regscale-cli 6.26.0.0__py3-none-any.whl → 6.27.0.1__py3-none-any.whl

regscale/integrations/commercial/wizv2/compliance_report.py

@@ -15,7 +15,7 @@ from regscale.core.app.utils.app_utils import get_current_datetime
 from regscale.integrations.commercial.wizv2.file_cleanup import ReportFileCleanup
 from regscale.integrations.commercial.wizv2.reports import WizReportManager
 from regscale.integrations.commercial.wizv2.variables import WizVariables
-from regscale.integrations.commercial.wizv2.wiz_auth import wiz_authenticate
+from regscale.integrations.commercial.wizv2.core.auth import wiz_authenticate
 from regscale.integrations.compliance_integration import ComplianceIntegration, ComplianceItem
 from regscale.integrations.control_matcher import ControlMatcher
 from regscale.models import regscale_models
@@ -793,25 +793,26 @@ class WizComplianceReportProcessor(ComplianceIntegration):
         :rtype: Optional[str]
         """
         try:
-            # Filter for compliance reports for this specific project
-            filter_by = {"projectId": [self.wiz_project_id], "type": ["COMPLIANCE_ASSESSMENTS"]}
+            # Filter for compliance reports (projectId not supported in ReportFilters, using name-based lookup)
+            filter_by = {"type": ["COMPLIANCE_ASSESSMENTS"]}
 
             logger.debug(f"Searching for existing compliance reports with filter: {filter_by}")
             reports = self.report_manager.list_reports(filter_by=filter_by)
 
             if not reports:
-                logger.info("No existing compliance reports found for this project")
+                logger.info("No existing compliance reports found")
                 return None
 
-            # Look for reports named "Compliance Report" (the default name)
-            compliance_reports = [report for report in reports if report.get("name", "").strip() == "Compliance Report"]
+            # Look for report with project-specific name
+            expected_name = f"Compliance Report - {self.wiz_project_id}"
+            matching_reports = [report for report in reports if report.get("name", "").strip() == expected_name]
 
-            if not compliance_reports:
-                logger.info("No compliance reports with standard name found")
+            if not matching_reports:
+                logger.info(f"No existing compliance report found with name: {expected_name}")
                 return None
 
             # Return the first matching report (most recent will be used)
-            selected_report = compliance_reports[0]
+            selected_report = matching_reports[0]
             report_id = selected_report.get("id")
             report_name = selected_report.get("name", "Unknown")
 

