Merge branch 'main' into truncated

.devcontainer/devcontainer.json

@@ -28,6 +28,5 @@
     }
   },
   "forwardPorts": [8000],
-  "postCreateCommand": "python -m pip install --upgrade pip",
-  "remoteUser": "vscode"
+  "postCreateCommand": "python -m pip install --upgrade pip"
 }

.env.example

@@ -30,4 +30,10 @@ SENTRY_DSN=https://[email protected]/0
 SLACK_CLIENT_ID=
 SLACK_CLIENT_SECRET=
 
-GITHUB_ACCESS_TOKEN="abc123"
+
+#BlueSky User Details
+BLUESKY_USERNAME=example.bsky.social
+BLUESKY_PASSWORD='example#123'
+
+GITHUB_ACCESS_TOKEN="abc123"
+

.github/workflows/ci-cd.yml

@@ -78,12 +78,8 @@ jobs:
       security-events: write
       actions: read
       contents: read
-    strategy:
-      fail-fast: true
-      matrix:
-        language: ['none']  # Default to none, will be updated based on changes
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 2
 
@@ -108,29 +104,33 @@ jobs:
       - name: Set languages matrix
         id: set-matrix
         run: |
-          languages=()
-          if [[ "${{ steps.changes.outputs.python }}" == 'true' ]]; then
-            languages+=("python")
+          languages=""
+          if [[ "${{ steps.changes.outputs.python }}" == "true" ]]; then
+            languages="python"
           fi
-          if [[ "${{ steps.changes.outputs.javascript }}" == 'true' ]]; then
-            languages+=("javascript")
+          if [[ "${{ steps.changes.outputs.javascript }}" == "true" ]]; then
+            if [[ -n "$languages" ]]; then
+              languages="$languages,javascript"
+            else
+              languages="javascript"
+            fi
           fi
-          if [ ${#languages[@]} -eq 0 ]; then
+          if [[ -z "$languages" ]]; then
             echo "No relevant file changes detected, skipping CodeQL"
             exit 0
           fi
-          echo "languages=${languages[@]}" >> $GITHUB_OUTPUT
+          echo "languages=$languages" >> $GITHUB_OUTPUT
 
-      - uses: github/codeql-action/init@v2
-        if: steps.set-matrix.outputs.languages
+      - uses: github/codeql-action/init@v3
+        if: ${{ steps.set-matrix.outputs.languages != '' }}
         with:
           languages: ${{ steps.set-matrix.outputs.languages }}
 
       - uses: github/codeql-action/autobuild@v2
-        if: steps.set-matrix.outputs.languages
+        if: ${{ steps.set-matrix.outputs.languages != '' }}
 
-      - uses: github/codeql-action/analyze@v2 
-        if: steps.set-matrix.outputs.languages
+      - uses: github/codeql-action/analyze@v2
+        if: ${{ steps.set-matrix.outputs.languages != '' }}
 
   test:
     name: Run Tests
@@ -142,11 +142,12 @@ jobs:
       contents: write
       actions: write
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: 3.11.2
       - run: pip install poetry
+      - run: poetry lock --no-update
       - run: poetry install
       - run: poetry run python manage.py collectstatic --noinput
       - name: Run tests

.github/workflows/enforce-issue-number-in-description.yml

@@ -16,6 +16,7 @@ permissions:
 jobs:
   validate_pr_closing_issues:
     runs-on: ubuntu-latest
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' && github.actor != 'dependabot'
     steps:
       - name: Validate PR closing issues with GraphQL
         env:
@@ -57,7 +58,7 @@ jobs:
             }
           }')
 
-          echo "GraphQL Query: $QUERY"
+          # echo "GraphQL Query: $QUERY"
 
           # Make the GraphQL API request
           RESPONSE=$(curl -s -X POST \
@@ -66,8 +67,8 @@ jobs:
             -H "Content-Type: application/json" \
             --data "$QUERY")
 
-          echo "GraphQL Response:"
-          echo "$RESPONSE"
+          # echo "GraphQL Response:"
+          # echo "$RESPONSE"
 
           # Check for errors in the response
           ERRORS=$(echo "$RESPONSE" | jq -r '.errors')
@@ -80,9 +81,9 @@ jobs:
           CLOSING_ISSUES=$(echo "$RESPONSE" | jq -r '.data.repository.pullRequest.closingIssuesReferences.edges')
 
           if [[ "$CLOSING_ISSUES" == "[]" || -z "$CLOSING_ISSUES" ]]; then
-            echo "Error: No closing issues are referenced in the PR description."
+            echo "Error: No closing issues are referenced in the PR description. Add it in the PR under: Successfully merging this pull request may close these issues."
             exit 1
           fi
 
           echo "Closing issues found: $CLOSING_ISSUES"
-          echo "PR description is valid with referenced closing issues."
+          echo "PR description is valid with referenced closing issues."

