regscale-cli 6.27.1.0__py3-none-any.whl → 6.27.3.0__py3-none-any.whl

regscale/core/login.py

@@ -6,6 +6,7 @@ from os import getenv
 from typing import Optional, Tuple
 from urllib.parse import urljoin
 
+from requests.exceptions import HTTPError
 from regscale.core.app.api import Api
 from regscale.core.app.utils.app_utils import error_and_exit
 
@@ -14,10 +15,11 @@ logger = logging.getLogger("regscale")
 
 def get_regscale_token(
     api: Api,
-    username: str = getenv("REGSCALE_USER"),
-    password: str = getenv("REGSCALE_PASSWORD"),
-    domain: str = getenv("REGSCALE_DOMAIN"),
+    username: Optional[str] = getenv("REGSCALE_USER"),
+    password: Optional[str] = getenv("REGSCALE_PASSWORD"),
+    domain: Optional[str] = getenv("REGSCALE_DOMAIN"),
     mfa_token: Optional[str] = "",
+    app_id: Optional[int] = 1,
 ) -> Tuple[str, str]:
     """
     Authenticate with RegScale and return a token
@@ -27,6 +29,7 @@ def get_regscale_token(
     :param str password: a string defaulting to the envar REGSCALE_PASSWORD
     :param str domain: a string representing the RegScale domain, checks environment REGSCALE_DOMAIN
     :param Optional[str] mfa_token: MFA token to login with
+    :param Optional[int] app_id: The app ID to login with
     :raises EnvironmentError: if domain is not passed or retrieved
     :return: a tuple of user_id and auth_token
     :rtype: Tuple[str, str]
@@ -47,7 +50,19 @@ def get_regscale_token(
     logger.info("Logging into: %s", domain)
     # suggest structuring the login paths so that they all exist in one place
     url = urljoin(domain, "/api/authentication/login")
-    response = api.post(url=url, json=auth, headers={})
+    try:
+        # Try to authenticate with the new API version
+        auth["appId"] = app_id
+        response = api.post(url=url, json=auth, headers={"X-Api-Version": "2.0"})
+        if response is None:
+            raise HTTPError("No response received from api.post(). Possible connection issue or internal error.")
+        response.raise_for_status()
+        app_id_compatible = True
+    except HTTPError:
+        # Fallback to the old API version
+        del auth["appId"]
+        response = api.post(url=url, json=auth, headers={})
+        app_id_compatible = False
     error_msg = "Unable to authenticate with RegScale. Please check your credentials."
     if response is None:
         logger.error("No response received from api.post(). Possible connection issue or internal error.")
@@ -63,4 +78,6 @@ def get_regscale_token(
         error_and_exit(f"{error_msg}\n{response.status_code}: {response.text}")
     if isinstance(response_dict, str):
         response_dict = json.loads(response_dict)
+    if app_id_compatible:
+        return response_dict["accessToken"]["id"], response_dict["accessToken"]["authToken"]
     return response_dict["id"], response_dict["auth_token"]

regscale/core/utils/date.py

@@ -2,8 +2,10 @@
 # -*- coding: utf-8 -*-
 """Utility functions for handling date and datetime conversions"""
 
+import calendar
 import datetime
 import logging
+import re
 from typing import Any, List, Optional, Union
 
 
@@ -39,7 +41,8 @@ def date_str(date_object: Union[str, datetime.datetime, datetime.date, None], da
             return date_object.strftime(date_format)
 
         return date_object.isoformat()
-    except Exception:
+    except (AttributeError, TypeError, ValueError) as e:
+        logger.debug(f"Error converting date object to string: {e}")
         return ""
 
 
@@ -82,6 +85,7 @@ def date_obj(date_str: Union[str, datetime.datetime, datetime.date, int, None])
 def datetime_obj(date_str: Union[str, datetime.datetime, datetime.date, int, None]) -> Optional[datetime.datetime]:
     """
     Convert a string, datetime, date, integer, or timestamp string to a datetime object.
+    If the day of the month is invalid (e.g., November 31), adjusts to the last valid day of that month.
 
