regscale-cli 6.27.3.0__py3-none-any.whl → 6.28.0.0__py3-none-any.whl

regscale/_version.py

@@ -33,7 +33,7 @@ def get_version_from_pyproject() -> str:
                     return match.group(1)
     except Exception:
         pass
-    return "6.27.3.0"  # fallback version
+    return "6.28.0.0"  # fallback version
 
 
 __version__ = get_version_from_pyproject()

regscale/core/app/utils/app_utils.py

@@ -347,13 +347,22 @@ def create_progress_object(indeterminate: bool = False) -> Progress:
     :return: Progress object for live progress in console
     :rtype: Progress
     """
+    task_description = "{task.description}"
+    # Disable Rich progress bar on Windows to avoid Unicode encoding errors
+    if platform.system() == "Windows":
+        # Return a minimal progress object without visual elements that cause encoding issues
+        return Progress(
+            TextColumn(task_description),
+            disable=True,  # Disable progress bar rendering on Windows
+        )
+
     if indeterminate:
         return Progress(
-            "{task.description}",
+            task_description,
             SpinnerColumn(),
         )
     return Progress(
-        "{task.description}",
+        task_description,
         SpinnerColumn(),
         BarColumn(),
         TextColumn("[progress.percentage]{task.percentage:>3.0f}%"),

regscale/dev/cli.py

@@ -2,8 +2,11 @@
 
 import contextlib
 import os
+import re
 import sys
 
+from pathlib import Path
+
 import click
 from rich.console import Console
 
@@ -231,5 +234,28 @@ def update_docs(readme_token: str, confluence_user: str, confluence_token: str,
                 update_confluence(api, confluence_url, root, file)
 
 
+@cli.command()
+@click.option("--version", "-v", type=click.STRING, help="The version to upgrade the CLI to use.")
+@click.option("--current", "-c", is_flag=True, help="Get the current version of the CLI.")
+def version(version: str, current: bool) -> None:
+    """Manage the version of the regscale-cli package."""
+    from regscale.dev.version import (
+        get_current_version,
+        update_fallback_version_in_version_py,
+        update_version_in_pyproject_toml,
+    )
+
+    if current:
+        print(get_current_version())
+        return
+
+    if not version:
+        print("❌ Please provide a version to upgrade to using the --version flag.")
+        return
+
+    update_version_in_pyproject_toml(version)
+    update_fallback_version_in_version_py(version)
+
+
 if __name__ == "__main__":
     cli()

regscale/dev/version.py

@@ -0,0 +1,72 @@
+#!/usr/bin/env python3
+"""Version management script for regscale-cli."""
+
+import re
+import sys
+from pathlib import Path
+from rich.console import Console
+
+console = Console()
+
+
+def update_version_in_pyproject_toml(version: str) -> None:
+    """
+    Update the version in pyproject.toml.
+
+    :param str version: The version to update to
+    """
+    pyproject_file = "pyproject.toml"
+
+    pyproject_path = Path(pyproject_file)
+    content = pyproject_path.read_text()
+
+    # Update the version
+    pattern = r'version\s*=\s*["\']([^"\']+)["\']'
+    replacement = f'version = "{version}"'
+
+    if re.search(pattern, content):
+        content = re.sub(pattern, replacement, content)
+        pyproject_path.write_text(content)
+        console.print(f"[green]Updated version to {version} in {pyproject_file}")
+    else:
+        console.print(f"[red]Could not find version in {pyproject_file}")
+
+
+def update_fallback_version_in_version_py(version: str) -> None:
+    """
+    Update the fallback version in regscale/_version.py.
+
+    :param str version: The version to update to
+    """
+    version_py_path = Path("regscale/_version.py")
+    content = version_py_path.read_text()
+    pattern = r'return\s*["\'](\d+\.\d+\.\d+\.\d+)["\']\s*# fallback version'
+    replacement = f'return "{version}"  # fallback version'
+    if re.search(pattern, content):
+        content = re.sub(pattern, replacement, content)
+        version_py_path.write_text(content)
+        console.print(f"[green]Updated fallback version to {version} in regscale/_version.py")
+    else:
+        console.print("[red]Could not find fallback version in regscale/_version.py")
+
+
+def get_current_version() -> str:
+    """
+    Get the current version from the package.
+
+    :return: The current version
+    :rtype: str
+    """
+    try:
+        # Add the project root to Python path to ensure we can import regscale
+        project_root = Path(__file__).parent.parent
+        if str(project_root) not in sys.path:
+            sys.path.insert(0, str(project_root))
+
+        from regscale import __version__
+
+        return __version__
+    except ImportError as e:
+        console.print(f"[red]Could not import version from regscale package: {e}")
+        console.print("[yellow]Make sure you're running this script from the project root directory")
+        sys.exit(1)

