Merge branch 'main' into patch-7

.devcontainer/devcontainer.json

@@ -28,6 +28,5 @@
     }
   },
   "forwardPorts": [8000],
-  "postCreateCommand": "python -m pip install --upgrade pip",
-  "remoteUser": "vscode"
+  "postCreateCommand": "python -m pip install --upgrade pip"
 }

.env.example

@@ -4,7 +4,7 @@ [email protected]
 SUPERUSER_PASSWORD=admi345n@12343453
 
 DOMAIN_NAME=localhost
-PORT=80
+PORT=8000
 CALLBACK_URL_FOR_GITHUB=http://127.0.0.1:8000/
 CALLBACK_URL_FOR_GOOGLE=http://127.0.0.1:8000/
 CALLBACK_URL_FOR_FACEBOOK=http://127.0.0.1:8000/
@@ -17,8 +17,23 @@ LANGCHAIN_TRACING_V2=true
 LANGCHAIN_PROJECT=default
 LANGCHAIN_ENDPOINT="https://api.smith.langchain.com"
 
-#Database URL
-DATABASE_URL=postgres://user:password@localhost:5432/dbname
+#Database Credentials
+POSTGRES_PASSWORD=postgres
+POSTGRES_USER=postgres
+POSTGRES_DB=example_db
+POSTGRES_PORT=5432 #default is 5432, but sometimes it may be occupied by other services. So you can change it to any other port.
+DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@localhost:${POSTGRES_PORT}/${POSTGRES_DB}
 
 #Sentry DSN
 SENTRY_DSN=https://[email protected]/0
+
+SLACK_CLIENT_ID=
+SLACK_CLIENT_SECRET=
+
+
+#BlueSky User Details
+BLUESKY_USERNAME=example.bsky.social
+BLUESKY_PASSWORD='example#123'
+
+GITHUB_ACCESS_TOKEN="abc123"
+

.github/workflows/ci-cd.yml

@@ -78,12 +78,8 @@ jobs:
       security-events: write
       actions: read
       contents: read
-    strategy:
-      fail-fast: true
-      matrix:
-        language: ['none']  # Default to none, will be updated based on changes
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 2
 
@@ -108,29 +104,33 @@ jobs:
       - name: Set languages matrix
         id: set-matrix
         run: |
-          languages=()
-          if [[ "${{ steps.changes.outputs.python }}" == 'true' ]]; then
-            languages+=("python")
+          languages=""
+          if [[ "${{ steps.changes.outputs.python }}" == "true" ]]; then
+            languages="python"
           fi
-          if [[ "${{ steps.changes.outputs.javascript }}" == 'true' ]]; then
-            languages+=("javascript")
+          if [[ "${{ steps.changes.outputs.javascript }}" == "true" ]]; then
+            if [[ -n "$languages" ]]; then
+              languages="$languages,javascript"
+            else
+              languages="javascript"
+            fi
           fi
-          if [ ${#languages[@]} -eq 0 ]; then
+          if [[ -z "$languages" ]]; then
             echo "No relevant file changes detected, skipping CodeQL"
             exit 0
           fi
-          echo "languages=${languages[@]}" >> $GITHUB_OUTPUT
+          echo "languages=$languages" >> $GITHUB_OUTPUT
 
-      - uses: github/codeql-action/init@v2
-        if: steps.set-matrix.outputs.languages
+      - uses: github/codeql-action/init@v3
+        if: ${{ steps.set-matrix.outputs.languages != '' }}
         with:
           languages: ${{ steps.set-matrix.outputs.languages }}
 
       - uses: github/codeql-action/autobuild@v2
-        if: steps.set-matrix.outputs.languages
+        if: ${{ steps.set-matrix.outputs.languages != '' }}
 
