Merge branch 'dev' of https://github.com/MaibornWolff/SecObserve into…

… stackable
stackabletech · Nov 18, 2024 · 9c2c2f3 · 9c2c2f3
2 parents 50257e4 + ff0eb50
commit 9c2c2f3
Show file tree

Hide file tree

Showing 61 changed files with 1,206 additions and 842 deletions.
diff --git a/.github/workflows/scan_sca_current.yml b/.github/workflows/scan_sca_current.yml
@@ -15,7 +15,7 @@ jobs:
         name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          ref: 'v1.22.1'
+          ref: 'v1.22.2'
       -
         name: Run SCA vulnerability scanners
         uses: MaibornWolff/secobserve_actions_templates/actions/vulnerability_scanner@5606a843f40e25d002053dfd14cd525496c76560 # main

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
+        uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
         with:
           sarif_file: results.sarif
diff --git a/backend/application/__init__.py b/backend/application/__init__.py
@@ -1,4 +1,4 @@
-__version__ = "1.22.1"
+__version__ = "1.22.2"
 
 import pymysql
 

diff --git a/backend/application/access_control/api/filters.py b/backend/application/access_control/api/filters.py
@@ -14,9 +14,6 @@ class UserFilter(FilterSet):
     full_name = CharFilter(field_name="full_name", lookup_expr="icontains")
     authorization_group = NumberFilter(field_name="authorization_groups")
 
-    # search is needed for the ReferenceArrayInput field of react-admin
-    search = CharFilter(field_name="full_name", lookup_expr="icontains")
-
     ordering = OrderingFilter(
         # tuple-mapping retains order
         fields=(
@@ -38,7 +35,6 @@ class Meta:
             "is_active",
             "is_superuser",
             "is_external",
-            "search",
         ]
 
     def __init__(self, data=None, queryset=None, *, request=None, prefix=None):
@@ -61,17 +57,14 @@ class AuthorizationGroupFilter(FilterSet):
     oidc_group = CharFilter(field_name="oidc_group", lookup_expr="icontains")
     user = NumberFilter(field_name="users")
 
-    # search is needed for the ReferenceArrayInput field of react-admin
-    search = CharFilter(field_name="name", lookup_expr="icontains")
-
     ordering = OrderingFilter(
         # tuple-mapping retains order
         fields=(("name", "name"), ("oidc_group", "oidc_group")),
     )
 
     class Meta:
         model = Authorization_Group
-        fields = ["name", "oidc_group", "search"]
+        fields = ["name", "oidc_group"]
 
     def get_user(self, queryset, name, value):  # pylint: disable=unused-argument
         # field_name is used as a positional argument

diff --git a/backend/application/access_control/api/views.py b/backend/application/access_control/api/views.py
@@ -12,10 +12,12 @@
     validate_password,
 )
 from django.core.exceptions import ValidationError as DjangoValidationError
+from django_filters.rest_framework import DjangoFilterBackend
 from drf_spectacular.utils import OpenApiParameter, extend_schema
 from rest_framework import status
 from rest_framework.decorators import action
 from rest_framework.exceptions import PermissionDenied, ValidationError
+from rest_framework.filters import SearchFilter
 from rest_framework.mixins import ListModelMixin
 from rest_framework.permissions import IsAdminUser, IsAuthenticated
 from rest_framework.response import Response
@@ -91,6 +93,8 @@ class UserViewSet(ModelViewSet):
     filterset_class = UserFilter
     queryset = User.objects.none()
     permission_classes = (IsAuthenticated, UserHasSuperuserPermission)
+    filter_backends = [SearchFilter, DjangoFilterBackend]
+    search_fields = ["full_name"]
 
     def get_queryset(self):
         if self.action == "list":
@@ -234,6 +238,8 @@ class AuthorizationGroupViewSet(ModelViewSet):
     filterset_class = AuthorizationGroupFilter
     queryset = Authorization_Group.objects.none()
     permission_classes = (IsAuthenticated, UserHasAuthorizationGroupPermission)
+    filter_backends = [SearchFilter, DjangoFilterBackend]
+    search_fields = ["name"]
 
     def get_queryset(self):
         return get_authorization_groups()

diff --git a/backend/application/licenses/api/filters.py b/backend/application/licenses/api/filters.py
@@ -1,13 +1,7 @@
 from datetime import timedelta
 
 from django.utils import timezone
-from django_filters import (
-    CharFilter,
-    ChoiceFilter,
-    FilterSet,
-    NumberFilter,
-    OrderingFilter,
-)
+from django_filters import CharFilter, ChoiceFilter, FilterSet, OrderingFilter
 
 from application.commons.api.extended_ordering_filter import ExtendedOrderingFilter
 from application.commons.types import Age_Choices
@@ -92,9 +86,6 @@ class LicenseFilter(FilterSet):
         ),
     )
 
-    # search is needed for the ReferenceArrayInput field of react-admin
-    search = CharFilter(field_name="spdx_id", lookup_expr="icontains")
-
     class Meta:
         model = License
         fields = [
@@ -117,9 +108,6 @@ class LicenseGroupFilter(FilterSet):
         ),
     )
 
-    # search is needed for the ReferenceArrayInput field of react-admin
-    search = CharFilter(field_name="name", lookup_expr="icontains")
-
     class Meta:
         model = License_Group
         fields = ["name", "is_public", "licenses"]
@@ -164,12 +152,6 @@ class Meta:
 
 class LicensePolicyFilter(FilterSet):
     name = CharFilter(field_name="name", lookup_expr="icontains")
-    licenses = NumberFilter(
-        field_name="licenses", method="get_license_policies_with_license"
-    )
-    license_groups = NumberFilter(
-        field_name="license_groups", method="get_license_policies_with_license_group"
-    )
 
     ordering = OrderingFilter(
         # tuple-mapping retains order
@@ -179,23 +161,10 @@ class LicensePolicyFilter(FilterSet):
         ),
     )
 
