Skip to content

Commit

Permalink
Merge pull request #2284 from MaibornWolff/dev
Browse files Browse the repository at this point in the history 
chore: merge to main for release 1.22.5
  • Loading branch information
@StefanFl
StefanFl authored Nov 28, 2024
2 parents 72bea33 + 351663f commit 2bcb821
Show file tree
Hide file tree
Showing 86 changed files with 5,217 additions and 729 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/build_push_dev.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ jobs:
run: echo "CREATED=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV
-
name: Build and push backend
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with:
context: .
file: ./docker/backend/prod/django/Dockerfile
Expand All @@ -40,7 +40,7 @@ jobs:
VERSION=dev
-
name: Build and push frontend
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with:
context: .
file: ./docker/frontend/prod/Dockerfile
Expand All @@ -52,7 +52,7 @@ jobs:
VERSION=dev
-
name: Run SCA vulnerability scanners
uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@d15c2401857055841b487d2f25d4a9eb6c4f4ef2 # main
uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5476f0de11c46875081d9767ec166c1e030e9ef0 # main
with:
so_configuration: 'so_configuration_sca_dev.yml'
SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }}
8 changes: 4 additions & 4 deletions .github/workflows/build_push_release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jobs:
run: echo "CREATED=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV
-
name: Build and push backend
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with:
context: .
file: ./docker/backend/prod/django/Dockerfile
Expand All @@ -50,7 +50,7 @@ jobs:
VERSION=${{ github.event.inputs.release }}
-
name: Build and push frontend
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with:
context: .
file: ./docker/frontend/prod/Dockerfile
Expand All @@ -64,13 +64,13 @@ jobs:
VERSION=${{ github.event.inputs.release }}
-
name: Run vulnerability scanners for images
uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@d15c2401857055841b487d2f25d4a9eb6c4f4ef2 # main
uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5476f0de11c46875081d9767ec166c1e030e9ef0 # main
with:
so_configuration: 'so_configuration_sca_current.yml'
SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }}
-
name: Run vulnerability scanners for endpoints
uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@d15c2401857055841b487d2f25d4a9eb6c4f4ef2 # main
uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5476f0de11c46875081d9767ec166c1e030e9ef0 # main
with:
so_configuration: 'so_configuration_endpoints.yml'
SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }}
4 changes: 2 additions & 2 deletions .github/workflows/check_licenses_dev.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
cdxgen ./frontend --type npm --no-babel --required-only --profile license-compliance --no-auto-compositions --project-name secobserve --output sbom_frontend_application.json
-
name: Import backend SBOM
uses: MaibornWolff/secobserve_actions_templates/actions/importer@d15c2401857055841b487d2f25d4a9eb6c4f4ef2 # main
uses: MaibornWolff/secobserve_actions_templates/actions/importer@5476f0de11c46875081d9767ec166c1e030e9ef0 # main
with:
so_product_name: 'SecObserve'
so_file_name: 'sbom_backend_application.json'
Expand All @@ -47,7 +47,7 @@ jobs:
so_api_token: ${{ secrets.SO_API_TOKEN }}
-
name: Import frontend SBOM
uses: MaibornWolff/secobserve_actions_templates/actions/importer@d15c2401857055841b487d2f25d4a9eb6c4f4ef2 # main
uses: MaibornWolff/secobserve_actions_templates/actions/importer@5476f0de11c46875081d9767ec166c1e030e9ef0 # main
with:
so_product_name: 'SecObserve'
so_file_name: 'sbom_frontend_application.json'
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/check_vulnerabilities.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
name: Run vulnerability scanners for code
uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@d15c2401857055841b487d2f25d4a9eb6c4f4ef2 # main
uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5476f0de11c46875081d9767ec166c1e030e9ef0 # main
with:
so_configuration: 'so_configuration_code.yml'
SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }}
4 changes: 2 additions & 2 deletions .github/workflows/scan_sca_current.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,13 @@ jobs:
ref: 'v1.22.2'
-
name: Run SCA vulnerability scanners
uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@d15c2401857055841b487d2f25d4a9eb6c4f4ef2 # main
uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5476f0de11c46875081d9767ec166c1e030e9ef0 # main
with:
so_configuration: 'so_configuration_sca_current.yml'
SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }}
-
name: Run endpoint vulnerability scanners
uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@d15c2401857055841b487d2f25d4a9eb6c4f4ef2 # main
uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5476f0de11c46875081d9767ec166c1e030e9ef0 # main
with:
so_configuration: 'so_configuration_endpoints.yml'
SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }}
2 changes: 1 addition & 1 deletion backend/application/__init__.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
__version__ = "1.22.4"
__version__ = "1.22.5"

import pymysql

Expand Down
9 changes: 8 additions & 1 deletion backend/application/commons/api/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,10 @@ def get(self, request):
features = []

settings = Settings.load()

if settings.feature_disable_user_login:
features.append("feature_disable_user_login")

if request.user.is_authenticated:
if settings.feature_vex:
features.append("feature_vex")
Expand All @@ -72,8 +74,13 @@ def get(self, request):

content = {
"features": features,
"risk_acceptance_expiry_days": settings.risk_acceptance_expiry_days,
}

if request.user.is_authenticated:
content["risk_acceptance_expiry_days"] = (
settings.risk_acceptance_expiry_days
)

return Response(content)


