regscale-cli 6.27.1.0__py3-none-any.whl → 6.27.3.0__py3-none-any.whl

regscale/integrations/commercial/wizv2/scanner.py

@@ -70,6 +70,8 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         "Medium": regscale_models.IssueSeverity.Moderate,
         "Low": regscale_models.IssueSeverity.Low,
         "INFORMATIONAL": regscale_models.IssueSeverity.NotAssigned,
+        "INFO": regscale_models.IssueSeverity.NotAssigned,  # Wiz uses "INFO" for informational data findings
+        "None": regscale_models.IssueSeverity.NotAssigned,  # Wiz uses "NONE" for findings without severity
     }
     asset_lookup = "vulnerableAsset"
     wiz_token = None
@@ -706,13 +708,11 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         :yield: IntegrationFinding objects
         :rtype: Iterator[IntegrationFinding]
         """
-        logger.info(
-            f"🔍 VULNERABILITY PROCESSING ANALYSIS: Received {len(nodes)} raw Wiz vulnerabilities for processing"
-        )
+        logger.debug(f"VULNERABILITY PROCESSING ANALYSIS: Received {len(nodes)} raw Wiz vulnerabilities for processing")
 
         # Count issues by severity for analysis
-        severity_counts = {}
-        status_counts = {}
+        severity_counts: dict[str, int] = {}
+        status_counts: dict[str, int] = {}
         for node in nodes:
             severity = node.get("severity", "Low")
             status = node.get("status", "OPEN")
@@ -728,22 +728,35 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         for node in nodes:
             wiz_severity = node.get("severity", "Low")
             wiz_id = node.get("id", "unknown")
+
+            # Log sample record for NONE severity (only first occurrence per session)
+            if wiz_severity and wiz_severity.upper() == "NONE":
+                if not hasattr(self, "_none_severity_sample_logged"):
+                    logger.info(
+                        f"SAMPLE RECORD - Vulnerability with NONE severity (treating as informational): "
+                        f"ID={node.get('id', 'Unknown')}, "
+                        f"Name={node.get('name', 'Unknown')}, "
+                        f"Type={node.get('type', 'Unknown')}, "
+                        f"Severity={wiz_severity}"
+                    )
+                    self._none_severity_sample_logged = True
+
             if self.should_process_finding_by_severity(wiz_severity):
                 filtered_nodes.append(node)
             else:
                 filtered_out_count += 1
-                logger.info(
-                    f"🚫 FILTERED BY SEVERITY: Vulnerability {wiz_id} with severity '{wiz_severity}' "
+                logger.debug(
+                    f"FILTERED BY SEVERITY: Vulnerability {wiz_id} with severity '{wiz_severity}' "
                     f"filtered due to minimumSeverity configuration"
                 )
 
         logger.info(
-            f"✅ After severity filtering: {len(filtered_nodes)} vulnerabilities kept, {filtered_out_count} filtered out"
+            f"After severity filtering: {len(filtered_nodes)} vulnerabilities kept, {filtered_out_count} filtered out"
         )
 
         if not filtered_nodes:
             logger.warning(
-                "⚠️  All vulnerabilities filtered out by severity configuration - check your minimumSeverity setting"
+                "All vulnerabilities filtered out by severity configuration - check your minimumSeverity setting"
             )
             return
 
@@ -944,10 +957,17 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             self._severity_config_logged = True
 
         # Define severity hierarchy (lower index = higher severity)
-        severity_hierarchy = ["critical", "high", "medium", "low", "informational"]
+        # Note: "info", "informational", and "none" are all treated as informational
+        severity_hierarchy = ["critical", "high", "medium", "low", "informational", "info", "none"]
 
         try:
             wiz_severity_lower = wiz_severity.lower()
+
+            # Handle empty or None severity values - treat as informational
+            # Normalize "info" to "informational" for consistent processing
+            if not wiz_severity_lower or wiz_severity_lower == "none" or wiz_severity_lower == "info":
+                wiz_severity_lower = "informational"
+
             min_severity_index = severity_hierarchy.index(min_severity)
             finding_severity_index = severity_hierarchy.index(wiz_severity_lower)
 
@@ -1010,8 +1030,8 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             return graph_entity.get("id")
 
         # Standard case - direct id access
-        asset_container = node.get(asset_lookup_key, {})
-        asset_id = asset_container.get("id")
+        asset_container = node.get(asset_lookup_key) or {}
+        asset_id = asset_container.get("id") if isinstance(asset_container, dict) else None
 
