regscale-cli 6.27.0.1__py3-none-any.whl → 6.27.2.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of regscale-cli might be problematic. Click here for more details.

Files changed (26) hide show
  1. regscale/_version.py +1 -1
  2. regscale/core/app/utils/app_utils.py +41 -7
  3. regscale/integrations/commercial/aws/scanner.py +3 -2
  4. regscale/integrations/commercial/microsoft_defender/defender_api.py +1 -1
  5. regscale/integrations/commercial/sicura/api.py +65 -29
  6. regscale/integrations/commercial/sicura/scanner.py +36 -7
  7. regscale/integrations/commercial/tenablev2/commands.py +4 -4
  8. regscale/integrations/commercial/tenablev2/scanner.py +1 -2
  9. regscale/integrations/commercial/wizv2/scanner.py +40 -16
  10. regscale/integrations/public/cci_importer.py +400 -9
  11. regscale/models/integration_models/aqua.py +2 -2
  12. regscale/models/integration_models/cisa_kev_data.json +164 -3
  13. regscale/models/integration_models/flat_file_importer/__init__.py +4 -6
  14. regscale/models/integration_models/synqly_models/capabilities.json +1 -1
  15. regscale/models/integration_models/synqly_models/connectors/vulnerabilities.py +11 -10
  16. regscale/models/integration_models/synqly_models/ocsf_mapper.py +48 -8
  17. regscale/models/integration_models/synqly_models/synqly_model.py +34 -12
  18. {regscale_cli-6.27.0.1.dist-info → regscale_cli-6.27.2.0.dist-info}/METADATA +1 -1
  19. {regscale_cli-6.27.0.1.dist-info → regscale_cli-6.27.2.0.dist-info}/RECORD +26 -26
  20. tests/regscale/integrations/commercial/test_sicura.py +0 -1
  21. tests/regscale/integrations/commercial/wizv2/test_wizv2.py +86 -0
  22. tests/regscale/integrations/public/test_cci.py +596 -1
  23. {regscale_cli-6.27.0.1.dist-info → regscale_cli-6.27.2.0.dist-info}/LICENSE +0 -0
  24. {regscale_cli-6.27.0.1.dist-info → regscale_cli-6.27.2.0.dist-info}/WHEEL +0 -0
  25. {regscale_cli-6.27.0.1.dist-info → regscale_cli-6.27.2.0.dist-info}/entry_points.txt +0 -0
  26. {regscale_cli-6.27.0.1.dist-info → regscale_cli-6.27.2.0.dist-info}/top_level.txt +0 -0
regscale/models/integration_models/cisa_kev_data.json CHANGED
@@ -1,9 +1,170 @@
1
1
  {
2
2
  "title": "CISA Catalog of Known Exploited Vulnerabilities",
3
- "catalogVersion": "2025.10.09",
4
- "dateReleased": "2025-10-09T16:52:28.6547Z",
5
- "count": 1436,
3
+ "catalogVersion": "2025.10.20",
4
+ "dateReleased": "2025-10-20T13:56:54.0593Z",
5
+ "count": 1447,
6
6
  "vulnerabilities": [
7
+ {
8
+ "cveID": "CVE-2022-48503",
9
+ "vendorProject": "Apple",
10
+ "product": "Multiple Products",
11
+ "vulnerabilityName": "Apple Multiple Products Unspecified Vulnerability",
12
+ "dateAdded": "2025-10-20",
13
+ "shortDescription": "Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
14
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
15
+ "dueDate": "2025-11-10",
16
+ "knownRansomwareCampaignUse": "Unknown",
17
+ "notes": "https:\/\/support.apple.com\/en-us\/HT213340 ; https:\/\/support.apple.com\/en-us\/HT213341 ; https:\/\/support.apple.com\/en-us\/HT213342 ; https:\/\/support.apple.com\/en-us\/HT213345 ; https:\/\/support.apple.com\/en-us\/HT213346 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-48503",
18
+ "cwes": []
19
+ },
20
+ {
21
+ "cveID": "CVE-2025-2746",
22
+ "vendorProject": "Kentico",
23
+ "product": "Xperience CMS",
24
+ "vulnerabilityName": "Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability",
25
+ "dateAdded": "2025-10-20",
26
+ "shortDescription": "Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.",
27
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
28
+ "dueDate": "2025-11-10",
29
+ "knownRansomwareCampaignUse": "Unknown",