Dockerfile

@@ -1,38 +1,47 @@
-FROM python:3.11.2
+# Stage 1: Build stage
+FROM python:3.11.2 AS builder
 
 ENV PYTHONUNBUFFERED 1
-RUN mkdir /blt
 WORKDIR /blt
-COPY . /blt
-
 
-# Install PostgreSQL dependencies
+# Install system dependencies
 RUN apt-get update && \
-    apt-get install -y postgresql-client libpq-dev && \
+    apt-get install -y postgresql-client libpq-dev \
+    libmemcached11 libmemcachedutil2 libmemcached-dev libz-dev \
+    dos2unix && \
     rm -rf /var/lib/apt/lists/*
 
-# Install pylibmc dependencies
-RUN apt-get update && apt-get install -y \
-        libmemcached11 \
-        libmemcachedutil2 \
-        libmemcached-dev \
-        libz-dev
-
-
-RUN pip install poetry 
+# Install Poetry and dependencies
+RUN pip install poetry
 RUN poetry config virtualenvs.create false
+COPY pyproject.toml poetry.lock* ./
 RUN poetry install
+
+# Install additional Python packages
 RUN pip install opentelemetry-api opentelemetry-instrumentation
 
-# Install dos2unix
-RUN apt-get update && apt-get install -y dos2unix
+# Stage 2: Runtime stage
+FROM python:3.11.2-slim
+
+ENV PYTHONUNBUFFERED 1
+WORKDIR /blt
+
+# Copy only necessary files from builder stage
+COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
+COPY --from=builder /usr/local/bin /usr/local/bin
 
-# Add entrypoint
+# Install runtime system dependencies
+RUN apt-get update && \
+    apt-get install -y postgresql-client libpq-dev \
+    libmemcached11 libmemcachedutil2 dos2unix && \
+    rm -rf /var/lib/apt/lists/*
 
-COPY entrypoint.sh /entrypoint.sh
-RUN dos2unix .env Dockerfile docker-compose.yml entrypoint.sh ./blt/settings.py
-RUN chmod +x /entrypoint.sh
+# Copy application code
+COPY . /blt
 
+# Convert line endings and set permissions
+RUN dos2unix .env Dockerfile docker-compose.yml entrypoint.sh ./blt/settings.py
+RUN chmod +x /blt/entrypoint.sh
 
-ENTRYPOINT [ "./entrypoint.sh" ]
-CMD [ "poetry", "run", "python", "manage.py", "runserver", "0.0.0.0:8000" ]
+ENTRYPOINT ["/blt/entrypoint.sh"]
+CMD ["poetry", "run", "python", "manage.py", "runserver", "0.0.0.0:8000"]

README.md

@@ -7,3 +7,14 @@
 <img alt="Views" src="https://blt.owasp.org/projects/blt/badge"></a>
 
 Everything is on our <a href="https://blt.owasp.org">homepage</a>
+
+## Star History
+
+<a href="https://star-history.com/#OWASP-BLT/BLT&Date">
+ <picture>
+   <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=OWASP-BLT/BLT&type=Date&theme=dark" />
+   <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=OWASP-BLT/BLT&type=Date" />
+   <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=OWASP-BLT/BLT&type=Date" />
+ </picture>
+</a>
+

Setup.md

@@ -17,37 +17,84 @@ cp .env.example .env
 - Modify the .env file as per your local setup.
 
