PyPI - regscale-cli - Versions diffs - 6.25.1.0__py3-none-any.whl → 6.26.0.0__py3-none-any.whl - Mend

regscale-cli 6.25.1.0py3-none-any.whl → 6.26.0.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of regscale-cli might be problematic. Click here for more details.

Files changed (80) hide show

tests/regscale/integrations/commercial/test_sonarcloud.py ADDED Viewed

@@ -0,0 +1,394 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""
+Test for sonarcloud code scan integration in RegScale CLI
+"""
+from unittest.mock import MagicMock, patch
+import pytest
+import requests
+from tests import CLITestFixture
+from regscale.integrations.commercial.sonarcloud import (
+    build_data,
+    create_alert_assessment,
+    create_alert_issues,
+    get_sonarcloud_results,
+    build_dataframes,
+)
+class TestSonarcloud(CLITestFixture):
+    """
+    Test for sonarcloud integration
+    """
+    @pytest.fixture
+    def sample_vulnerability_data(self):
+        """Fixture providing sample vulnerability data for multiple tests"""
+        return [
+            {
+                "key": "test_issue_1",
+                "severity": "HIGH",
+                "component": "test_component_1",
+                "status": "OPEN",
+                "message": "Test message 1",
+                "creationDate": "2021-01-01T00:00:00",
+                "updateDate": "2021-01-01T00:00:00",
+                "type": "Vulnerability",
+                "days_elapsed": 5,
+            },
+            {
+                "key": "test_issue_2",
+                "severity": "LOW",
+                "component": "test_component_2",
+                "status": "OPEN",
+                "message": "Test message 2",
+                "creationDate": "2021-01-02T00:00:00",
+                "updateDate": "2021-01-02T00:00:00",
+                "type": "Vulnerability",
+                "days_elapsed": 3,
+            },
+        ]
+    @pytest.fixture
+    def single_vulnerability_data(self):
+        """Fixture providing single vulnerability data for specific tests"""
+        return [
+            {
+                "key": "test_issue_1",
+                "severity": "HIGH",
+                "component": "test_component_1",
+                "status": "OPEN",
+                "message": "Test message 1",
+                "creationDate": "2021-01-01T00:00:00",
+                "updateDate": "2021-01-01T00:00:00",
+                "type": "Vulnerability",
+                "days_elapsed": 5,
+            }
+        ]
+    @pytest.fixture
+    def mock_api(self):
+        """Fixture providing a mock API with common configuration"""
+        mock_api = MagicMock()
+        mock_api.config = {"sonarToken": "test_token_123", "sonarUrl": "https://sonarcloud.io", "userId": "1234"}
+        mock_api.logger = MagicMock()
+        mock_api.logger.info.return_value = None
+        return mock_api
+    @pytest.fixture
+    def mock_response_success(self):
+        """Fixture providing a successful mock response"""
+        mock_response = MagicMock()
+        mock_response.status_code = 200
+        mock_response.ok = True
+        return mock_response
+    @pytest.fixture
+    def mock_response_error(self):
+        """Fixture providing an error mock response"""
+        mock_response = MagicMock()
+        mock_response.status_code = 401
+        mock_response.ok = False
+        return mock_response
+    @pytest.fixture
+    def mock_sonarcloud_issue(self):
+        """Fixture providing a mock sonarcloud issue"""
+        return {
+            "key": "test_issue",
+            "name": "Test Issue",
+            "description": "This is a test issue",
+            "type": "Vulnerability",
+            "status": "OPEN",
+            "severity": "HIGH",
+            "component": "test_component",
+            "message": "This is a test message",
+            "creationDate": "2021-01-01T00:00:00Z",
+            "updateDate": "2021-01-01T00:00:00Z",
+            "days_elapsed": 0,