30
+ "notes": "https:\/\/devnet.kentico.com\/download\/hotfixes ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-2746",
31
+ "cwes": [
32
+ "CWE-288"
33
+ ]
34
+ },
35
+ {
36
+ "cveID": "CVE-2025-2747",
37
+ "vendorProject": "Kentico",
38
+ "product": "Xperience CMS",
39
+ "vulnerabilityName": "Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability",
40
+ "dateAdded": "2025-10-20",
41
+ "shortDescription": "Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.",
42
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
43
+ "dueDate": "2025-11-10",
44
+ "knownRansomwareCampaignUse": "Unknown",
45
+ "notes": "https:\/\/devnet.kentico.com\/download\/hotfixes ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-2747",
46
+ "cwes": [
47
+ "CWE-288"
48
+ ]
49
+ },
50
+ {
51
+ "cveID": "CVE-2025-33073",
52
+ "vendorProject": "Microsoft",
53
+ "product": "Windows",
54
+ "vulnerabilityName": "Microsoft Windows SMB Client Improper Access Control Vulnerability",
55
+ "dateAdded": "2025-10-20",
56
+ "shortDescription": "Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.",
57
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
58
+ "dueDate": "2025-11-10",
59
+ "knownRansomwareCampaignUse": "Unknown",
60
+ "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33073 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-33073",
61
+ "cwes": [
62
+ "CWE-284"
63
+ ]
64
+ },
65
+ {
66
+ "cveID": "CVE-2025-61884",
67
+ "vendorProject": "Oracle",
68
+ "product": "E-Business Suite",
69
+ "vulnerabilityName": "Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability",
70
+ "dateAdded": "2025-10-20",
71
+ "shortDescription": "Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.",
72
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
73
+ "dueDate": "2025-11-10",
74
+ "knownRansomwareCampaignUse": "Unknown",
75
+ "notes": "https:\/\/www.oracle.com\/security-alerts\/alert-cve-2025-61884.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-61884",
76
+ "cwes": [
77
+ "CWE-918"
78
+ ]
79
+ },
80
+ {
81
+ "cveID": "CVE-2025-54253",
82
+ "vendorProject": "Adobe",
83
+ "product": "Experience Manager (AEM) Forms",
84
+ "vulnerabilityName": "Adobe Experience Manager Forms Code Execution Vulnerability",
85
+ "dateAdded": "2025-10-15",
86
+ "shortDescription": "Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.",
87
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
88
+ "dueDate": "2025-11-05",
89
+ "knownRansomwareCampaignUse": "Unknown",
90
+ "notes": "https:\/\/helpx.adobe.com\/security\/products\/aem-forms\/apsb25-82.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-54253",
91
+ "cwes": []
92
+ },
93
+ {
94
+ "cveID": "CVE-2025-47827",
95
+ "vendorProject": "IGEL",
96
+ "product": "IGEL OS",
97
+ "vulnerabilityName": "IGEL OS Use of a Key Past its Expiration Date Vulnerability",
98
+ "dateAdded": "2025-10-14",
99
+ "shortDescription": "IGEL OS contains a use of a key past its expiration date vulnerability that allows for Secure Boot bypass. The igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.",
100
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
101
+ "dueDate": "2025-11-04",
102
+ "knownRansomwareCampaignUse": "Unknown",
103
+ "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-47827 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-47827",
104
+ "cwes": [
105
+ "CWE-324"
106
+ ]
107
+ },
108
+ {
109
+ "cveID": "CVE-2025-24990",
110
+ "vendorProject": "Microsoft",
111
+ "product": "Windows",
112
+ "vulnerabilityName": "Microsoft Windows Untrusted Pointer Dereference Vulnerability",
113
+ "dateAdded": "2025-10-14",
114