     :param Union[str, datetime.datetime, datetime.date, int, None] date_str: The value to convert.
     :return: The datetime object.
@@ -93,6 +97,10 @@ def datetime_obj(date_str: Union[str, datetime.datetime, datetime.date, int, Non
         try:
             return parse(date_str)
         except ParserError as e:
+            # Try to fix invalid day of month (e.g., 2023/11/31 -> 2023/11/30)
+            if fixed_date := _fix_invalid_day_of_month(date_str):
+                return fixed_date
+
             if date_str and str(date_str).lower() not in ["n/a", "none"]:
                 logger.warning(f"Warning could not parse date string: {date_str}\n{e}")
             return None
@@ -105,6 +113,74 @@ def datetime_obj(date_str: Union[str, datetime.datetime, datetime.date, int, Non
     return None
 
 
+def _parse_date_components(match_groups: tuple) -> tuple[int, int, int]:
+    """
+    Parse year, month, day from regex match groups.
+
+    :param tuple match_groups: Tuple of matched groups from regex
+    :return: Tuple of (year, month, day)
+    :rtype: tuple[int, int, int]
+    """
+    if len(match_groups[0]) == 4:  # First group is year (YYYY/MM/DD)
+        return int(match_groups[0]), int(match_groups[1]), int(match_groups[2])
+    # Last group is year (MM/DD/YYYY)
+    return int(match_groups[2]), int(match_groups[0]), int(match_groups[1])
+
+
+def _adjust_invalid_day(year: int, month: int, day: int) -> Optional[datetime.datetime]:
+    """
+    Adjust invalid day of month to last valid day.
+
+    :param int year: Year
+    :param int month: Month
+    :param int day: Day
+    :return: Adjusted datetime or None if invalid
+    :rtype: Optional[datetime.datetime]
+    """
+    last_valid_day = calendar.monthrange(year, month)[1]
+    if day <= last_valid_day:
+        return None
+
+    logger.warning(f"Invalid day {day} for month {month}/{year}. Adjusting to last valid day: {last_valid_day}")
+    try:
+        return datetime.datetime(year, month, last_valid_day)
+    except ValueError:
+        return None
+
+
+def _fix_invalid_day_of_month(date_str: str) -> Optional[datetime.datetime]:
+    """
+    Attempt to fix an invalid day of month in a date string.
+    For example, 2023/11/31 would become 2023/11/30.
+
+    :param str date_str: The date string to fix
+    :return: A datetime object with a valid day, or None if it can't be fixed
+    :rtype: Optional[datetime.datetime]
+    """
+    try:
+        patterns = [
+            r"(\d{4})[/-](\d{1,2})[/-](\d{1,2})",  # YYYY/MM/DD or YYYY-MM-DD
+            r"(\d{1,2})[/-](\d{1,2})[/-](\d{4})",  # MM/DD/YYYY or MM-DD-YYYY
+        ]
+
+        for pattern in patterns:
+            if not (match := re.search(pattern, date_str)):
+                continue
+
+            year, month, day = _parse_date_components(match.groups())
+
+            if not (1 <= month <= 12):
+                continue
+
+            if result := _adjust_invalid_day(year, month, day):
+                return result
+
+        return None
+    except (ValueError, TypeError, AttributeError, IndexError) as e:
+        logger.debug(f"Could not fix invalid day of month for: {date_str} - {e}")
+        return None
+
+
 def time_str(time_obj: Union[str, datetime.datetime, datetime.time]) -> str:
     """
     Convert a datetime/time object to a string.