regscale/integrations/commercial/wizv2/core/__init__.py

@@ -0,0 +1,133 @@
+"""Core Wiz integration modules including authentication, client, file operations, and constants."""
+
+from regscale.integrations.commercial.wizv2.core.auth import (
+    AUTH0_URLS,
+    COGNITO_URLS,
+    generate_authentication_params,
+    get_token,
+    wiz_authenticate,
+)
+from regscale.integrations.commercial.wizv2.core.client import (
+    AsyncWizGraphQLClient,
+    run_async_queries,
+)
+from regscale.integrations.commercial.wizv2.core.file_operations import FileOperations
+from regscale.integrations.commercial.wizv2.core.constants import (
+    ASSET_TYPE_MAPPING,
+    BEARER,
+    CHECK_INTERVAL_FOR_DOWNLOAD_REPORT,
+    CLOUD_CONFIG_FINDING_QUERY,
+    CLOUD_CONFIG_FINDINGS_FILE_PATH,
+    CONTENT_TYPE,
+    CPE_PART_TO_CATEGORY_MAPPING,
+    CREATE_REPORT_QUERY,
+    DATA_FINDING_QUERY,
+    DATA_FINDINGS_FILE_PATH,
+    DATASOURCE,
+    DEFAULT_WIZ_HARDWARE_TYPES,
+    DOWNLOAD_QUERY,
+    END_OF_LIFE_FILE_PATH,
+    END_OF_LIFE_QUERY,
+    EXCESSIVE_ACCESS_FILE_PATH,
+    EXCESSIVE_ACCESS_QUERY,
+    EXTERNAL_ATTACK_SURFACE_FILE_PATH,
+    EXTERNAL_ATTACK_SURFACE_QUERY,
+    FRAMEWORK_CATEGORIES,
+    FRAMEWORK_MAPPINGS,
+    FRAMEWORK_SHORTCUTS,
+    HOST_VULNERABILITY_FILE_PATH,
+    HOST_VULNERABILITY_QUERY,
+    INVENTORY_FILE_PATH,
+    INVENTORY_QUERY,
+    ISSUE_QUERY,
+    ISSUES_FILE_PATH,
+    MAX_RETRIES,
+    NETWORK_EXPOSURE_FILE_PATH,
+    NETWORK_EXPOSURE_QUERY,
+    PROVIDER,
+    RATE_LIMIT_MSG,
+    RECOMMENDED_WIZ_INVENTORY_TYPES,
+    REPORTS_QUERY,
+    RERUN_REPORT_QUERY,
+    RESOURCE,
+    SBOM_FILE_PATH,
+    SBOM_QUERY,
+    SECRET_FINDINGS_FILE_PATH,
+    SECRET_FINDINGS_QUERY,
+    SEVERITY_MAP,
+    TECHNOLOGIES_FILE_PATH,
+    VULNERABILITY_FILE_PATH,
+    VULNERABILITY_QUERY,
+    WIZ_FRAMEWORK_QUERY,
+    WIZ_POLICY_QUERY,
+    WizVulnerabilityType,
+    get_compliance_report_variables,
+    get_wiz_issue_queries,
+    get_wiz_vulnerability_queries,
+)
+
+__all__ = [
+    # Auth
+    "AUTH0_URLS",
+    "COGNITO_URLS",
+    "generate_authentication_params",
+    "get_token",
+    "wiz_authenticate",
+    # Client
+    "AsyncWizGraphQLClient",
+    "run_async_queries",
+    # File Operations
+    "FileOperations",
+    # Constants
+    "ASSET_TYPE_MAPPING",
+    "BEARER",
+    "CHECK_INTERVAL_FOR_DOWNLOAD_REPORT",
+    "CLOUD_CONFIG_FINDING_QUERY",
+    "CLOUD_CONFIG_FINDINGS_FILE_PATH",
+    "CONTENT_TYPE",
+    "CPE_PART_TO_CATEGORY_MAPPING",
+    "CREATE_REPORT_QUERY",
+    "DATA_FINDING_QUERY",
+    "DATA_FINDINGS_FILE_PATH",
+    "DATASOURCE",
+    "DEFAULT_WIZ_HARDWARE_TYPES",
+    "DOWNLOAD_QUERY",
+    "END_OF_LIFE_FILE_PATH",
+    "END_OF_LIFE_QUERY",
+    "EXCESSIVE_ACCESS_FILE_PATH",
+    "EXCESSIVE_ACCESS_QUERY",
+    "EXTERNAL_ATTACK_SURFACE_FILE_PATH",
+    "EXTERNAL_ATTACK_SURFACE_QUERY",
+    "FRAMEWORK_CATEGORIES",
+    "FRAMEWORK_MAPPINGS",
+    "FRAMEWORK_SHORTCUTS",
+    "HOST_VULNERABILITY_FILE_PATH",
+    "HOST_VULNERABILITY_QUERY",
+    "INVENTORY_FILE_PATH",
+    "INVENTORY_QUERY",
+    "ISSUE_QUERY",
+    "ISSUES_FILE_PATH",
+    "MAX_RETRIES",
+    "NETWORK_EXPOSURE_FILE_PATH",
+    "NETWORK_EXPOSURE_QUERY",
+    "PROVIDER",
+    "RATE_LIMIT_MSG",
+    "RECOMMENDED_WIZ_INVENTORY_TYPES",
+    "REPORTS_QUERY",
+    "RERUN_REPORT_QUERY",
+    "RESOURCE",
+    "SBOM_FILE_PATH",
+    "SBOM_QUERY",
+    "SECRET_FINDINGS_FILE_PATH",
+    "SECRET_FINDINGS_QUERY",
+    "SEVERITY_MAP",
+    "TECHNOLOGIES_FILE_PATH",
+    "VULNERABILITY_FILE_PATH",
+    "VULNERABILITY_QUERY",
+    "WIZ_FRAMEWORK_QUERY",
+    "WIZ_POLICY_QUERY",
+    "WizVulnerabilityType",
+    "get_compliance_report_variables",
+    "get_wiz_issue_queries",
+    "get_wiz_vulnerability_queries",
+]