 ## Step 2: Choose your setup method (Docker recommended)
-### 1.Recommended method: Setting up development server using docker-compose
-
-- Install docker
-
-
-```sh
- # --- build the docker container ---
- docker-compose build
-
- # --- Run the docker container ---
- docker-compose up
-
- # --- Collect static files ---
-
- ### open container bash terminal
- # `app` is the service name in docker-compose.yml
- docker exec -it app /bin/bash
-
- # Below commands are for container shell
- ### migrate SQL commands in the database file
- python manage.py migrate
-
- ### collect staticfiles
- python manage.py collectstatic
-
- # --- exit out of container shell ---
- exit
-
-```
-
-### 2.Setting up development server using vagrant
+#### Prerequisites for Docker method
+Ensure the following are installed on your system before proceeding:
+
+- Docker  
+- Docker Compose  
+- PostgreSQL client (optional, for manual database interaction)  
+
+---
+
+### 1. Ensure LF Line Endings
+Before building the Docker images, ensure all files, especially scripts like `entrypoint.sh`, `.env`, `docker-compose.yml`, `Dockerfile`, `settings.py` use LF line endings. Using CRLF can cause build failures. To verify and correct line endings:
+
+1. If you're working on a Windows machine or collaborating across different operating systems, ensure consistent line endings:
+   - Set `core.autocrlf=input` in Git configurations to enforce LF-style line endings in the repository while preserving your local OS line endings.
+     ```bash
+     git config --global core.autocrlf input
+     ```
+   - Alternatively, in VS Code, you can manually change the line endings:
+     - Open the file in the editor.
+     - Look for the line ending type displayed in the bottom-right corner of the VS Code window (e.g., CRLF or LF).
+     - Click it and select "LF: Unix" from the dropdown to switch the line endings to LF.
+
+2. If the browser **automatically redirects to HTTPS** even in incognito mode, you can try the following:  
+   For **local development**, make these adjustments in `/blt/settings.py` to enable access over **HTTP**:
+   - Set:
+     ```python
+     SECURE_SSL_REDIRECT = False
+     SECURE_PROXY_SSL_HEADER = None
+     ```
+
+3. To convert to LF (if needed):  
+   - Using `dos2unix`:
+     ```bash
+     dos2unix entrypoint.sh
+     ```
+
+⚠️ **Important:**  
+- If line endings are not set to LF, running `docker-compose build` may fail.  
+- Avoid creating a PR to commit these local changes back to the repository.
+
+### 2. PostgreSQL Setup
+The PostgreSQL database listens on a port specified in the .env file.
+Default is 5432 and
+If you encounter conflicts, it might be set to another port (e.g., 5433 in some cases). Adjust the .env file accordingly.
+
+---
+
+## Commands to Set Up the Project
+
+- **Copy and configure the `.env` file:**  
+   ```bash
+   cp .env.example .env
+Update credentials and settings as needed.
+
+- #### Build the Docker images:
+  ```bash
+  docker-compose build
+- #### Start the containers:
+  ```bash
+  docker-compose up
+- #### Access the application:
+
+- Open your browser and navigate to:
+http://localhost:8000/
+- #### Prevent Automatic Redirects to HTTPS: 
+- Use Incognito Mode (Private Browsing): Open the browser in incognito mode and access the application using http://localhost:8000.
+- Ensure you're explicitly using http:// instead of https:// in the URL.
+### Notes
+- The project listens on port 8000 over the HTTP protocol.
+- Ensure all required configurations in .env are correct for seamless setup.
+
+### Error Edge Cases
+- If container fails execute ./entrypoint.sh due to permission error, use `chmod +x ./entrypoint.sh`
+- If you encounter ./entrypoint.sh was not found, then make sure you are using `LF` line ending in place of `CRLF`
+- If you encounter ERR_SSL_PROTOCOL_ERROR when you try to access the server on http://localhost:8000, make sure the Browser doesn't automatically redirect to https://localhost:8000. If it keeps doing this behaviour, then you can set `SECURE_SSL_REDIRECT` to `False` locally only(search for it  /blt/settings.py), stop the container and start it again.
+- If you encounter the same error indicating SSL_REDIRECT in the logs while building the container, set `SECURE_SSL_REDIRECT` to `False`
+
+### Option 2.Setting up development server using vagrant
 
 -Install [vagrant](https://www.vagrantup.com/)
 
@@ -89,7 +136,7 @@ Add a Domain `http://127.0.0.1:8000/admin/website/domain/` with the name 'owasp.
 **Note:** In case you encounter an error with vagrant's vbguest module, run `vagrant plugin install vagrant-vbguest`
 from the host machine.
 
-### 3.Setting up development server using python virtual environment
+### Option 3.Setting up development server using python virtual environment
 
 #### Setup correct python version