PyPI - regscale-cli - Versions diffs - 6.25.1.0__py3-none-any.whl → 6.26.0.0__py3-none-any.whl - Mend

regscale-cli 6.25.1.0py3-none-any.whl → 6.26.0.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of regscale-cli might be problematic. Click here for more details.

Files changed (80) hide show

regscale/_version.py CHANGED Viewed

@@ -33,7 +33,7 @@ def get_version_from_pyproject() -> str:
                     return match.group(1)
     except Exception:
         pass
-    return "6.25.1.0"  # fallback version
+    return "6.26.0.0"  # fallback version
 __version__ = get_version_from_pyproject()

regscale/airflow/hierarchy.py CHANGED Viewed

@@ -2,9 +2,9 @@
 from typing import Optional
-from regscale.regscale import cli
-from regscale.models.click_models import ClickCommand
 from regscale.airflow.click_mixins import AirflowClickGroup
+from regscale.models.click_models import ClickCommand
+from regscale.regscale import cli
 AIRFLOW_CLICK_GROUP = AirflowClickGroup.from_group(cli, prefix="regscale")
 AIRFLOW_CLICK_OPERATORS = AIRFLOW_CLICK_GROUP.flatten_operator()

regscale/core/app/application.py CHANGED Viewed

@@ -664,7 +664,8 @@ class Application(metaclass=Singleton):
     def save_config(self, conf: dict) -> None:
         """
-        Save Configuration to init.yaml
+        Save Configuration to init.yaml using atomic file operations to prevent corruption
+        during parallel writes.
         :param dict conf: Application configuration
         :rtype: None
@@ -681,8 +682,22 @@ class Application(metaclass=Singleton):
         try:
             self.logger.debug(f"Saving config to {self.config_file}.")
             with self._config_lock:
-                with open(self.config_file, "w", encoding="utf-8") as file:
-                    yaml.dump(conf, file)
+                # Use atomic file operations: write to temp file, then rename
+                # This prevents corruption when multiple processes write simultaneously
+                import tempfile
+                config_dir = os.path.dirname(self.config_file) or "."
+                temp_fd, temp_path = tempfile.mkstemp(dir=config_dir, prefix=".tmp_", suffix=".yaml", text=True)
+                try:
+                    with os.fdopen(temp_fd, "w", encoding="utf-8") as temp_file:
+                        yaml.dump(conf, temp_file)
+                    # Atomic rename - this is atomic on POSIX systems
+                    os.replace(temp_path, self.config_file)
+                except Exception:
+                    # Clean up temp file if something goes wrong
+                    with contextlib.suppress(OSError):
+                        os.unlink(temp_path)
+                    raise
         except OSError:
             self.logger.error(f"Could not save config to {self.config_file}.")

regscale/core/app/internal/login.py CHANGED Viewed

@@ -136,7 +136,6 @@ def login(
         logger.info("New RegScale Token has been updated and saved in init.yaml")
         # Truncate token for logging purposes
         logger.debug("Token: %s", regscale_auth.token[:20])
-    config["domain"] = host
     app.save_config(config)
     return regscale_auth.token

regscale/core/app/utils/catalog_utils/common.py CHANGED Viewed

@@ -87,5 +87,5 @@ def objective_to_control_dot(input_string: str) -> str:
     if match:
         return match.group(1)
     else:
-        logger.error(f"Failed to convert objective to control: {input_string}")
+        logger.debug(f"Failed to convert objective to control: {input_string}")
         return input_string