regscale/integrations/commercial/wizv2/{async_client.py → core/client.py}

@@ -4,7 +4,7 @@
 
 import asyncio
 import logging
-from typing import Any, Dict, List, Optional, Tuple
+from typing import Any, Callable, Dict, List, Optional, Tuple
 
 import anyio
 import httpx
@@ -48,7 +48,7 @@ class AsyncWizGraphQLClient:
         self,
         query: str,
         variables: Optional[Dict[str, Any]] = None,
-        progress_callback: Optional[callable] = None,
+        progress_callback: Optional[Callable] = None,
         task_name: str = "GraphQL Query",
     ) -> Dict[str, Any]:
         """
@@ -118,7 +118,7 @@ class AsyncWizGraphQLClient:
         query: str,
         variables: Dict[str, Any],
         topic_key: str,
-        progress_callback: Optional[callable] = None,
+        progress_callback: Optional[Callable] = None,
         task_name: str = "Paginated Query",
     ) -> List[Dict[str, Any]]:
         """

regscale/integrations/commercial/wizv2/{constants.py → core/constants.py}

@@ -569,7 +569,7 @@ def get_compliance_report_variables(
 
     return {
         "input": {
-            "name": "Compliance Report",
+            "name": f"Compliance Report - {project_id}",
             "type": "COMPLIANCE_ASSESSMENTS",
             "compressionMethod": "GZIP",
             "runIntervalHours": 168,
@@ -632,22 +632,6 @@ REPORTS_QUERY = """
               emailTarget {
                 to
               }
-              parameters {
-                query
-                framework {
-                  name
-                }
-                subscriptions {
-                  id
-                  name
-                  type
-                }
-                entities {
-                  id
-                  name
-                  type
-                }
-              }
               lastRun {
                 ...LastRunDetails
               }