regscale/integrations/commercial/__init__.py

@@ -43,13 +43,27 @@ show_mapping(aqua, "aqua")
     cls=LazyGroup,
     lazy_subcommands={
         "sync_assets": "regscale.integrations.commercial.aws.cli.sync_assets",
+        "sync_findings": "regscale.integrations.commercial.aws.cli.sync_findings",
         "sync_findings_and_assets": "regscale.integrations.commercial.aws.cli.sync_findings_and_assets",
+        "sync_compliance": "regscale.integrations.commercial.aws.cli.sync_compliance",
+        "sync_config_compliance": "regscale.integrations.commercial.aws.cli.sync_config_compliance",
+        "sync_kms": "regscale.integrations.commercial.aws.cli.sync_kms",
+        "sync_org": "regscale.integrations.commercial.aws.cli.sync_org",
+        "sync_iam": "regscale.integrations.commercial.aws.cli.sync_iam",
+        "sync_guardduty": "regscale.integrations.commercial.aws.cli.sync_guardduty",
+        "sync_s3": "regscale.integrations.commercial.aws.cli.sync_s3",
+        "sync_cloudtrail": "regscale.integrations.commercial.aws.cli.sync_cloudtrail",
+        "sync_cloudwatch": "regscale.integrations.commercial.aws.cli.sync_cloudwatch",
+        "sync_ssm": "regscale.integrations.commercial.aws.cli.sync_ssm",
+        "inventory": "regscale.integrations.commercial.aws.cli.inventory",
+        "findings": "regscale.integrations.commercial.aws.cli.findings",
+        "auth": "regscale.integrations.commercial.aws.cli.auth",
         "inspector": "regscale.integrations.commercial.aws.cli.inspector",
     },
     name="aws",
 )
 def aws():
-    """AWS Integrations"""
+    """AWS Integrations - Asset sync, findings, compliance, and inventory collection"""
     pass
 
 

