regscale-cli 6.25.1.0__py3-none-any.whl → 6.27.0.0__py3-none-any.whl

regscale/integrations/commercial/tenablev2/stig_parsers.py

@@ -8,7 +8,89 @@ from regscale.core.app.utils.app_utils import get_current_datetime
 from regscale.integrations.scanner_integration import IntegrationFinding, issue_due_date
 from regscale.models import regscale_models
 
-logger = logging.getLogger(__name__)
+logger = logging.getLogger("regscale")
+
+# Constants
+DEFAULT_CCI_REF = "CCI-000366"  # Default CCI reference for STIG findings
+UNKNOWN_VULN_NUM = "unknown"
+_SOLUTION_KEYWORD = "Solution:"
+_REFERENCE_INFO_KEYWORD = "Reference Information:"
+
+# Status mapping for STIG results
+_RESULT_STATUS_MAP = {
+    "PASSED": regscale_models.ChecklistStatus.PASS,
+    "FAILED": regscale_models.ChecklistStatus.FAIL,
+    "ERROR": regscale_models.ChecklistStatus.FAIL,
+    "NOT APPLICABLE": regscale_models.ChecklistStatus.NOT_APPLICABLE,
+    "NOT_APPLICABLE": regscale_models.ChecklistStatus.NOT_APPLICABLE,
+}
+
+# Severity mapping for STIG findings
+_SEVERITY_MAP = {
+    "critical": regscale_models.IssueSeverity.Critical,
+    "high": regscale_models.IssueSeverity.High,
+    "medium": regscale_models.IssueSeverity.Moderate,
+    "low": regscale_models.IssueSeverity.Low,
+}
+
+
+def _extract_field(pattern: str, text: str, flags: Union[int, re.RegexFlag] = 0, group: int = 1) -> str:
+    """
+    Extracts a field from a string using a regular expression.
+
+    :param str pattern: The regular expression pattern to search for
+    :param str text: The string to search in
+    :param int flags: Optional regular expression flags, defaults to 0
+    :param int group: The group number to return from the match, defaults to 1
+    :return: The extracted field as a string. Empty string if no match was found
+    :rtype: str
+    """
+    match = re.search(pattern, text, flags)
+    return match.group(group).strip() if match else ""
+
+
+def _extract_reference_dict(output: str) -> dict:
+    """
+    Extract and parse reference information into dictionary.
+
+    :param str output: The STIG output string
+    :return: Dictionary of reference information
+    :rtype: dict
+    """
+    ref_info = _extract_field(r"Reference Information:\s*(.+)", output, flags=re.DOTALL)
+    ref_dict = {}
+    for item in ref_info.split(","):
+        if "|" in item:
+            parts = item.split("|", 1)
+            if len(parts) == 2:
+                ref_dict[parts[0].strip()] = parts[1].strip()
+    return ref_dict
+
+
+def _map_result_to_status(result: str) -> regscale_models.ChecklistStatus:
+    """
+    Map result string to ChecklistStatus enum.
+
+    :param str result: The result string from STIG output
+    :return: ChecklistStatus enum value
+    :rtype: regscale_models.ChecklistStatus
+    """
+    result_key = result.upper().replace("_", " ").strip()
+    if result_key not in _RESULT_STATUS_MAP:
+        logger.warning("Result '%s' not found in status map", result)
+        return regscale_models.ChecklistStatus.NOT_REVIEWED
+    return _RESULT_STATUS_MAP[result_key]
+
+
+def _map_severity_to_enum(severity: str) -> regscale_models.IssueSeverity:
+    """
+    Map severity string to IssueSeverity enum.
+
+    :param str severity: The severity string
+    :return: IssueSeverity enum value
+    :rtype: regscale_models.IssueSeverity
+    """
+    return _SEVERITY_MAP.get(severity.lower(), regscale_models.IssueSeverity.NotAssigned)
 