+        }
+    @pytest.fixture
+    def mock_app(self):
+        """Fixture providing a mock application"""
+        mock_app = MagicMock()
+        mock_app.config = {
+            "userId": "1234",
+            "domain": "https://test.regscale.com",
+            "sonarToken": "test_token_123",
+            "sonarUrl": "https://sonarcloud.io",
+        }
+        return mock_app
+    @pytest.fixture
+    def mock_issue_instance(self):
+        """Fixture providing a mock issue instance"""
+        mock_issue = MagicMock()
+        mock_issue.dict.return_value = {"title": "Sonarcloud Code Scan", "description": "Test message"}
+        return mock_issue
+    def test_depend(self):
+        """Make sure values are present"""
+        self.verify_config("sonarToken", compare_template=False)
+    def test_sonarcloud(self):
+        """Get sonarcloud code scans"""
+        url = "https://sonarcloud.io/api/"
+        try:
+            response = requests.get(url, timeout=5)
+            if response.status_code != 200:
+                pytest.skip(f"Sonarcloud is down. {response.status_code}")
+            assert response.status_code == 200
+        except Exception:
+            pytest.skip("Sonarcloud is down.")
+    @patch("regscale.integrations.commercial.sonarcloud.requests.get")
+    def test_get_sonarcloud_results_success(self, mock_get, mock_sonarcloud_issue):
+        """Test sonarcloud results pull with a success"""
+        mock_response1 = MagicMock()
+        mock_response1.status_code = 200
+        mock_response1.ok = True
+        mock_response1.json.return_value = {"paging": {"total": 2, "pageSize": 1}}
+        mock_response2 = MagicMock()
+        mock_response2.status_code = 200
+        mock_response2.ok = True
+        mock_response2.json.return_value = {"issues": [mock_sonarcloud_issue]}
+        mock_get.side_effect = [mock_response1, mock_response2, mock_response2]
+        results = get_sonarcloud_results(self.config)
+        test_results = mock_response2.json()["issues"] * 2  # Expecting two issues, one from each page
+        assert len(results) == 2
+        assert results == test_results
+    @patch("regscale.integrations.commercial.sonarcloud.requests.get")
+    def test_get_sonarcloud_results_error(self, mock_get, mock_response_error):
+        """Test sonarcloud results pull with an error"""
+        mock_get.return_value = mock_response_error
+        with pytest.raises(SystemExit) as e:
+            get_sonarcloud_results(self.config)
+        assert e.type == SystemExit
+    @patch("regscale.integrations.commercial.sonarcloud.requests.get")
+    def test_get_sonarcloud_results_empty(self, mock_get):
+        """Test sonarcloud results when no issues are found"""
+        mock_response = MagicMock()
+        mock_response.status_code = 200
+        mock_response.ok = True
+        mock_response.json.return_value = {
+            "paging": {"total": 0, "pageSize": 500},
+            "issues": [],
+        }
+        mock_get.return_value = mock_response
+        results = get_sonarcloud_results(self.config)
+        assert len(results) == 0
+    @patch("regscale.integrations.commercial.sonarcloud.get_sonarcloud_results")
+    def test_build_data(self, mock_get_sonarcloud_results, mock_api, mock_sonarcloud_issue):
+        """Test the build_data function"""
+        mock_get_sonarcloud_results.return_value = [[mock_sonarcloud_issue]]
+        results = build_data(mock_api)
+        assert len(results) == 1
+        assert results[0]["key"] == "test_issue"
+    @patch("regscale.integrations.commercial.sonarcloud.get_sonarcloud_results")
+    def test_build_data_empty(self, mock_get_sonarcloud_results, mock_api):
+        """Test the build_data function when no issues are found"""
+        mock_get_sonarcloud_results.return_value = [[]]
+        results = build_data(mock_api)
+        assert len(results) == 0
+        assert results == []
+    @patch("regscale.integrations.commercial.sonarcloud.build_data")
