Merge pull request #2376 from MaibornWolff/dev

chore: merge to main for release 1.24.0
MaibornWolff · Dec 24, 2024 · dfbecda · dfbecda
2 parents 2bcb821 + f192b7b
commit dfbecda
Show file tree

Hide file tree

Showing 121 changed files with 12,933 additions and 2,258 deletions.
diff --git a/.github/workflows/build_push_dev.yml b/.github/workflows/build_push_dev.yml
@@ -16,7 +16,7 @@ jobs:
         uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
       -
         name: Login to Docker Hub
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
@@ -52,7 +52,7 @@ jobs:
             VERSION=dev
       - 
         name: Run SCA vulnerability scanners
-        uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5476f0de11c46875081d9767ec166c1e030e9ef0 # main
+        uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@e2d75f05ddc5d2663573183bbdf5be78a498fe44 # main
         with:
           so_configuration: 'so_configuration_sca_dev.yml'
           SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }}
diff --git a/.github/workflows/build_push_release.yml b/.github/workflows/build_push_release.yml
@@ -24,7 +24,7 @@ jobs:
         uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
       -
         name: Login to Docker Hub
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
@@ -64,13 +64,13 @@ jobs:
             VERSION=${{ github.event.inputs.release }}
       - 
         name: Run vulnerability scanners for images
-        uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5476f0de11c46875081d9767ec166c1e030e9ef0 # main
+        uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@e2d75f05ddc5d2663573183bbdf5be78a498fe44 # main
         with:
           so_configuration: 'so_configuration_sca_current.yml'
           SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }}
       - 
         name: Run vulnerability scanners for endpoints
-        uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5476f0de11c46875081d9767ec166c1e030e9ef0 # main
+        uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@e2d75f05ddc5d2663573183bbdf5be78a498fe44 # main
         with:
           so_configuration: 'so_configuration_endpoints.yml'
           SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }}
diff --git a/.github/workflows/check_licenses_dev.yml b/.github/workflows/check_licenses_dev.yml
@@ -37,7 +37,7 @@ jobs:
           cdxgen ./frontend --type npm --no-babel --required-only --profile license-compliance --no-auto-compositions --project-name secobserve --output sbom_frontend_application.json
       -
         name: Import backend SBOM
-        uses: MaibornWolff/secobserve_actions_templates/actions/importer@5476f0de11c46875081d9767ec166c1e030e9ef0 # main
+        uses: MaibornWolff/secobserve_actions_templates/actions/importer@e2d75f05ddc5d2663573183bbdf5be78a498fe44 # main
         with:
           so_product_name: 'SecObserve'
           so_file_name: 'sbom_backend_application.json'
@@ -47,7 +47,7 @@ jobs:
           so_api_token: ${{ secrets.SO_API_TOKEN }}
       -
         name: Import frontend SBOM
-        uses: MaibornWolff/secobserve_actions_templates/actions/importer@5476f0de11c46875081d9767ec166c1e030e9ef0 # main
+        uses: MaibornWolff/secobserve_actions_templates/actions/importer@e2d75f05ddc5d2663573183bbdf5be78a498fe44 # main
         with:
           so_product_name: 'SecObserve'
           so_file_name: 'sbom_frontend_application.json'

diff --git a/.github/workflows/check_vulnerabilities.yml b/.github/workflows/check_vulnerabilities.yml
@@ -14,7 +14,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       -
         name: Run vulnerability scanners for code
-        uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5476f0de11c46875081d9767ec166c1e030e9ef0 # main
+        uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@e2d75f05ddc5d2663573183bbdf5be78a498fe44 # main
         with:
           so_configuration: 'so_configuration_code.yml'
           SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }}
diff --git a/.github/workflows/publish_docs.yml b/.github/workflows/publish_docs.yml
@@ -18,7 +18,7 @@ jobs:
       - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
         with:
           python-version: 3.x
-      - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+      - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           key: ${{ github.ref }}
           path: .cache

diff --git a/.github/workflows/scan_sca_current.yml b/.github/workflows/scan_sca_current.yml
@@ -15,16 +15,16 @@ jobs:
         name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          ref: 'v1.22.2'
+          ref: 'v1.24.0'
       -
         name: Run SCA vulnerability scanners
-        uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5476f0de11c46875081d9767ec166c1e030e9ef0 # main
+        uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@e2d75f05ddc5d2663573183bbdf5be78a498fe44 # main
         with:
           so_configuration: 'so_configuration_sca_current.yml'
           SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }}
       - 
         name: Run endpoint vulnerability scanners
-        uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5476f0de11c46875081d9767ec166c1e030e9ef0 # main
+        uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@e2d75f05ddc5d2663573183bbdf5be78a498fe44 # main
         with:
           so_configuration: 'so_configuration_endpoints.yml'
           SO_API_TOKEN: ${{ secrets.SO_API_TOKEN }}
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -59,14 +59,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
+        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           sarif_file: results.sarif
diff --git a/backend/application/__init__.py b/backend/application/__init__.py
@@ -1,4 +1,4 @@
-__version__ = "1.22.5"
+__version__ = "1.24.0"
 
 import pymysql
 

diff --git a/backend/application/access_control/api/serializers.py b/backend/application/access_control/api/serializers.py
@@ -1,9 +1,8 @@
 from typing import Optional
 
