Merge branch 'dev' into ruff_TRY300

Dockerfile.django-alpine

@@ -5,7 +5,7 @@
 # Dockerfile.nginx to use the caching mechanism of Docker.
 
 # Ref: https://devguide.python.org/#branchstatus
-FROM python:3.11.9-alpine3.20@sha256:df44c0c0761ddbd6388f4549cab42d24d64d257c2a960ad5b276bb7dab9639c7 AS base
+FROM python:3.11.9-alpine3.20@sha256:f9ce6fe33d9a5499e35c976df16d24ae80f6ef0a28be5433140236c2ca482686 AS base
 FROM base AS build
 WORKDIR /app
 RUN \

Dockerfile.django-debian

@@ -5,7 +5,7 @@
 # Dockerfile.nginx to use the caching mechanism of Docker.
 
 # Ref: https://devguide.python.org/#branchstatus
-FROM python:3.11.9-slim-bookworm@sha256:8c1036ec919826052306dfb5286e4753ffd9d5f6c24fbc352a5399c3b405b57e AS base
+FROM python:3.11.9-slim-bookworm@sha256:6ed5bff4d7d377e2a27d9285553b8c21cfccc4f00881de1b24c9bc8d90016e82 AS base
 FROM base AS build
 WORKDIR /app
 RUN \

Dockerfile.integration-tests-debian

@@ -2,6 +2,7 @@
 # code: language=Dockerfile
 
 FROM openapitools/openapi-generator-cli:v7.11.0@sha256:a9e7091ac8808c6835cf8ec88252bca603f1f889ef1456b63d8add5781feeca7 AS openapitools
+# currently only supports x64, no arm yet due to chrome and selenium dependencies
 FROM python:3.11.9-slim-bookworm@sha256:8c1036ec919826052306dfb5286e4753ffd9d5f6c24fbc352a5399c3b405b57e AS build
 WORKDIR /app
 RUN \

Dockerfile.nginx-alpine

@@ -5,7 +5,10 @@
 # Dockerfile.django-alpine to use the caching mechanism of Docker.
 
 # Ref: https://devguide.python.org/#branchstatus
-FROM python:3.11.9-alpine3.20@sha256:df44c0c0761ddbd6388f4549cab42d24d64d257c2a960ad5b276bb7dab9639c7 AS base
+FROM node:20.18.2-alpine3.20@sha256:40cbd847a2db119ba716f2861b04076bcb575a0051923459271a18ff80944f7f AS node
+
+FROM python:3.11.9-alpine3.20@sha256:f9ce6fe33d9a5499e35c976df16d24ae80f6ef0a28be5433140236c2ca482686 AS base
+
 FROM base AS build
 WORKDIR /app
 RUN \
@@ -31,97 +34,11 @@ COPY requirements.txt ./
 # https://github.com/unbit/uwsgi/issues/1318#issuecomment-542238096
 RUN CPUCOUNT=1 pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt
 
-FROM build AS collectstatic
-
-# Node installation from https://github.com/nodejs/docker-node
-ENV NODE_VERSION=20.11.0
-
-RUN addgroup -g 1000 node \
-    && adduser -u 1000 -G node -s /bin/sh -D node \
-    && apk add --no-cache \
-        libstdc++ \
-    && apk add --no-cache --virtual .build-deps \
-        curl \
-    && ARCH= && alpineArch="$(apk --print-arch)" \
-      && case "${alpineArch##*-}" in \
-        x86_64) \
-          ARCH='x64' \
-          CHECKSUM=$(curl -sSL --compressed "https://unofficial-builds.nodejs.org/download/release/v${NODE_VERSION}/SHASUMS256.txt" | grep "node-v${NODE_VERSION}-linux-x64-musl.tar.xz" | cut -d' ' -f1) \
-          ;; \
-        *) ;; \
-      esac \
-  && if [ -n "${CHECKSUM}" ]; then \
-    set -eu; \
-    curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \
-    echo "$CHECKSUM  node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \
-      && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
-      && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \
-  else \
-    echo "Building from source" \
-    # backup build
-    && apk add --no-cache --virtual .build-deps-full \
-        binutils-gold \
-        g++ \
-        gcc \
-        gnupg \
-        libgcc \
-        linux-headers \
-        make \
-        python3 \
-    # gpg keys listed at https://github.com/nodejs/node#release-keys
-    && for key in \
-        C0D6248439F1D5604AAFFB4021D900FFDB233756 \
-        DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
-        CC68F5A3106FF448322E48ED27F5E38D5B0A215F \
-        8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
-        890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
-        C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
-        108F52B48DB57BB0CC439B2997B01419BD92F80A \
-        A363A499291CBBC940DD62E41F10027AF002F8B0 \
-    ; do \
-      gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
-      gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
-    done \
-    && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \
-    && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
-    && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
-    && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
-    && tar -xf "node-v$NODE_VERSION.tar.xz" \
-    && cd "node-v$NODE_VERSION" \
-    && ./configure \
-    && make -j$(getconf _NPROCESSORS_ONLN) V= \
-    && make install \
-    && apk del .build-deps-full \
-    && cd .. \
-    && rm -Rf "node-v$NODE_VERSION" \
-    && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \
-  fi \
-  && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \
-  && apk del .build-deps \
-  # smoke tests
-  && node --version \
-  && npm --version
 
-ENV YARN_VERSION=1.22.19
+FROM build AS collectstatic
+RUN apk add nodejs npm
+RUN npm install -g yarn --force
 
-RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
-  && for key in \
-    6A010C5166006599AA17F08146C2130DFD2497F5 \
-  ; do \
-    gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || \
-    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
-  done \
-  && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
-  && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
-  && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
-  && mkdir -p /opt \
-  && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \
-  && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \
-  && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \
-  && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
-  && apk del .build-deps-yarn \
-  # smoke test
-  && yarn --version
 
 # installing DefectDojo packages
 RUN pip3 install \

Dockerfile.nginx-debian

@@ -5,7 +5,7 @@
 # Dockerfile.django-debian to use the caching mechanism of Docker.
 
 # Ref: https://devguide.python.org/#branchstatus
-FROM python:3.11.9-slim-bookworm@sha256:8c1036ec919826052306dfb5286e4753ffd9d5f6c24fbc352a5399c3b405b57e AS base
+FROM python:3.11.9-slim-bookworm@sha256:6ed5bff4d7d377e2a27d9285553b8c21cfccc4f00881de1b24c9bc8d90016e82 AS base
 FROM base AS build
 WORKDIR /app
 RUN \
@@ -42,8 +42,8 @@ RUN \
   apt-get -y update && \
   apt-get -y install --no-install-recommends apt-transport-https ca-certificates curl wget gnupg && \
   curl -sSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add --no-tty - && \
-  echo 'deb https://deb.nodesource.com/node_20.x bullseye main' > /etc/apt/sources.list.d/nodesource.list && \
-  echo 'deb-src https://deb.nodesource.com/node_20.x bullseye main' >> /etc/apt/sources.list.d/nodesource.list && \
+  echo 'deb https://deb.nodesource.com/node_20.x bookworm main' > /etc/apt/sources.list.d/nodesource.list && \
+  echo 'deb-src https://deb.nodesource.com/node_20.x bookworm main' >> /etc/apt/sources.list.d/nodesource.list && \
   apt-get update -y -o Dir::Etc::sourcelist="sources.list.d/nodesource.list" \
   -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" && \
   curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \

dojo/api_v2/mixins.py

@@ -20,10 +20,10 @@ class DeletePreviewModelMixin:
     )
     @action(detail=True, methods=["get"], filter_backends=[], suffix="List")
     def delete_preview(self, request, pk=None):
-        object = self.get_object()
+        obj = self.get_object()
 
         collector = NestedObjects(using=DEFAULT_DB_ALIAS)
-        collector.collect([object])
+        collector.collect([obj])
         rels = collector.nested()
 
         def flatten(elem):

dojo/api_v2/permissions.py

@@ -33,8 +33,8 @@ def check_post_permission(request, post_model, post_pk, post_permission):
         if request.data.get(post_pk) is None:
             msg = f"Unable to check for permissions: Attribute '{post_pk}' is required"
             raise ParseError(msg)
-        object = get_object_or_404(post_model, pk=request.data.get(post_pk))
-        return user_has_permission(request.user, object, post_permission)
+        obj = get_object_or_404(post_model, pk=request.data.get(post_pk))
+        return user_has_permission(request.user, obj, post_permission)
     return True
 