-      - uses: github/codeql-action/analyze@v2 
-        if: steps.set-matrix.outputs.languages
+      - uses: github/codeql-action/analyze@v2
+        if: ${{ steps.set-matrix.outputs.languages != '' }}
 
   test:
     name: Run Tests
@@ -142,12 +142,44 @@ jobs:
       contents: write
       actions: write
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: 3.11.2
       - run: pip install poetry
+      - run: poetry lock --no-update
       - run: poetry install
       - run: poetry run python manage.py collectstatic --noinput
       - name: Run tests
         run: poetry run xvfb-run --auto-servernum python manage.py test -v 3 --failfast
+
+  docker-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Docker
+        run: |
+          docker --version
+          # Install docker-compose
+          curl -sSL https://github.com/docker/compose/releases/download/v2.17.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
+          chmod +x /usr/local/bin/docker-compose
+          docker-compose --version
+
+      - name: Build Docker image
+        run: |
+          docker build -t my-app .
+
+      - name: Run Docker container
+        run: |
+          docker run -d --name my-container my-app
+
+      - run: docker exec my-container pip install poetry
+      - run: docker exec my-container poetry lock --no-update
+      - run: docker exec my-container poetry install --no-dev --no-interaction
+
+      - name: Clean up
+        run: |
+          docker stop my-container
+          docker rm my-container

.github/workflows/enforce-issue-number-in-description.yml

@@ -0,0 +1,89 @@
+name: Validate PR Closing Issues
+
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - reopened
+      - synchronize
+
+permissions:
+  pull-requests: read
+  contents: read
+  issues: read
+
+jobs:
+  validate_pr_closing_issues:
+    runs-on: ubuntu-latest
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' && github.actor != 'dependabot'
+    steps:
+      - name: Validate PR closing issues with GraphQL
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          REPO_OWNER=${{ github.repository_owner }}
+          REPO_NAME=${{ github.event.repository.name }}
+          PR_NUMBER=${{ github.event.pull_request.number }}
+
+          echo "Validating PR #${PR_NUMBER} in repository ${REPO_OWNER}/${REPO_NAME}"
+
+          # Construct the GraphQL query
+          QUERY=$(jq -n \
+          --arg repoOwner "$REPO_OWNER" \
+          --arg repoName "$REPO_NAME" \
+          --argjson prNumber "$PR_NUMBER" \
+          '{
+            query: "query($REPO_NAME: String!, $REPO_OWNER: String!, $PR_NUMBER: Int!) {
+              repository(owner: $REPO_OWNER, name: $REPO_NAME) {
+                pullRequest(number: $PR_NUMBER) {
+                  id
+                  closingIssuesReferences(first: 50) {
+                    edges {
+                      node {
+                        id
+                        body
+                        number
+                        title
+                      }
+                    }
+                  }
+                }
+              }
+            }",
+            variables: {
+              REPO_OWNER: $repoOwner,
+              REPO_NAME: $repoName,
+              PR_NUMBER: $prNumber
+            }
+          }')
+
+          # echo "GraphQL Query: $QUERY"
+
+          # Make the GraphQL API request
+          RESPONSE=$(curl -s -X POST \
+            --location 'https://api.github.com/graphql' \
+            -H "Authorization: bearer $GITHUB_TOKEN" \
+            -H "Content-Type: application/json" \
+            --data "$QUERY")
+
+          # echo "GraphQL Response:"
+          # echo "$RESPONSE"
+
+          # Check for errors in the response
+          ERRORS=$(echo "$RESPONSE" | jq -r '.errors')
+          if [[ "$ERRORS" != "null" ]]; then
+            echo "GraphQL query failed with errors: $ERRORS"
+            exit 1
+          fi
+
+          # Extract closing issues
+          CLOSING_ISSUES=$(echo "$RESPONSE" | jq -r '.data.repository.pullRequest.closingIssuesReferences.edges')
+
+          if [[ "$CLOSING_ISSUES" == "[]" || -z "$CLOSING_ISSUES" ]]; then
+            echo "Error: No closing issues are referenced in the PR description. Add it in the PR under: Successfully merging this pull request may close these issues."
+            exit 1
+          fi
+
+          echo "Closing issues found: $CLOSING_ISSUES"
+          echo "PR description is valid with referenced closing issues."

