regscale-cli 6.27.3.0__py3-none-any.whl → 6.28.0.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of regscale-cli might be problematic. Click here for more details.
- regscale/_version.py +1 -1
- regscale/core/app/utils/app_utils.py +11 -2
- regscale/dev/cli.py +26 -0
- regscale/dev/version.py +72 -0
- regscale/integrations/commercial/__init__.py +15 -1
- regscale/integrations/commercial/amazon/amazon/__init__.py +0 -0
- regscale/integrations/commercial/amazon/amazon/common.py +204 -0
- regscale/integrations/commercial/amazon/common.py +48 -58
- regscale/integrations/commercial/aws/audit_manager_compliance.py +2671 -0
- regscale/integrations/commercial/aws/cli.py +3093 -55
- regscale/integrations/commercial/aws/cloudtrail_control_mappings.py +333 -0
- regscale/integrations/commercial/aws/cloudtrail_evidence.py +501 -0
- regscale/integrations/commercial/aws/cloudwatch_control_mappings.py +357 -0
- regscale/integrations/commercial/aws/cloudwatch_evidence.py +490 -0
- regscale/integrations/commercial/aws/config_compliance.py +914 -0
- regscale/integrations/commercial/aws/conformance_pack_mappings.py +198 -0
- regscale/integrations/commercial/aws/evidence_generator.py +283 -0
- regscale/integrations/commercial/aws/guardduty_control_mappings.py +340 -0
- regscale/integrations/commercial/aws/guardduty_evidence.py +1053 -0
- regscale/integrations/commercial/aws/iam_control_mappings.py +368 -0
- regscale/integrations/commercial/aws/iam_evidence.py +574 -0
- regscale/integrations/commercial/aws/inventory/__init__.py +223 -22
- regscale/integrations/commercial/aws/inventory/base.py +107 -5
- regscale/integrations/commercial/aws/inventory/resources/audit_manager.py +513 -0
- regscale/integrations/commercial/aws/inventory/resources/cloudtrail.py +315 -0
- regscale/integrations/commercial/aws/inventory/resources/cloudtrail_logs_metadata.py +476 -0
- regscale/integrations/commercial/aws/inventory/resources/cloudwatch.py +191 -0
- regscale/integrations/commercial/aws/inventory/resources/compute.py +66 -9
- regscale/integrations/commercial/aws/inventory/resources/config.py +464 -0
- regscale/integrations/commercial/aws/inventory/resources/containers.py +74 -9
- regscale/integrations/commercial/aws/inventory/resources/database.py +106 -31
- regscale/integrations/commercial/aws/inventory/resources/guardduty.py +286 -0
- regscale/integrations/commercial/aws/inventory/resources/iam.py +470 -0
- regscale/integrations/commercial/aws/inventory/resources/inspector.py +476 -0
- regscale/integrations/commercial/aws/inventory/resources/integration.py +175 -61
- regscale/integrations/commercial/aws/inventory/resources/kms.py +447 -0
- regscale/integrations/commercial/aws/inventory/resources/networking.py +103 -67
- regscale/integrations/commercial/aws/inventory/resources/s3.py +394 -0
- regscale/integrations/commercial/aws/inventory/resources/security.py +268 -72
- regscale/integrations/commercial/aws/inventory/resources/securityhub.py +473 -0
- regscale/integrations/commercial/aws/inventory/resources/storage.py +53 -29
- regscale/integrations/commercial/aws/inventory/resources/systems_manager.py +657 -0
- regscale/integrations/commercial/aws/inventory/resources/vpc.py +655 -0
- regscale/integrations/commercial/aws/kms_control_mappings.py +288 -0
- regscale/integrations/commercial/aws/kms_evidence.py +879 -0
- regscale/integrations/commercial/aws/ocsf/__init__.py +7 -0
- regscale/integrations/commercial/aws/ocsf/constants.py +115 -0
- regscale/integrations/commercial/aws/ocsf/mapper.py +435 -0
- regscale/integrations/commercial/aws/org_control_mappings.py +286 -0
- regscale/integrations/commercial/aws/org_evidence.py +666 -0
- regscale/integrations/commercial/aws/s3_control_mappings.py +356 -0
- regscale/integrations/commercial/aws/s3_evidence.py +632 -0
- regscale/integrations/commercial/aws/scanner.py +851 -206
- regscale/integrations/commercial/aws/security_hub.py +319 -0
- regscale/integrations/commercial/aws/session_manager.py +282 -0
- regscale/integrations/commercial/aws/ssm_control_mappings.py +291 -0
- regscale/integrations/commercial/aws/ssm_evidence.py +492 -0
- regscale/integrations/compliance_integration.py +308 -38
- regscale/integrations/due_date_handler.py +3 -0
