regscale-cli 6.25.1.0__py3-none-any.whl → 6.26.0.0__py3-none-any.whl

regscale/integrations/scanner_integration.py

@@ -27,6 +27,7 @@ from regscale.integrations.commercial.durosuite.process_devices import scan_duro
 from regscale.integrations.commercial.durosuite.variables import DuroSuiteVariables
 from regscale.integrations.commercial.stig_mapper_integration.mapping_engine import StigMappingEngine as STIGMapper
 from regscale.integrations.due_date_handler import DueDateHandler
+from regscale.integrations.milestone_manager import MilestoneManager
 from regscale.integrations.public.cisa import pull_cisa_kev
 from regscale.integrations.variables import ScannerVariables
 from regscale.models import DateTimeEncoder, OpenIssueDict, Property, regscale_models
@@ -672,6 +673,9 @@ class ScannerIntegration(ABC):
         # Initialize due date handler for this integration
         self.due_date_handler = DueDateHandler(self.title, config=self.app.config)
 
+        # Initialize milestone manager for this integration
+        self.milestone_manager = None  # Lazy initialization after scan_date is set
+
         if self.is_component:
             self.component = regscale_models.Component.get_object(self.plan_id)
             self.parent_module: str = regscale_models.Component.get_module_string()
@@ -737,6 +741,21 @@ class ScannerIntegration(ABC):
                     cls._lock_registry[key] = lock
         return lock
 
+    def get_milestone_manager(self) -> MilestoneManager:
+        """
+        Get or initialize the milestone manager.
+
+        :return: MilestoneManager instance
+        :rtype: MilestoneManager
+        """
+        if self.milestone_manager is None:
+            self.milestone_manager = MilestoneManager(
+                integration_title=self.title,
+                assessor_id=self.assessor_id,
+                scan_date=self.scan_date or get_current_datetime(),
+            )
+        return self.milestone_manager
+
     @staticmethod
     def load_stig_mapper() -> Optional[STIGMapper]:
         """
@@ -997,15 +1016,18 @@ class ScannerIntegration(ABC):
             return res[:450]
         return prefix[:450]
 
-    def get_or_create_assessment(self, control_implementation_id: int) -> regscale_models.Assessment:
+    def get_or_create_assessment(
+        self, control_implementation_id: int, status: Optional[regscale_models.AssessmentResultsStatus] = None
+    ) -> regscale_models.Assessment:
         """
-        Gets or creates a RegScale assessment
+        Gets or creates a RegScale assessment.
 
         :param int control_implementation_id: The ID of the control implementation
+        :param Optional[regscale_models.AssessmentResultsStatus] status: Optional status override (used by cci_assessment)
         :return: The assessment
         :rtype: regscale_models.Assessment
         """
-        logger.info("Getting or create assessment for control implementation %d", control_implementation_id)
+        logger.debug("Getting or create assessment for control implementation %d", control_implementation_id)
         assessment: Optional[regscale_models.Assessment] = self.assessment_map.get(control_implementation_id)
         if assessment:
             logger.debug(
@@ -1017,7 +1039,7 @@ class ScannerIntegration(ABC):
                 plannedStart=get_current_datetime(),
                 plannedFinish=get_current_datetime(),
                 status=regscale_models.AssessmentStatus.COMPLETE.value,
-                assessmentResult=regscale_models.AssessmentResultsStatus.FAIL.value,
+                assessmentResult=status.value if status else regscale_models.AssessmentResultsStatus.FAIL.value,
                 actualFinish=get_current_datetime(),
                 leadAssessorId=self.assessor_id,
                 parentId=control_implementation_id,
@@ -2284,87 +2306,26 @@ class ScannerIntegration(ABC):
         """
         Create milestones for an issue based on status transitions.
 
