Merge branch 'dev' into cloudsql-proxy-sidecar

.github/workflows/k8s-tests.yml

@@ -35,7 +35,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Minikube
-        uses: manusa/actions-setup-minikube@v2.11.0
+        uses: manusa/actions-setup-minikube@v2.13.0
         with:
           minikube version: 'v1.33.1'
           kubernetes version: ${{ matrix.k8s }}

Dockerfile.integration-tests-debian

@@ -1,7 +1,7 @@
 
 # code: language=Dockerfile
 
-FROM openapitools/openapi-generator-cli:v7.8.0@sha256:c409bfa9b276faf27726d2884b859d18269bf980cb63546e80b72f3b2648c492 AS openapitools
+FROM openapitools/openapi-generator-cli:v7.9.0@sha256:bb32f5f0c9f5bdbb7b00959e8009de0230aedc200662701f05fc244c36f967ba AS openapitools
 FROM python:3.11.9-slim-bookworm@sha256:8c1036ec919826052306dfb5286e4753ffd9d5f6c24fbc352a5399c3b405b57e AS build
 WORKDIR /app
 RUN \

Dockerfile.nginx-alpine

@@ -140,7 +140,7 @@ COPY manage.py ./
 COPY dojo/ ./dojo/
 RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true
 
-FROM nginx:1.27.0-alpine@sha256:208b70eefac13ee9be00e486f79c695b15cef861c680527171a27d253d834be9
+FROM nginx:1.27.2-alpine@sha256:2140dad235c130ac861018a4e13a6bc8aea3a35f3a40e20c1b060d51a7efd250
 ARG uid=1001
 ARG appuser=defectdojo
 COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/

Dockerfile.nginx-debian

@@ -73,7 +73,7 @@ COPY dojo/ ./dojo/
 
 RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true
 
-FROM nginx:1.27.0-alpine@sha256:208b70eefac13ee9be00e486f79c695b15cef861c680527171a27d253d834be9
+FROM nginx:1.27.2-alpine@sha256:2140dad235c130ac861018a4e13a6bc8aea3a35f3a40e20c1b060d51a7efd250
 ARG uid=1001
 ARG appuser=defectdojo
 COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/

README.md

@@ -132,15 +132,14 @@ Core Moderators can help you with pull requests or feedback on dev ideas:
 * Cody Maffucci ([@Maffooch](https://github.com/maffooch) | [LinkedIn](https://www.linkedin.com/in/cody-maffucci))
 
 Moderators can help you with pull requests or feedback on dev ideas:
-* Damien Carol ([@damiencarol](https://github.com/damiencarol) | [LinkedIn](https://www.linkedin.com/in/damien-carol/))
-* Jannik Jürgens ([@alles-klar](https://github.com/alles-klar))
-* Dubravko Sever ([@dsever](https://github.com/dsever))
 * Charles Neill ([@cneill](https://github.com/cneill) | [@ccneill](https://twitter.com/ccneill))
 * Jay Paz ([@jjpaz](https://twitter.com/jjpaz))
 * Blake Owens ([@blakeaowens](https://github.com/blakeaowens))
 
 ## Hall of Fame
-
+* Jannik Jürgens ([@alles-klar](https://github.com/alles-klar)) - Jannik was a long time contributor and moderator for 
+  DefectDojo and made significant contributions to many areas of the platform. Jannik was instrumental in pioneering 
+  and optimizing deployment methods.
 * Valentijn Scholten ([@valentijnscholten](https://github.com/valentijnscholten) |
   [Sponsor](https://github.com/sponsors/valentijnscholten) |
   [LinkedIn](https://www.linkedin.com/in/valentijn-scholten/)) - Valentijn served as a core moderator for 3 years.

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.39.0-dev",
+  "version": "2.40.0-dev",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {
@@ -35,7 +35,7 @@
     "metismenu": "~3.0.7",
     "moment": "^2.30.1",
     "morris.js": "morrisjs/morris.js",
-    "pdfmake": "^0.2.13",
+    "pdfmake": "^0.2.14",
     "startbootstrap-sb-admin-2": "1.0.7"
   },
   "engines": {

components/yarn.lock

@@ -824,10 +824,10 @@ path-parse@^1.0.7:
   resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735"
   integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==
 
-pdfmake@^0.2.13:
-  version "0.2.13"
-  resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.2.13.tgz#ea43fe9f0c8de1e5ec7b08486d6f4f8bbb8619e4"
-  integrity sha512-qeVE9Bzjm0oPCitH4/HYM/XCGTwoeOAOVAXPnV3s0kpPvTLkTF/bAF4jzorjkaIhXGQhzYk6Xclt0hMDYLY93w==
+pdfmake@^0.2.14:
+  version "0.2.14"
+  resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.2.14.tgz#a257a393b54917218add829bff8e490be21e8077"
+  integrity sha512-x9gXFAY37/CAC/WaZB/683E4Pi0cVW/RMTTNxMpe4I2kRsKv8AE3Pz6+n7iTfn+84/GtSg99BjZkYh7oGFCKmg==
   dependencies:
     "@foliojs-fork/linebreak" "^1.1.1"
     "@foliojs-fork/pdfkit" "^0.14.0"