regscale/integrations/commercial/aws/scanner.py

@@ -706,16 +706,20 @@ Description: {description if isinstance(description, str) else ''}"""
 
         aws_secret_key_id = kwargs.get("aws_access_key_id") or os.getenv("AWS_ACCESS_KEY_ID")
         aws_secret_access_key = kwargs.get("aws_secret_access_key") or os.getenv("AWS_SECRET_ACCESS_KEY")
-        region = kwargs.get("region") or os.getenv("AWS_REGION", "us-east-1")
-        if not aws_secret_key_id or not aws_secret_access_key:
+        region = kwargs.get("region") or os.getenv("AWS_REGION")
+        profile = kwargs.get("profile")
+
+        # Profile or credentials required
+        if not profile and (not aws_secret_key_id or not aws_secret_access_key):
             raise ValueError(
                 "AWS Access Key ID and Secret Access Key are required.\nPlease update in environment "
                 "variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) or pass as arguments."
             )
         if not region:
             logger.warning("AWS region not provided. Defaulting to 'us-east-1'.")
+            region = "us-east-1"
         session = boto3.Session(
-            region_name=kwargs.get(region, "us-east-1"),
+            region_name=region,
             aws_access_key_id=aws_secret_key_id,
             aws_secret_access_key=aws_secret_access_key,
             aws_session_token=kwargs.get("aws_session_token"),

regscale/integrations/commercial/microsoft_defender/defender_api.py

@@ -353,7 +353,7 @@ class DefenderApi:
 
         data = self.get_items_from_azure(url=url, parse_value=kwargs.get("parse_value", True))
         save_path = Path(
-            os.path.join(ENTRA_SAVE_DIR, f"azure_entra_{endpoint_key}_{get_current_datetime('%Y%m%d')}.csv")
+            os.path.join(ENTRA_SAVE_DIR, f"azure_entra_{endpoint_key}_{get_current_datetime('%Y%m%d')}.xlsx")
         )
         save_data_to(file=save_path, data=data, transpose_data=False)
         return [save_path]

regscale/integrations/commercial/sicura/api.py

@@ -203,7 +203,6 @@ class SicuraAPI:
     FILTER_TYPE = "filter[type]"
     FILTER_REJECTED = "filter[rejected]"
     FILTER_TASK_ID = "filter[task_id]"
-    csrf_token: Optional[str] = None
 
     def __init__(self):
         """
@@ -246,12 +245,9 @@ class SicuraAPI:
 
         if data:
             self.session.headers["Content-Type"] = "application/json"
-        if not endpoint.endswith("/auth/token"):
-            if not self.csrf_token:
-                self.csrf_token = self.get_csrf_token()
-            if self.csrf_token:
-                self.session.headers["X-CSRF-TOKEN"] = str(self.csrf_token)
-            self.session.headers["auth-token-signature"] = SicuraVariables.sicuraToken
+
+        # Always set the auth token signature for API authentication
+        self.session.headers["auth-token-signature"] = SicuraVariables.sicuraToken
 
         try:
             # Use the session object to maintain cookies between requests
@@ -313,22 +309,6 @@ class SicuraAPI:
             logging.error(f"Error validating response: {e}", exc_info=True)
             return None
 
-    def get_csrf_token(self) -> Optional[AuthResponse]:
-        """
-        Get authentication token from Sicura API.
-
-        :return: Authentication response
-        :rtype: Optional[AuthResponse]
-        :raises requests.exceptions.RequestException: If the request fails
-        """
-        try:
-            response = self._make_request("GET", "/auth/token")
-            self.csrf_token = response
-            return response
-        except requests.exceptions.RequestException as e:
-            logger.error(f"Error getting authentication token: {e}", exc_info=True)
-            raise
-
     class Device(SicuraModel):
         """Model for Sicura device information."""
 
@@ -384,11 +364,56 @@ class SicuraAPI:
             logger.error(f"Failed to get devices: {e}", exc_info=True)
             return []
 