+        Delegates to MilestoneManager for cleaner separation of concerns.
+        Also ensures existing issues have creation milestones (backfills if missing).
+
         :param regscale_models.Issue issue: The issue to create milestones for
         :param IntegrationFinding finding: The finding data
         :param Optional[regscale_models.Issue] existing_issue: Existing issue for comparison
         """
-        if not (ScannerVariables.useMilestones and issue.id):
-            return
-
-        if self._should_create_reopened_milestone(existing_issue, issue):
-            self._create_milestone_safe(
-                issue, finding, "Issue reopened from", get_current_datetime(), "reopened milestone"
-            )
-        elif self._should_create_closed_milestone(existing_issue, issue):
-            self._create_milestone_safe(issue, finding, "Issue closed from", issue.dateCompleted, "closed milestone")
-        elif not existing_issue:
-            self._create_milestone_safe(issue, finding, "Issue created from", self.scan_date, "new issue milestone")
-        else:
-            logger.debug("No milestone created for issue %s from finding %s", issue.id, finding.external_id)
+        milestone_manager = self.get_milestone_manager()
 
-    def _should_create_reopened_milestone(
-        self, existing_issue: Optional[regscale_models.Issue], issue: regscale_models.Issue
-    ) -> bool:
-        """
-        Check if a reopened milestone should be created.
-
-        :param Optional[regscale_models.Issue] existing_issue: The existing issue
-        :param regscale_models.Issue issue: The current issue
-        :return: True if reopened milestone should be created
-        :rtype: bool
-        """
-        return (
-            existing_issue
-            and existing_issue.status == regscale_models.IssueStatus.Closed
-            and issue.status == regscale_models.IssueStatus.Open
-        )
-
-    def _should_create_closed_milestone(
-        self, existing_issue: Optional[regscale_models.Issue], issue: regscale_models.Issue
-    ) -> bool:
-        """
-        Check if a closed milestone should be created.
+        # For existing issues, ensure they have a creation milestone (backfill if missing)
+        if existing_issue:
+            milestone_manager.ensure_creation_milestone_exists(issue=issue, finding=finding)
 
-        :param Optional[regscale_models.Issue] existing_issue: The existing issue
-        :param regscale_models.Issue issue: The current issue
-        :return: True if closed milestone should be created
-        :rtype: bool
-        """
-        return (
-            existing_issue
-            and existing_issue.status == regscale_models.IssueStatus.Open
-            and issue.status == regscale_models.IssueStatus.Closed
+        # Handle status transition milestones
+        milestone_manager.create_milestones_for_issue(
+            issue=issue,
+            finding=finding,
+            existing_issue=existing_issue,
         )
 
-    def _create_milestone_safe(
-        self,
-        issue: regscale_models.Issue,
-        finding: IntegrationFinding,
-        title_prefix: str,
-        milestone_date: str,
-        milestone_type: str,
-    ) -> None:
-        """
-        Safely create a milestone with error handling.
-
-        :param regscale_models.Issue issue: The issue to create milestone for
-        :param IntegrationFinding finding: The finding data
-        :param str title_prefix: Prefix for milestone title
-        :param str milestone_date: Date for the milestone
-        :param str milestone_type: Description for logging purposes
-        """
-        try:
-            regscale_models.Milestone(
-                title=f"{title_prefix} {self.title} scan",
-                milestoneDate=milestone_date,
-                responsiblePersonId=self.assessor_id,
-                parentID=issue.id,
-                parentModule="issues",
-            ).create_or_update()
-            logger.debug("Added milestone for issue %s from finding %s", issue.id, finding.external_id)
-        except Exception as e:
-            logger.warning("Failed to create %s: %s", milestone_type, str(e))
-
     @staticmethod
     def extra_data_to_properties(finding: IntegrationFinding, issue_id: int) -> None:
         """
@@ -2530,6 +2491,8 @@ class ScannerIntegration(ABC):
             if found_issue.controlImplementationIds:
                 for control_id in found_issue.controlImplementationIds:
                     self.update_control_implementation_status_after_close(control_id)
+                    # Update assessment status to reflect the control implementation status
+                    self.update_assessment_status_from_control_implementation(control_id)
 
     def handle_failing_checklist(
         self,
@@ -2554,11 +2517,13 @@ class ScannerIntegration(ABC):
                 if failing_objective.name.lower().startswith("cci-"):
                     implementation_id = self.get_control_implementation_id_for_cci(failing_objective.name)
                 else:
-                    control_label = objective_to_control_dot(failing_objective.name)
-                    if control_label not in self.control_implementation_id_map:
-                        logger.warning("Control %s not found for %s", control_label, control_label)
-                        continue
-                    implementation_id = self.control_implementation_id_map[control_label]
+                    implementation_id = self._fallback_implementation_id(failing_objective)
+
+                if not implementation_id or implementation_id is None:
+                    logger.warning(
+                        "Could not map objective to a Control Implementation for objective #%i.", failing_objective.id
+                    )
+                    continue
 
                 failing_option = regscale_models.ImplementationOption(
                     name="Failed STIG",
@@ -2580,13 +2545,36 @@ class ScannerIntegration(ABC):
                 ).create_or_update()
 