regscale/integrations/commercial/sicura/api.py CHANGED Viewed

@@ -356,7 +356,7 @@ class SicuraAPI:
         try:
             response = self._make_request(
                 "GET",
-                "/backend/api/jaeger/v1/nodes",
+                "/api/jaeger/v1/nodes",
                 params={
                     "verbose": "true",
                     "attributes": "platforms,scannable_profiles,most_recent_scan",
@@ -425,7 +425,7 @@ class SicuraAPI:
                 "scanAttributes": {"platform": platform, "profile": profile},
             }
-            result = self._make_request("POST", "/backend/api/jaeger/v1/tasks/", data=payload)
+            result = self._make_request("POST", "/api/jaeger/v1/tasks/", data=payload)
             if result:
                 logger.info(f"Successfully created scan task with ID: {result}")
@@ -448,7 +448,7 @@ class SicuraAPI:
         """
         try:
             response = self._make_request(
-                "GET", "/backend/api/jaeger/v1/jobs", params={"verbose": "true", self.FILTER_TASK_ID: task_id}
+                "GET", "/api/jaeger/v1/jobs", params={"verbose": "true", self.FILTER_TASK_ID: task_id}
             )
             # Handle 404 or empty response
@@ -503,7 +503,7 @@ class SicuraAPI:
             if profile:
                 params["profile"] = profile
-            response = self._make_request("GET", "/backend/api/jaeger/v1/nodes", params=params)
+            response = self._make_request("GET", "/api/jaeger/v1/nodes", params=params)
             # Handle 404 or empty response
             if not response or (isinstance(response, list) and not response):
@@ -524,16 +524,17 @@ class SicuraAPI:
                     return None  # Return None if no scans available
                 # Calculate summary stats
-                pass_count = sum(1 for scan in device.get("scans", []) if scan.get("result") == "pass")
-                fail_count = sum(1 for scan in device.get("scans", []) if scan.get("result") == "fail")
-                total_count = len(device.get("scans", []))
+                scan_results = device.get("scans", {}).get("results", [])
+                pass_count = sum(1 for scan in scan_results if scan.get("result") == "pass")
+                fail_count = sum(1 for scan in scan_results if scan.get("result") == "fail")
+                total_count = len(scan_results)
                 # Create the raw result data
                 result_data = {
                     "device_id": device.get("id"),
                     "fqdn": device.get("fqdn"),
                     "ip_address": device.get("ip_address"),
-                    "scans": device.get("scans", []),
+                    "scans": scan_results,
                     "summary": {
                         "total": total_count,
                         "pass": pass_count,
@@ -638,7 +639,7 @@ class SicuraAPI:
             if ip_address:
                 params[self.FILTER_IP_ADDRESS] = ip_address
-            response = self._make_request("GET", "/backend/api/jaeger/v1/node_templates/", params=params)
+            response = self._make_request("GET", "/api/jaeger/v1/node_templates/", params=params)
             # Handle 404 or empty response
             if not response or (isinstance(response, dict) and "detail" in response):
@@ -670,7 +671,7 @@ class SicuraAPI:
             # Use PUT method with the correct endpoint and payload
             result = self._make_request(
                 "PUT",
-                f"/backend/api/jaeger/v1/node_templates/{device_id}",
+                f"/api/jaeger/v1/node_templates/{device_id}",
                 params={"verbose": "true", "include_controls": "true", "action": "promote"},
             )
@@ -697,7 +698,7 @@ class SicuraAPI:
             # Use PUT method with the correct endpoint and payload
             result = self._make_request(
                 "PUT",
-                f"/backend/api/jaeger/v1/node_templates/{device_id}",
+                f"/api/jaeger/v1/node_templates/{device_id}",
                 params={"verbose": "true", "include_controls": "true", "action": "reject"},
             )
@@ -721,7 +722,7 @@ class SicuraAPI:
         :rtype: bool
         """
         try:
-            result = self._make_request("DELETE", f"/backend/api/jaeger/v1/nodes/{device_id}")
+            result = self._make_request("DELETE", f"/api/jaeger/v1/nodes/{device_id}")
             # For DELETE operations, an empty result typically indicates success
             if result is None or result == "" or (isinstance(result, dict) and not result):
@@ -854,7 +855,7 @@ class SicuraAPI:
         }
         logger.info(f"Creating enforcement task for device {device_id} with {len(ce_names)} CE names")
-        result = self._make_request("POST", "/backend/api/jaeger/v1/tasks/", data=payload)
+        result = self._make_request("POST", "/api/jaeger/v1/tasks/", data=payload)
         if result:
             logger.info(f"Successfully created enforcement task with ID: {result}")

regscale/integrations/commercial/sicura/commands.py CHANGED Viewed

@@ -46,7 +46,13 @@ def sync_assets(regscale_id: int):
 @sicura.command(name="sync_findings")
 @regscale_id(help="RegScale will create and update findings as children of this record.")
-def sync_findings(regscale_id: int):
+@click.option(
+    "--trigger_scan",
+    "-s",
+    is_flag=True,
+    help="Trigger a new scan on Sicura assets before syncing.",
+)
+def sync_findings(regscale_id: int, trigger_scan: bool):
     """
     Sync Sicura findings to RegScale.
@@ -60,7 +66,7 @@ def sync_findings(regscale_id: int):
         )
         # Using import_findings method which handles the synchronization
-        integration.sync_findings(plan_id=regscale_id)
+        integration.sync_findings(plan_id=regscale_id, trigger_scan=trigger_scan)
         logger.info("[bold green]Finding synchronization complete.")