docker-compose.override.unit_tests.yml

@@ -1,7 +1,7 @@
 ---
 services:
   nginx:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'nginx']
     volumes:
       - defectdojo_media_unit_tests:/usr/share/nginx/html/media
@@ -30,13 +30,13 @@ services:
       DD_CELERY_BROKER_PATH: '/dojo.celerydb.sqlite'
       DD_CELERY_BROKER_PARAMS: ''
   celerybeat:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'celery beat']
   celeryworker:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'celery worker']
   initializer:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'initializer']
   postgres:
     ports:
@@ -49,7 +49,7 @@ services:
     volumes:
       - defectdojo_postgres_unit_tests:/var/lib/postgresql/data
   redis:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'redis']
   "webhook.endpoint":
     image: mccutchen/go-httpbin:v2.15.0@sha256:24528cf5229d0b70065ac27e6c9e4d96f5452a84a3ce4433e56573c18d96827a

docker-compose.override.unit_tests_cicd.yml

@@ -1,7 +1,7 @@
 ---
 services:
   nginx:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'nginx']
     volumes:
       - defectdojo_media_unit_tests:/usr/share/nginx/html/media
@@ -29,13 +29,13 @@ services:
       DD_CELERY_BROKER_PATH: '/dojo.celerydb.sqlite'
       DD_CELERY_BROKER_PARAMS: ''
   celerybeat:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'celery beat']
   celeryworker:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'celery worker']
   initializer:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'initializer']
   postgres:
     ports:
@@ -48,7 +48,7 @@ services:
     volumes:
       - defectdojo_postgres_unit_tests:/var/lib/postgresql/data
   redis:
-    image: busybox:1.36.1-musl
+    image: busybox:1.37.0-musl
     entrypoint: ['echo', 'skipping', 'redis']
   "webhook.endpoint":
     image: mccutchen/go-httpbin:v2.15.0@sha256:24528cf5229d0b70065ac27e6c9e4d96f5452a84a3ce4433e56573c18d96827a

docker-compose.yml

@@ -103,7 +103,7 @@ services:
           source: ./docker/extra_settings
           target: /app/docker/extra_settings
   postgres:
-    image: postgres:16.4-alpine@sha256:d898b0b78a2627cb4ee63464a14efc9d296884f1b28c841b0ab7d7c42f1fffdf
+    image: postgres:17.0-alpine@sha256:14195b0729fce792f47ae3c3704d6fd04305826d57af3b01d5b4d004667df174
     environment:
       POSTGRES_DB: ${DD_DATABASE_NAME:-defectdojo}
       POSTGRES_USER: ${DD_DATABASE_USER:-defectdojo}

docker/install_chrome_dependencies.py

@@ -10,43 +10,47 @@
 
 
 def find_packages(library_name):
-    stdout = run_command(["apt-file", "search", library_name])
+    stdout, stderr, status_code = run_command(["apt-file", "search", library_name])
+    # Check if ldd has failed for a good reason, or if there are no results
+    if status_code != 0:
+        # Any other case should be be caught
+        msg = f"apt-file search (exit code {status_code}): {stderr}"
+        raise ValueError(msg)
+
     if not stdout.strip():
         return []
     libs = [line.split(":")[0] for line in stdout.strip().split("\n")]
     return list(set(libs))
 
 
 def run_command(cmd, cwd=None, env=None):
+    # Do not raise exception here because some commands are too loose with negative exit codes
     result = subprocess.run(cmd, cwd=cwd, env=env, capture_output=True, text=True, check=False)
-    return result.stdout
+    return result.stdout.strip(), result.stderr.strip(), result.returncode
 
 
 def ldd(file_path):
-    stdout = run_command(["ldd", file_path])
-    # For simplicity, I'm assuming if we get an error, the code is non-zero.
-    try:
-        result = subprocess.run(
-            ["ldd", file_path], capture_output=True, text=True, check=False,
-        )
-        stdout = result.stdout
-        code = result.returncode
-    except subprocess.CalledProcessError:
-        stdout = ""
-        code = 1
-    return stdout, code
+    stdout, stderr, status_code = run_command(["ldd", file_path])
+    # Check if ldd has failed for a good reason, or if there are no results
+    if status_code != 0:
+        # It is often the case when stdout will be empty. This is not an error
+        if not stdout:
+            return stdout, status_code
+        # Any other case should be be caught
+        msg = f"ldd (exit code {status_code}): {stderr}"
+        raise ValueError(msg)
+
+    return stdout, status_code
 
 
 raw_deps = ldd("/opt/chrome/chrome")
 dependencies = raw_deps[0].splitlines()
-
 missing_deps = {
     r[0].strip()
     for d in dependencies
     for r in [d.split("=>")]
     if len(r) == 2 and r[1].strip() == "not found"
 }
-
 missing_packages = []
 for d in missing_deps:
     all_packages = find_packages(d)
@@ -59,5 +63,4 @@ def ldd(file_path):
     ]
     for p in packages:
         missing_packages.append(p)
-
 logger.info("missing_packages: " + (" ".join(missing_packages)))

docs/content/en/getting_started/upgrading/2.40.md

@@ -0,0 +1,9 @@
+---
+title: 'Upgrading to DefectDojo Version 2.40.x'
+toc_hide: true
+weight: -20241007
+description: Breaking Change for Postgres 12.
+---
+With the upgrade to Django 5.1.x, Posgres 12 will no longer be supported. Please make plans to upgrade to a later version of Postrges before upgrading to version 2.40.0 of DefectDojo. To determine which version of Postgres to target, please refer to the [end of life version schedule](https://endoflife.date/postgresql)
+
+Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.40.0) for the contents of the release.