                 # Create assessment and control test result
-                assessment = self.get_or_create_assessment(implementation_id)
+                assessment = self.get_or_create_assessment(
+                    implementation_id, status=regscale_models.AssessmentResultsStatus.FAIL
+                )
                 if implementation_id:
                     control_test = self.create_or_get_control_test(finding, implementation_id)
                     self.create_control_test_result(
                         finding, control_test, assessment, regscale_models.ControlTestResultStatus.FAIL
                     )
 
+    def _fallback_implementation_id(self, objective: regscale_models.ControlObjective) -> Optional[int]:
+        """
+        Fallback method to get control implementation ID from objective name if CCI mapping fails.
+
+        :param regscale_models.ControlObjective objective: The control objective
+        :return: The control implementation ID if found, None otherwise
+        :rtype: Optional[int]
+        """
+        control_label = objective_to_control_dot(objective.name)
+        if implementation_id := self.control_implementation_id_map.get(control_label):
+            return implementation_id
+
+        if control_id := self.control_id_to_implementation_map.get(objective.securityControlId):
+            if control_label := self.control_map.get(control_id):
+                implementation_id = self.control_implementation_id_map.get(control_label)
+                if not implementation_id:
+                    print("No dice.")
+                return implementation_id
+        logger.debug("Could not find fallback implementation ID for objective #%i", objective.id)
+        return None
+
     def handle_passing_checklist(
         self,
         finding: IntegrationFinding,
@@ -2610,15 +2598,12 @@ class ScannerIntegration(ABC):
                 if passing_objective.name.lower().startswith("cci-"):
                     implementation_id = self.get_control_implementation_id_for_cci(passing_objective.name)
                 else:
-                    control_label = objective_to_control_dot(passing_objective.name)
-                    if control_label not in self.control_implementation_id_map:
-                        logger.warning("Control %s not found for %s", control_label, control_label)
-                        continue
-                    implementation_id = self.control_implementation_id_map[control_label]
-
-                # Skip if we couldn't determine the implementation ID
-                if implementation_id is None:
-                    logger.warning("Could not determine implementation ID for objective %s", passing_objective.name)
+                    implementation_id = self._fallback_implementation_id(passing_objective)
+
+                if not implementation_id or implementation_id is None:
+                    logger.warning(
+                        "Could not map objective to a Control Implementation for objective #%i.", passing_objective.id
+                    )
                     continue
 
                 passing_option = regscale_models.ImplementationOption(
@@ -2641,7 +2626,9 @@ class ScannerIntegration(ABC):
                 ).create_or_update()
 
                 # Create assessment and control test result
-                assessment = self.get_or_create_assessment(implementation_id)
+                assessment = self.get_or_create_assessment(
+                    implementation_id, status=regscale_models.AssessmentResultsStatus.PASS
+                )
                 control_test = self.create_or_get_control_test(finding, implementation_id)
                 self.create_control_test_result(
                     finding, control_test, assessment, regscale_models.ControlTestResultStatus.PASS
@@ -2706,7 +2693,11 @@ class ScannerIntegration(ABC):
                 logger.error("2. Asset not found for identifier %s", finding.asset_identifier)
             return 0
 
-        tool = regscale_models.ChecklistTool.STIGs
+        tool = (
+            regscale_models.ChecklistTool.CISBenchmarks
+            if "simp.cis" in str(finding.vulnerability_number).lower()
+            else regscale_models.ChecklistTool.STIGs
+        )
         if finding.vulnerability_type == "Vulnerability Scan":
             tool = regscale_models.ChecklistTool.VulnerabilityScanner
 
@@ -3381,6 +3372,8 @@ class ScannerIntegration(ABC):
 
         for control_id in affected_control_ids:
             self.update_control_implementation_status_after_close(control_id)
+            # Update assessment status to reflect the control implementation status
+            self.update_assessment_status_from_control_implementation(control_id)
 
         (
             logger.info("Closed %d outdated issues.", closed_count)
@@ -3483,9 +3476,70 @@ class ScannerIntegration(ABC):
         if control_implementation.status != new_status:
             control_implementation.status = new_status
             self.control_implementation_map[control_id] = control_implementation.save()
-            logger.info("Updated control implementation %d status to %s", control_id, new_status)
+            logger.debug("Updated control implementation %d status to %s", control_id, new_status)
+
+    def update_assessment_status_from_control_implementation(self, control_implementation_id: int) -> None:
+        """
+        Updates the assessment status based on the control implementation status.
+        Treats the ControlImplementation status as the source of truth.
 