regscale/integrations/commercial/sicura/scanner.py CHANGED Viewed

@@ -74,6 +74,10 @@ class SicuraIntegration(ScannerIntegration):
             logger.warning("No devices found in Sicura")
             return
+        if kwargs.pop("trigger_scan", False):
+            logger.info(f"Triggering scans on Sicura {len(devices)} devices...")
+            self.trigger_scans(devices)
         self.num_findings_to_process = 0
         findings_count = 0
@@ -206,7 +210,8 @@ class SicuraIntegration(ScannerIntegration):
                 mitigation=mitigation,
             )
-    def _extract_scan_data(self, scan: Any) -> dict:
+    @staticmethod
+    def _extract_scan_data(scan: Any) -> dict:
         """
         Extract scan data from the scan object
@@ -235,7 +240,8 @@ class SicuraIntegration(ScannerIntegration):
                 "controls": scan.controls if hasattr(scan, "controls") else {},
             }
-    def _extract_control_refs(self, controls: dict) -> tuple:
+    @staticmethod
+    def _extract_control_refs(controls: dict) -> tuple:
         """
         Extract CCI and SRG references from controls
@@ -353,8 +359,9 @@ class SicuraIntegration(ScannerIntegration):
             baseline=platform,
         )
+    @staticmethod
     def _create_results_text(
-        self, title, ce_name, result, description, state, state_reason, cci_ref, srg_refs, is_cci_finding
+        title, ce_name, result, description, state, state_reason, cci_ref, srg_refs, is_cci_finding
     ) -> str:
         """
         Create the results text for a finding
@@ -401,42 +408,6 @@ class SicuraIntegration(ScannerIntegration):
         :rtype: Iterator[IntegrationAsset]
         """
         logger.info("Fetching assets from Sicura...")
-        # Get all devices
-        pending_devices = self.api.get_pending_devices()
-        for pending_device in pending_devices:
-            print(f"Pending device: {pending_device}")
-            self.api.accept_pending_device(pending_device.id)
-            task_id = self.api.create_scan_task(
-                device_id=pending_device.id,
-                platform=pending_device.platform,
-                profile=SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED,
-            )
-            if task_id:
-                self.api.wait_for_scan_results(
-                    task_id=task_id,
-                    fqdn=pending_device.fqdn,
-                    platform=pending_device.platform,
-                    profile=SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED,
-                )
-            else:
-                logger.warning(f"Failed to create scan task for device {pending_device.fqdn}")
-                continue  # Continue to next device if creating scan task failed
-            task_id = self.api.create_scan_task(
-                device_id=pending_device.id, platform=pending_device.platform, profile=SicuraProfile.LEVEL_1_SERVER
-            )
-            if task_id:
-                self.api.wait_for_scan_results(
-                    task_id=task_id,
-                    fqdn=pending_device.fqdn,
-                    platform=pending_device.platform,
-                    profile=SicuraProfile.LEVEL_1_SERVER,
-                )
-            else:
-                logger.warning(f"Failed to create scan task for device {pending_device.fqdn}")
-                # No continue needed here as we're at the end of the loop iteration
         devices = self.api.get_devices()
         if not devices:
@@ -479,3 +450,42 @@ class SicuraIntegration(ScannerIntegration):
             )
             self.asset_progress.update(loading_devices, advance=1)
+    def trigger_and_wait_for_scan(self, device: Device) -> None:
+        """
+        Trigger a scan and wait for the results
+        :param Device device: The device to trigger a scan for
+        :return: None
+        """
+        task_id = self.api.create_scan_task(
+            device_id=device.id,
+            platform=device.platforms,
+            profile=SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED,
+        )
+        if task_id:
+            self.api.wait_for_scan_results(
+                task_id=task_id,
+                fqdn=device.fqdn,
+                platform=device.platforms,
+                profile=SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED,
+            )
+        else:
+            logger.warning(f"Failed to create scan task for device {device.fqdn}")
+    def trigger_scans(self, devices: list[Device]) -> None:
+        """
+        Trigger scans for a list of devices
+        :param list[Device] devices: The devices to trigger scans for
+        :return: None
+        """
+        if len(devices) > 1:
+            from regscale.utils.threading import ThreadManager
+            # use multithreading to trigger scans for multiple devices
+            thread_manager = ThreadManager(max_workers=10)
+            thread_manager.submit_tasks_from_list(self.trigger_and_wait_for_scan, devices)
+            thread_manager.execute_and_verify()
+        else:
+            self.trigger_and_wait_for_scan(devices[0])