 
 def parse_stig_output(output: str, finding: IntegrationFinding) -> IntegrationFinding:
@@ -20,43 +102,39 @@ def parse_stig_output(output: str, finding: IntegrationFinding) -> IntegrationFi
     :return: An IntegrationFinding object containing the parsed finding information.
     :rtype: IntegrationFinding
     """
-
-    def _extract_field(pattern: str, text: str, flags: Union[int, re.RegexFlag] = 0, group: int = 1) -> str:
-        """
-        Extracts a field from a string using a regular expression
-
-        :param str pattern: The regular expression pattern to search for
-        :param str text: The string to search in
-        :param int flags: Optional regular expression flags, defaults to 0
-        :param int group: The group number to return from the match, defaults to 1
-        :return: The extracted field as a string. Empty string if no match was found
-        :rtype: str
-        """
-        match = re.search(pattern, text, flags)
-        return match.group(group).strip() if match else ""
-
-    # Extract fields
-    check_name_full = _extract_field(r"Check Name:\s*(.*?)\n", output, flags=re.DOTALL | re.MULTILINE)
+    # Extract fields using optimized regex patterns (preventing catastrophic backtracking)
+    check_name_full = _extract_field(r"Check Name:\s*([^\n]+)", output)
     check_name_parts = check_name_full.split(":", 1)
     rule_id = check_name_parts[0].strip()
     check_description = check_name_parts[1].strip() if len(check_name_parts) > 1 else ""
 
+    # Extract baseline from Target keyword
     baseline = _extract_field(r"(.*?)\s+Target\s+(.*)", check_description, group=2)
-    if target_match := _extract_field(r"(.*?)\s+Target\s+(.*)", check_description):
+    target_match = _extract_field(r"(.*?)\s+Target\s+(.*)", check_description)
+    if target_match:
         check_description = check_description[: check_description.find(target_match) + len(target_match)].strip()
 
-    information = _extract_field(r"Information:\s*(.*?)\n", output, flags=re.DOTALL | re.MULTILINE)
-    vuln_discuss = _extract_field(r"VulnDiscussion='(.*?)'\s", output, flags=re.DOTALL | re.MULTILINE)
-    result = _extract_field(r"Result:\s*(.*?)(?:\n|$)", output, flags=re.IGNORECASE | re.DOTALL)
-    solution = _extract_field(r"Solution:\s*(.*?)\n\nReference Information:", output, flags=re.DOTALL | re.MULTILINE)
+    information = _extract_field(r"Information:\s*([^\n]+)", output)
+    vuln_discuss = _extract_field(r"VulnDiscussion='([^']+)'\s", output)
+    result = _extract_field(r"Result:\s*([^\n]+)", output, flags=re.IGNORECASE)
+    # Extract solution using a safe pattern that avoids backtracking
+    # Split on reference keyword and take the solution section
+    if _SOLUTION_KEYWORD in output and _REFERENCE_INFO_KEYWORD in output:
+        solution_start = output.find(_SOLUTION_KEYWORD) + len(_SOLUTION_KEYWORD)
+        ref_start = output.find(_REFERENCE_INFO_KEYWORD, solution_start)
+        solution = output[solution_start:ref_start].strip()
+    elif _SOLUTION_KEYWORD in output:
+        solution_start = output.find(_SOLUTION_KEYWORD) + len(_SOLUTION_KEYWORD)
+        solution = output[solution_start:].strip()
+    else:
+        solution = ""
 
-    # Extract reference information
-    ref_info = _extract_field(r"Reference Information:\s*(.*)", output, flags=re.DOTALL | re.MULTILINE)
-    ref_dict = dict(item.split("|", 1) for item in ref_info.split(",") if "|" in item)
+    # Extract reference information using helper function
+    ref_dict = _extract_reference_dict(output)
 
     # Extract specific references
-    cci_ref = ref_dict.get("CCI", "CCI-000366")
-    severity = ref_dict.get("SEVERITY", "").lower()
+    cci_ref = ref_dict.get("CCI", DEFAULT_CCI_REF)
+    severity_str = ref_dict.get("SEVERITY", "").lower()
     oval_def = ref_dict.get("OVAL-DEF", "")
     generated_date = ref_dict.get("GENERATED-DATE", "")
     updated_date = ref_dict.get("UPDATED-DATE", "")
@@ -64,36 +142,19 @@ def parse_stig_output(output: str, finding: IntegrationFinding) -> IntegrationFi
     rule_id_full = ref_dict.get("RULE-ID", "")
     group_id = ref_dict.get("GROUP-ID", "")
 
+    # Extract vulnerability number
     vuln_num_match = re.search(r"SV-\d+r\d+_rule", rule_id)
-    vuln_num = vuln_num_match.group(0) if vuln_num_match else "unknown"
+    vuln_num = vuln_num_match.group(0) if vuln_num_match else UNKNOWN_VULN_NUM
 
     title = f"{vuln_num}: {check_description}"
     issue_title = title
 
-    status_map = {
-        "PASSED": regscale_models.ChecklistStatus.PASS,
-        "FAILED": regscale_models.ChecklistStatus.FAIL,
-        "ERROR": regscale_models.ChecklistStatus.FAIL,
-        "NOT APPLICABLE": regscale_models.ChecklistStatus.NOT_APPLICABLE,
-        "NOT_APPLICABLE": regscale_models.ChecklistStatus.NOT_APPLICABLE,
-    }
+    # Map result to status using helper function
+    status = _map_result_to_status(result)
 
