diff --git a/.github/workflows/release-3-master-into-dev.yml b/.github/workflows/release-3-master-into-dev.yml index cbd287d232e..b5c8828ee16 100644 --- a/.github/workflows/release-3-master-into-dev.yml +++ b/.github/workflows/release-3-master-into-dev.yml @@ -50,15 +50,11 @@ jobs: CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1) sed -ri "0,/version/s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml - - name: Update settings SHA - run: sha256sum dojo/settings/settings.dist.py | cut -d ' ' -f1 > dojo/settings/.settings.dist.py.sha256sum - - name: Check numbers run: | grep version dojo/__init__.py grep appVersion helm/defectdojo/Chart.yaml grep version components/package.json - cat dojo/settings/.settings.dist.py.sha256sum - name: Create upgrade notes to documentation run: | @@ -136,15 +132,11 @@ jobs: CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1) sed -ri "0,/version/s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml - - name: Update settings SHA - run: sha256sum dojo/settings/settings.dist.py | cut -d ' ' -f1 > dojo/settings/.settings.dist.py.sha256sum - - name: Check numbers run: | grep version dojo/__init__.py grep appVersion helm/defectdojo/Chart.yaml grep version components/package.json - cat dojo/settings/.settings.dist.py.sha256sum - name: Push version changes uses: stefanzweifel/git-auto-commit-action@v5.0.1 diff --git a/dojo/settings/.settings.dist.py.sha256sum b/dojo/settings/.settings.dist.py.sha256sum deleted file mode 100644 index 5354615b1cc..00000000000 --- a/dojo/settings/.settings.dist.py.sha256sum +++ /dev/null @@ -1 +0,0 @@ -1b1f0b7210b79790c2bf1a3fdb62e24521544600bb4b460ed6a15cfd26f68640 diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 9d364b353f9..dec586382fe 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1,15 +1,9 @@ ######################################################################################################### -# It is not allowed to edit file 'settings.dist.py', for production deployemnts. # +# It is not recommended to edit file 'settings.dist.py', for production deployments. # # Any customization of variables need to be done via environmental variables or in 'local_settings.py'. # # For more information check https://documentation.defectdojo.com/getting_started/configuration/ # ######################################################################################################### -######################################################################################################### -# If as a developer of a new feature, you need to perform an update of file 'settings.dist.py', # -# after the change, calculate the checksum and store it related file by calling the following command: # -# $ sha256sum settings.dist.py | cut -d ' ' -f1 > .settings.dist.py.sha256sum # -######################################################################################################### - # Django settings for DefectDojo import json import logging diff --git a/dojo/settings/settings.py b/dojo/settings/settings.py index 6355bedf285..9a961ca8029 100644 --- a/dojo/settings/settings.py +++ b/dojo/settings/settings.py @@ -1,6 +1,3 @@ -import hashlib -import sys -from pathlib import Path from split_settings.tools import include, optional @@ -11,14 +8,3 @@ "settings.dist.py", optional("local_settings.py"), ) - -if not (DEBUG or ("collectstatic" in sys.argv)): # noqa: F821 - not declared DEBUG is acceptable because we are sure it will be loaded from 'include' - with (Path(__file__).parent / "settings.dist.py").open("rb") as file: - real_hash = hashlib.sha256(file.read()).hexdigest() - with (Path(__file__).parent / ".settings.dist.py.sha256sum").open("rb") as file: - expected_hash = file.read().decode().strip() - if real_hash != expected_hash: - msg = "Change of 'settings.dist.py' file was detected. It is not allowed to edit this file. " \ - "Any customization of variables need to be done via environmental variables or in 'local_settings.py'. " \ - "For more information check https://documentation.defectdojo.com/getting_started/configuration/ " - sys.exit(msg) diff --git a/unittests/test_utils.py b/unittests/test_utils.py index 4bed9f7369f..25bf9fbc192 100644 --- a/unittests/test_utils.py +++ b/unittests/test_utils.py @@ -1,7 +1,5 @@ -import hashlib import logging from contextlib import contextmanager -from pathlib import Path from unittest.mock import Mock, patch from dojo.authorization.roles_permissions import Roles @@ -240,12 +238,3 @@ def assertImportModelsCreated(test_case, tests=0, engagements=0, products=0, pro product_type_count, endpoint_count, ) - - -class TestSettings(DojoTestCase): - def test_settings_integrity(self): - with Path("dojo/settings/settings.dist.py").open("rb") as file: - real_hash = hashlib.sha256(file.read()).hexdigest() - with Path("dojo/settings/.settings.dist.py.sha256sum").open("rb") as file: - expected_hash = file.read().decode().strip() - self.assertEqual(expected_hash, real_hash, "File settings.dist.py was changed but checksum has not been updated. If this is part of a PR, update the sha256sum value in '.settings.dist.py.sha256sum'. If you are modifying this to configure your instance, revert your changes and use environment variables or 'local_settings.py'")