-    def is_issue_protected_from_auto_close(self, issue: regscale_models.Issue) -> bool:
+        Sets assessment to PASS if ControlImplementation status is FULLY_IMPLEMENTED,
+        otherwise sets it to FAIL.
+
+        This method should be called after update_control_implementation_status_after_close
+        to ensure assessments reflect the final control implementation state.
+
+        :param int control_implementation_id: The ID of the control implementation
+        :rtype: None
+        """
+        # Get the cached assessment for this control implementation
+        assessment = self.assessment_map.get(control_implementation_id)
+
+        if not assessment:
+            logger.debug(
+                "No assessment found in cache for control implementation %d, skipping assessment update",
+                control_implementation_id,
+            )
+            return
+
+        # Get the control implementation to check its status
+        control_implementation = self.control_implementation_map.get(
+            control_implementation_id
+        ) or regscale_models.ControlImplementation.get_object(object_id=control_implementation_id)
+
+        if not control_implementation:
+            logger.warning("Control implementation %d not found, cannot update assessment", control_implementation_id)
+            return
+
+        # Determine assessment result based on control implementation status
+        # Treat ControlImplementation status as the source of truth
+        new_assessment_result = (
+            regscale_models.AssessmentResultsStatus.PASS
+            if control_implementation.status == regscale_models.ImplementationStatus.FULLY_IMPLEMENTED.value
+            else regscale_models.AssessmentResultsStatus.FAIL
+        )
+
+        # Only update if the status has changed
+        if assessment.assessmentResult != new_assessment_result.value:
+            assessment.assessmentResult = new_assessment_result.value
+            assessment.save()
+            logger.debug(
+                "Updated assessment %d for control implementation %d: assessmentResult=%s (based on control status: %s)",
+                assessment.id,
+                control_implementation_id,
+                new_assessment_result.value,
+                control_implementation.status,
+            )
+        else:
+            logger.debug(
+                "Assessment %d already has correct status %s for control implementation %d",
+                assessment.id,
+                assessment.assessmentResult,
+                control_implementation_id,
+            )
+
+    @staticmethod
+    def is_issue_protected_from_auto_close(issue: regscale_models.Issue) -> bool:
         """
         Check if an issue is protected from automatic closure.
 