-from django.core.validators import MinValueValidator
+from django.core.validators import MaxValueValidator, MinValueValidator
 from rest_framework.serializers import (
     CharField,
-    ChoiceField,
     IntegerField,
     ModelSerializer,
     Serializer,
@@ -21,7 +20,7 @@
     get_authorization_group_member,
 )
 from application.access_control.services.authorization import get_user_permissions
-from application.access_control.services.roles_permissions import Permissions, Roles
+from application.access_control.services.roles_permissions import Permissions
 from application.commons.services.global_request import get_current_user
 from application.core.models import Product_Authorization_Group_Member, Product_Member
 
@@ -283,7 +282,7 @@ class AuthenticationResponseSerializer(Serializer):
 
 class ProductApiTokenSerializer(Serializer):
     id = IntegerField(validators=[MinValueValidator(0)])
-    role = ChoiceField(choices=Roles)
+    role = IntegerField(validators=[MinValueValidator(1), MaxValueValidator(5)])
 
 
 class ApiTokenSerializer(ModelSerializer):

diff --git a/backend/application/commons/services/export.py b/backend/application/commons/services/export.py
@@ -1,6 +1,8 @@
+import json
 from datetime import datetime
 from typing import Any
 
+import jsonpickle
 from defusedcsv import csv
 from django.db.models.query import QuerySet
 from django.http import HttpResponse
@@ -98,3 +100,31 @@ def export_csv(
                     fields.append(value)
 
             writer.writerow(fields)
+
+
+def object_to_json(object_to_encode: Any) -> str:
+    jsonpickle.set_encoder_options("json", ensure_ascii=False)
+    json_string = jsonpickle.encode(object_to_encode, unpicklable=False)
+
+    json_dict = json.loads(json_string)
+    json_dict = _remove_empty_elements(json_dict)
+
+    return json.dumps(json_dict, indent=4, sort_keys=True, ensure_ascii=False)
+
+
+def _remove_empty_elements(d: dict) -> dict:
+    """recursively remove empty lists, empty dicts, or None elements from a dictionary"""
+
+    def empty(x):
+        return x is None or x == {} or x == []
+
+    if not isinstance(d, (dict, list)):
+        return d
+    if isinstance(d, list):
+        return [v for v in (_remove_empty_elements(v) for v in d) if not empty(v)]
+
+    return {
+        k: v
+        for k, v in ((k, _remove_empty_elements(v)) for k, v in d.items())
+        if not empty(v)
+    }
diff --git a/backend/application/core/api/filters.py b/backend/application/core/api/filters.py
@@ -267,17 +267,75 @@ class ObservationLogFilter(FilterSet):
         field_name="observation__product",
         queryset=Product.objects.all(),
     )
+    product_group = ModelChoiceFilter(
+        field_name="observation__product__product_group",
+        queryset=Product.objects.filter(is_product_group=True),
+    )
     observation_title = CharFilter(
         field_name="observation__title",
         lookup_expr="icontains",
     )
+    branch_name = CharFilter(
+        field_name="observation__branch__name", lookup_expr="icontains"
+    )
+    branch = ModelChoiceFilter(
+        field_name="observation__branch", queryset=Branch.objects.all()
+    )
+    origin_component_name_version = CharFilter(
+        field_name="observation__origin_component_name_version", lookup_expr="icontains"
+    )
+    origin_docker_image_name_tag_short = CharFilter(
+        field_name="observation__origin_docker_image_name_tag_short",
+        lookup_expr="icontains",
+    )
+    origin_endpoint_hostname = CharFilter(
+        field_name="observation__origin_endpoint_hostname", lookup_expr="icontains"
+    )
+    origin_source_file = CharFilter(
+        field_name="observation__origin_source_file", lookup_expr="icontains"
+    )
+    origin_cloud_qualified_resource = CharFilter(
+        field_name="observation__origin_cloud_qualified_resource",
+        lookup_expr="icontains",
+    )
+    origin_kubernetes_qualified_resource = CharFilter(
+        field_name="observation__origin_kubernetes_qualified_resource",
+        lookup_expr="icontains",
+    )
 
     ordering = OrderingFilter(
         # tuple-mapping retains order
         fields=(
             ("id", "id"),
             ("user__full_name", "user_full_name"),
-            ("observation__title", "observation_title"),
+            ("observation__product__name", "observation_data.product_data.name"),
+            (
+                "observation__product__product_group__name",
+                "observation_data.product_data.product_group_name",
+            ),
+            ("observation__branch__name", "observation_data.branch_name"),
+            ("observation__title", "observation_data.title"),
+            (
+                "observation__origin_component_name_version",
+                "observation_data.origin_component_name_version",
+            ),
+            (
+                "observation__origin_docker_image_name_tag_short",
+                "observation_data.origin_docker_image_name_tag_short",
+            ),
+            (
+                "observation__origin_endpoint_hostname",
+                "observation_data.origin_endpoint_hostname",
+            ),
+            ("observation__origin_source_file", "observation_data.origin_source_file"),
+            (
+                "observation__origin_cloud_qualified_resource",
+                "observation_data.origin_cloud_qualified_resource",
+            ),
+            (
+                "observation__origin_kubernetes_qualified_resource",
+                "observation_data.origin_kubernetes_qualified_resource",
+            ),
             ("severity", "severity"),
             ("status", "status"),
             ("comment", "comment"),