+    def create_or_update_control_profile(self, profile_name: str, controls: list[dict]) -> Optional[dict]:
+        """
+        Create or update a control profile.
+
+        :param str profile_name: Name of the control profile
+        :param list[dict] controls: List of controls to add to the profile
+        :return: The control profile if successfully created or updated, None otherwise
+        :rtype: Optional[dict]
+        """
+        profile_id = None
+        profile_data = None
+        params = {"verbose": "true"}
+        try:
+            # see if the profile already exists
+            response = self._make_request("GET", "/api/jaeger/v1/control_profiles", params=params)
+            for profile in response:
+                if profile["name"] == profile_name:
+                    profile_id = profile["id"]
+                    break
+            payload = {
+                "name": profile_name,
+                "description": f"Profile for {profile_name} with {len(controls)} controls.",
+                "controls": controls,
+            }
+            if not profile_id:
+                crud_operation = "Created"
+                response = self._make_request("POST", "/api/jaeger/v1/control_profiles", data=payload, params=params)
+                profile_id = response
+                profile_data = self._make_request("GET", f"/api/jaeger/v1/control_profiles/{profile_id}", params=params)
+            else:
+                crud_operation = "Updated"
+                response = self._make_request(
+                    "PUT", f"/api/jaeger/v1/control_profiles/{profile_id}", data=payload, params=params
+                )
+                profile_id = response["id"]
+                profile_data = response
+            logger.info(f"{crud_operation} control profile #{profile_id} in Sicura with {len(controls)} controls.")
+            return profile_data
+
+            return profile_id
+        except Exception as e:
+            logger.error(f"Failed to create or update control profile: {e}", exc_info=True)
+            return None
+
     def create_scan_task(
         self,
         device_id: int,
         platform: str,
-        profile: SicuraProfile,
+        profile: Union[SicuraProfile, str],
+        author: Optional[str] = None,
         task_name: Optional[str] = None,
         scheduled_time: Optional[datetime.datetime] = None,
     ) -> Optional[str]:
@@ -398,6 +423,7 @@ class SicuraAPI:
         :param int device_id: ID of the device to scan
         :param str platform: Platform name (e.g., 'Red Hat Enterprise Linux 9')
         :param SicuraProfile profile: Scan profile name (e.g., 'I - Mission Critical Classified')
+        :param Optional[str] author: Author of the scan task (default: None)
         :param Optional[str] task_name: Name for the scan task (default: auto-generated)
         :param Optional[datetime.datetime] scheduled_time: When to run the scan (default: now)
         :return: Task ID if successful, None otherwise
@@ -425,6 +451,9 @@ class SicuraAPI:
                 "scanAttributes": {"platform": platform, "profile": profile},
             }
 
+            if author:
+                payload["scanAttributes"]["author"] = author
+
             result = self._make_request("POST", "/api/jaeger/v1/tasks/", data=payload)
 
             if result:
@@ -483,14 +512,16 @@ class SicuraAPI:
         self,
         fqdn: str,
         platform: Optional[str] = None,
-        profile: SicuraProfile = SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED,
+        profile: Union[SicuraProfile, str] = SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED,
+        author: Optional[str] = None,
     ) -> Optional[ScanReport]:
         """
         Get scan results for a specific device.
 
         :param str fqdn: Fully qualified domain name of the device
         :param Optional[str] platform: Platform name to filter results (e.g., 'Red Hat Enterprise Linux 9')
-        :param SicuraProfile profile: Profile name to filter results (e.g., 'I - Mission Critical Classified')
+        :param Union[SicuraProfile, str] profile: Profile name to filter results, defaults to I - Mission Critical Classified
+        :param Optional[str] author: Author of the scan task (default: None)
         :return: Scan report containing device info and scan results, or None if not found
         :rtype: Optional[ScanReport]
         """
@@ -503,6 +534,9 @@ class SicuraAPI:
             if profile:
                 params["profile"] = profile
 
+            if author:
+                params["author"] = author
+
             response = self._make_request("GET", "/api/jaeger/v1/nodes", params=params)
 