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,159 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.09.25",
-    "dateReleased": "2025-09-25T16:17:38.0447Z",
-    "count": 1417,
+    "catalogVersion": "2025.10.02",
+    "dateReleased": "2025-10-02T14:59:13.7696Z",
+    "count": 1427,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2014-6278",
+            "vendorProject": "GNU",
+            "product": "GNU Bash",
+            "vulnerabilityName": "GNU Bash OS Command Injection Vulnerability",
+            "dateAdded": "2025-10-02",
+            "shortDescription": "GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. ",
+            "dueDate": "2025-10-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: http:\/\/ftp.gnu.org\/gnu\/bash\/bash-4.3-patches\/bash43-027 ; https:\/\/support.broadcom.com\/web\/ecx\/support-content-notification\/-\/external\/content\/SecurityAdvisories\/0\/23467 ; https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20140926-bash ; https:\/\/www.ibm.com\/support\/pages\/security-bulletin-update-vulnerabilities-bash-affect-aix-toolbox-linux-applications-cve-2014-6271-cve-2014-6277-cve-2014-6278-cve-2014-7169-cve-2014-7186-and-cve-2014-7187 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-6278",
+            "cwes": [
+                "CWE-78"
+            ]
+        },
+        {
+            "cveID": "CVE-2017-1000353",
+            "vendorProject": "Jenkins",
+            "product": "Jenkins",
+            "vulnerabilityName": "Jenkins Remote Code Execution Vulnerability",
+            "dateAdded": "2025-10-02",
+            "shortDescription": "Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blocklist-based protection mechanism.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.jenkins.io\/security\/advisory\/2017-04-26\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-1000353",
+            "cwes": []
+        },
+        {
+            "cveID": "CVE-2015-7755",
+            "vendorProject": "Juniper",
+            "product": "ScreenOS",
+            "vulnerabilityName": "Juniper ScreenOS Improper Authentication Vulnerability",
+            "dateAdded": "2025-10-02",
+            "shortDescription": "Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/supportportal.juniper.net\/s\/article\/2015-12-Out-of-Cycle-Security-Bulletin-ScreenOS-Multiple-Security-issues-with-ScreenOS-CVE-2015-7755-CVE-2015-7756 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-7755",
+            "cwes": [
+                "CWE-287"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-21043",
+            "vendorProject": "Samsung",
+            "product": "Mobile Devices",
+            "vulnerabilityName": "Samsung Mobile Devices Out-of-Bounds Write Vulnerability",
+            "dateAdded": "2025-10-02",
+            "shortDescription": "Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/security.samsungmobile.com\/securityUpdate.smsb?year=2025&month=09 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-21043",
+            "cwes": [
+                "CWE-787"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-4008",
+            "vendorProject": "Smartbedded",
+            "product": "Meteobridge",
+            "vulnerabilityName": "Smartbedded Meteobridge Command Injection Vulnerability",
+            "dateAdded": "2025-10-02",
+            "shortDescription": "Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-23",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/forum.meteohub.de\/viewtopic.php?t=18687 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4008",
+            "cwes": [
+                "CWE-306",
+                "CWE-77"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-32463",
+            "vendorProject": "Sudo",
+            "product": "Sudo",
+            "vulnerabilityName": "Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability",
+            "dateAdded": "2025-09-29",
+            "shortDescription": "Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo\u2019s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-20",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https:\/\/www.sudo.ws\/security\/advisories\/chroot_bug\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32463",
+            "cwes": [
+                "CWE-829"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-59689",
+            "vendorProject": "Libraesva",
+            "product": "Email Security Gateway",
+            "vulnerabilityName": "Libraesva Email Security Gateway Command Injection Vulnerability",
+            "dateAdded": "2025-09-29",
+            "shortDescription": "Libraesva Email Security Gateway (ESG) contains a command injection vulnerability which allows command injection via a compressed e-mail attachment.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-20",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/docs.libraesva.com\/knowledgebase\/security-advisory-command-injection-vulnerability-cve-2025-59689\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-59689",
+            "cwes": [
+                "CWE-77"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-10035",
+            "vendorProject": "Fortra",
+            "product": "GoAnywhere MFT",
+            "vulnerabilityName": "Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability",
+            "dateAdded": "2025-09-29",
+            "shortDescription": "Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-20",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/www.fortra.com\/security\/advisories\/product-security\/fi-2025-012 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-10035",
+            "cwes": [
+                "CWE-502",
+                "CWE-77"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-20352",
+            "vendorProject": "Cisco",
+            "product": "IOS and IOS XE",
+            "vulnerabilityName": "Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability",
+            "dateAdded": "2025-09-29",
+            "shortDescription": "Cisco IOS and IOS XE contains a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote code execution. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-20",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-snmp-x4LPhte ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-20352",
+            "cwes": [
+                "CWE-121"
+            ]
+        },
+        {
+            "cveID": "CVE-2021-21311",
+            "vendorProject": "Adminer",
+            "product": "Adminer",
+            "vulnerabilityName": "Adminer Server-Side Request Forgery Vulnerability",
+            "dateAdded": "2025-09-29",
+            "shortDescription": "Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-10-20",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/github.com\/vrana\/adminer\/security\/advisories\/GHSA-x5r2-hj5c-8jx6 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-21311",
+            "cwes": [
+                "CWE-918"
+            ]
+        },
         {
             "cveID": "CVE-2025-20362",
             "vendorProject": "Cisco",
@@ -2489,7 +2639,7 @@
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-02-13",
             "knownRansomwareCampaignUse": "Unknown",
-            "notes": "https:\/\/blog.jquery.com\/2020\/04\/10\/jquery-3-5-0-released\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-11023",
+            "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https:\/\/github.com\/jquery\/jquery\/security\/advisories\/GHSA-jpcq-cgw6-v4j6 ; https:\/\/blog.jquery.com\/2020\/04\/10\/jquery-3-5-0-released\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-11023",
             "cwes": [
                 "CWE-79"
             ]