Expand Down
2 changes: 1 addition & 1 deletion backend/application/core/api/filters.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ class ProductGroupFilter(FilterSet):

class Meta:
model = Product
fields = ["name"]
fields = ["name", "license_policy"]


class ProductFilter(FilterSet):
Expand Down
6 changes: 6 additions & 0 deletions backend/application/core/api/serializers_product.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,7 @@ class ProductSerializer(
product_group_new_observations_in_review = SerializerMethodField()
has_branches = SerializerMethodField()
has_licenses = SerializerMethodField()
product_group_license_policy = SerializerMethodField()

class Meta:
model = Product
Expand Down Expand Up @@ -318,6 +319,11 @@ def get_has_branches(self, obj: Product) -> bool:
def get_has_licenses(self, obj: Product) -> bool:
return License_Component.objects.filter(product=obj).exists()

def get_product_group_license_policy(self, obj: Product) -> Optional[int]:
if not obj.product_group or not obj.product_group.license_policy:
return None
return obj.product_group.license_policy.id

def validate(self, attrs: dict): # pylint: disable=too-many-branches
# There are quite a lot of branches, but at least they are not nested too much
if attrs.get("issue_tracker_type") == Issue_Tracker.ISSUE_TRACKER_GITHUB:
Expand Down
99 changes: 80 additions & 19 deletions backend/application/licenses/api/filters.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,29 +27,71 @@

class LicenseComponentFilter(FilterSet):
name_version = CharFilter(field_name="name_version", lookup_expr="icontains")
license_name = CharFilter(field_name="license_name", lookup_expr="icontains")
license_name_exact = CharFilter(field_name="license_name")
license_spdx_id = CharFilter(field_name="license__spdx_id", lookup_expr="icontains")
license_expression = CharFilter(
field_name="license_expression", lookup_expr="icontains"
)
unknown_license = CharFilter(field_name="unknown_license", lookup_expr="icontains")
age = ChoiceFilter(
field_name="age", method="get_age", choices=Age_Choices.AGE_CHOICES
)
branch_name = CharFilter(field_name="branch__name")

def get_age(self, queryset, field_name, value): # pylint: disable=unused-argument
# field_name is used as a positional argument

days = Age_Choices.get_days_from_age(value)

if days is None:
return queryset

today = timezone.now().replace(hour=0, minute=0, second=0, microsecond=0)
time_threshold = today - timedelta(days=int(days))
return queryset.filter(last_change__gte=time_threshold)

ordering = ExtendedOrderingFilter(
# tuple-mapping retains order
fields=(
("license__spdx_id", "license_data.spdx_id"),
("license_expression", "license_expression"),
("unknown_license", "unknown_license"),
(
(
"license_name",
"numerical_evaluation_result",
"license__spdx_id",
"unknown_license",
"name_version",
),
"license_name",
),
(
(
"numerical_evaluation_result",
"license_name",
"name_version",
),
"evaluation_result",
),
("branch__name", "branch_name"),
(
(
"branch__name",
"license_name",
"numerical_evaluation_result",
"name_version",
),
"branch_name",
),
("name_version", "name_version"),
("purl_type", "purl_type"),
(
(
"purl_type",
"numerical_evaluation_result",
"license_name",
"name_version",
),
"purl_type",
),
("last_change", "last_change"),
),
)
Expand All @@ -59,25 +101,15 @@ class Meta:
fields = [
"product",
"branch",
"license_name",
"license_spdx_id",
"license_expression",
"unknown_license",
"evaluation_result",
"name_version",
"purl_type",
]

def get_age(self, queryset, field_name, value): # pylint: disable=unused-argument
# field_name is used as a positional argument

days = Age_Choices.get_days_from_age(value)

if days is None:
return queryset

today = timezone.now().replace(hour=0, minute=0, second=0, microsecond=0)
time_threshold = today - timedelta(days=int(days))
return queryset.filter(last_change__gte=time_threshold)


class LicenseComponentEvidenceFilter(FilterSet):
name = CharFilter(field_name="name", lookup_expr="icontains")
Expand Down Expand Up @@ -237,29 +269,57 @@ class LicensePolicyItemFilter(FilterSet):
field_name="license_group__name", lookup_expr="icontains"
)
license_spdx_id = CharFilter(field_name="license__spdx_id", lookup_expr="icontains")
license_expression = CharFilter(
field_name="license_expression", lookup_expr="icontains"
)
unknown_license = CharFilter(field_name="unknown_license", lookup_expr="icontains")

ordering = ExtendedOrderingFilter(
# tuple-mapping retains order
fields=(
("license_policy__name", "license_policy_data.name"),
(
("license_group__name", "license__spdx_id", "unknown_license"),
(
"license_group__name",
"license__spdx_id",
"license_expression",
"unknown_license",
),
"license_group_name",
),
(
("license__spdx_id", "license_group__name", "unknown_license"),
(
"license__spdx_id",
"license_group__name",
"license_expression",
"unknown_license",
),
"license_spdx_id",
),
(
("unknown_license", "license_group__name", "license__spdx_id"),
(
"license_expression",
"license_group__name",
"license__spdx_id",
"unknown_license",
),
"license_expression",
),
(
(
"unknown_license",
"license_group__name",
"license__spdx_id",
"license_expression",
),
"unknown_license",
),
(
(
"numerical_evaluation_result",
"license_group__name",
"license__spdx_id",
"license_expression",
"unknown_license",
),
"evaluation_result",
Expand All @@ -273,6 +333,7 @@ class Meta:
"license_policy",
"license_group_name",
"license_spdx_id",
"license_expression",
"unknown_license",
"evaluation_result",
"license_group_name",
Expand Down
Loading

0 comments on commit 2bcb821

Please sign in to comment.