+    def test_build_dataframes(self, mock_build_data, sample_vulnerability_data):
+        """Test the build_dataframes function"""
+        mock_build_data.return_value = sample_vulnerability_data
+        api = MagicMock()
+        result = build_dataframes(api)
+        assert "<table" in result
+        assert "test_issue_1" in result
+        assert "test_issue_2" in result
+        assert "HIGH" in result
+        assert "LOW" in result
+        # Should be sorted by severity (HIGH should come before LOW)
+        high_index = result.find("HIGH")
+        low_index = result.find("LOW")
+        assert high_index < low_index
+    @patch("regscale.integrations.commercial.sonarcloud.build_data")
+    @patch("regscale.integrations.commercial.sonarcloud.Assessment.create")
+    def test_create_alert_assessment(
+        self, mock_assessment_create, mock_build_data, mock_api, sample_vulnerability_data
+    ):
+        """Test the create_alert_assessment function"""
+        mock_build_data.return_value = sample_vulnerability_data
+        mock_assessment_create.return_value = MagicMock()
+        result = create_alert_assessment(mock_api, parent_id=123, parent_module="test_module")
+        assert result is not None
+        mock_assessment_create.assert_called_once()
+    @patch("regscale.integrations.commercial.sonarcloud.build_data")
+    @patch("regscale.integrations.commercial.sonarcloud.Assessment.create")
+    def test_create_alert_assessment_failure(
+        self, mock_assessment_create, mock_build_data, mock_api, sample_vulnerability_data
+    ):
+        """Test the create_alert_assessment function when assessment creation fails"""
+        mock_build_data.return_value = sample_vulnerability_data
+        mock_assessment_create.return_value = None
+        result = create_alert_assessment(mock_api)
+        assert result is None
+        mock_assessment_create.assert_called_once()
+    @patch("regscale.integrations.commercial.sonarcloud.build_data")
+    @patch("regscale.integrations.commercial.sonarcloud.Assessment")
+    def test_create_alert_assessment_critical_vulnerability(self, mock_assessment_class, mock_build_data, mock_api):
+        """Test the create_alert_assessment function with CRITICAL vulnerability >= 10 days"""
+        # Create critical vulnerability data
+        critical_data = [
+            {
+                "key": "test_issue_1",
+                "severity": "CRITICAL",
+                "component": "test_component_1",
+                "status": "OPEN",
+                "message": "Test message 1",
+                "creationDate": "2021-01-01T00:00:00",
+                "updateDate": "2021-01-01T00:00:00",
+                "type": "Vulnerability",
+                "days_elapsed": 15,  # >= 10 days
+            }
+        ]
+        mock_build_data.return_value = critical_data
+        # Create a mock assessment instance
+        mock_assessment_instance = MagicMock()
+        mock_assessment_instance.id = 12345
+        mock_assessment_instance.create.return_value = mock_assessment_instance
+        mock_assessment_class.return_value = mock_assessment_instance
+        result = create_alert_assessment(mock_api)
+        assert result == 12345
+        # Verify that the assessment was created with the correct status and result
+        assert mock_assessment_instance.status == "Complete"
+        assert mock_assessment_instance.assessmentResult == "Fail"
+        assert mock_assessment_instance.actualFinish is not None
+    @patch("regscale.integrations.commercial.sonarcloud.logger")
+    @patch("regscale.integrations.commercial.sonarcloud.Issue")
+    @patch("regscale.integrations.commercial.sonarcloud.build_data")
+    @patch("regscale.integrations.commercial.sonarcloud.create_alert_assessment")
+    @patch("regscale.integrations.commercial.sonarcloud.Api")
+    @patch("regscale.integrations.commercial.sonarcloud.Application")
+    def test_create_alert_issues(