             # Handle 404 or empty response
@@ -560,7 +594,8 @@ class SicuraAPI:
         task_id: Union[int, str],
         fqdn: str,
         platform: Optional[str] = None,
-        profile: SicuraProfile = SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED,
+        profile: Union[SicuraProfile, str] = SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED,
+        author: Optional[str] = None,
         max_wait_time: int = 600,
         poll_interval: int = 10,
     ) -> Optional[Union[ScanReport, Dict[str, Any]]]:
@@ -570,7 +605,8 @@ class SicuraAPI:
         :param Union[int, str] task_id: ID of the scan task to monitor
         :param str fqdn: Fully qualified domain name of the device
         :param Optional[str] platform: Platform name to filter results
-        :param SicuraProfile profile: Profile name to filter results
+        :param Union[SicuraProfile, str] profile: Profile name to filter results, defaults to I - Mission Critical Classified
+        :param Optional[str] author: Author of the scan task (default: None)
         :param int max_wait_time: Maximum time to wait in seconds (default: 10 minutes)
         :param int poll_interval: Time between status checks in seconds (default: 10 seconds)
         :return: Scan results once the task is complete, or None if timeout or error
@@ -602,7 +638,7 @@ class SicuraAPI:
                         logger.info(f"Scan task {task_id} completed successfully, fetching results...")
                         # Wait a moment for results to be processed
                         time.sleep(2)
-                        return self.get_scan_results(fqdn, platform, profile)
+                        return self.get_scan_results(fqdn=fqdn, platform=platform, profile=profile, author=author)
                     else:
                         logger.error(f"Scan task {task_id} ended with status {latest_status}")
                         return None

regscale/integrations/commercial/sicura/scanner.py

@@ -4,7 +4,7 @@
 RegScale Sicura Integration
 """
 import datetime
-from typing import Generator, Iterator, Any
+from typing import Any, Generator, Iterator, Union
 
 from regscale.core.utils.date import date_str
 from regscale.integrations.commercial.sicura.api import SicuraAPI, ScanReport, SicuraProfile, Device, ScanResult
@@ -55,6 +55,8 @@ class SicuraIntegration(ScannerIntegration):
         """
         super().__init__(*args, **kwargs)
         self.api = SicuraAPI()
+        self.control_scan = False
+        self.control_scan_profile = None
 
     def fetch_findings(self, **kwargs) -> Generator[IntegrationFinding, None, None]:
         """
@@ -103,23 +105,28 @@ class SicuraIntegration(ScannerIntegration):
             return
 
         # Profiles to scan
-        profiles = [SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED, SicuraProfile.LEVEL_1_SERVER]
+        profiles = [SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED]
+        if self.control_scan:
+            profiles = [self.control_scan_profile]
 
         for profile in profiles:
             yield from self._process_profile_findings(device, profile)
 
     def _process_profile_findings(
-        self, device: Device, profile: SicuraProfile
+        self, device: Device, profile: Union[SicuraProfile, str]
     ) -> Generator[IntegrationFinding, None, None]:
         """
         Process findings for a device with a specific profile
 
         :param Device device: The device to process
-        :param SicuraProfile profile: The profile to process
+        :param Union[SicuraProfile, str] profile: The profile to process
         :yield: IntegrationFinding objects
         :rtype: Generator[IntegrationFinding, None, None]
         """
-        scan_report = self.api.get_scan_results(fqdn=device.fqdn, profile=profile)
+        if self.control_scan and profile == self.control_scan_profile:
+            scan_report = self.api.get_scan_results(fqdn=device.fqdn, profile=profile, author="control")
+        else:
+            scan_report = self.api.get_scan_results(fqdn=device.fqdn, profile=profile)
 