dojo/__init__.py

@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa: F401
 
-__version__ = "2.39.0-dev"
+__version__ = "2.40.0-dev"
 __url__ = "https://github.com/DefectDojo/django-DefectDojo"
 __docs__ = "https://documentation.defectdojo.com"

dojo/admin.py

@@ -22,29 +22,25 @@
 
 
 class QuestionChildAdmin(PolymorphicChildModelAdmin):
-    """
-    Base admin class for all child models of Question
-    """
+
+    """Base admin class for all child models of Question"""
 
     base_model = Question
 
 
 class TextQuestionAdmin(QuestionChildAdmin):
-    """
-    ModelAdmin for a TextQuestion
-    """
+
+    """ModelAdmin for a TextQuestion"""
 
 
 class ChoiceQuestionAdmin(QuestionChildAdmin):
-    """
-    ModelAdmin for a ChoiceQuestion
-    """
+
+    """ModelAdmin for a ChoiceQuestion"""
 
 
 class QuestionParentAdmin(PolymorphicParentModelAdmin):
-    """
-    Question parent model admin
-    """
+
+    """Question parent model admin"""
 
     base_model = Question
     child_models = (
@@ -60,29 +56,25 @@ class QuestionParentAdmin(PolymorphicParentModelAdmin):
 
 
 class AnswerChildAdmin(PolymorphicChildModelAdmin):
-    """
-    Base admin class for all child Answer models
-    """
+
+    """Base admin class for all child Answer models"""
 
     base_model = Answer
 
 
 class TextAnswerAdmin(AnswerChildAdmin):
-    """
-    ModelAdmin for TextAnswer
-    """
+
+    """ModelAdmin for TextAnswer"""
 
 
 class ChoiceAnswerAdmin(AnswerChildAdmin):
-    """
-    ModelAdmin for ChoiceAnswer
-    """
+
+    """ModelAdmin for ChoiceAnswer"""
 
 
 class AnswerParentAdmin(PolymorphicParentModelAdmin):
-    """
-    The parent model admin for answer
-    """
+
+    """The parent model admin for answer"""
 
     list_display = (
         "answered_survey",

dojo/api_v2/prefetch/prefetcher.py

@@ -18,7 +18,8 @@
 class _Prefetcher:
     @staticmethod
     def _build_serializers():
-        """Returns a map model -> serializer where model is a django model and serializer is the corresponding
+        """
+        Returns a map model -> serializer where model is a django model and serializer is the corresponding
         serializer used to serialize the model
 
         Returns:
@@ -52,7 +53,8 @@ def __init__(self):
         self._prefetch_data = {}
 
     def _find_serializer(self, field_type):
-        """Find the best suited serializer for the given type.
+        """
+        Find the best suited serializer for the given type.
 
         Args:
             field_type (django.db.models.fields): the field type for which we need to find a serializer
@@ -72,7 +74,8 @@ def _find_serializer(self, field_type):
         return self._find_serializer(parent_class)
 
     def _prefetch(self, entry, fields_to_fetch):
-        """Apply prefetching for the given field on the given entry
+        """
+        Apply prefetching for the given field on the given entry
 
         Args:
             entry (ModelInstance): Instance of a model as returned by a django queryset

dojo/api_v2/prefetch/schema.py

@@ -18,7 +18,8 @@ def _get_path_to_GET_serializer_map(generator):
 
 
 def get_serializer_ref_name(serializer):
-    """Get serializer's ref_name
+    """
+    Get serializer's ref_name
     inspired by https://github.com/axnsan12/drf-yasg/blob/78031f0c189585c30fccb5005a6899f2d34289a9/src/drf_yasg/utils.py#L416
 
     :param serializer: Serializer instance
@@ -37,14 +38,14 @@ def get_serializer_ref_name(serializer):
 
 
 def prefetch_postprocessing_hook(result, generator, request, public):
-    """OpenAPI v3 (drf-spectacular) Some endpoints are using the PrefetchListMixin and PrefetchRetrieveMixin.
+    """
+    OpenAPI v3 (drf-spectacular) Some endpoints are using the PrefetchListMixin and PrefetchRetrieveMixin.
     These have nothing to do with Django prefetch_related.
     The endpoints have an @extend_schema configured with an extra parameter 'prefetch'
     This parameter contains an array of relations to prefetch. These prefetched models
     will be returned in an additional property in the response.
     The below processor ensures the result schema matches this.
     """
-
     serializer_classes = _get_path_to_GET_serializer_map(generator)
 
     paths = result.get("paths", {})