regscale/integrations/commercial/stigv2/ckl_parser.py CHANGED Viewed

@@ -82,15 +82,15 @@ class STIGInfo(BaseModel):
     """Data model for STIG Information with optional and required attributes."""
     version: str
-    classification: str
+    classification: Optional[str] = None
     customname: Optional[str] = None
     stigid: str
     description: Optional[str] = None
     filename: Optional[str] = None
     releaseinfo: str
     title: str
-    uuid: str
-    notice: str
+    uuid: Optional[str] = None
+    notice: Optional[str] = None
     source: Optional[str] = None
@@ -115,10 +115,10 @@ class Vuln(BaseModel):
     check_content: Optional[str] = None
     fix_text: str
     check_content_ref: Optional[str] = None
-    weight: str
+    weight: Optional[str] = None
     stigref: Optional[str] = None
     targetkey: Optional[str] = None
-    stig_uuid: str
+    stig_uuid: Optional[str] = None
     vuln_discuss: Optional[str] = None
     ia_controls: Optional[str] = None
     class_: Optional[str] = None

regscale/integrations/commercial/wizv2/click.py CHANGED Viewed

@@ -45,7 +45,7 @@ def authenticate(client_id, client_secret):
     "--client_id",
     "-ci",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -53,7 +53,7 @@ def authenticate(client_id, client_secret):
     "--client_secret",
     "-cs",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -77,9 +77,9 @@ def inventory(
     """Process inventory from Wiz and create assets in RegScale."""
     from regscale.integrations.commercial.wizv2.scanner import WizVulnerabilityIntegration
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
     scanner = WizVulnerabilityIntegration(plan_id=regscale_ssp_id)
@@ -104,14 +104,14 @@ def inventory(
 @click.option(
     "--client_id",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
 @click.option(
     "--client_secret",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=True,
     required=False,
 )
@@ -140,9 +140,9 @@ def issues(
     from regscale.integrations.commercial.wizv2.issue import WizIssue
     import json
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
     check_license()
@@ -166,7 +166,7 @@ def issues(
     "--client_id",
     "-ci",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -174,7 +174,7 @@ def issues(
     "--client_secret",
     "-cs",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=True,
     required=False,
 )
@@ -194,9 +194,9 @@ def attach_sbom(
     from regscale.integrations.commercial.wizv2.wiz_auth import wiz_authenticate
     from regscale.integrations.commercial.wizv2.utils import fetch_sbom_report
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
     wiz_authenticate(
@@ -234,7 +234,7 @@ def threats():
     "--client_id",
     "-ci",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -242,7 +242,7 @@ def threats():
     "--client_secret",
     "-cs",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=True,
     required=False,
 )
@@ -266,9 +266,9 @@ def vulnerabilities(
     """Process vulnerabilities from Wiz"""
     from regscale.integrations.commercial.wizv2.scanner import WizVulnerabilityIntegration
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
     scanner = WizVulnerabilityIntegration(plan_id=regscale_ssp_id)
@@ -286,7 +286,7 @@ def vulnerabilities(
     "--client_id",
     "-ci",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -294,7 +294,7 @@ def vulnerabilities(
     "--client_secret",
     "-cs",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=True,
     required=False,
 )
@@ -314,9 +314,9 @@ def add_report_evidence(
     from regscale.integrations.commercial.wizv2.wiz_auth import wiz_authenticate
     from regscale.integrations.commercial.wizv2.utils import fetch_report_by_id
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
     wiz_authenticate(
@@ -346,7 +346,7 @@ def add_report_evidence(
     "--client_id",
     "-i",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -354,7 +354,7 @@ def add_report_evidence(
     "--client_secret",
     "-s",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=True,
     required=False,
 )
@@ -444,9 +444,9 @@ def sync_compliance(
         return
     # Use environment variables if not provided
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
     # Resolve framework ID using the enhanced framework resolution
@@ -582,9 +582,9 @@ def compliance_report(
     from regscale.integrations.commercial.wizv2.compliance_report import WizComplianceReportProcessor
     # Use environment variables if not provided
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
     # Create and run the compliance report processor

regscale-cli 6.25.1.0__py3-none-any.whl → 6.26.0.0__py3-none-any.whl

Potentially problematic release.

regscale-cli 6.25.1.0py3-none-any.whl → 6.26.0.0py3-none-any.whl