         if not scan_report:
             logger.warning(f"No scan results found for device: {device.fqdn} with profile: {profile}")
@@ -458,17 +465,21 @@ class SicuraIntegration(ScannerIntegration):
         :param Device device: The device to trigger a scan for
         :return: None
         """
+        profile = self.control_scan_profile if self.control_scan else SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED
+        author = "control" if self.control_scan else None
         task_id = self.api.create_scan_task(
             device_id=device.id,
             platform=device.platforms,
-            profile=SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED,
+            profile=profile,
+            author=author,
         )
         if task_id:
             self.api.wait_for_scan_results(
                 task_id=task_id,
                 fqdn=device.fqdn,
                 platform=device.platforms,
-                profile=SicuraProfile.I_MISSION_CRITICAL_CLASSIFIED,
+                profile=profile,
+                author=author,
             )
         else:
             logger.warning(f"Failed to create scan task for device {device.fqdn}")
@@ -480,6 +491,24 @@ class SicuraIntegration(ScannerIntegration):
         :param list[Device] devices: The devices to trigger scans for
         :return: None
         """
+        # get the SSP's controlImplementations
+        if control_imps := regscale_models.ControlImplementation.get_list_by_parent(
+            regscale_id=self.plan_id, regscale_module=regscale_models.SecurityPlan.get_module_slug()
+        ):
+            if profile := self.api.create_or_update_control_profile(
+                profile_name=f"regscale_ssp_id_{self.plan_id}",
+                controls=control_imps,
+            ):
+                self.control_scan = True
+                self.control_scan_profile = profile["name"]
+            else:
+                logger.warning("Failed to create or update control profile")
+                self.control_scan = False
+                self.control_scan_profile = None
+        else:
+            self.control_scan = False
+            self.control_scan_profile = None
+
         if len(devices) > 1:
             from regscale.utils.threading import ThreadManager
 

regscale/integrations/commercial/synqly/query_builder.py

@@ -353,13 +353,16 @@ def _display_filter_result(provider: str, filters: List[str]):
     for i, filter_str in enumerate(filters, 1):
         click.echo(f"  {i}. {filter_str}")
 
+    connector = provider.split("_")[0]
+    filter_flag = "asset_filter" if connector == "vulnerabilities" else "filter"
+
     click.echo("\nComplete command:")
     provider_name = provider.replace(provider.split("_")[0] + "_", "")
 
     # Build command with semicolon-separated filters
     if filters:
         filter_string = ";".join(filters)
-        filter_option = f'--filter "{filter_string}"'
+        filter_option = f'--{filter_flag} "{filter_string}"'
     else:
         filter_option = ""
 

regscale/integrations/commercial/tenablev2/commands.py

@@ -154,8 +154,8 @@ def io_sync_assets(regscale_ssp_id: int, tags: List[Tuple[str, str]] = None):
     try:
         from regscale.integrations.commercial.tenablev2.scanner import TenableIntegration
 
-        integration = TenableIntegration(plan_id=regscale_ssp_id, tags=tags)
-        integration.sync_assets(plan_id=regscale_ssp_id)
+        integration = TenableIntegration(plan_id=regscale_ssp_id)
+        integration.sync_assets(plan_id=regscale_ssp_id, tags=tags)
 
         console.print("[bold green]Tenable.io asset synchronization complete.[/bold green]")
     except Exception as e:
@@ -193,8 +193,8 @@ def io_sync_findings(
     try:
         from regscale.integrations.commercial.tenablev2.scanner import TenableIntegration
 
-        integration = TenableIntegration(plan_id=regscale_ssp_id, tags=tags, scan_date=scan_date)
-        integration.sync_findings(plan_id=regscale_ssp_id, severity=severity)
+        integration = TenableIntegration(plan_id=regscale_ssp_id, scan_date=scan_date)
+        integration.sync_findings(plan_id=regscale_ssp_id, severity=severity, tags=tags)
 
         console.print("[bold green]Tenable.io finding synchronization complete.[/bold green]")
     except Exception as e:

regscale/integrations/commercial/tenablev2/scanner.py

@@ -44,7 +44,7 @@ class TenableIntegration(ScannerIntegration):
         "low": regscale_models.IssueSeverity.Low,
     }
 
-    def __init__(self, plan_id: int, tenant_id: int = 1, tags: Optional[List[str]] = None, **kwargs):
+    def __init__(self, plan_id: int, tenant_id: int = 1, **kwargs):
         """
         Initialize the TenableIntegration.
 
@@ -53,7 +53,6 @@ class TenableIntegration(ScannerIntegration):
         """
         super().__init__(plan_id, tenant_id, **kwargs)
         self.client = None
-        self.tags = tags or []
         self.scan_date = kwargs.get("scan_date", get_current_datetime())
 
     def authenticate(self) -> None: