Merge branch 'dev' into master-into-dev/2.31.5-2.32.0-dev

netceteragroup · Mar 1, 2024 · ac9db13 · ac9db13
2 parents 0ff0bb2 + 01a4fcf
commit ac9db13
Show file tree

Hide file tree

Showing 237 changed files with 36,526 additions and 2,777 deletions.
diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
@@ -42,16 +42,17 @@ categories:
   - title: '🗣 Updates in localization'
     label: 'localization'
   - title: '🧰 Maintenance'
+    collapse-after: 3
     labels:
       - 'dependencies'
       - 'maintenance'
 exclude-labels:
-  - 'skip-changelog'    
-  
+  - 'skip-changelog'
+
 change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
 template: |
   Please consult the [Upgrade notes in the documentation ](https://documentation.defectdojo.com/getting_started/upgrading/) for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
-  
+
   ## Changes since $PREVIOUS_TAG
   $CHANGES
 
@@ -65,4 +66,4 @@ version-resolver:
   patch:
     labels:
       - 'patch'
-  default: patch
+  default: patch
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -12,5 +12,8 @@
     "commitMessageExtra": "from {{currentVersion}} to {{#if isMajor}}v{{{newMajor}}}{{else}}{{#if isSingleVersion}}v{{{toVersion}}}{{else}}{{{newValue}}}{{/if}}{{/if}}",
     "commitMessageSuffix": "({{packageFile}})",
     "labels": ["dependencies"]
-  }]
+  }],
+  "registryAliases": {
+    "bitnami": "https://charts.bitnami.com/bitnami"
+  }
 }
diff --git a/.github/workflows/refresh_helm_lock_file.yaml b/.github/workflows/refresh_helm_lock_file.yaml
@@ -20,7 +20,7 @@ jobs:
           path: charts
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Set up Helm
-        uses: azure/setup-helm@v3
+        uses: azure/setup-helm@v4
         with:
           version: v3.4.0
 

diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
@@ -27,7 +27,7 @@ jobs:
     steps:
       - name: Create Release
         id: create_release
-        uses: release-drafter/release-drafter@v5.25.0
+        uses: release-drafter/release-drafter@v6.0.0
         with:
           version: ${{ github.event.inputs.version }}  
         env:

diff --git a/.github/workflows/release-x-manual-helm-chart.yml b/.github/workflows/release-x-manual-helm-chart.yml
@@ -47,7 +47,7 @@ jobs:
           git config --global user.email "${{ env.GIT_EMAIL }}"
       
       - name: Install Helm
-        uses: azure/setup-helm@v3
+        uses: azure/setup-helm@v4
         with:
           version: v3.4.0
 

diff --git a/.github/workflows/ruff.yml b/.github/workflows/ruff.yml
@@ -33,4 +33,4 @@ jobs:
         run: pip install -r requirements-lint.txt
 
       - name: Run Ruff Linter
-        run: ruff dojo
+        run: ruff .
diff --git a/.github/workflows/test-helm-chart.yml b/.github/workflows/test-helm-chart.yml
@@ -20,7 +20,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Helm
-        uses: azure/setup-helm@v3
+        uses: azure/setup-helm@v4
         with:
           version: v3.4.0
 

diff --git a/Dockerfile.integration-tests-debian b/Dockerfile.integration-tests-debian
@@ -1,7 +1,7 @@
 
 # code: language=Dockerfile
 
-FROM openapitools/openapi-generator-cli:v7.2.0@sha256:9eab779faa2525b1474c4159ec335d913ee3cee00f641552a2305b0a4d7db8f7 as openapitools
+FROM openapitools/openapi-generator-cli:v7.3.0@sha256:74b9992692c836e42a02980db4b76bee94e17075e4487cd80f5c540dd57126b9 as openapitools
 FROM python:3.11.4-slim-bullseye@sha256:40319d0a897896e746edf877783ef39685d44e90e1e6de8d964d0382df0d4952 as build
 WORKDIR /app
 RUN \

diff --git a/Dockerfile.nginx-alpine b/Dockerfile.nginx-alpine
@@ -140,7 +140,7 @@ COPY manage.py ./
 COPY dojo/ ./dojo/
 RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true
 
-FROM nginx:1.25.3-alpine@sha256:d12e6f7153fae36843aaeed8144c39956698e084e2e898891fa0cc8fe8f6c95c
+FROM nginx:1.25.4-alpine@sha256:6a2f8b28e45c4adea04ec207a251fd4a2df03ddc930f782af51e315ebc76e9a9
 ARG uid=1001
 ARG appuser=defectdojo
 COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/

diff --git a/Dockerfile.nginx-debian b/Dockerfile.nginx-debian
@@ -75,7 +75,7 @@ COPY dojo/ ./dojo/
 
 RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true
 
-FROM nginx:1.25.3-alpine@sha256:d12e6f7153fae36843aaeed8144c39956698e084e2e898891fa0cc8fe8f6c95c
+FROM nginx:1.25.4-alpine@sha256:6a2f8b28e45c4adea04ec207a251fd4a2df03ddc930f782af51e315ebc76e9a9
 ARG uid=1001
 ARG appuser=defectdojo
 COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/

diff --git a/NOTICE b/NOTICE
@@ -3910,49 +3910,6 @@ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 
-drf-yasg
-1.20.0
-BSD License
-.. |br| raw:: html
-
-   <br />
-
-#######
-License
-#######
-
-********************
-BSD 3-Clause License
-********************
-
-Copyright (c) 2017 - 2019, Cristian V. <[email protected]> |br|\ All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-
-* Neither the name of the copyright holder nor the names of its
-  contributors may be used to endorse or promote products derived from
-  this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
 ecdsa
 0.17.0
 MIT

diff --git a/components/package.json b/components/package.json
@@ -21,7 +21,6 @@
     "drmonty-datatables-responsive": "^1.0.0",
     "easymde": "^2.18.0",
     "flot": "flot/flot#~0.8.3",
-    "flot-axis": "markrcote/flot-axislabels#*",
     "font-awesome": "^4.0.0",
     "fullcalendar": "^3.10.2",
     "google-code-prettify": "^1.0.0",

diff --git a/dc-integration-tests.sh b/dc-integration-tests.sh
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+
+unset TEST_CASE
+
+bash ./docker/docker-compose-check.sh
+if [[ $? -eq 1 ]]; then exit 1; fi
+
+usage() {
+  echo
+  echo "This script helps with running integration tests."
+  echo
+  echo "Options:"
+  echo "  --test-case -t {YOUR_FULLY_QUALIFIED_TEST_CASE}"
+  echo "  --help -h - prints this dialogue."
+  echo
+  echo
+  echo "Example command:"
+  echo './dc-unittest.sh --test-case "Finding integration tests"'
+}
+
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    -t|--test-case)
+      TEST_CASE="$2"
+      shift # past argument
+      shift # past value
+      ;;
+    -h|--help)
+      usage
+      exit 0
+      ;;
+    -*|--*)
+      echo "Unknown option $1"
+      usage
+      exit 1
+      ;;
+    *)
+      POSITIONAL_ARGS+=("$1") # save positional arg
+      shift # past argument
+      ;;
+  esac
+done
+
+echo "Running docker compose unit tests with profile postgres-redis and test case $TEST_CASE ..."
+
+# Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose.
+echo "Building images..."
+./docker/setEnv.sh integration_tests
+./dc-build.sh
+echo "Setting up DefectDojo with Postgres and RabbitMQ..."
+DD_INTEGRATION_TEST_FILENAME="$TEST_CASE" docker compose --profile postgres-redis --env-file ./docker/environments/postgres-redis.env up --no-deps -d postgres nginx celerybeat celeryworker mailhog uwsgi redis
+echo "Initializing DefectDojo..."
+DD_INTEGRATION_TEST_FILENAME="$TEST_CASE" docker compose --profile postgres-redis --env-file ./docker/environments/postgres-redis.env up --no-deps --exit-code-from initializer initializer
+echo "Running the integration tests..."
+DD_INTEGRATION_TEST_FILENAME="$TEST_CASE" docker compose --profile postgres-redis --env-file ./docker/environments/postgres-redis.env up --no-deps --exit-code-from integration-tests integration-tests
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -138,7 +138,7 @@ services:
     volumes:
       - defectdojo_data:/var/lib/mysql
   postgres:
-    image: postgres:16.1-alpine@sha256:17eb369d9330fe7fbdb2f705418c18823d66322584c77c2b43cc0e1851d01de7
+    image: postgres:16.2-alpine@sha256:bbd7346fab25b7e0b25f214829d6ebfb78ef0465059492e46dee740ce8fcd844
     profiles: 
       - postgres-rabbitmq
       - postgres-redis
@@ -149,7 +149,7 @@ services:
     volumes:
       - defectdojo_postgres:/var/lib/postgresql/data
   rabbitmq:
-    image: rabbitmq:3.12.12-alpine@sha256:614857f02c0f150a0b1d29b2a03700d34c14dff7d19c85398e968a58ac7517c1
+    image: rabbitmq:3.13.0-alpine@sha256:e5dafa1f9ac08f6b5be5ab7d9e0a3cba9cde8011cb053aa779a7ef0a922a3138
     profiles: 
       - mysql-rabbitmq
       - postgres-rabbitmq

diff --git a/docker/entrypoint-integration-tests.sh b/docker/entrypoint-integration-tests.sh
@@ -29,6 +29,9 @@ export CHROMEDRIVER
 CHROME_PATH=/opt/chrome/chrome
 export CHROME_PATH
 