regscale/models/integration_models/nexpose.py

@@ -25,11 +25,11 @@ CVE = "CVEs"
 
 class Nexpose(FlatFileImporter):  # pylint: disable=too-many-instance-attributes
     """
-    Nexpose Scan information
+    Nexpose Scan information with FedRAMP POAM export support
     """
 
     def __init__(self, **kwargs):  # pylint: disable=R0902
-        self.name = kwargs.get("name")
+        self.name: str = kwargs.get("name", "Nexpose")
         self.vuln_title = VULNERABILITY_TITLE
         self.vuln_id = VULNERABILITY_ID
         self.cvss3_score = CVSS3_SCORE
@@ -46,13 +46,18 @@ class Nexpose(FlatFileImporter):  # pylint: disable=too-many-instance-attributes
             "Solution",
             "CVEs",
         ]
-        self.mapping_file = kwargs.get("mappings_path")
-        self.disable_mapping = kwargs.get("disable_mapping")
+        self.mapping_file: Optional[str] = kwargs.get("mappings_path")
+        self.disable_mapping: Optional[bool] = kwargs.get("disable_mapping")
+        file_path: Optional[str] = kwargs.get("file_path")
         self.validater = ImportValidater(
-            self.required_headers, kwargs.get("file_path"), self.mapping_file, self.disable_mapping
+            self.required_headers, file_path or "", self.mapping_file or "", self.disable_mapping or False
         )
         self.headers = self.validater.parsed_headers
         self.mapping = self.validater.mapping
+
+        # Store file path for property generation
+        self.file_path = kwargs.get("file_path")
+
         logger = create_logger()
         super().__init__(
             logger=logger,
@@ -127,6 +132,8 @@ class Nexpose(FlatFileImporter):  # pylint: disable=too-many-instance-attributes
         :return: IssueSeverity or None
         :rtype: Optional[IssueSeverity]
         """
+        if not text_severity:
+            return None
         if text_severity.lower() == "low":
             return IssueSeverity.Low
         if text_severity.lower() in ["medium", "moderate"]:
@@ -170,9 +177,30 @@ class Nexpose(FlatFileImporter):  # pylint: disable=too-many-instance-attributes
 
         return severity
 
-    def create_vuln(self, dat: Optional[dict] = None, **kwargs) -> Optional[IntegrationFinding]:
+    def get_source_file_path(self) -> Optional[str]:
         """
-        Create an IntegrationFinding from a row in the Prisma/Nexpose csv file
+        Get source file path for POAM ID generation
+
+        Returns file_path if set, None otherwise.
+        This supports FedRAMP POAM export logic that generates POAM IDs
+        based on source file path properties (e.g., pdf, signatures, campaign, etc.)
+
+        Note: Properties must be created separately after Issue creation using
+        Property.create() or bulk operations, as IntegrationFinding doesn't
+        directly support properties.
+
+        :return: Source file path string or None
+        :rtype: Optional[str]
+        """
+        if not self.file_path:
+            return None
+        return str(self.file_path)
+
+    def create_vuln(
+        self, dat: Optional[dict] = None, **kwargs
+    ) -> Optional[IntegrationFinding]:  # pylint: disable=unused-argument
+        """
+        Create an IntegrationFinding from a row in the Nexpose csv file
 
         :param Optional[dict] dat: Data row from CSV file, defaults to None
         :param kwargs: Additional keyword arguments
@@ -189,8 +217,6 @@ class Nexpose(FlatFileImporter):  # pylint: disable=too-many-instance-attributes
         # Determine severity using priority logic
         severity = self._determine_severity(dat)
 
-        # Find matching asset
-
         # Extract date information
         first_seen = (
             self.mapping.get_value(dat, self.first_seen)
@@ -216,7 +242,7 @@ class Nexpose(FlatFileImporter):  # pylint: disable=too-many-instance-attributes
                 cvss_score=cvss_score or 0.0,
                 cvss_v3_score=cvss3_score or 0.0,
                 cvss_v2_score=cvss_score or 0.0,
-                plugin_text=description[:255],
+                plugin_text=description[:255] if description else "",
                 remediation=self.mapping.get_value(dat, "Solution"),
                 category="Hardware",
                 status=IssueStatus.Open,