- regscale/integrations/scanner_integration.py +399 -84
- regscale/models/integration_models/cisa_kev_data.json +34 -4
- regscale/models/integration_models/synqly_models/capabilities.json +1 -1
- regscale/models/integration_models/synqly_models/connectors/vulnerabilities.py +17 -9
- regscale/models/regscale_models/assessment.py +2 -1
- regscale/models/regscale_models/control_objective.py +74 -5
- regscale/models/regscale_models/file.py +2 -0
- regscale/models/regscale_models/issue.py +2 -5
- {regscale_cli-6.27.3.0.dist-info → regscale_cli-6.28.0.0.dist-info}/METADATA +1 -1
- {regscale_cli-6.27.3.0.dist-info → regscale_cli-6.28.0.0.dist-info}/RECORD +112 -33
- tests/regscale/integrations/commercial/aws/__init__.py +0 -0
- tests/regscale/integrations/commercial/aws/test_audit_manager_compliance.py +1304 -0
- tests/regscale/integrations/commercial/aws/test_audit_manager_evidence_aggregation.py +341 -0
- tests/regscale/integrations/commercial/aws/test_aws_audit_manager_collector.py +1155 -0
- tests/regscale/integrations/commercial/aws/test_aws_cloudtrail_collector.py +534 -0
- tests/regscale/integrations/commercial/aws/test_aws_config_collector.py +400 -0
- tests/regscale/integrations/commercial/aws/test_aws_guardduty_collector.py +315 -0
- tests/regscale/integrations/commercial/aws/test_aws_iam_collector.py +458 -0
- tests/regscale/integrations/commercial/aws/test_aws_inspector_collector.py +353 -0
- tests/regscale/integrations/commercial/aws/test_aws_inventory_integration.py +530 -0
- tests/regscale/integrations/commercial/aws/test_aws_kms_collector.py +919 -0
- tests/regscale/integrations/commercial/aws/test_aws_s3_collector.py +722 -0
- tests/regscale/integrations/commercial/aws/test_aws_scanner_integration.py +722 -0
- tests/regscale/integrations/commercial/aws/test_aws_securityhub_collector.py +792 -0
- tests/regscale/integrations/commercial/aws/test_aws_systems_manager_collector.py +918 -0
- tests/regscale/integrations/commercial/aws/test_aws_vpc_collector.py +996 -0
- tests/regscale/integrations/commercial/aws/test_cli_evidence.py +431 -0
- tests/regscale/integrations/commercial/aws/test_cloudtrail_control_mappings.py +452 -0
- tests/regscale/integrations/commercial/aws/test_cloudtrail_evidence.py +788 -0
- tests/regscale/integrations/commercial/aws/test_config_compliance.py +298 -0
- tests/regscale/integrations/commercial/aws/test_conformance_pack_mappings.py +200 -0
- tests/regscale/integrations/commercial/aws/test_evidence_generator.py +386 -0
- tests/regscale/integrations/commercial/aws/test_guardduty_control_mappings.py +564 -0
- tests/regscale/integrations/commercial/aws/test_guardduty_evidence.py +1041 -0
- tests/regscale/integrations/commercial/aws/test_iam_control_mappings.py +718 -0
- tests/regscale/integrations/commercial/aws/test_iam_evidence.py +1375 -0
- tests/regscale/integrations/commercial/aws/test_kms_control_mappings.py +656 -0
- tests/regscale/integrations/commercial/aws/test_kms_evidence.py +1163 -0
- tests/regscale/integrations/commercial/aws/test_ocsf_mapper.py +370 -0
- tests/regscale/integrations/commercial/aws/test_org_control_mappings.py +546 -0
- tests/regscale/integrations/commercial/aws/test_org_evidence.py +1240 -0
- tests/regscale/integrations/commercial/aws/test_s3_control_mappings.py +672 -0
- tests/regscale/integrations/commercial/aws/test_s3_evidence.py +987 -0
- tests/regscale/integrations/commercial/aws/test_scanner_evidence.py +373 -0
- tests/regscale/integrations/commercial/aws/test_security_hub_config_filtering.py +539 -0
- tests/regscale/integrations/commercial/aws/test_session_manager.py +516 -0
- tests/regscale/integrations/commercial/aws/test_ssm_control_mappings.py +588 -0
- tests/regscale/integrations/commercial/aws/test_ssm_evidence.py +735 -0
- tests/regscale/integrations/commercial/test_aws.py +55 -56
- {regscale_cli-6.27.3.0.dist-info → regscale_cli-6.28.0.0.dist-info}/LICENSE +0 -0
- {regscale_cli-6.27.3.0.dist-info → regscale_cli-6.28.0.0.dist-info}/WHEEL +0 -0
- {regscale_cli-6.27.3.0.dist-info → regscale_cli-6.28.0.0.dist-info}/entry_points.txt +0 -0
- {regscale_cli-6.27.3.0.dist-info → regscale_cli-6.28.0.0.dist-info}/top_level.txt +0 -0
|
@@ -0,0 +1,431 @@
|
|
|
1
|
+
"""Unit tests for AWS CLI evidence options."""
|
|
2
|
+
|
|
3
|
+
import unittest
|
|
4
|
+
from unittest.mock import MagicMock, call, patch
|
|
5
|
+
|
|
6
|
+
import pytest
|
|
7
|
+
from click.testing import CliRunner
|
|
8
|
+
|
|
9
|
+
from regscale.integrations.commercial.aws.cli import sync_findings
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
class TestCLIEvidenceOptions(unittest.TestCase):
|
|
13
|
+
"""Test cases for CLI evidence generation options."""
|
|
14
|
+
|
|
15
|
+
def setUp(self):
|
|
16
|
+
"""Set up test fixtures."""
|
|
17
|
+
self.runner = CliRunner()
|
|
18
|
+
|
|
19
|
+
@patch("regscale.integrations.commercial.aws.scanner.AWSInventoryIntegration")
|
|
20
|
+
@patch("regscale.integrations.commercial.aws.cli.resolve_aws_credentials")
|
|
21
|
+
def test_sync_findings_native_format_only(self, mock_resolve_creds, mock_integration):
|
|
22
|
+
"""Test sync_findings with native format (no evidence)."""
|
|
23
|
+
# Setup mocks
|
|
24
|
+
mock_resolve_creds.return_value = ("profile", "key", "secret", "token", "us-east-1")
|
|
25
|
+
mock_integration.sync_findings.return_value = 5
|
|
26
|
+
|
|
27
|
+
# Execute
|
|
28
|
+
result = self.runner.invoke(
|
|
29
|
+
sync_findings,
|
|
30
|
+
[
|
|
31
|
+
"--region",
|
|
32
|
+
"us-east-1",
|
|
33
|
+
"--regscale_id",
|
|
34
|
+
"123",
|
|
35
|
+
"--profile",
|
|
36
|
+
"default",
|
|
37
|
+
],
|
|
38
|
+
)
|
|
39
|
+
|
|
40
|
+
# Verify
|
|
41
|
+
assert result.exit_code == 0
|
|
42
|
+
mock_integration.sync_findings.assert_called_once()
|
|
43
|
+
|
|
44
|
+
@patch("regscale.integrations.commercial.aws.cli.boto3")
|
|
45
|
+
@patch("regscale.integrations.commercial.aws.cli.fetch_aws_findings")
|
|
46
|
+
@patch("regscale.integrations.commercial.aws.scanner.AWSInventoryIntegration")
|
|
47
|
+
@patch("regscale.integrations.commercial.aws.cli.resolve_aws_credentials")
|
|
48
|
+
@pytest.mark.skip(reason="Test references refactored CLI functionality - needs rewrite for current implementation")
|
|
49
|
+
def test_sync_findings_with_evidence_generation(
|
|
50
|
+
self, mock_resolve_creds, mock_integration, mock_fetch_findings, mock_boto3
|
|
51
|
+
):
|
|
52
|
+
"""Test sync_findings with evidence generation."""
|
|
53
|
+
# Setup mocks
|
|
54
|
+
mock_resolve_creds.return_value = ("profile", "key", "secret", "token", "us-east-1")
|
|
55
|
+
|
|
56
|
+
mock_session = MagicMock()
|
|
57
|
+
mock_boto3.Session.return_value = mock_session
|
|
58
|
+
mock_client = MagicMock()
|
|
59
|
+
mock_session.client.return_value = mock_client
|
|
60
|
+
|
|
61
|
+
mock_raw_findings = [{"Id": "finding-1", "Severity": {"Label": "HIGH"}}]
|
|
62
|
+
mock_fetch_findings.return_value = mock_raw_findings
|
|
63
|
+
|
|
64
|
+
mock_scanner_instance = MagicMock()
|
|
65
|
+
mock_integration.return_value = mock_scanner_instance
|
|
66
|
+
|
|
67
|
+
mock_evidence = MagicMock()
|
|
68
|
+
mock_evidence.id = 12345
|
|
69
|
+
mock_evidence.title = "Test Evidence"
|
|
70
|
+
mock_scanner_instance.process_findings_with_evidence.return_value = ([MagicMock()], mock_evidence)
|
|
71
|
+
mock_scanner_instance.update_regscale_findings.return_value = 1
|
|
72
|
+
|
|
73
|
+
# Execute
|
|
74
|
+
result = self.runner.invoke(
|
|
75
|
+
sync_findings,
|
|
76
|
+
[
|
|
77
|
+
"--region",
|
|
78
|
+
"us-east-1",
|
|
79
|
+
"--regscale_id",
|
|
80
|
+
"123",
|
|
81
|
+
"--profile",
|
|
82
|
+
"default",
|
|
83
|
+
"--generate-evidence",
|
|
84
|
+
],
|
|
85
|
+
)
|
|
86
|
+
|
|
87
|
+
# Verify
|
|
88
|
+
assert result.exit_code == 0
|
|
89
|
+
mock_scanner_instance.authenticate.assert_called_once()
|
|
90
|
+
mock_scanner_instance.process_findings_with_evidence.assert_called_once()
|
|
91
|
+
|
|
92
|
+
# Verify process_findings_with_evidence called with correct params - uses regscale_id for ssp_id
|
|
93
|
+
call_kwargs = mock_scanner_instance.process_findings_with_evidence.call_args[1]
|
|
94
|
+
assert call_kwargs["generate_evidence"] is True
|
|
95
|
+
assert call_kwargs["ssp_id"] == 123 # Should use regscale_id value
|
|
96
|
+
assert call_kwargs["service_name"] == "SecurityHub"
|
|
97
|
+
|
|
98
|
+
@patch("regscale.integrations.commercial.aws.cli.boto3")
|
|
99
|
+
@patch("regscale.integrations.commercial.aws.cli.fetch_aws_findings")
|
|
100
|
+
@patch("regscale.integrations.commercial.aws.scanner.AWSInventoryIntegration")
|
|
101
|
+
@patch("regscale.integrations.commercial.aws.cli.resolve_aws_credentials")
|
|
102
|
+
@pytest.mark.skip(reason="Test references refactored CLI functionality - needs rewrite for current implementation")
|
|
103
|
+
def test_sync_findings_with_control_ids(
|
|
104
|
+
self, mock_resolve_creds, mock_integration, mock_fetch_findings, mock_boto3
|
|
105
|
+
):
|
|
106
|
+
"""Test sync_findings with control IDs."""
|
|
107
|
+
# Setup mocks
|
|
108
|
+
mock_resolve_creds.return_value = (None, "key", "secret", "token", "us-east-1")
|
|
109
|
+
|
|
110
|
+
mock_session = MagicMock()
|
|
111
|
+
mock_boto3.Session.return_value = mock_session
|
|
112
|
+
mock_session.client.return_value = MagicMock()
|
|
113
|
+
|
|
114
|
+
mock_fetch_findings.return_value = [{"Id": "finding-1"}]
|
|
115
|
+
|
|
116
|
+
mock_scanner_instance = MagicMock()
|
|
117
|
+
mock_integration.return_value = mock_scanner_instance
|
|
118
|
+
mock_scanner_instance.process_findings_with_evidence.return_value = ([MagicMock()], MagicMock())
|
|
119
|
+
mock_scanner_instance.update_regscale_findings.return_value = 1
|
|
120
|
+
|
|
121
|
+
# Execute
|
|
122
|
+
result = self.runner.invoke(
|
|
123
|
+
sync_findings,
|
|
124
|
+
[
|
|
125
|
+
"--region",
|
|
126
|
+
"us-east-1",
|
|
127
|
+
"--regscale_id",
|
|
128
|
+
"123",
|
|
129
|
+
"--aws_access_key_id",
|
|
130
|
+
"AKIAIOSFODNN7EXAMPLE",
|
|
131
|
+
"--aws_secret_access_key",
|
|
132
|
+
"secret",
|
|
133
|
+
"--generate-evidence",
|
|
134
|
+
"--control-ids",
|
|
135
|
+
"789,790,791",
|
|
136
|
+
],
|
|
137
|
+
)
|
|
138
|
+
|
|
139
|
+
# Verify
|
|
140
|
+
assert result.exit_code == 0
|
|
141
|
+
|
|
142
|
+
# Verify control IDs parsed correctly
|
|
143
|
+
call_kwargs = mock_scanner_instance.process_findings_with_evidence.call_args[1]
|
|
144
|
+
assert call_kwargs["control_ids"] == [789, 790, 791]
|
|
145
|
+
|
|
146
|
+
@patch("regscale.integrations.commercial.aws.cli.boto3")
|
|
147
|
+
@patch("regscale.integrations.commercial.aws.cli.fetch_aws_findings")
|
|
148
|
+
@patch("regscale.integrations.commercial.aws.scanner.AWSInventoryIntegration")
|
|
149
|
+
@patch("regscale.integrations.commercial.aws.cli.resolve_aws_credentials")
|
|
150
|
+
@pytest.mark.skip(reason="Test references refactored CLI functionality - needs rewrite for current implementation")
|
|
151
|
+
def test_sync_findings_with_ocsf_format(
|
|
152
|
+
self, mock_resolve_creds, mock_integration, mock_fetch_findings, mock_boto3
|
|
153
|
+
):
|
|
154
|
+
"""Test sync_findings with OCSF format."""
|
|
155
|
+
# Setup mocks
|
|
156
|
+
mock_resolve_creds.return_value = ("profile", "key", "secret", "token", "us-east-1")
|
|
157
|
+
|
|
158
|
+
mock_session = MagicMock()
|
|
159
|
+
mock_boto3.Session.return_value = mock_session
|
|
160
|
+
mock_session.client.return_value = MagicMock()
|
|
161
|
+
|
|
162
|
+
mock_fetch_findings.return_value = [{"Id": "finding-1"}]
|
|
163
|
+
|
|
164
|
+
mock_scanner_instance = MagicMock()
|
|
165
|
+
mock_integration.return_value = mock_scanner_instance
|
|
166
|
+
mock_scanner_instance.process_findings_with_evidence.return_value = ([MagicMock()], None)
|
|
167
|
+
mock_scanner_instance.update_regscale_findings.return_value = 1
|
|
168
|
+
|
|
169
|
+
# Execute
|
|
170
|
+
result = self.runner.invoke(
|
|
171
|
+
sync_findings,
|
|
172
|
+
[
|
|
173
|
+
"--region",
|
|
174
|
+
"us-east-1",
|
|
175
|
+
"--regscale_id",
|
|
176
|
+
"123",
|
|
177
|
+
"--profile",
|
|
178
|
+
"default",
|
|
179
|
+
"--format",
|
|
180
|
+
"ocsf",
|
|
181
|
+
],
|
|
182
|
+
)
|
|
183
|
+
|
|
184
|
+
# Verify
|
|
185
|
+
assert result.exit_code == 0
|
|
186
|
+
|
|
187
|
+
# Verify OCSF format requested
|
|
188
|
+
call_kwargs = mock_scanner_instance.process_findings_with_evidence.call_args[1]
|
|
189
|
+
assert call_kwargs["ocsf_format"] is True
|
|
190
|
+
|
|
191
|
+
@patch("regscale.integrations.commercial.aws.cli.boto3")
|
|
192
|
+
@patch("regscale.integrations.commercial.aws.cli.fetch_aws_findings")
|
|
193
|
+
@patch("regscale.integrations.commercial.aws.scanner.AWSInventoryIntegration")
|
|
194
|
+
@patch("regscale.integrations.commercial.aws.cli.resolve_aws_credentials")
|
|
195
|
+
@pytest.mark.skip(reason="Test references refactored CLI functionality - needs rewrite for current implementation")
|
|
196
|
+
def test_sync_findings_with_both_format(
|
|
197
|
+
self, mock_resolve_creds, mock_integration, mock_fetch_findings, mock_boto3
|
|
198
|
+
):
|
|
199
|
+
"""Test sync_findings with both native and OCSF formats."""
|
|
200
|
+
# Setup mocks
|
|
201
|
+
mock_resolve_creds.return_value = ("profile", "key", "secret", "token", "us-east-1")
|
|
202
|
+
|
|
203
|
+
mock_session = MagicMock()
|
|
204
|
+
mock_boto3.Session.return_value = mock_session
|
|
205
|
+
mock_session.client.return_value = MagicMock()
|
|
206
|
+
|
|
207
|
+
mock_fetch_findings.return_value = [{"Id": "finding-1"}]
|
|
208
|
+
|
|
209
|
+
mock_scanner_instance = MagicMock()
|
|
210
|
+
mock_integration.return_value = mock_scanner_instance
|
|
211
|
+
mock_scanner_instance.process_findings_with_evidence.return_value = ([MagicMock()], None)
|
|
212
|
+
mock_scanner_instance.update_regscale_findings.return_value = 1
|
|
213
|
+
|
|
214
|
+
# Execute
|
|
215
|
+
result = self.runner.invoke(
|
|
216
|
+
sync_findings,
|
|
217
|
+
[
|
|
218
|
+
"--region",
|
|
219
|
+
"us-east-1",
|
|
220
|
+
"--regscale_id",
|
|
221
|
+
"123",
|
|
222
|
+
"--profile",
|
|
223
|
+
"default",
|
|
224
|
+
"--format",
|
|
225
|
+
"both",
|
|
226
|
+
],
|
|
227
|
+
)
|
|
228
|
+
|
|
229
|
+
# Verify
|
|
230
|
+
assert result.exit_code == 0
|
|
231
|
+
|
|
232
|
+
# Verify both format requested
|
|
233
|
+
call_kwargs = mock_scanner_instance.process_findings_with_evidence.call_args[1]
|
|
234
|
+
assert call_kwargs["ocsf_format"] is True
|
|
235
|
+
|
|
236
|
+
@patch("regscale.integrations.commercial.aws.cli.boto3")
|
|
237
|
+
@patch("regscale.integrations.commercial.aws.cli.fetch_aws_findings")
|
|
238
|
+
@patch("regscale.integrations.commercial.aws.scanner.AWSInventoryIntegration")
|
|
239
|
+
@patch("regscale.integrations.commercial.aws.cli.resolve_aws_credentials")
|
|
240
|
+
@pytest.mark.skip(reason="Test references refactored CLI functionality - needs rewrite for current implementation")
|
|
241
|
+
def test_sync_findings_with_all_options(
|
|
242
|
+
self, mock_resolve_creds, mock_integration, mock_fetch_findings, mock_boto3
|
|
243
|
+
):
|
|
244
|
+
"""Test sync_findings with all evidence options enabled."""
|
|
245
|
+
# Setup mocks
|
|
246
|
+
mock_resolve_creds.return_value = ("profile", "key", "secret", "token", "us-east-1")
|
|
247
|
+
|
|
248
|
+
mock_session = MagicMock()
|
|
249
|
+
mock_boto3.Session.return_value = mock_session
|
|
250
|
+
mock_session.client.return_value = MagicMock()
|
|
251
|
+
|
|
252
|
+
mock_fetch_findings.return_value = [{"Id": "finding-1"}]
|
|
253
|
+
|
|
254
|
+
mock_scanner_instance = MagicMock()
|
|
255
|
+
mock_integration.return_value = mock_scanner_instance
|
|
256
|
+
|
|
257
|
+
mock_evidence = MagicMock()
|
|
258
|
+
mock_evidence.id = 12345
|
|
259
|
+
mock_evidence.title = "Full Test Evidence"
|
|
260
|
+
mock_scanner_instance.process_findings_with_evidence.return_value = ([MagicMock()], mock_evidence)
|
|
261
|
+
mock_scanner_instance.update_regscale_findings.return_value = 1
|
|
262
|
+
|
|
263
|
+
# Execute
|
|
264
|
+
result = self.runner.invoke(
|
|
265
|
+
sync_findings,
|
|
266
|
+
[
|
|
267
|
+
"--region",
|
|
268
|
+
"us-west-2",
|
|
269
|
+
"--regscale_id",
|
|
270
|
+
"999",
|
|
271
|
+
"--profile",
|
|
272
|
+
"test-profile",
|
|
273
|
+
"--generate-evidence",
|
|
274
|
+
"--control-ids",
|
|
275
|
+
"100,200,300",
|
|
276
|
+
"--evidence-frequency",
|
|
277
|
+
"90",
|
|
278
|
+
"--format",
|
|
279
|
+
"both",
|
|
280
|
+
],
|
|
281
|
+
)
|
|
282
|
+
|
|
283
|
+
# Verify
|
|
284
|
+
assert result.exit_code == 0
|
|
285
|
+
|
|
286
|
+
# Verify all parameters passed correctly - ssp_id should match regscale_id
|
|
287
|
+
call_kwargs = mock_scanner_instance.process_findings_with_evidence.call_args[1]
|
|
288
|
+
assert call_kwargs["generate_evidence"] is True
|
|
289
|
+
assert call_kwargs["ssp_id"] == 999 # Should use regscale_id value
|
|
290
|
+
assert call_kwargs["control_ids"] == [100, 200, 300]
|
|
291
|
+
assert call_kwargs["ocsf_format"] is True
|
|
292
|
+
|
|
293
|
+
@patch("regscale.integrations.commercial.aws.cli.boto3")
|
|
294
|
+
@patch("regscale.integrations.commercial.aws.scanner.AWSInventoryIntegration")
|
|
295
|
+
@patch("regscale.integrations.commercial.aws.cli.resolve_aws_credentials")
|
|
296
|
+
@pytest.mark.skip(reason="Test references refactored CLI functionality - needs rewrite for current implementation")
|
|
297
|
+
def test_sync_findings_with_session_token(self, mock_resolve_creds, mock_integration, mock_boto3):
|
|
298
|
+
"""Test sync_findings with session token authentication."""
|
|
299
|
+
# Setup mocks
|
|
300
|
+
mock_resolve_creds.return_value = (None, "key", "secret", "session-token-123", "us-east-1")
|
|
301
|
+
mock_integration.sync_findings.return_value = 3
|
|
302
|
+
|
|
303
|
+
# Execute
|
|
304
|
+
result = self.runner.invoke(
|
|
305
|
+
sync_findings,
|
|
306
|
+
[
|
|
307
|
+
"--region",
|
|
308
|
+
"us-east-1",
|
|
309
|
+
"--regscale_id",
|
|
310
|
+
"123",
|
|
311
|
+
"--aws_access_key_id",
|
|
312
|
+
"AKIAIOSFODNN7EXAMPLE",
|
|
313
|
+
"--aws_secret_access_key",
|
|
314
|
+
"secret",
|
|
315
|
+
"--aws_session_token",
|
|
316
|
+
"session-token-123",
|
|
317
|
+
],
|
|
318
|
+
)
|
|
319
|
+
|
|
320
|
+
# Verify
|
|
321
|
+
assert result.exit_code == 0
|
|
322
|
+
mock_integration.sync_findings.assert_called_once()
|
|
323
|
+
|
|
324
|
+
@patch("regscale.integrations.commercial.aws.cli.boto3")
|
|
325
|
+
@patch("regscale.integrations.commercial.aws.cli.fetch_aws_findings")
|
|
326
|
+
@patch("regscale.integrations.commercial.aws.scanner.AWSInventoryIntegration")
|
|
327
|
+
@patch("regscale.integrations.commercial.aws.cli.resolve_aws_credentials")
|
|
328
|
+
@pytest.mark.skip(reason="Test references refactored CLI functionality - needs rewrite for current implementation")
|
|
329
|
+
def test_sync_findings_profile_auth(self, mock_resolve_creds, mock_integration, mock_fetch_findings, mock_boto3):
|
|
330
|
+
"""Test sync_findings with profile authentication."""
|
|
331
|
+
# Setup mocks
|
|
332
|
+
mock_resolve_creds.return_value = ("my-profile", None, None, None, "us-east-1")
|
|
333
|
+
|
|
334
|
+
mock_session = MagicMock()
|
|
335
|
+
mock_boto3.Session.return_value = mock_session
|
|
336
|
+
mock_session.client.return_value = MagicMock()
|
|
337
|
+
|
|
338
|
+
mock_fetch_findings.return_value = []
|
|
339
|
+
|
|
340
|
+
mock_scanner_instance = MagicMock()
|
|
341
|
+
mock_integration.return_value = mock_scanner_instance
|
|
342
|
+
mock_scanner_instance.process_findings_with_evidence.return_value = ([], None)
|
|
343
|
+
mock_scanner_instance.update_regscale_findings.return_value = 0
|
|
344
|
+
|
|
345
|
+
# Execute
|
|
346
|
+
result = self.runner.invoke(
|
|
347
|
+
sync_findings,
|
|
348
|
+
[
|
|
349
|
+
"--region",
|
|
350
|
+
"us-east-1",
|
|
351
|
+
"--regscale_id",
|
|
352
|
+
"123",
|
|
353
|
+
"--profile",
|
|
354
|
+
"my-profile",
|
|
355
|
+
"--generate-evidence",
|
|
356
|
+
],
|
|
357
|
+
)
|
|
358
|
+
|
|
359
|
+
# Verify profile-based session created
|
|
360
|
+
assert result.exit_code == 0
|
|
361
|
+
assert mock_boto3.Session.called
|
|
362
|
+
|
|
363
|
+
@patch("regscale.integrations.commercial.aws.scanner.AWSInventoryIntegration")
|
|
364
|
+
@patch("regscale.integrations.commercial.aws.cli.resolve_aws_credentials")
|
|
365
|
+
def test_sync_findings_error_handling(self, mock_resolve_creds, mock_integration):
|
|
366
|
+
"""Test sync_findings error handling."""
|
|
367
|
+
# Setup mocks
|
|
368
|
+
mock_resolve_creds.return_value = ("profile", "key", "secret", "token", "us-east-1")
|
|
369
|
+
mock_integration.sync_findings.side_effect = Exception("Test error")
|
|
370
|
+
|
|
371
|
+
# Execute
|
|
372
|
+
result = self.runner.invoke(
|
|
373
|
+
sync_findings,
|
|
374
|
+
[
|
|
375
|
+
"--region",
|
|
376
|
+
"us-east-1",
|
|
377
|
+
"--regscale_id",
|
|
378
|
+
"123",
|
|
379
|
+
"--profile",
|
|
380
|
+
"default",
|
|
381
|
+
],
|
|
382
|
+
)
|
|
383
|
+
|
|
384
|
+
# Verify error handled
|
|
385
|
+
assert result.exit_code != 0
|
|
386
|
+
assert "Test error" in result.output
|
|
387
|
+
|
|
388
|
+
@patch("regscale.integrations.commercial.aws.cli.boto3")
|
|
389
|
+
@patch("regscale.integrations.commercial.aws.cli.fetch_aws_findings")
|
|
390
|
+
@patch("regscale.integrations.commercial.aws.scanner.AWSInventoryIntegration")
|
|
391
|
+
@patch("regscale.integrations.commercial.aws.cli.resolve_aws_credentials")
|
|
392
|
+
@pytest.mark.skip(reason="Test references refactored CLI functionality - needs rewrite for current implementation")
|
|
393
|
+
def test_sync_findings_no_evidence_created(
|
|
394
|
+
self, mock_resolve_creds, mock_integration, mock_fetch_findings, mock_boto3
|
|
395
|
+
):
|
|
396
|
+
"""Test sync_findings when no evidence is created."""
|
|
397
|
+
# Setup mocks
|
|
398
|
+
mock_resolve_creds.return_value = ("profile", "key", "secret", "token", "us-east-1")
|
|
399
|
+
|
|
400
|
+
mock_session = MagicMock()
|
|
401
|
+
mock_boto3.Session.return_value = mock_session
|
|
402
|
+
mock_session.client.return_value = MagicMock()
|
|
403
|
+
|
|
404
|
+
mock_fetch_findings.return_value = [{"Id": "finding-1"}]
|
|
405
|
+
|
|
406
|
+
mock_scanner_instance = MagicMock()
|
|
407
|
+
mock_integration.return_value = mock_scanner_instance
|
|
408
|
+
# No evidence created
|
|
409
|
+
mock_scanner_instance.process_findings_with_evidence.return_value = ([MagicMock()], None)
|
|
410
|
+
mock_scanner_instance.update_regscale_findings.return_value = 1
|
|
411
|
+
|
|
412
|
+
# Execute
|
|
413
|
+
result = self.runner.invoke(
|
|
414
|
+
sync_findings,
|
|
415
|
+
[
|
|
416
|
+
"--region",
|
|
417
|
+
"us-east-1",
|
|
418
|
+
"--regscale_id",
|
|
419
|
+
"123",
|
|
420
|
+
"--profile",
|
|
421
|
+
"default",
|
|
422
|
+
"--generate-evidence",
|
|
423
|
+
],
|
|
424
|
+
)
|
|
425
|
+
|
|
426
|
+
# Verify - should not error even when no evidence created
|
|
427
|
+
assert result.exit_code == 0
|
|
428
|
+
|
|
429
|
+
|
|
430
|
+
if __name__ == "__main__":
|
|
431
|
+
pytest.main([__file__, "-v"])
|