         # Add debug logging to help diagnose missing assets
         if not asset_id:
@@ -1023,8 +1043,8 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             fallback_keys = ["vulnerableAsset", "resource", "exposedEntity", "entitySnapshot"]
             for fallback_key in fallback_keys:
                 if fallback_key != asset_lookup_key and fallback_key in node:
-                    fallback_asset = node.get(fallback_key, {})
-                    if fallback_id := fallback_asset.get("id"):
+                    fallback_asset = node.get(fallback_key) or {}
+                    if isinstance(fallback_asset, dict) and (fallback_id := fallback_asset.get("id")):
                         logger.debug(
                             f"Found asset ID using fallback key '{fallback_key}' for {vulnerability_type.value}"
                         )
@@ -1068,7 +1088,11 @@ class WizVulnerabilityIntegration(ScannerIntegration):
             return graph_entity.get("providerUniqueId") or graph_entity.get("name") or graph_entity.get("id")
 
         # Standard case - get asset container and extract provider identifier
-        asset_container = node.get(asset_lookup_key, {})
+        asset_container = node.get(asset_lookup_key) or {}
+
+        # Ensure asset_container is a dict before accessing
+        if not isinstance(asset_container, dict):
+            return None
 
         # For Issue queries, the field is called 'providerId' instead of 'providerUniqueId'
         if vulnerability_type == WizVulnerabilityType.ISSUE:
@@ -1167,7 +1191,7 @@ class WizVulnerabilityIntegration(ScannerIntegration):
         # Get asset identifier
         asset_id = self.get_asset_id_from_node(node, vulnerability_type)
         if not asset_id:
-            logger.warning(
+            logger.debug(
                 f"Skipping {vulnerability_type.value} finding '{node.get('name', 'Unknown')}' "
                 f"(ID: {node.get('id', 'Unknown')}) - no asset identifier found"
             )

regscale/integrations/control_matcher.py

@@ -7,7 +7,7 @@ across different RegScale entities based on control ID strings.
 
 import logging
 import re
-from typing import Dict, List, Optional, Tuple, Union
+from typing import Dict, List, Optional, Tuple
 
 from regscale.core.app.api import Api
 from regscale.core.app.application import Application
@@ -42,14 +42,15 @@ class ControlMatcher:
         self._catalog_cache: Dict[int, List[SecurityControl]] = {}
         self._control_impl_cache: Dict[Tuple[int, str], Dict[str, ControlImplementation]] = {}
 
-    def parse_control_id(self, control_string: str) -> Optional[str]:
+    @staticmethod
+    def parse_control_id(control_string: str) -> Optional[str]:
         """
         Parse a control ID string and extract the standardized control identifier.
 
         Handles various formats:
-        - NIST format: AC-1, AC-1(1), AC-1.1
+        - NIST format: AC-1, AC-1(1), AC-1.1, AC-1(a), AC-1.a
         - With leading zeros: AC-01, AC-17(02)
-        - With spaces: AC-1 (1), AC-02 (04)
+        - With spaces: AC-1 (1), AC-02 (04), AC-1 (a)
         - With text: "Access Control AC-1"
         - Multiple controls: "AC-1, AC-2"
 
@@ -64,12 +65,12 @@ class ControlMatcher:
         control_string = control_string.strip().upper()
 
         # Common NIST control ID pattern
-        # Matches: AC-1, AC-01, AC-1(1), AC-1(01), AC-1 (1), AC-1.1, AC-1.01, etc.
+        # Matches: AC-1, AC-01, AC-1(1), AC-1(01), AC-1 (1), AC-1.1, AC-1.01, AC-1(a), AC-1.a, etc.
         # Allows optional whitespace before and inside parentheses
-        pattern = r"([A-Z]{2,3}-\d+(?:\s*\(\s*\d+\s*\)|\.\d+)?)"
+        # Now includes letter parts (a, b, c) in addition to numeric parts
+        pattern = r"([A-Z]{2,3}-\d+(?:\s*\(\s*(?:\d+|[A-Z])\s*\)|\.(?:\d+|[A-Z]))?)"
 