+        self,
+        mock_app_class,
+        mock_api_class,
+        mock_create_assessment,
+        mock_build_data,
+        mock_issue_class,
+        mock_logger,
+        mock_app,
+        mock_issue_instance,
+        sample_vulnerability_data,
+        mock_response_success,
+    ):
+        """Test the create_alert_issues function with mocked dependencies"""
+        mock_app_class.return_value = mock_app
+        mock_api = MagicMock()
+        mock_api_class.return_value = mock_api
+        mock_create_assessment.return_value = 12345  # assessment_id
+        mock_build_data.return_value = sample_vulnerability_data
+        mock_issue_class.return_value = mock_issue_instance
+        mock_api.post.return_value = mock_response_success
+        create_alert_issues(parent_id=123, parent_module="test_module")
+        mock_create_assessment.assert_called_once_with(api=mock_api, parent_id=123, parent_module="test_module")
+        mock_build_data.assert_called_once_with(mock_api, None)
+        # Verify Issue was created for each vulnerability
+        assert mock_issue_class.call_count == 2
+        # Verify API post was called for each issue
+        assert mock_api.post.call_count == 2
+        # Verify successful logging
+        assert mock_logger.info.call_count == 2
+        mock_logger.info.assert_any_call("Issue created successfully.")
+    @patch("regscale.integrations.commercial.sonarcloud.logger")
+    @patch("regscale.integrations.commercial.sonarcloud.Issue")
+    @patch("regscale.integrations.commercial.sonarcloud.build_data")
+    @patch("regscale.integrations.commercial.sonarcloud.create_alert_assessment")
+    @patch("regscale.integrations.commercial.sonarcloud.Api")
+    @patch("regscale.integrations.commercial.sonarcloud.Application")
+    def test_create_alert_issues_api_failure(
+        self,
+        mock_app_class,
+        mock_api_class,
+        mock_create_assessment,
+        mock_build_data,
+        mock_issue_class,
+        mock_logger,
+        mock_app,
+        mock_issue_instance,
+        single_vulnerability_data,
+        mock_response_error,
+    ):
+        """Test the create_alert_issues function when API calls fail"""
+        mock_app_class.return_value = mock_app
+        mock_api = MagicMock()
+        mock_api_class.return_value = mock_api
+        mock_create_assessment.return_value = 12345  # assessment_id
+        mock_build_data.return_value = single_vulnerability_data
+        mock_issue_class.return_value = mock_issue_instance
+        mock_api.post.return_value = mock_response_error
+        create_alert_issues()
+        # Verify API post was called
+        mock_api.post.assert_called_once()
+        # Verify failure logging
+        mock_logger.info.assert_called_once_with("Issue was not created.")
+    @patch("regscale.integrations.commercial.sonarcloud.logger")
+    @patch("regscale.integrations.commercial.sonarcloud.build_data")
+    @patch("regscale.integrations.commercial.sonarcloud.create_alert_assessment")
+    @patch("regscale.integrations.commercial.sonarcloud.Api")
+    @patch("regscale.integrations.commercial.sonarcloud.Application")
+    def test_create_alert_issues_no_vulnerabilities(
+        self, mock_app_class, mock_api_class, mock_create_assessment, mock_build_data, mock_logger, mock_app
+    ):
+        """Test the create_alert_issues function when no vulnerabilities are found"""
+        mock_app_class.return_value = mock_app
+        mock_api = MagicMock()
+        mock_api_class.return_value = mock_api
+        mock_create_assessment.return_value = 12345  # assessment_id
+        mock_build_data.return_value = []
+        create_alert_issues()
+        mock_create_assessment.assert_called_once_with(api=mock_api, parent_id=None, parent_module=None)
+        mock_build_data.assert_called_once_with(mock_api, None)
+        # Verify no API post calls were made (no vulnerabilities)
+        mock_api.post.assert_not_called()

