Skip to content

Commit

Permalink
Settings SHA: The Removal (#11299)
Browse files Browse the repository at this point in the history
* Settings SHA: The Removal

* Fix rufff

* Remove more tests
  • Loading branch information
Maffooch authored Dec 4, 2024
1 parent 0882320 commit 0595b1b
Show file tree
Hide file tree
Showing 5 changed files with 1 addition and 41 deletions.
8 changes: 0 additions & 8 deletions .github/workflows/release-3-master-into-dev.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,11 @@ jobs:
CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1)
sed -ri "0,/version/s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml
- name: Update settings SHA
run: sha256sum dojo/settings/settings.dist.py | cut -d ' ' -f1 > dojo/settings/.settings.dist.py.sha256sum

- name: Check numbers
run: |
grep version dojo/__init__.py
grep appVersion helm/defectdojo/Chart.yaml
grep version components/package.json
cat dojo/settings/.settings.dist.py.sha256sum
- name: Create upgrade notes to documentation
run: |
Expand Down Expand Up @@ -136,15 +132,11 @@ jobs:
CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1)
sed -ri "0,/version/s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml
- name: Update settings SHA
run: sha256sum dojo/settings/settings.dist.py | cut -d ' ' -f1 > dojo/settings/.settings.dist.py.sha256sum

- name: Check numbers
run: |
grep version dojo/__init__.py
grep appVersion helm/defectdojo/Chart.yaml
grep version components/package.json
cat dojo/settings/.settings.dist.py.sha256sum
- name: Push version changes
uses: stefanzweifel/[email protected]
Expand Down
1 change: 0 additions & 1 deletion dojo/settings/.settings.dist.py.sha256sum

This file was deleted.

8 changes: 1 addition & 7 deletions dojo/settings/settings.dist.py
Original file line number Diff line number Diff line change
@@ -1,15 +1,9 @@
#########################################################################################################
# It is not allowed to edit file 'settings.dist.py', for production deployemnts. #
# It is not recommended to edit file 'settings.dist.py', for production deployments. #
# Any customization of variables need to be done via environmental variables or in 'local_settings.py'. #
# For more information check https://documentation.defectdojo.com/getting_started/configuration/ #
#########################################################################################################

#########################################################################################################
# If as a developer of a new feature, you need to perform an update of file 'settings.dist.py', #
# after the change, calculate the checksum and store it related file by calling the following command: #
# $ sha256sum settings.dist.py | cut -d ' ' -f1 > .settings.dist.py.sha256sum #
#########################################################################################################

# Django settings for DefectDojo
import json
import logging
Expand Down
14 changes: 0 additions & 14 deletions dojo/settings/settings.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
import hashlib
import sys
from pathlib import Path

from split_settings.tools import include, optional

Expand All @@ -11,14 +8,3 @@
"settings.dist.py",
optional("local_settings.py"),
)

if not (DEBUG or ("collectstatic" in sys.argv)): # noqa: F821 - not declared DEBUG is acceptable because we are sure it will be loaded from 'include'
with (Path(__file__).parent / "settings.dist.py").open("rb") as file:
real_hash = hashlib.sha256(file.read()).hexdigest()
with (Path(__file__).parent / ".settings.dist.py.sha256sum").open("rb") as file:
expected_hash = file.read().decode().strip()
if real_hash != expected_hash:
msg = "Change of 'settings.dist.py' file was detected. It is not allowed to edit this file. " \
"Any customization of variables need to be done via environmental variables or in 'local_settings.py'. " \
"For more information check https://documentation.defectdojo.com/getting_started/configuration/ "
sys.exit(msg)
11 changes: 0 additions & 11 deletions unittests/test_utils.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
import hashlib
import logging
from contextlib import contextmanager
from pathlib import Path
from unittest.mock import Mock, patch

from dojo.authorization.roles_permissions import Roles
Expand Down Expand Up @@ -240,12 +238,3 @@ def assertImportModelsCreated(test_case, tests=0, engagements=0, products=0, pro
product_type_count,
endpoint_count,
)


class TestSettings(DojoTestCase):
def test_settings_integrity(self):
with Path("dojo/settings/settings.dist.py").open("rb") as file:
real_hash = hashlib.sha256(file.read()).hexdigest()
with Path("dojo/settings/.settings.dist.py.sha256sum").open("rb") as file:
expected_hash = file.read().decode().strip()
self.assertEqual(expected_hash, real_hash, "File settings.dist.py was changed but checksum has not been updated. If this is part of a PR, update the sha256sum value in '.settings.dist.py.sha256sum'. If you are modifying this to configure your instance, revert your changes and use environment variables or 'local_settings.py'")

0 comments on commit 0595b1b

Please sign in to comment.