-    # search is needed for the ReferenceArrayInput field of react-admin
-    search = CharFilter(field_name="name", lookup_expr="icontains")
-
     class Meta:
         model = License_Policy
         fields = ["name", "is_public"]
 
-    def get_license_policies_with_license(
-        self, queryset, field_name, value  # pylint: disable=unused-argument
-    ) -> bool:
-        return queryset.filter(license_policy_items__license=value)
-
-    def get_license_policies_with_license_group(
-        self, queryset, field_name, value  # pylint: disable=unused-argument
-    ) -> bool:
-        return queryset.filter(license_policy_items__license_group=value)
-
 
 class LicensePolicyItemFilter(FilterSet):
     license_group_name = CharFilter(

diff --git a/backend/application/licenses/api/serializers.py b/backend/application/licenses/api/serializers.py
@@ -44,13 +44,17 @@
 
 
 class LicenseSerializer(ModelSerializer):
+    spdx_id_name = SerializerMethodField()
     is_in_license_group = SerializerMethodField()
     is_in_license_policy = SerializerMethodField()
 
     class Meta:
         model = License
         fields = "__all__"
 
+    def get_spdx_id_name(self, obj: License) -> str:
+        return f"{obj.spdx_id} ({obj.name})"
+
     def get_is_in_license_group(self, obj: License) -> bool:
         return License_Group.objects.filter(licenses=obj).exists()
 

diff --git a/backend/application/licenses/api/views.py b/backend/application/licenses/api/views.py
@@ -119,7 +119,7 @@ class LicenseViewSet(GenericViewSet, ListModelMixin, RetrieveModelMixin):
     filterset_class = LicenseFilter
     queryset = License.objects.all()
     filter_backends = [SearchFilter, DjangoFilterBackend]
-    search_fields = ["spdx_id"]
+    search_fields = ["spdx_id", "name"]
 
 
 class LicenseGroupViewSet(ModelViewSet):
@@ -192,13 +192,18 @@ def add_license(self, request, pk):
             if not license_group_member:
                 raise NotFound("License group not found")
             if not license_group_member.is_manager:
-                raise PermissionDenied("User is not a manager of the license group")
+                raise PermissionDenied("User is not a manager of this license group")
 
         license_id = request_serializer.validated_data.get("license")
         license_to_be_added = get_license(license_id)
         if not license_to_be_added:
             raise ValidationError(f"License {license_id} not found")
 
+        if license_to_be_added in license_group.licenses.filter(id=license_id):
+            raise ValidationError(
+                f"License {license_to_be_added} is already in this license group"
+            )
+
         license_group.licenses.add(license_to_be_added)
 
         return Response(status=HTTP_204_NO_CONTENT)
@@ -224,7 +229,7 @@ def remove_license(self, request, pk):
             if not license_group_member:
                 raise NotFound("License group not found")
             if not license_group_member.is_manager:
-                raise PermissionDenied("User is not a manager of the license group")
+                raise PermissionDenied("User is not a manager of this license group")
 
         license_id = request_serializer.validated_data.get("license")
         license_to_be_removed = get_license(license_id)

diff --git a/backend/application/rules/api/filters.py b/backend/application/rules/api/filters.py
@@ -6,9 +6,6 @@
 class GeneralRuleFilter(FilterSet):
     name = CharFilter(field_name="name", lookup_expr="icontains")
 
-    # search is needed for the ReferenceArrayInput field of react-admin
-    search = CharFilter(field_name="name", lookup_expr="icontains")
-
     ordering = OrderingFilter(
         # tuple-mapping retains order
         fields=(
@@ -27,7 +24,6 @@ class Meta:
         model = Rule
         fields = [
             "name",
-            "search",
             "parser",
             "scanner_prefix",
             "title",
@@ -39,9 +35,6 @@ class Meta:
 class ProductRuleFilter(FilterSet):
     name = CharFilter(field_name="name", lookup_expr="icontains")
 
-    # search is needed for the ReferenceArrayInput field of react-admin
-    search = CharFilter(field_name="name", lookup_expr="icontains")
-
     ordering = OrderingFilter(
         # tuple-mapping retains order
         fields=(
@@ -61,7 +54,6 @@ class Meta:
         model = Rule
         fields = [
             "name",
-            "search",
             "product",
             "parser",
             "scanner_prefix",

diff --git a/backend/application/rules/api/views.py b/backend/application/rules/api/views.py
@@ -1,7 +1,9 @@
+from django_filters.rest_framework import DjangoFilterBackend
 from drf_spectacular.utils import extend_schema
 from rest_framework import status
 from rest_framework.decorators import action
 from rest_framework.exceptions import NotFound, ValidationError
+from rest_framework.filters import SearchFilter
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.viewsets import ModelViewSet
@@ -33,6 +35,8 @@ class GeneralRuleViewSet(ModelViewSet):
     filterset_class = GeneralRuleFilter
     queryset = Rule.objects.none()
     permission_classes = (IsAuthenticated, UserHasGeneralRulePermission)
+    filter_backends = [SearchFilter, DjangoFilterBackend]
+    search_fields = ["name"]
 
     def get_queryset(self):
         return get_general_rules()
@@ -66,6 +70,8 @@ class ProductRuleViewSet(ModelViewSet):
     filterset_class = ProductRuleFilter
     queryset = Rule.objects.none()
     permission_classes = (IsAuthenticated, UserHasProductRulePermission)
+    filter_backends = [SearchFilter, DjangoFilterBackend]
+    search_fields = ["name"]
 
     def get_queryset(self):
         return get_product_rules()