regscale/integrations/commercial/amazon/amazon/common.py

@@ -0,0 +1,204 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""RegScale AWS Integrations"""
+import re
+from datetime import datetime, timedelta
+from typing import Any, Optional, Tuple
+
+from botocore.client import BaseClient
+from botocore.exceptions import ClientError
+from dateutil import parser
+
+from regscale.core.app.utils.app_utils import create_logger
+
+logger = create_logger()
+
+# Error message constants
+ERROR_MSG_FETCHING_AWS_RESOURCES = "Unexpected error when fetching resources from AWS: %s"
+
+
+def check_finding_severity(comment: Optional[str]) -> str:
+    """Check the severity of the finding
+
+    :param Optional[str] comment: Comment from AWS Security Hub finding
+    :return: Severity of the finding
+    :rtype: str
+    """
+    result = ""
+    match = re.search(r"(?<=Finding Severity: ).*", comment)
+    if match:
+        severity = match.group()
+        result = severity  # Output: "High"
+    return result
+
+
+def get_due_date(earliest_date_performed: datetime, days: int) -> datetime:
+    """Returns the due date for an issue
+
+    :param datetime earliest_date_performed: Earliest date performed
+    :param int days: Days to add to the earliest date performed
+    :return: Due date
+    :rtype: datetime
+    """
+    fmt = "%Y-%m-%dT%H:%M:%S.%fZ"
+    try:
+        due_date = datetime.strptime(earliest_date_performed, fmt) + timedelta(days=days)
+    except ValueError:
+        # Try to determine the date format from a string
+        due_date = parser.parse(earliest_date_performed) + timedelta(days)
+    return due_date
+
+
+def determine_status_and_results(finding: Any) -> Tuple[str, Optional[str]]:
+    """
+    Determine Status and Results
+
+    :param Any finding: AWS Finding
+    :return: Status and Results
+    :rtype: Tuple[str, Optional[str]]
+    """
+    status = "Pass"
+    results = None
+    if "Compliance" in finding.keys():
+        status = "Fail" if finding["Compliance"]["Status"] == "FAILED" else "Pass"
+        results = ", ".join(finding.get("Compliance", {}).get("RelatedRequirements", [])) or "N/A"
+    if "FindingProviderFields" in finding.keys():
+        status = (
+            "Fail"
+            if finding.get("FindingProviderFields", {}).get("Severity", {}).get("Label", "")
+            in ["CRITICAL", "HIGH", "MEDIUM", "LOW"]
+            else "Pass"
+        )
+    if "PatchSummary" in finding.keys() and not results:
+        results = (
+            f"{finding.get('PatchSummary', {}).get('MissingCount', 0)} Missing Patch(s) of "
+            "{finding.get('PatchSummary', {}).get('InstalledCount', 0)}"
+        )
+    return status, results
+
+
+def get_comments(finding: dict) -> str:
+    """
+    Get Comments
+
+    :param dict finding: AWS Finding
+    :return: Comments
+    :rtype: str
+    """
+    try:
+        return (
+            finding["Remediation"]["Recommendation"]["Text"]
+            + "<br></br>"
+            + finding["Remediation"]["Recommendation"]["Url"]
+            + "<br></br>"
+            + f"""Finding Severity: {finding["FindingProviderFields"]["Severity"]["Label"]}"""
+        )
+    except KeyError:
+        return "No remediation recommendation available"
+
+
+def fetch_aws_findings(
+    aws_client: BaseClient, minimum_severity: Optional[str] = None, posture_management_only: bool = False
+) -> list:
+    """Fetch AWS Findings with optimized rate limiting and pagination
+
+    :param BaseClient aws_client: AWS Security Hub Client
+    :param Optional[str] minimum_severity: Minimum severity to filter (CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL)
+    :param bool posture_management_only: If True, only fetch posture management findings (compliance checks)
+    :return: AWS Findings
+    :rtype: list
+    """
+    findings = []
+    try:
+        # Use optimized SecurityHubPuller for better performance
+        from regscale.integrations.commercial.aws.security_hub import SecurityHubPuller
+
+        # Extract region from the client
+        region = aws_client.meta.region_name
+
+        # Create SecurityHubPuller with same region as the client
+        puller = SecurityHubPuller(region_name=region)
+
+        # Use existing client instead of creating new one to maintain credentials
+        puller.client = aws_client
+
+        # Fetch all findings with optimized pagination and rate limiting
+        logger.info("Using optimized SecurityHubPuller for findings retrieval...")
+
+        # Determine severity labels if minimum_severity is provided
+        severity_labels = None
+        if minimum_severity:
+            severity_labels = SecurityHubPuller.get_severity_filters_from_minimum(minimum_severity)
+            logger.info(f"Applying minimum severity filter '{minimum_severity}': {severity_labels}")
+
+        # Fetch findings based on type requested
+        if posture_management_only:
+            logger.info("Fetching posture management findings only (security standards compliance checks)")
+            findings = puller.get_posture_management_findings(severity_labels=severity_labels)
+        elif severity_labels:
+            findings = puller.get_findings_by_severity(severity_labels=severity_labels)
+        else:
+            findings = puller.get_all_findings_with_retries()
+
+        logger.info(f"Successfully fetched {len(findings)} findings with rate limiting")
+
+    except ImportError:
+        # Fallback to original method if SecurityHubPuller not available
+        logger.warning("SecurityHubPuller not available, falling back to basic client")
+        findings = fallback_fetch_aws_findings(aws_client)
+    except ClientError as cex:
+        logger.error("Unexpected error: %s", cex)
+    except Exception as e:
+        logger.error("Error using SecurityHubPuller, falling back to basic client: %s", e)
+        findings = fallback_fetch_aws_findings(aws_client)
+
+    return findings
+
+
+def fallback_fetch_aws_findings(aws_client: BaseClient) -> list:
+    """Fallback method to fetch AWS Findings without pagination
+
+    :param BaseClient aws_client: AWS Security Hub Client
+    :return: AWS Findings
+    :rtype: list
+    """
+    findings = []
+    try:
+        response = aws_client.get_findings()
+        findings = response.get("Findings", [])
+    except ClientError as cex:
+        create_logger().error(ERROR_MSG_FETCHING_AWS_RESOURCES, cex)
+    return findings
+
+
+def fetch_aws_findings_v2(aws_client: BaseClient) -> list:
+    """Fetch AWS Findings
+
+    :param BaseClient aws_client: AWS Security Hub Client
+    :return: AWS Findings
+    :rtype: list
+    """
+    findings = []
+    try:
+        response = aws_client.get_findings_v2()
+        findings = response.get("Findings", [])
+    except ClientError as cex:
+        create_logger().error(ERROR_MSG_FETCHING_AWS_RESOURCES, cex)
+    return findings
+
+
+def fetch_aws_resources(aws_client: BaseClient) -> list:
+    """Fetch AWS Resources
+
+    :param BaseClient aws_client: AWS Security Hub Client
+    :return: AWS Resources
+    :rtype: list
+    """
+    resources = []
+    try:
+        response = aws_client.get_resources_v2()
+        resources = response.get("Resources", [])
+        logger.info(f"Fetched {len(resources)} resources from Security Hub")
+    except ClientError as cex:
+        create_logger().error(ERROR_MSG_FETCHING_AWS_RESOURCES, cex)
+    return resources

regscale/integrations/commercial/amazon/common.py

@@ -2,6 +2,7 @@
 # -*- coding: utf-8 -*-
 """RegScale AWS Integrations"""
 import re
+import logging
 from datetime import datetime, timedelta
 from typing import Any, Optional, Tuple
 
@@ -11,7 +12,7 @@ from dateutil import parser
 
 from regscale.core.app.utils.app_utils import create_logger
 
-logger = create_logger()
+logger = logging.getLogger("regscale")
 
 
 def check_finding_severity(comment: Optional[str]) -> str:
@@ -22,17 +23,17 @@ def check_finding_severity(comment: Optional[str]) -> str:
     :rtype: str
     """
     result = ""
-    match = re.search(r"(?<=Finding Severity: ).*", comment)
-    if match:
-        severity = match.group()
-        result = severity  # Output: "High"
+    if comment:
+        match = re.search(r"(?<=Finding Severity: ).*", comment)
+        if match:
+            result = match.group()
     return result
 
 
-def get_due_date(earliest_date_performed: datetime, days: int) -> datetime:
+def get_due_date(earliest_date_performed: str, days: int) -> datetime:
     """Returns the due date for an issue
 
-    :param datetime earliest_date_performed: Earliest date performed
+    :param str earliest_date_performed: Earliest date performed (string format)
     :param int days: Days to add to the earliest date performed
     :return: Due date
     :rtype: datetime
@@ -42,7 +43,7 @@ def get_due_date(earliest_date_performed: datetime, days: int) -> datetime:
         due_date = datetime.strptime(earliest_date_performed, fmt) + timedelta(days=days)
     except ValueError:
         # Try to determine the date format from a string
-        due_date = parser.parse(earliest_date_performed) + timedelta(days)
+        due_date = parser.parse(earliest_date_performed) + timedelta(days=days)
     return due_date
 
 
@@ -94,6 +95,31 @@ def get_comments(finding: dict) -> str:
         return "No remediation recommendation available"
 
 
+def _fetch_with_error_handling(
+    aws_client: BaseClient, method_name: str, result_key: str, resource_type: str = "items"
+) -> list:
+    """Generic fetch method with error handling for AWS Security Hub
+
+    :param BaseClient aws_client: AWS Security Hub Client
+    :param str method_name: Name of the method to call on the client
+    :param str result_key: Key to extract from the response
+    :param str resource_type: Type of resource being fetched (for logging)
+    :return: List of items from AWS
+    :rtype: list
+    """
+    items = []
+    try:
+        method = getattr(aws_client, method_name)
+        response = method()
+        items = response.get(result_key, [])
+        logger.info("Fetched %d %s from Security Hub", len(items), resource_type)
+    except ClientError as cex:
+        logger.error("Unexpected error when fetching %s from AWS: %s", resource_type, cex)
+    except AttributeError as aex:
+        logger.error("Method %s not found on client: %s", method_name, aex)
+    return items
+
+
 def fetch_aws_findings(aws_client: BaseClient) -> list:
     """Fetch AWS Findings with optimized rate limiting and pagination
 
@@ -101,70 +127,41 @@ def fetch_aws_findings(aws_client: BaseClient) -> list:
     :return: AWS Findings
     :rtype: list
     """
-    findings = []
     try:
         # Use optimized SecurityHubPuller for better performance
         from regscale.integrations.commercial.aws.security_hub import SecurityHubPuller
 
-        # Extract credentials from the client to create SecurityHubPuller
-        session = aws_client._client_config.__dict__.get("_user_provided_options", {})
-        region = session.meta.region_name
+        # Extract region from the client's meta information
+        region = aws_client.meta.region_name
 
-        # Create SecurityHubPuller with same credentials as the client
+        # Create SecurityHubPuller with same region and credentials
         puller = SecurityHubPuller(region_name=region)
-
-        # Use existing client instead of creating new one to maintain credentials
         puller.client = aws_client
 
         # Fetch all findings with optimized pagination and rate limiting
         logger.info("Using optimized SecurityHubPuller for findings retrieval...")
         findings = puller.get_all_findings_with_retries()
 
-        logger.info(f"Successfully fetched {len(findings)} findings with rate limiting")
+        logger.info("Successfully fetched %d findings with rate limiting", len(findings))
+        return findings
 
-    except ImportError:
-        # Fallback to original method if SecurityHubPuller not available
-        logger.warning("SecurityHubPuller not available, falling back to basic client")
-        findings = fallback_fetch_aws_findings(aws_client)
-    except ClientError as cex:
-        logger.error("Unexpected error: %s", cex)
+    except (ImportError, AttributeError) as e:
+        # Fallback to original method if SecurityHubPuller not available or region not accessible
+        logger.warning("SecurityHubPuller not available (%s), falling back to basic client", type(e).__name__)
+        return _fetch_with_error_handling(aws_client, "get_findings", "Findings", "findings")
     except Exception as e:
-        logger.error("Error using SecurityHubPuller, falling back to basic client: %s", e)
-        findings = fallback_fetch_aws_findings(aws_client)
-
-    return findings
-
-
-def fallback_fetch_aws_findings(aws_client: BaseClient) -> list:
-    """Fallback method to fetch AWS Findings without pagination
-
-    :param BaseClient aws_client: AWS Security Hub Client
-    :return: AWS Findings
-    :rtype: list
-    """
-    findings = []
-    try:
-        response = aws_client.get_findings()
-        findings = response.get("Findings", [])
-    except ClientError as cex:
-        create_logger().error("Unexpected error when fetching resources from AWS: %s", cex)
-    return findings
+        logger.error("Error using SecurityHubPuller (%s), falling back to basic client", e)
+        return _fetch_with_error_handling(aws_client, "get_findings", "Findings", "findings")
 
 
 def fetch_aws_findings_v2(aws_client: BaseClient) -> list:
-    """Fetch AWS Findings
+    """Fetch AWS Findings using v2 API
 
     :param BaseClient aws_client: AWS Security Hub Client
     :return: AWS Findings
     :rtype: list
     """
-    findings = []
-    try:
-        response = aws_client.get_findings_v2()
-        findings = response.get("Findings", [])
-    except ClientError as cex:
-        create_logger().error("Unexpected error when fetching resources from AWS: %s", cex)
-    return findings
+    return _fetch_with_error_handling(aws_client, "get_findings_v2", "Findings", "findings")
 
 
 def fetch_aws_resources(aws_client: BaseClient) -> list:
@@ -174,11 +171,4 @@ def fetch_aws_resources(aws_client: BaseClient) -> list:
     :return: AWS Resources
     :rtype: list
     """
-    resources = []
-    try:
-        response = aws_client.get_resources_v2()
-        resources = response.get("Resources", [])
-        logger.info(f"Fetched {len(resources)} resources from Security Hub")
-    except ClientError as cex:
-        create_logger().error("Unexpected error when fetching resources from AWS: %s", cex)
-    return resources
+    return _fetch_with_error_handling(aws_client, "get_resources_v2", "Resources", "resources")