-    result_key = result.upper().replace("_", " ").strip()
-    if result_key not in status_map:
-        logger.warning(f"Result '{result}' not found in status map")
-        status = regscale_models.ChecklistStatus.NOT_REVIEWED
-    else:
-        status = status_map[result_key]
-
-    # Map severity to IssueSeverity enum
-    priority = (severity or "").title()
-    severity_map = {
-        "critical": regscale_models.IssueSeverity.Critical,
-        "high": regscale_models.IssueSeverity.High,
-        "medium": regscale_models.IssueSeverity.Moderate,
-        "low": regscale_models.IssueSeverity.Low,
-    }
-    severity = severity_map.get(severity.lower(), regscale_models.IssueSeverity.NotAssigned)
+    # Map severity to IssueSeverity enum using helper function
+    priority = (severity_str or "").title()
+    severity = _map_severity_to_enum(severity_str)
 
     results = (
         f"Vulnerability Number: {vuln_num}, Severity: {severity.value}, "
@@ -132,9 +193,4 @@ def parse_stig_output(output: str, finding: IntegrationFinding) -> IntegrationFi
     finding.rule_id_full = rule_id_full
     finding.group_id = group_id
 
-    # Future values
-    # finding.comments = ""
-    # finding.poam_comments = ""
-    # finding.rule_version = ""
-
     return finding

regscale/integrations/commercial/wizv2/WizDataMixin.py

@@ -5,7 +5,7 @@ from datetime import datetime, timedelta
 from typing import Optional, Dict, Any, List
 
 from regscale.core.app.utils.app_utils import error_and_exit, check_file_path
-from regscale.integrations.commercial.wizv2.constants import CONTENT_TYPE
+from regscale.integrations.commercial.wizv2.core.constants import CONTENT_TYPE
 from regscale.core.app.application import Application
 from regscale.utils import PaginatedGraphQLClient
 

regscale/integrations/commercial/wizv2/click.py

@@ -25,7 +25,7 @@ def wiz():
 @click.option("--client_secret", default=None, hide_input=True, required=False)  # type: ignore
 def authenticate(client_id, client_secret):
     """Authenticate to Wiz."""
-    from regscale.integrations.commercial.wizv2.wiz_auth import wiz_authenticate
+    from regscale.integrations.commercial.wizv2.core.auth import wiz_authenticate
 
     wiz_authenticate(client_id, client_secret)
 
@@ -45,7 +45,7 @@ def authenticate(client_id, client_secret):
     "--client_id",
     "-ci",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -53,7 +53,7 @@ def authenticate(client_id, client_secret):
     "--client_secret",
     "-cs",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -77,9 +77,9 @@ def inventory(
     """Process inventory from Wiz and create assets in RegScale."""
     from regscale.integrations.commercial.wizv2.scanner import WizVulnerabilityIntegration
 
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
 
     scanner = WizVulnerabilityIntegration(plan_id=regscale_ssp_id)
@@ -104,14 +104,14 @@ def inventory(
 @click.option(
     "--client_id",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
 @click.option(
     "--client_secret",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=True,
     required=False,
 )
@@ -136,13 +136,13 @@ def issues(
     Process Issues from Wiz into RegScale
     """
     from regscale.core.app.utils.app_utils import check_license
-    from regscale.integrations.commercial.wizv2.wiz_auth import wiz_authenticate
+    from regscale.integrations.commercial.wizv2.core.auth import wiz_authenticate
     from regscale.integrations.commercial.wizv2.issue import WizIssue
     import json
 
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
 
     check_license()
@@ -166,7 +166,7 @@ def issues(
     "--client_id",
     "-ci",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -174,7 +174,7 @@ def issues(
     "--client_secret",
     "-cs",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=True,
     required=False,
 )
@@ -191,12 +191,12 @@ def attach_sbom(
     standard="CycloneDX",
 ):
     """Download SBOMs from a Wiz report by ID and add them to the corresponding RegScale assets."""
-    from regscale.integrations.commercial.wizv2.wiz_auth import wiz_authenticate
+    from regscale.integrations.commercial.wizv2.core.auth import wiz_authenticate
     from regscale.integrations.commercial.wizv2.utils import fetch_sbom_report
 
