totalMatchCount
   uniqueMatchCount
+  maxUniqueMatchesReached
+  uniqueLocationsCount
+  isEntityPublic
   graphEntity {
     id
     name
@@ -1301,6 +1244,12 @@ fragment DataFindingDetails on DataFinding {
     }
   }
   externalSource
+  details {
+    applicationServices {
+      id
+      displayName
+    }
+  }
 }
 """
@@ -1387,14 +1336,14 @@ def get_wiz_vulnerability_queries(project_id: str, filter_by: Optional[dict] = N
         {
             "type": WizVulnerabilityType.DATA_FINDING,
             "query": DATA_FINDING_QUERY,
-            "topic_key": "dataFindingsGroupedByValue",
+            "topic_key": "dataFindingsV2",
             "file_path": DATA_FINDINGS_FILE_PATH,
-            "asset_lookup": "resource",
+            "asset_lookup": "graphEntity",
             "variables": {
                 "first": 200,
+                "fetchTotalCount": True,
                 "filterBy": {"projectId": [project_id]},
-                "orderBy": {"field": "FINDING_COUNT", "direction": "DESC"},
-                "groupBy": "GRAPH_ENTITY",
+                "orderBy": {"field": "TOTAL_MATCHES", "direction": "DESC"},
             },
         },
         {

regscale/integrations/commercial/wizv2/scanner.py CHANGED Viewed

@@ -1940,10 +1940,9 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         else:
             logger.info("File %s does not exist. Fetching new data...", file_path)
-        self.authenticate(WizVariables.wizClientId, WizVariables.wizClientSecret)
+        # Ensure we have a valid token (should already be set by caller)
         if not self.wiz_token:
-            error_and_exit("Wiz token is not set. Please authenticate first.")
+            error_and_exit("Wiz token is not set. Please authenticate before calling fetch_wiz_data_if_needed.")
         nodes = fetch_wiz_data(
             query=query,
@@ -1952,6 +1951,7 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             token=self.wiz_token,
             topic_key=topic_key,
         )
         with open(file_path, "w", encoding="utf-8") as file:
             json.dump(nodes, file)

regscale-cli 6.25.0.1__py3-none-any.whl → 6.26.0.0__py3-none-any.whl

Potentially problematic release.

regscale-cli 6.25.0.1py3-none-any.whl → 6.26.0.0py3-none-any.whl