 
@@ -158,29 +158,29 @@ def has_permission(self, request, view):
             has_permission_result = True
             product_id = request.data.get("product", None)
             if product_id:
-                object = get_object_or_404(Product, pk=product_id)
+                obj = get_object_or_404(Product, pk=product_id)
                 has_permission_result = (
                     has_permission_result
                     and user_has_permission(
-                        request.user, object, Permissions.Product_Edit,
+                        request.user, obj, Permissions.Product_Edit,
                     )
                 )
             finding_id = request.data.get("finding", None)
             if finding_id:
-                object = get_object_or_404(Finding, pk=finding_id)
+                obj = get_object_or_404(Finding, pk=finding_id)
                 has_permission_result = (
                     has_permission_result
                     and user_has_permission(
-                        request.user, object, Permissions.Finding_Edit,
+                        request.user, obj, Permissions.Finding_Edit,
                     )
                 )
             endpoint_id = request.data.get("endpoint", None)
             if endpoint_id:
-                object = get_object_or_404(Endpoint, pk=endpoint_id)
+                obj = get_object_or_404(Endpoint, pk=endpoint_id)
                 has_permission_result = (
                     has_permission_result
                     and user_has_permission(
-                        request.user, object, Permissions.Endpoint_Edit,
+                        request.user, obj, Permissions.Endpoint_Edit,
                     )
                 )
             return has_permission_result
@@ -744,20 +744,20 @@ def has_permission(self, request, view):
             has_permission_result = True
             engagement_id = request.data.get("engagement", None)
             if engagement_id:
-                object = get_object_or_404(Engagement, pk=engagement_id)
+                obj = get_object_or_404(Engagement, pk=engagement_id)
                 has_permission_result = (
                     has_permission_result
                     and user_has_permission(
-                        request.user, object, Permissions.Engagement_Edit,
+                        request.user, obj, Permissions.Engagement_Edit,
                     )
                 )
             product_id = request.data.get("product", None)
             if product_id:
-                object = get_object_or_404(Product, pk=product_id)
+                obj = get_object_or_404(Product, pk=product_id)
                 has_permission_result = (
                     has_permission_result
                     and user_has_permission(
-                        request.user, object, Permissions.Product_Edit,
+                        request.user, obj, Permissions.Product_Edit,
                     )
                 )
             return has_permission_result
@@ -798,29 +798,29 @@ def has_permission(self, request, view):
             has_permission_result = True
             engagement_id = request.data.get("engagement", None)
             if engagement_id:
-                object = get_object_or_404(Engagement, pk=engagement_id)
+                obj = get_object_or_404(Engagement, pk=engagement_id)
                 has_permission_result = (
                     has_permission_result
                     and user_has_permission(
-                        request.user, object, Permissions.Engagement_Edit,
+                        request.user, obj, Permissions.Engagement_Edit,
                     )
                 )
             finding_id = request.data.get("finding", None)
             if finding_id:
-                object = get_object_or_404(Finding, pk=finding_id)
+                obj = get_object_or_404(Finding, pk=finding_id)
                 has_permission_result = (
                     has_permission_result
                     and user_has_permission(
-                        request.user, object, Permissions.Finding_Edit,
+                        request.user, obj, Permissions.Finding_Edit,
                     )
                 )
             finding_group_id = request.data.get("finding_group", None)
             if finding_group_id:
-                object = get_object_or_404(Finding_Group, pk=finding_group_id)
+                obj = get_object_or_404(Finding_Group, pk=finding_group_id)
                 has_permission_result = (
                     has_permission_result
                     and user_has_permission(
-                        request.user, object, Permissions.Finding_Group_Edit,
+                        request.user, obj, Permissions.Finding_Group_Edit,
                     )
                 )
             return has_permission_result

dojo/decorators.py

@@ -66,9 +66,8 @@ def __wrapper__(*args, **kwargs):
             if model_or_id:
                 if isinstance(model_or_id, models.Model) and we_want_async(*args, func=func, **kwargs):
                     logger.debug("converting model_or_id to id: %s", model_or_id)
-                    id = model_or_id.id
                     args = list(args)
-                    args[parameter] = id
+                    args[parameter] = model_or_id.id
 
             return func(*args, **kwargs)
 

dojo/endpoint/utils.py

@@ -105,8 +105,10 @@ def err_log(message, html_log, endpoint_html_log, endpoint):
 