.gitignore

@@ -17,4 +17,5 @@ chromedriver
 requirements.txt
 *.code-workspace
 *.log
-*.exe
+*.exe
+.vs

Aptfile

@@ -0,0 +1 @@
+git

Dockerfile

@@ -1,30 +1,68 @@
-FROM python:3.11.2
+# Stage 1: Build stage
+FROM python:3.11.2 AS builder
 
 ENV PYTHONUNBUFFERED 1
-RUN mkdir /blt
 WORKDIR /blt
-COPY . /blt
-
 
-# Install PostgreSQL dependencies
+# Install system dependencies
 RUN apt-get update && \
-    apt-get install -y postgresql-client libpq-dev && \
+    apt-get install -y postgresql-client libpq-dev \
+    libmemcached11 libmemcachedutil2 libmemcached-dev libz-dev \
+    dos2unix && \
     rm -rf /var/lib/apt/lists/*
 
-# Install pylibmc dependencies
-RUN apt-get update && apt-get install -y \
-        libmemcached11 \
-        libmemcachedutil2 \
-        libmemcached-dev \
-        libz-dev
+# # Install Chrome WebDriver
+# RUN CHROMEDRIVER_VERSION=`curl -sS chromedriver.storage.googleapis.com/LATEST_RELEASE` && \
+#     mkdir -p /opt/chromedriver-$CHROMEDRIVER_VERSION && \
+#     curl -sS -o /tmp/chromedriver_linux64.zip http://chromedriver.storage.googleapis.com/$CHROMEDRIVER_VERSION/chromedriver_linux64.zip && \
+#     unzip -qq /tmp/chromedriver_linux64.zip -d /opt/chromedriver-$CHROMEDRIVER_VERSION && \
+#     rm /tmp/chromedriver_linux64.zip && \
+#     chmod +x /opt/chromedriver-$CHROMEDRIVER_VERSION/chromedriver && \
+#     ln -fs /opt/chromedriver-$CHROMEDRIVER_VERSION/chromedriver /usr/local/bin/chromedriver
+
+# Install Google Chrome
+RUN curl -sS -o - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - && \
+    echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list && \
+    apt-get -yqq update && \
+    apt-get -yqq install google-chrome-stable && \
+    rm -rf /var/lib/apt/lists/*
 
+RUN ln -s /usr/bin/google-chrome-stable /usr/local/bin/google-chrome
 
-RUN pip install poetry 
+# Install Poetry and dependencies
+RUN pip install poetry
 RUN poetry config virtualenvs.create false
+COPY pyproject.toml poetry.lock* ./
+RUN poetry lock --no-update
 RUN poetry install
 
-RUN python manage.py migrate 
-RUN python manage.py loaddata website/fixtures/initial_data.json
-# RUN python manage.py collectstatic
-RUN python manage.py initsuperuser
+# Install additional Python packages
+RUN pip install opentelemetry-api opentelemetry-instrumentation
+
+# Stage 2: Runtime stage
+FROM python:3.11.2-slim
+
+ENV PYTHONUNBUFFERED 1
+WORKDIR /blt
+
+# Copy only necessary files from builder stage
+COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
+COPY --from=builder /usr/local/bin /usr/local/bin
+
+# Install runtime system dependencies
+RUN apt-get update && \
+    apt-get install -y postgresql-client libpq-dev \
+    libmemcached11 libmemcachedutil2 dos2unix && \
+    rm -rf /var/lib/apt/lists/*
+
+# Copy application code
+COPY . /blt
+
+# Convert line endings and set permissions
+RUN dos2unix Dockerfile docker-compose.yml entrypoint.sh ./blt/settings.py
+# Check if .env exists and run dos2unix on it, otherwise skip
+RUN if [ -f /blt/.env ]; then dos2unix /blt/.env; fi
+RUN chmod +x /blt/entrypoint.sh
 
+ENTRYPOINT ["/blt/entrypoint.sh"]
+CMD ["poetry", "run", "python", "manage.py", "runserver", "0.0.0.0:8000"]

Procfile

@@ -1,2 +1,2 @@
 release: python manage.py migrate  --noinput
-web: gunicorn blt.wsgi --log-file -
+web: bin/start-pgbouncer uvicorn blt.asgi:application --host 0.0.0.0 --port ${PORT}

README.md

@@ -6,5 +6,15 @@
 
 <img alt="Views" src="https://blt.owasp.org/projects/blt/badge"></a>
 
-------
-Everything is on our <a href="https://blt.owasp.org">homepage</a>
+Everything is on our <a href="https://blt.owasp.org">homepage</a>
+
+## Star History
+
+<a href="https://star-history.com/#OWASP-BLT/BLT&Date">
+ <picture>
+   <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=OWASP-BLT/BLT&type=Date&theme=dark" />
+   <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=OWASP-BLT/BLT&type=Date" />
+   <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=OWASP-BLT/BLT&type=Date" />
+ </picture>
+</a>
+