regscale/integrations/commercial/wizv2/core/file_operations.py

@@ -0,0 +1,237 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""File operations module for Wiz integration - handles caching and file I/O."""
+
+import datetime
+import json
+import logging
+import os
+from typing import Any, Callable, Dict, List, Optional, Tuple
+
+from regscale.core.app.utils.app_utils import check_file_path
+
+logger = logging.getLogger("regscale")
+
+
+class FileOperations:
+    """Handles file operations for Wiz integration including caching and data persistence."""
+
+    @staticmethod
+    def load_json_file(file_path: str) -> Optional[Any]:
+        """
+        Load data from a JSON file.
+
+        :param str file_path: Path to JSON file
+        :return: Loaded data or None if file doesn't exist or is invalid
+        :rtype: Optional[Any]
+        """
+        if not os.path.exists(file_path):
+            logger.debug(f"File does not exist: {file_path}")
+            return None
+
+        try:
+            with open(file_path, encoding="utf-8") as f:
+                return json.load(f)
+        except (OSError, json.JSONDecodeError) as e:
+            logger.error(f"Error reading JSON file {file_path}: {e}")
+            return None
+
+    @staticmethod
+    def save_json_file(data: Any, file_path: str, create_dir: bool = True) -> bool:
+        """
+        Save data to a JSON file.
+
+        :param Any data: Data to save
+        :param str file_path: Path to save file
+        :param bool create_dir: Whether to create parent directory if needed
+        :return: True if successful, False otherwise
+        :rtype: bool
+        """
+        try:
+            if create_dir:
+                check_file_path(os.path.dirname(file_path))
+
+            with open(file_path, "w", encoding="utf-8") as f:
+                json.dump(data, f)
+
+            logger.debug(f"Saved data to {file_path}")
+            return True
+
+        except Exception as e:
+            logger.warning(f"Failed to save data to {file_path}: {e}")
+            return False
+
+    @staticmethod
+    def get_file_age(file_path: str) -> Optional[datetime.timedelta]:
+        """
+        Get the age of a file as a timedelta.
+
+        :param str file_path: Path to file
+        :return: File age or None if file doesn't exist
+        :rtype: Optional[datetime.timedelta]
+        """
+        if not os.path.exists(file_path):
+            return None
+
+        try:
+            file_mod_time = datetime.datetime.fromtimestamp(os.path.getmtime(file_path))
+            current_time = datetime.datetime.now()
+            return current_time - file_mod_time
+        except OSError as e:
+            logger.warning(f"Error getting file age for {file_path}: {e}")
+            return None
+
+    @staticmethod
+    def is_cache_valid(file_path: str, max_age_hours: float = 8) -> bool:
+        """
+        Check if a cache file is valid (exists and not too old).
+
+        :param str file_path: Path to cache file
+        :param float max_age_hours: Maximum age in hours before cache is invalid
+        :return: True if cache is valid, False otherwise
+        :rtype: bool
+        """
+        file_age = FileOperations.get_file_age(file_path)
+        if file_age is None:
+            return False
+
+        max_age = datetime.timedelta(hours=max_age_hours)
+        return file_age < max_age
+
+    @staticmethod
+    def load_cache_or_fetch(
+        file_path: str,
+        fetch_fn: Callable[[], Any],
+        max_age_hours: float = 8,
+        save_cache: bool = True,
+    ) -> Any:
+        """
+        Load data from cache if valid, otherwise fetch and optionally cache.
+
+        :param str file_path: Path to cache file
+        :param Callable fetch_fn: Function to call to fetch fresh data
+        :param float max_age_hours: Maximum cache age in hours
+        :param bool save_cache: Whether to save fetched data to cache
+        :return: Data from cache or freshly fetched
+        :rtype: Any
+        """
+        # Try to load from cache if valid
+        if FileOperations.is_cache_valid(file_path, max_age_hours):
+            logger.info(f"Using cached data from {file_path} (newer than {max_age_hours} hours)")
+            cached_data = FileOperations.load_json_file(file_path)
+            if cached_data is not None:
+                return cached_data
+
+        # Cache invalid or doesn't exist - fetch fresh data
+        file_age = FileOperations.get_file_age(file_path)
+        if file_age:
+            logger.info(
+                f"Cache file {file_path} is {file_age.total_seconds() / 3600:.1f} hours old - fetching new data"
+            )
+        else:
+            logger.info(f"Cache file {file_path} does not exist - fetching new data")
+
+        data = fetch_fn()
+
+        # Save to cache if requested
+        if save_cache:
+            FileOperations.save_json_file(data, file_path)
+
+        return data
+
+    @staticmethod
+    def search_json_files(
+        identifier: str,
+        file_paths: List[str],
+        match_fn: Callable[[Dict, str], bool],
+    ) -> Tuple[Optional[Dict], Optional[str]]:
+        """
+        Search for an item across multiple JSON files.
+
+        :param str identifier: Identifier to search for
+        :param List[str] file_paths: List of file paths to search
+        :param Callable match_fn: Function to determine if an item matches (takes item and identifier)
+        :return: Tuple of (found_item, source_file) or (None, None)
+        :rtype: Tuple[Optional[Dict], Optional[str]]
+        """
+        for file_path in file_paths:
+            if not os.path.exists(file_path):
+                continue
+
+            try:
+                result = FileOperations.search_single_json_file(identifier, file_path, match_fn)
+                if result:
+                    return result, file_path
+            except Exception as e:
+                logger.debug(f"Error searching {file_path}: {e}")
+                continue
+
+        return None, None
+
+    @staticmethod
+    def search_single_json_file(
+        identifier: str,
+        file_path: str,
+        match_fn: Callable[[Dict, str], bool],
+    ) -> Optional[Dict]:
+        """
+        Search for an item in a single JSON file.
+
+        :param str identifier: Identifier to search for
+        :param str file_path: Path to JSON file
+        :param Callable match_fn: Function to determine if an item matches
+        :return: Matched item or None
+        :rtype: Optional[Dict]
+        """
+        logger.debug(f"Searching for {identifier} in {file_path}")
+
+        data = FileOperations.load_json_file(file_path)
+        if not isinstance(data, list):
+            return None
+
+        # Use generator for memory efficiency
+        return next((item for item in data if match_fn(item, identifier)), None)
+
+    @staticmethod
+    def load_cached_findings(
+        query_configs: List[Dict[str, Any]],
+        progress_callback: Optional[Callable] = None,
+    ) -> List[Tuple[str, List[Dict], Optional[Exception]]]:
+        """
+        Load cached findings from multiple files.
+
+        :param List[Dict[str, Any]] query_configs: Query configurations with file paths
+        :param Optional[Callable] progress_callback: Optional progress callback
+        :return: List of (query_type, nodes, error) tuples
+        :rtype: List[Tuple[str, List[Dict], Optional[Exception]]]
+        """
+        results = []
+
+        for config in query_configs:
+            query_type = config["type"].value
+            file_path = config.get("file_path")
+
+            if progress_callback:
+                progress_callback(query_type, "loading")
+
+            try:
+                if file_path and os.path.exists(file_path):
+                    nodes = FileOperations.load_json_file(file_path)
+                    if nodes is not None:
+                        logger.info(f"Loaded {len(nodes)} cached {query_type} findings from {file_path}")
+                        results.append((query_type, nodes, None))
+                    else:
+                        logger.warning(f"Failed to load cached data for {query_type}")
+                        results.append((query_type, [], Exception(f"Failed to load {file_path}")))
+                else:
+                    logger.warning(f"No cached data found for {query_type} at {file_path}")
+                    results.append((query_type, [], None))
+
+            except Exception as e:
+                logger.error(f"Error loading cached data for {query_type}: {e}")
+                results.append((query_type, [], e))
+
+            if progress_callback:
+                progress_callback(query_type, "loaded")
+
+        return results

