Merge branch 'main' into issue-2234

HanilJain · Nov 1, 2024 · 7375782 · 7375782
2 parents e427be6 + 848d0e0
commit 7375782
Show file tree

Hide file tree

Showing 49 changed files with 5,824 additions and 4,057 deletions.
diff --git a/blt/.env.example → .env.example b/blt/.env.example → .env.example
@@ -16,3 +16,9 @@ LANGCHAIN_API_KEY=langchain_api_key
 LANGCHAIN_TRACING_V2=true
 LANGCHAIN_PROJECT=default
 LANGCHAIN_ENDPOINT="https://api.smith.langchain.com"
+
+#Database URL
+DATABASE_URL=postgres://user:password@localhost:5432/dbname
+
+#Sentry DSN
+SENTRY_DSN=https://[email protected]/0
diff --git a/blt/middleware/ip_restrict.py b/blt/middleware/ip_restrict.py
@@ -152,8 +152,9 @@ def __call__(self, request):
                     ip_record.path = request.path
                     ip_record.save(update_fields=["agent", "count", "path"])
 
-                    # Delete all but the first record
-                    ip_records.exclude(pk=ip_record.pk).delete()
+                    # Check if a transaction is already active before starting a new one
+                    if not transaction.get_autocommit():
+                        ip_records.exclude(pk=ip_record.pk).delete()
                 else:
                     # If no record exists, create a new one
                     IP.objects.create(address=ip, agent=agent, count=1, path=request.path)

diff --git a/blt/settings.py b/blt/settings.py
@@ -423,11 +423,39 @@
     },
 }
 
-SOCIALACCOUNT_PROVIDER = {
-    "github": {"scope": ("user:email",)},
-    "google": {"scope": ("user:email",)},
+SOCIALACCOUNT_PROVIDERS = {
+    "github": {
+        "SCOPE": ["user:email"],
+        "AUTH_PARAMS": {"access_type": "online"},
+    },
+    "google": {
+        "SCOPE": ["profile", "email"],
+        "AUTH_PARAMS": {"access_type": "online"},
+    },
+    "facebook": {
+        "METHOD": "oauth2",
+        "SCOPE": ["email"],
+        "FIELDS": [
+            "id",
+            "email",
+            "name",
+            "first_name",
+            "last_name",
+            "verified",
+            "locale",
+            "timezone",
+            "link",
+        ],
+        "EXCHANGE_TOKEN": True,
+        "LOCALE_FUNC": lambda request: "en_US",
+        "VERIFIED_EMAIL": False,
+        "VERSION": "v7.0",
+    },
 }
 
+ACCOUNT_ADAPTER = "allauth.account.adapter.DefaultAccountAdapter"
+SOCIALACCOUNT_ADAPTER = "allauth.socialaccount.adapter.DefaultSocialAccountAdapter"
+
 X_FRAME_OPTIONS = "SAMEORIGIN"
 