+# We are strict about Warnings during testing
+export PYTHONWARNINGS=error
+
 # Run available unittests with a simple setup
 # All available Integrationtest Scripts are activated below
 # If successsful, A successs message is printed and the script continues

diff --git a/docker/entrypoint-unit-tests-devDocker.sh b/docker/entrypoint-unit-tests-devDocker.sh
@@ -15,6 +15,9 @@ unset DD_DATABASE_URL
 # Unset the celery broker URL so that we can force the other DD_CELERY_BROKER settings
 unset DD_CELERY_BROKER_URL
 
+# We are strict about Warnings during testing
+export PYTHONWARNINGS=error
+
 python3 manage.py makemigrations dojo
 python3 manage.py migrate
 
@@ -48,13 +51,9 @@ EOF
     python3 manage.py spectacular > /dev/null
 }
 
-echo "Swagger Schema Tests - Broken"
-echo "------------------------------------------------------------"
-python3 manage.py test unittests -v 3 --keepdb --no-input --tag broken && true
-
 echo "Unit Tests"
 echo "------------------------------------------------------------"
-python3 manage.py test unittests -v 3 --keepdb --no-input --exclude-tag broken
+python3 manage.py test unittests -v 3 --keepdb --no-input
 
 # you can select a single file to "test" unit tests
 # python3 manage.py test unittests.tools.test_npm_audit_scan_parser.TestNpmAuditParser --keepdb -v 3

diff --git a/docker/entrypoint-unit-tests.sh b/docker/entrypoint-unit-tests.sh
@@ -16,6 +16,9 @@ unset DD_DATABASE_URL
 # Unset the celery broker URL so that we can force the other DD_CELERY_BROKER settings
 unset DD_CELERY_BROKER_URL
 
+# We are strict about Warnings during testing
+export PYTHONWARNINGS=error
+
 # TARGET_SETTINGS_FILE=dojo/settings/settings.py
 # if [ ! -f ${TARGET_SETTINGS_FILE} ]; then
 #   echo "Creating settings.py"
@@ -74,10 +77,6 @@ python3 manage.py migrate
 # --parallel fails on GitHub Actions
 #python3 manage.py test unittests -v 3 --no-input --parallel
 
-echo "Swagger Schema Tests - Broken"
-echo "------------------------------------------------------------"
-python3 manage.py test unittests -v 3 --keepdb --no-input --tag broken && true
-
 echo "Unit Tests"
 echo "------------------------------------------------------------"
-python3 manage.py test unittests -v 3 --keepdb --no-input --exclude-tag broken
+python3 manage.py test unittests -v 3 --keepdb --no-input
diff --git a/docs/content/en/getting_started/upgrading/2.32.md b/docs/content/en/getting_started/upgrading/2.32.md
@@ -0,0 +1,14 @@
+---
+title: 'Upgrading to DefectDojo Version 2.32.x'
+toc_hide: true
+weight: -20240205
+description: Breaking change: Removal of OpenAPI 2.0 Swagger
+---
+There are no special instructions for upgrading to 2.32.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.32.0) for the contents of the release.
+
+**Removal**
+
+The OpenAPI 2.0 Swagger API documentation was removed in favor of the existing
+OpenAPI 3.0 API documentation page.
+
+*Note*: The API has not changed in any way and behaves the same between OAPI2 and OAPI3
diff --git a/docs/content/en/integrations/api-v2-docs.md b/docs/content/en/integrations/api-v2-docs.md
@@ -16,11 +16,8 @@ Docs link on the user drop down menu in the header.
 
 ![image](../../images/api_v2_1.png)
 
-The documentation is generated using [Django Rest Framework
-Yet Another Swagger Generator](https://github.com/axnsan12/drf-yasg/), and is
-interactive. On the top of API v2 docs is a link that generates an OpenAPI v2 spec.
-
-As a preparation to move to OpenAPIv3, we have added an compatible spec and documentation at [`/api/v2/oa3/swagger-ui/`](https://demo.defectdojo.org/api/v2/oa3/swagger-ui/)
+The documentation is generated using [drf-spectacular](https://drf-spectacular.readthedocs.io/) at [`/api/v2/oa3/swagger-ui/`](https://demo.defectdojo.org/api/v2/oa3/swagger-ui/), and is
+interactive. On the top of API v2 docs is a link that generates an OpenAPI v3 spec.
 
 To interact with the documentation, a valid Authorization header value
 is needed. Visit the `/api/key-v2` view to generate your