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
 
     wiz_authenticate(
@@ -212,15 +212,6 @@ def attach_sbom(
     )
 
 
-@wiz.command()
-def threats():
-    """Process threats from Wiz -> Coming soon"""
-    from regscale.core.app.utils.app_utils import check_license
-
-    check_license()
-    logger.info("Threats - COMING SOON")
-
-
 @wiz.command()
 @click.option(  # type: ignore
     "--wiz_project_id",
@@ -234,7 +225,7 @@ def threats():
     "--client_id",
     "-ci",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -242,7 +233,7 @@ def threats():
     "--client_secret",
     "-cs",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=True,
     required=False,
 )
@@ -266,9 +257,9 @@ def vulnerabilities(
     """Process vulnerabilities from Wiz"""
     from regscale.integrations.commercial.wizv2.scanner import WizVulnerabilityIntegration
 
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
 
     scanner = WizVulnerabilityIntegration(plan_id=regscale_ssp_id)
@@ -286,7 +277,7 @@ def vulnerabilities(
     "--client_id",
     "-ci",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -294,14 +285,18 @@ def vulnerabilities(
     "--client_secret",
     "-cs",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=True,
     required=False,
 )
 @click.option("--evidence_id", "-e", help="Wiz Evidence ID", required=True, type=int)  # type: ignore
 @click.option("--report_id", "-r", help="Wiz Report ID", required=True)  # type: ignore
-@click.option("--report_file_name", "-n", help="Report file name", default="evidence_report", required=False)  # type: ignore
-@click.option("--report_file_extension", "-e", help="Report file extension", default="csv", required=False)  # type: ignore
+@click.option(
+    "--report_file_name", "-n", help="Report file name", default="evidence_report", required=False
+)  # type: ignore
+@click.option(
+    "--report_file_extension", "-e", help="Report file extension", default="csv", required=False
+)  # type: ignore
 def add_report_evidence(
     client_id,
     client_secret,
@@ -311,12 +306,12 @@ def add_report_evidence(
     report_file_extension: str = "csv",
 ):
     """Download a Wiz report by ID and Attach to Evidence locker"""
-    from regscale.integrations.commercial.wizv2.wiz_auth import wiz_authenticate
+    from regscale.integrations.commercial.wizv2.core.auth import wiz_authenticate
     from regscale.integrations.commercial.wizv2.utils import fetch_report_by_id
 
-    if not client_secret:
+    if client_secret is None:
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None:
         client_id = WizVariables.wizClientId
 
     wiz_authenticate(
@@ -324,7 +319,10 @@ def add_report_evidence(
         client_secret=client_secret,
     )
     fetch_report_by_id(
-        report_id, parent_id=evidence_id, report_file_name=report_file_name, report_file_extension=report_file_extension
+        report_id,
+        parent_id=evidence_id,
+        report_file_name=report_file_name,
+        report_file_extension=report_file_extension,
     )
 
 
@@ -346,7 +344,7 @@ def add_report_evidence(
     "--client_id",
     "-i",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -354,14 +352,17 @@ def add_report_evidence(
     "--client_secret",
     "-s",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=True,
     required=False,
 )
 @click.option(  # type: ignore
     "--framework_id",
     "-f",
-    help="Wiz framework ID or shorthand (e.g., 'nist', 'aws', 'wf-id-4'). Use --list-frameworks to see options. Default: wf-id-4 (NIST SP 800-53 Rev 5)",
+    help=(
+        "Wiz framework ID or shorthand (e.g., 'nist', 'aws', 'wf-id-4'). "
+        "Use --list-frameworks to see options. Default: wf-id-4 (NIST SP 800-53 Rev 5)"
+    ),
     default="wf-id-4",
     required=False,
 )
@@ -420,67 +421,51 @@ def sync_compliance(
     """
     Sync policy compliance assessments from Wiz to RegScale.
 