 MDEDITOR_CONFIGS = {

diff --git a/blt/urls.py b/blt/urls.py
@@ -37,7 +37,7 @@
     UserIssueViewSet,
     UserProfileViewSet,
 )
-from website.views import (  # TODO AutoLabel,
+from website.class_views import (
     AllIssuesView,
     CompanySettings,
     ContributorStatsView,
@@ -64,9 +64,9 @@
     ListHunts,
     OngoingHunts,
     PreviousHunts,
+    ProjectBadgeView,
     ProjectDetailView,
     ProjectListView,
-    SaveBiddingData,
     ScoreboardView,
     SpecificIssuesView,
     SpecificMonthLeaderboardView,
@@ -76,6 +76,9 @@
     UserDeleteView,
     UserProfileDetailsView,
     UserProfileDetailView,
+)
+from website.views import (  # TODO AutoLabel,
+    SaveBiddingData,
     add_suggestions,
     blt_tomato,
     change_bid_status,
@@ -452,6 +455,7 @@
     re_path(r"^api/v1/count/$", website.views.issue_count, name="api_count"),
     re_path(r"^api/v1/contributors/$", website.views.contributors, name="api_contributor"),
     path("project/<slug:slug>/", ProjectDetailView.as_view(), name="project_view"),
+    path("projects/<slug:slug>/badge/", ProjectBadgeView.as_view(), name="project-badge"),
     re_path(
         r"^api/v1/createissues/$",
         csrf_exempt(IssueCreate.as_view()),
@@ -558,6 +562,11 @@
     ),
     path("auth/delete", AuthApiViewset.as_view({"delete": "delete"}), name="auth-delete-api"),
     path("api/v1/tags", TagApiViewset.as_view({"get": "list", "post": "create"}), name="tags-api"),
+    path("sizzle/", website.views.sizzle, name="sizzle"),
+    path("sizzle-docs/", website.views.sizzle_docs, name="sizzle-docs"),
+    path("api/timelogsreport/", website.views.TimeLogListAPIView, name="timelogsreport"),
+    path("time-logs/", website.views.TimeLogListView, name="time_logs"),
+    path("sizzle-daily-log/", website.views.sizzle_daily_log, name="sizzle_daily_log"),
 ]
 
 if settings.DEBUG:

diff --git a/comments/views.py b/comments/views.py
@@ -143,6 +143,7 @@ def reply_comment(request, pk):
 @login_required(login_url="/accounts/login")
 def autocomplete(request):
     q_string = request.GET.get("search", "")
+    q_string = escape(q_string)
     if len(q_string) == 0:
         return HttpResponse(
             request.GET["callback"] + "(" + json.dumps([]) + ");", content_type="application/json"

diff --git a/company/views.py b/company/views.py
@@ -1,14 +1,13 @@
 import json
 import uuid
 from datetime import datetime, timedelta
-from urllib.parse import urlparse, urlunparse
+from urllib.parse import urlparse
 
 import requests
 from django.contrib import messages
 from django.contrib.auth.models import AnonymousUser, User
 from django.core.exceptions import ValidationError
 from django.core.files.storage import default_storage
-from django.core.validators import URLValidator
 from django.db import transaction
 from django.db.models import Count, OuterRef, Q, Subquery, Sum
 from django.db.models.functions import ExtractMonth
@@ -18,35 +17,12 @@
 from django.views.decorators.http import require_http_methods
 from django.views.generic import View
 
-from website.models import (
-    Company,
-    Domain,
-    Hunt,
-    HuntPrize,
-    Issue,
-    IssueScreenshot,
-    Trademark,
-    Winner,
-)
+from website.models import Company, Domain, Hunt, HuntPrize, Issue, IssueScreenshot, Winner
+from website.utils import is_valid_https_url, rebuild_safe_url
 
 restricted_domain = ["gmail.com", "hotmail.com", "outlook.com", "yahoo.com", "proton.com"]
 
 
-def is_valid_https_url(url):
-    validate = URLValidator(schemes=["https"])  # Only allow HTTPS URLs
-    try:
-        validate(url)
-        return True
-    except ValidationError:
-        return False
-
-
-def rebuild_safe_url(url):
-    parsed_url = urlparse(url)
-    # Rebuild the URL with scheme, netloc, and path only
-    return urlunparse((parsed_url.scheme, parsed_url.netloc, parsed_url.path, "", "", ""))
-
-
 def get_email_domain(email):
     domain = email.split("@")[-1]
     return domain

diff --git a/docker-build-test.yml b/docker-build-test.yml
@@ -0,0 +1,47 @@
+name: Docker Build and Serve Test
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build-and-serve:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Build Docker image
+        run: docker build -t owasp-blt .
+
+      - name: Run Docker container
+        run: docker run -d -p 8000:8000 owasp-blt
+
+      - name: Wait for container to be ready
+        run: |
+          for i in {1..30}; do
+            if curl -s http://localhost:8000 > /dev/null; then
+              exit 0
+            fi
+            sleep 1
+          done
+          exit 1
+
+      - name: Verify site is served
+        run: curl -s http://localhost:8000