+ "shortDescription": "Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vulnerability could gain administrator privileges.",
115
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
116
+ "dueDate": "2025-11-04",
117
+ "knownRansomwareCampaignUse": "Unknown",
118
+ "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-24990 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24990",
119
+ "cwes": [
120
+ "CWE-822"
121
+ ]
122
+ },
123
+ {
124
+ "cveID": "CVE-2025-59230",
125
+ "vendorProject": "Microsoft",
126
+ "product": "Windows",
127
+ "vulnerabilityName": "Microsoft Windows Improper Access Control Vulnerability",
128
+ "dateAdded": "2025-10-14",
129
+ "shortDescription": "Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally.",
130
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
131
+ "dueDate": "2025-11-04",
132
+ "knownRansomwareCampaignUse": "Unknown",
133
+ "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-59230 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-59230",
134
+ "cwes": [
135
+ "CWE-284"
136
+ ]
137
+ },
138
+ {
139
+ "cveID": "CVE-2025-6264",
140
+ "vendorProject": "Rapid7",
141
+ "product": "Velociraptor",
142
+ "vulnerabilityName": "Rapid7 Velociraptor Incorrect Default Permissions Vulnerability",
143
+ "dateAdded": "2025-10-14",
144
+ "shortDescription": "Rapid7 Velociraptor contains an incorrect default permissions vulnerability that can lead to arbitrary command execution and endpoint takeover. To successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint.",
145
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
146
+ "dueDate": "2025-11-04",
147
+ "knownRansomwareCampaignUse": "Known",
148
+ "notes": "https:\/\/docs.velociraptor.app\/announcements\/advisories\/cve-2025-6264\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-6264",
149
+ "cwes": [
150
+ "CWE-276"
151
+ ]
152
+ },
153
+ {
154
+ "cveID": "CVE-2016-7836",
155
+ "vendorProject": "SKYSEA",
156
+ "product": "Client View",
157
+ "vulnerabilityName": "SKYSEA Client View Improper Authentication Vulnerability",
158
+ "dateAdded": "2025-10-14",
159
+ "shortDescription": "SKYSEA Client View contains an improper authentication vulnerability that allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.",
160
+ "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
161
+ "dueDate": "2025-11-04",
162
+ "knownRansomwareCampaignUse": "Unknown",
163
+ "notes": "https:\/\/www.skyseaclientview.net\/news\/161221\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-7836",
164
+ "cwes": [
165
+ "CWE-287"
166
+ ]
167
+ },
7
168
  {
8
169
  "cveID": "CVE-2021-43798",
9
170
  "vendorProject": "Grafana Labs",
regscale/models/integration_models/flat_file_importer/__init__.py CHANGED
@@ -930,13 +930,13 @@ class FlatFileImporter(ABC):
930
930
  return dict_content
931
931
 
932
932
  @staticmethod
933
- def determine_severity(s: str) -> str:
933
+ def determine_severity(s: Optional[str] = None) -> IssueSeverity:
934
934
  """
935
935
  Determine the CVSS severity of the vulnerability
936
936
 
937
- :param str s: The severity
937
+ :param Optional[str] s: The severity, defaults to None
938
938
  :return: The severity
939
- :rtype: str
939
+ :rtype: IssueSeverity
940
940
  """
941
941
  mapping = {
942
942
  "critical": IssueSeverity.Critical,
@@ -949,9 +949,7 @@ class FlatFileImporter(ABC):
949
949
  "info": IssueSeverity.NotAssigned,
950
950
  "unknown": IssueSeverity.NotAssigned,
951
951
  }
952
- severity = "info"
953
- if s:
954
- severity = s.lower()
952
+ severity = s.lower() if s else "info"
955
953
  return mapping.get(severity, IssueSeverity.NotAssigned)
956
954
 
957
955
  @staticmethod