-    This command fetches policy assessment data from Wiz and creates:
+    This command now uses CSV compliance reports from Wiz instead of GraphQL API.
+    It creates:
     - Control assessments based on policy compliance results
     - Issues for failed policy assessments (if --create-issues enabled)
     - Updates to control implementation status (if --update-control-status enabled)
-    - JSON output file with policy compliance data in artifacts/wiz/ directory
-    - Cached framework mapping for improved performance
 
-    CACHING:
-    By default, the command will reuse cached policy data if it's newer than the cache
-    duration (default: 60 minutes). Use --refresh to force fresh data from Wiz.
-    Use --cache-duration to adjust how long cached data is considered valid.
+    NOTE: This command is deprecated. Use 'compliance_report' command instead.
     """
-    from regscale.integrations.commercial.wizv2.policy_compliance import (
-        WizPolicyComplianceIntegration,
-        list_available_frameworks,
-        resolve_framework_id,
-    )
+    click.echo("⚠️  sync_compliance is deprecated and now uses compliance_report implementation.")
+    click.echo("    Consider using 'regscale wiz compliance_report' directly for future use.\n")
 
-    # Handle --list-frameworks flag
+    # Handle --list-frameworks flag (no longer supported, inform user)
     if list_frameworks:
-        click.echo(list_available_frameworks())
+        click.echo("❌  --list-frameworks is no longer supported in the deprecated sync_compliance command.")
+        click.echo("    Please use 'regscale wiz compliance_report' instead.\n")
         return
 
     # Use environment variables if not provided
-    if not client_secret:
+    if client_secret is None or client_secret == "":
         client_secret = WizVariables.wizClientSecret
-    if not client_id:
+    if client_id is None or client_id == "":
         client_id = WizVariables.wizClientId
 
-    # Resolve framework ID using the enhanced framework resolution
-    try:
-        resolved_framework_id = resolve_framework_id(framework_id.lower())
-        if resolved_framework_id != framework_id:
-            from regscale.integrations.commercial.wizv2.policy_compliance import FRAMEWORK_MAPPINGS
-
-            framework_name = FRAMEWORK_MAPPINGS.get(resolved_framework_id, resolved_framework_id)
-            click.echo(f"🔍 Resolved '{framework_id}' to '{framework_name}' ({resolved_framework_id})")
-    except ValueError as e:
-        click.echo(f"❌ {str(e)}")
-        click.echo("\nUse --list-frameworks to see all available options.")
-        return
+    # Import compliance_report processor instead of GraphQL-based integration
+    from regscale.integrations.commercial.wizv2.compliance_report import WizComplianceReportProcessor
 
-    # Create and run the policy compliance integration
-    policy_integration = WizPolicyComplianceIntegration(
+    # Create processor with similar options to compliance_report command
+    processor = WizComplianceReportProcessor(
         plan_id=regscale_id,
         wiz_project_id=wiz_project_id,
         client_id=client_id,
         client_secret=client_secret,
-        framework_id=resolved_framework_id,
         regscale_module=regscale_module,
         create_poams=create_poams,
-        cache_duration_minutes=cache_duration,
-        force_refresh=refresh,
-    )
-
-    # Run the policy compliance sync
-    policy_integration.sync_policy_compliance(
         create_issues=create_issues,
         update_control_status=update_control_status,
+        report_file_path=None,  # Will create new report
+        force_fresh_report=refresh,  # Map --refresh to force_fresh_report
+        reuse_existing_reports=not refresh,  # Inverse of refresh
+        bypass_control_filtering=True,  # Enable for performance
     )
 
+    # Process the compliance report using new ComplianceIntegration pattern
+    processor.process_compliance_sync()
+
 
 @wiz.command(name="compliance_report")
 @click.option(
@@ -496,7 +481,7 @@ def sync_compliance(
     "--client_id",
     "-i",
     help="Wiz Client ID, or can be set as environment variable wizClientId",
-    default="",
+    default=None,
     hide_input=False,
     required=False,
 )
@@ -504,7 +489,7 @@ def sync_compliance(
     "--client_secret",
     "-s",
     help="Wiz Client Secret, or can be set as environment variable wizClientSecret",
-    default="",
+    default=None,
     hide_input=True,
     required=False,
 )
@@ -581,7 +566,7 @@ def compliance_report(
     """
     from regscale.integrations.commercial.wizv2.compliance_report import WizComplianceReportProcessor
 
-    # Use environment variables if not provided
+    # Use environment variables if not provided or empty
     if not client_secret:
         client_secret = WizVariables.wizClientSecret
     if not client_id:

regscale/integrations/commercial/wizv2/compliance/__init__.py

@@ -0,0 +1,15 @@
+"""Compliance-specific functionality for Wiz integration."""
+
+from regscale.integrations.commercial.wizv2.compliance.helpers import (
+    AssetConsolidator,
+    ControlAssessmentProcessor,
+    ControlImplementationCache,
+    IssueFieldSetter,
+)
+
+__all__ = [
+    "AssetConsolidator",
+    "ControlAssessmentProcessor",
+    "ControlImplementationCache",
+    "IssueFieldSetter",
+]