regscale/integrations/commercial/wizv2/fetchers/__init__.py

@@ -0,0 +1,11 @@
+"""Fetchers for Wiz integration - handles data retrieval and caching."""
+
+from regscale.integrations.commercial.wizv2.fetchers.policy_assessment import (
+    PolicyAssessmentFetcher,
+    WizDataCache,
+)
+
+__all__ = [
+    "PolicyAssessmentFetcher",
+    "WizDataCache",
+]

regscale/integrations/commercial/wizv2/{data_fetcher.py → fetchers/policy_assessment.py}

@@ -8,8 +8,8 @@ import os
 from datetime import datetime
 from typing import Dict, List, Optional, Any, Callable
 
-from regscale.integrations.commercial.wizv2.async_client import run_async_queries
-from regscale.integrations.commercial.wizv2.constants import WizVulnerabilityType, WIZ_POLICY_QUERY
+from regscale.integrations.commercial.wizv2.core.client import run_async_queries
+from regscale.integrations.commercial.wizv2.core.constants import WizVulnerabilityType, WIZ_POLICY_QUERY
 
 logger = logging.getLogger("regscale")
 
@@ -127,14 +127,10 @@ class WizApiClient:
             "Content-Type": "application/json",
         }
 
-    def fetch_policy_assessments_async(
-        self, wiz_project_id: str, progress_callback: Optional[Callable] = None
-    ) -> List[Dict[str, Any]]:
+    def fetch_policy_assessments_async(self) -> List[Dict[str, Any]]:
         """
         Fetch policy assessments using async client.
 
-        :param wiz_project_id: Wiz project ID
-        :param progress_callback: Optional progress callback
         :return: List of policy assessment nodes
         """
         try:
@@ -204,7 +200,7 @@ class WizApiClient:
                 logger.debug(f"Filter variant {filter_variant} failed: {e}")
                 continue
 
-        raise Exception(f"All filter variants failed. Last error: {last_error}")
+        raise RuntimeError(f"All filter variants failed. Last error: {last_error}")
 
     def _create_requests_session(self):
         """
@@ -350,7 +346,7 @@ class PolicyAssessmentFetcher:
 
         :return: List of policy assessment nodes
         """
-        return self.api_client.fetch_policy_assessments_async(self.wiz_project_id)
+        return self.api_client.fetch_policy_assessments_async()
 
     def _fetch_with_requests(self) -> List[Dict[str, Any]]:
         """

regscale/integrations/commercial/wizv2/issue.py

@@ -9,7 +9,7 @@ from regscale.core.app.utils.parser_utils import safe_datetime_str
 from regscale.integrations.scanner_integration import IntegrationFinding
 from regscale.models import Issue
 from regscale.utils.dict_utils import get_value
-from .constants import (
+from .core.constants import (
     get_wiz_issue_queries,
     WizVulnerabilityType,
 )

regscale/integrations/commercial/wizv2/parsers/__init__.py

@@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""Parsers module for Wiz integration - re-exports from main.py for clean imports."""
+
+# Import all parser functions from the main parsers module
+from regscale.integrations.commercial.wizv2.parsers.main import (
+    collect_components_to_create,
+    fetch_wiz_data,
+    get_disk_storage,
+    get_ip_address,
+    get_latest_version,
+    get_network_info,
+    get_product_ids,
+    get_software_name_from_cpe,
+    handle_container_image_version,
+    handle_provider,
+    handle_software_version,
+    pull_resource_info_from_props,
+)
+
+__all__ = [
+    "collect_components_to_create",
+    "fetch_wiz_data",
+    "get_disk_storage",
+    "get_ip_address",
+    "get_latest_version",
+    "get_network_info",
+    "get_product_ids",
+    "get_software_name_from_cpe",
+    "handle_container_image_version",
+    "handle_provider",
+    "handle_software_version",
+    "pull_resource_info_from_props",
+]

regscale/integrations/commercial/wizv2/{parsers.py → parsers/main.py}

@@ -3,7 +3,7 @@ import logging
 from typing import Dict, Optional, Tuple, Union, List, Any
 
 from regscale.integrations.commercial.cpe import extract_product_name_and_version
-from regscale.integrations.commercial.wizv2.constants import CONTENT_TYPE
+from regscale.integrations.commercial.wizv2.core.constants import CONTENT_TYPE
 from regscale.integrations.commercial.wizv2.variables import WizVariables
 from regscale.models import regscale_models
 from regscale.utils import PaginatedGraphQLClient

regscale/integrations/commercial/wizv2/processors/__init__.py

@@ -0,0 +1,11 @@
+"""Processors for Wiz integration - handles business logic and data transformation."""
+
+from regscale.integrations.commercial.wizv2.processors.finding import (
+    FindingConsolidator,
+    FindingToIssueProcessor,
+)
+
+__all__ = [
+    "FindingConsolidator",
+    "FindingToIssueProcessor",
+]

regscale/integrations/commercial/wizv2/{finding_processor.py → processors/finding.py}

@@ -7,7 +7,7 @@ from typing import Dict, List, Optional, Iterator, Any, Set, Union
 from collections import defaultdict
 
 from regscale.integrations.scanner_integration import IntegrationFinding
-from regscale.integrations.commercial.wizv2.policy_compliance_helpers import AssetConsolidator
+from regscale.integrations.commercial.wizv2.compliance.helpers import AssetConsolidator
 from regscale.models import regscale_models
 
 logger = logging.getLogger("regscale")

regscale/integrations/commercial/wizv2/reports.py

@@ -8,7 +8,7 @@ from typing import Dict, Any, Optional
 
 import requests
 
-from regscale.integrations.commercial.wizv2.constants import (
+from regscale.integrations.commercial.wizv2.core.constants import (
     CREATE_REPORT_QUERY,
     REPORTS_QUERY,
     DOWNLOAD_QUERY,

regscale/integrations/commercial/wizv2/sbom.py

@@ -6,7 +6,7 @@ from typing import List, Dict, Optional
 from regscale.core.app.utils.app_utils import error_and_exit
 from regscale.integrations.commercial.wizv2.WizDataMixin import WizMixin
 from regscale.models.regscale_models.sbom import Sbom
-from regscale.integrations.commercial.wizv2.constants import SBOM_QUERY, SBOM_FILE_PATH
+from regscale.integrations.commercial.wizv2.core.constants import SBOM_QUERY, SBOM_FILE_PATH
 from regscale.utils import get_value
 
 logger = logging.getLogger(__name__)