-        matches = re.findall(pattern, control_string)
-        if matches:
+        if matches := re.findall(pattern, control_string):
             # Normalize parentheses to dots for consistency and remove spaces
             control_id = matches[0]
             control_id = control_id.replace(" ", "")  # Remove all spaces
@@ -84,7 +85,9 @@ class ControlMatcher:
                 if "." in number_part:
                     main_num, enhancement = number_part.split(".", 1)
                     main_num = str(int(main_num))
-                    enhancement = str(int(enhancement))
+                    # Only normalize if enhancement is numeric, preserve letters as-is
+                    if enhancement.isdigit():
+                        enhancement = str(int(enhancement))
                     control_id = f"{family}-{main_num}.{enhancement}"
                 else:
                     main_num = str(int(number_part))
@@ -295,6 +298,64 @@ class ControlMatcher:
             main_num = str(int(number_part))
             return f"{family}-{main_num}"
 
+    @staticmethod
+    def _generate_simple_variations(family: str, main_num: str) -> set:
+        """
+        Generate variations for simple control IDs without enhancements.
+
+        :param str family: Control family (e.g., AC, SI)
+        :param str main_num: Main control number
+        :return: Set of variations
+        :rtype: set
+        """
+        main_int = int(main_num)
+        return {
+            f"{family}-{main_int}",
+            f"{family}-{main_int:02d}",
+        }
+
+    @staticmethod
+    def _generate_letter_enhancement_variations(family: str, main_num: str, enhancement: str) -> set:
+        """
+        Generate variations for control IDs with letter-based enhancements.
+
+        :param str family: Control family (e.g., AC, SI)
+        :param str main_num: Main control number
+        :param str enhancement: Letter enhancement (e.g., a, b)
+        :return: Set of variations
+        :rtype: set
+        """
+        main_int = int(main_num)
+        variations = set()
+
+        for main_fmt in [str(main_int), f"{main_int:02d}"]:
+            variations.add(f"{family}-{main_fmt}.{enhancement}")
+            variations.add(f"{family}-{main_fmt}({enhancement})")
+
+        return variations
+
+    @staticmethod
+    def _generate_numeric_enhancement_variations(family: str, main_num: str, enhancement: str) -> set:
+        """
+        Generate variations for control IDs with numeric enhancements.
+
+        :param str family: Control family (e.g., AC, SI)
+        :param str main_num: Main control number
+        :param str enhancement: Numeric enhancement
+        :return: Set of variations
+        :rtype: set
+        """
+        main_int = int(main_num)
+        enh_int = int(enhancement)
+        variations = set()
+
+        for main_fmt in [str(main_int), f"{main_int:02d}"]:
+            for enh_fmt in [str(enh_int), f"{enh_int:02d}"]:
+                variations.add(f"{family}-{main_fmt}.{enh_fmt}")
+                variations.add(f"{family}-{main_fmt}({enh_fmt})")
+
+        return variations
+
     def _get_control_id_variations(self, control_id: str) -> set:
         """
         Generate all valid variations of a control ID (with and without leading zeros).
@@ -302,6 +363,7 @@ class ControlMatcher:
         Examples:
         - AC-1 -> {AC-1, AC-01}
         - AC-17.2 -> {AC-17.2, AC-17.02, AC-17(2), AC-17(02)}
+        - AC-1.a -> {AC-1.a, AC-01.a, AC-1(a), AC-01(a)}
 
         :param str control_id: The control ID to generate variations for
         :return: Set of all valid variations
@@ -311,8 +373,6 @@ class ControlMatcher:
         if not parsed:
             return set()
 
-        variations = set()
-
         # Split by '-' to get family and number parts
         parts = parsed.split("-")
         if len(parts) != 2:
@@ -324,19 +384,14 @@ class ControlMatcher:
         # Handle enhancement notation
         if "." in number_part:
             main_num, enhancement = number_part.split(".", 1)
-            main_int = int(main_num)
-            enh_int = int(enhancement)
-
-            # Generate all combinations: with/without leading zeros, dot/parenthesis notation
-            for main_fmt in [str(main_int), f"{main_int:02d}"]:
-                for enh_fmt in [str(enh_int), f"{enh_int:02d}"]:
-                    variations.add(f"{family}-{main_fmt}.{enh_fmt}")
-                    variations.add(f"{family}-{main_fmt}({enh_fmt})")
+
+            # Check if enhancement is a letter (a, b, c, etc.) or a number
+            if enhancement.isalpha():
+                variations = self._generate_letter_enhancement_variations(family, main_num, enhancement)
+            else:
+                variations = self._generate_numeric_enhancement_variations(family, main_num, enhancement)
         else:
-            # Just main control number
-            main_int = int(number_part)
-            variations.add(f"{family}-{main_int}")
-            variations.add(f"{family}-{main_int:02d}")
+            variations = self._generate_simple_variations(family, number_part)
 
         # Add uppercase versions to ensure consistency
         return {v.upper() for v in variations}