tests/regscale/integrations/commercial/test_sqlserver.py ADDED Viewed

@@ -0,0 +1,186 @@
+import unittest
+from datetime import datetime
+from unittest.mock import ANY, call, patch, MagicMock
+import pytest
+from regscale.integrations.commercial.sqlserver import (
+    build_connection_string,
+    create_and_save_assessment,
+    calculate_finish_date,
+    create_assessment_object,
+    upload_files_to_assessment,
+)
+@pytest.skip(reason="Manual test", allow_module_level=True)
+class TestSqlServer(unittest.TestCase):
+    @patch("regscale.core.app.utils.app_utils.check_license")
+    @patch("regscale.core.app.utils.regscale_utils.verify_provided_module")
+    @patch("regscale.integrations.commercial.sqlserver.build_connection_string")
+    @patch("pyodbc.connect")
+    @patch("pandas.DataFrame.from_records")
+    @patch("os.makedirs")
+    @patch("regscale.integrations.commercial.sqlserver.create_and_save_assessment")
+    @patch("regscale.core.app.internal.workflow.create_regscale_workflow_from_template")
+    def test_generate_and_save_report(
+        self,
+        mock_check_license,
+        mock_verify_provided_module,
+        mock_build_connection_string,
+        mock_pyodbc_connect,
+        mock_df_from_records,
+        mock_os_makedirs,
+        mock_create_and_save_assessment,
+        mock_create_regscale_workflow_from_template,
+    ):
+        # Add your assertions here
+        pass
+    def test_build_connection_string_with_username_and_password(self):
+        result = build_connection_string("server", "database", 1433, "username", "password")
+        expected = (
+            r"DRIVER={ODBC Driver 17 for SQL Server};"
+            r"SERVER=server;"
+            r"DATABASE=database;"
+            r"PORT=port;"
+            r"UID=username;"
+            r"PWD=password;"
+            r"TrustServerCertificate=yes;"
+            r"TIMEOUT=30;"
+        )
+        self.assertEqual(result, expected)
+    def test_build_connection_string_with_trusted_connection(self):
+        result = build_connection_string("server", "database", 1433, None, None)
+        expected = (
+            r"DRIVER={ODBC Driver 17 for SQL Server};"
+            r"SERVER=server;"
+            r"DATABASE=database;"
+            r"PORT=port;"
+            r"Trusted_Connection=yes;"
+        )
+        self.assertEqual(result, expected)
+    @patch("regscale.integrations.commercial.sqlserver.calculate_finish_date")
+    @patch("regscale.integrations.commercial.sqlserver.get_current_datetime")
+    @patch("regscale.integrations.commercial.sqlserver.Assessment")
+    def test_create_assessment_object(self, mock_assessment, mock_get_current_datetime, mock_calculate_finish_date):
+        mock_app = MagicMock()
+        mock_app.config = {
+            "userId": "904efb0a-c3ee-4819-ba4e-df1f4554d843",
+            "assessmentDays": 7,
+        }
+        mock_get_current_datetime.return_value = "2023-07-23T12:00:00"
+        mock_calculate_finish_date.return_value = "2023-08-23T12:00:00"
+        create_assessment_object(
+            app=mock_app,
+            report="report",
+            regscale_id=1,
+            regscale_module="module",
+            title="title",
+            description="description",
+        )
+        mock_assessment.assert_called_once_with(
+            leadAssessorId=mock_app.config["userId"],
+            title="title",
+            assessmentType="Control Testing",
+            plannedStart=mock_get_current_datetime.return_value,
+            plannedFinish=mock_calculate_finish_date.return_value,
+            assessmentReport="report",
+            assessmentPlan="description",
+            createdById=mock_app.config["userId"],
+            dateCreated=mock_get_current_datetime.return_value,
+            lastUpdatedById=mock_app.config["userId"],
+            dateLastUpdated=mock_get_current_datetime.return_value,
+            parentModule="module",
+            parentId=1,
+            status="Scheduled",
+        )
+    @patch("regscale.integrations.commercial.sqlserver.File.upload_file_to_regscale")
+    @patch("regscale.integrations.commercial.sqlserver.job_progress")
+    def test_upload_files_to_assessment(self, mock_job_progress, mock_upload_file_to_regscale):
+        mock_api = MagicMock()
+        mock_upload_file_to_regscale.return_value = True
+        mock_job_progress.add_task.return_value = "task_id"
+        upload_files_to_assessment(api=mock_api, assessment_id=1, files=["file1", "file2"])
+        mock_job_progress.add_task.assert_called_once_with(
+            "[#0866b4]Uploading files to the new RegScale Assessment...", total=2
+        )
+        mock_upload_file_to_regscale.assert_has_calls(
+            [
+                call(
+                    file_name="file1",
+                    parent_id=1,
+                    parent_module="assessments",
+                    api=mock_api,
+                ),
+                call(
+                    file_name="file2",
+                    parent_id=1,
+                    parent_module="assessments",
+                    api=mock_api,
+                ),
+            ]
+        )
+        mock_job_progress.update.assert_has_calls(
+            [
+                call("task_id", advance=1),
+                call("task_id", advance=1),
+            ]
+        )
+    @patch("regscale.integrations.commercial.sqlserver.upload_files_to_assessment")
+    @patch("regscale.integrations.commercial.sqlserver.create_assessment_object")
+    @patch("regscale.integrations.commercial.sqlserver.job_progress")
+    @patch("regscale.integrations.commercial.sqlserver.Api")
+    def test_create_and_save_assessment(
+        self,
+        mock_api_object,
+        mock_job_progress,
+        mock_create_assessment_object,
+        mock_upload_files_to_assessment,
+    ):
+        mock_api = MagicMock()
+        mock_api_object.return_value = mock_api
+        mock_assessment = MagicMock()
+        mock_assessment.id = 1
+        mock_assessment.insert_assessment.return_value = mock_assessment
+        mock_create_assessment_object.return_value = mock_assessment
+        mock_job_progress.add_task.return_value = "task_id"
+        mock_app = MagicMock()
+        result = create_and_save_assessment(
+            report="report",
+            files=["file1", "file2"],
+            regscale_id=1,
+            regscale_module="module",
+            title="title",
+            description="description",
+            app=mock_app,
+        )
+        self.assertIsNotNone(result)
+        mock_api_object.assert_called_once()
+        mock_create_assessment_object.assert_called_once_with(
+            ANY,
+            "report",
+            1,
+            "module",
+            "title",
+            "description",
+        )
+        mock_job_progress.add_task.assert_called_once_with("[#21a5bb]Creating assessment in RegScale...", total=1)
+        mock_assessment.insert_assessment.assert_called_once_with(app=ANY)
+        mock_upload_files_to_assessment.assert_called_once_with(ANY, 1, ["file1", "file2"])
+    def test_calculate_finish_date(self):
+        current_date = datetime(2023, 7, 23, 12, 0, 0)
+        days = 7
+        result = calculate_finish_date(current_date, days)
+        expected = "2023-07-30T12:00:00"
+        self.assertEqual(result, expected)

tests/regscale/integrations/commercial/test_stig.py ADDED Viewed

@@ -0,0 +1,33 @@
+# #!/usr/bin/env python3
+# # -*- coding: utf-8 -*-
+#
+# from regscale.core.app.api import Api
+# from regscale.core.app.application import Application
+# from regscale.integrations.commercial.stig import STIG, cci_control_mapping
+#
+#
+# def test_cci_control_mapping():
+#     """Can we build a cci control mapping"""
+#     assert 1 == 1
+#
+#
+# def test_component_build():
+#     """Can we build a components from a folder of stigs"""
+#     assert 1 == 1
+#
+#
+# def test_asset_build():
+#     """Can we build a asset from a folder of stigs"""
+#     assert 1 == 1
+#
+#
+# def test_checks():
+#     """Make sure unique checks only"""
+#     # BEWARE of duplicate checks status for same check
+#     assert 1 == 1
+#
+#
+# def test_checks_asset():
+#     """Make sure unique checks to correct asset"""
+#     # BEWARE OF DUPLICATES or mismatched checks to assets
+#     assert 1 == 1

regscale-cli 6.25.1.0__py3-none-any.whl → 6.26.0.0__py3-none-any.whl

Potentially problematic release.

regscale-cli 6.25.1.0py3-none-any.whl → 6.26.0.0py3-none-any.whl