                         if parts.protocol:
                             if endpoint.protocol and (endpoint.protocol != parts.protocol):
-                                message = f"has defined protocol ({endpoint.protocol}) and it is not the same as protocol in host " \
-                                          f"({parts.protocol})"
+                                message = (
+                                    f"has defined protocol ({endpoint.protocol}) and it is not the same as protocol in host "
+                                    f"({parts.protocol})"
+                                )
                                 err_log(message, html_log, endpoint_html_log, endpoint)
                             else:
                                 if change:
@@ -126,8 +128,10 @@ def err_log(message, html_log, endpoint_html_log, endpoint):
                         if parts.port:
                             try:
                                 if (endpoint.port is not None) and (int(endpoint.port) != parts.port):
-                                    message = f"has defined port number ({endpoint.port}) and it is not the same as port number in " \
-                                              f"host ({parts.port})"
+                                    message = (
+                                        f"has defined port number ({endpoint.port}) and it is not the same as port number in "
+                                        f"host ({parts.port})"
+                                    )
                                     err_log(message, html_log, endpoint_html_log, endpoint)
                                 else:
                                     if change:
@@ -138,26 +142,32 @@ def err_log(message, html_log, endpoint_html_log, endpoint):
 
                         if parts.path:
                             if endpoint.path and (endpoint.path != parts.path):
-                                message = f"has defined path ({endpoint.path}) and it is not the same as path in host " \
-                                          f"({parts.path})"
+                                message = (
+                                    f"has defined path ({endpoint.path}) and it is not the same as path in host "
+                                    f"({parts.path})"
+                                )
                                 err_log(message, html_log, endpoint_html_log, endpoint)
                             else:
                                 if change:
                                     endpoint.path = parts.path
 
                         if parts.query:
                             if endpoint.query and (endpoint.query != parts.query):
-                                message = f"has defined query ({endpoint.query}) and it is not the same as query in host " \
-                                          f"({parts.query})"
+                                message = (
+                                    f"has defined query ({endpoint.query}) and it is not the same as query in host "
+                                    f"({parts.query})"
+                                )
                                 err_log(message, html_log, endpoint_html_log, endpoint)
                             else:
                                 if change:
                                     endpoint.query = parts.query
 
                         if parts.fragment:
                             if endpoint.fragment and (endpoint.fragment != parts.fragment):
-                                message = f"has defined fragment ({endpoint.fragment}) and it is not the same as fragment in host " \
-                                          f"({parts.fragment})"
+                                message = (
+                                    f"has defined fragment ({endpoint.fragment}) and it is not the same as fragment in host "
+                                    f"({parts.fragment})"
+                                )
                                 err_log(message, html_log, endpoint_html_log, endpoint)
                             else:
                                 if change:

dojo/filters.py

@@ -103,8 +103,8 @@
 
 def custom_filter(queryset, name, value):
     values = value.split(",")
-    filter = (f"{name}__in")
-    return queryset.filter(Q(**{filter: values}))
+    cust_filter = (f"{name}__in")
+    return queryset.filter(Q(**{cust_filter: values}))
 
 
 def custom_vulnerability_id_filter(queryset, name, value):

dojo/finding/helper.py

@@ -516,11 +516,9 @@ def prepare_duplicates_for_delete(test=None, engagement=None):
 
     # remove the link to the original from the duplicates inside the cluster so they can be safely deleted by the django framework
     total = len(originals)
-    i = 0
     # logger.debug('originals: %s', [original.id for original in originals])
-    for original in originals:
-        i += 1
-        logger.debug("%d/%d: preparing duplicate cluster for deletion of original: %d", i, total, original.id)
+    for i, original in enumerate(originals):
+        logger.debug("%d/%d: preparing duplicate cluster for deletion of original: %d", i + 1, total, original.id)
         cluster_inside = original.original_finding.all()
         if engagement:
             cluster_inside = cluster_inside.filter(test__engagement=engagement)