Merge branch 'white/staging' into white/master

Author: dkraus

.gitlab/ci/testing/.pretesting-gitlab-ci.yml

@@ -3,15 +3,13 @@ merge_conflict_check:
         - faradaytests
     image: python:3.11
     stage: pre_testing
-    allow_failure: true
     script:
         - git config --global user.email "you@example.com"
         - git config --global user.name "Mergerbot"
         - python3 scripts/merge-conflict-detector.py
     rules:
-        - !reference [ .dev-staging-master, rules ]
         - !reference [ .ignore-on-tag, rules ]
-        - when: never
+        - when: on_success
 
 sanity_check:
     tags:

CHANGELOG/5.8.0/community.md

@@ -0,0 +1,6 @@
+ * [ADD] Added support for CVSS 4.0. #7753
+ * [ADD] Improved filtering for better notification links. #7655
+ * [ADD] Added new operator ANY_IN for pipeline job conditions. #7804
+ * [FIX] Updated nginx config template for socketio. #7629
+ * [ADD] Added contains conditional for pipelines conditions. #7805
+ * [ADD] Add custom fields as conditions. #7721

CHANGELOG/5.8.0/date.md

@@ -0,0 +1 @@
+Oct 24th, 2024

RELEASE.md

@@ -1,6 +1,15 @@
 New features in the latest update
 =====================================
 
+5.8.0 [Oct 24th, 2024]:
+---
+ * [ADD] Added support for CVSS 4.0. #7753
+ * [ADD] Improved filtering for better notification links. #7655
+ * [ADD] Added new operator ANY_IN for pipeline job conditions. #7804
+ * [ADD] Added contains conditional for pipelines conditions. #7805
+ * [ADD] Added custom fields as conditions. #7721
+ * [FIX] Updated nginx config template for socketio. #7629
+
 5.7.0 [Sep 20th, 2024]:
 ---
  * [ADD] Added bulk update feature for custom attributes. #7716

faraday/__init__.py

@@ -4,5 +4,5 @@
 See the file 'doc/LICENSE' for the license information
 """
 
-__version__ = '5.7.0'
+__version__ = '5.8.0'
 __license_version__ = __version__

faraday/migrations/versions/4423dd3f90be_clear_preferences.py

@@ -0,0 +1,23 @@
+"""clear preferences
+
+Revision ID: 4423dd3f90be
+Revises: e9a3ba96ea46
+Create Date: 2024-10-17 14:18:03.830337+00:00
+
+"""
+from alembic import op
+
+
+# revision identifiers, used by Alembic.
+revision = '4423dd3f90be'
+down_revision = 'e9a3ba96ea46'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.execute("UPDATE faraday_user SET preferences = NULL;")
+
+
+def downgrade():
+    pass

faraday/migrations/versions/47e0c8f9856d_add_cvss4_columns.py

@@ -0,0 +1,96 @@
+"""add cvss4 columns
+
+Revision ID: 47e0c8f9856d
+Revises: 907c72c8d391
+Create Date: 2024-08-17 21:43:12.666824+00:00
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '47e0c8f9856d'
+down_revision = '907c72c8d391'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('vulnerability', sa.Column('_cvss4_vector_string', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_base_score', sa.Float(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_base_severity', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_attack_vector', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_attack_complexity', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_attack_requirements', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_privileges_required', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_user_interaction', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_vulnerable_system_confidentiality_impact', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_subsequent_system_confidentiality_impact', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_vulnerable_system_integrity_impact', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_subsequent_system_integrity_impact', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_vulnerable_system_availability_impact', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_subsequent_system_availability_impact', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_safety', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_automatable', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_recovery', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_value_density', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_vulnerability_response_effort', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_provider_urgency', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_modified_attack_vector', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_modified_attack_complexity', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_modified_attack_requirements', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_modified_privileges_required', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_modified_user_interaction', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_modified_vulnerable_system_confidentiality_impact', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_modified_subsequent_system_confidentiality_impact', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_modified_vulnerable_system_integrity_impact', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_modified_subsequent_system_integrity_impact', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_modified_vulnerable_system_availability_impact', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_modified_subsequent_system_availability_impact', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_confidentiality_requirement', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_integrity_requirement', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_availability_requirement', sa.Text(), nullable=True))
+    op.add_column('vulnerability', sa.Column('cvss4_exploit_maturity', sa.Text(), nullable=True))
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column('vulnerability', 'cvss4_exploit_maturity')
+    op.drop_column('vulnerability', 'cvss4_availability_requirement')
+    op.drop_column('vulnerability', 'cvss4_integrity_requirement')
+    op.drop_column('vulnerability', 'cvss4_confidentiality_requirement')
+    op.drop_column('vulnerability', 'cvss4_modified_subsequent_system_availability_impact')
+    op.drop_column('vulnerability', 'cvss4_modified_vulnerable_system_availability_impact')
+    op.drop_column('vulnerability', 'cvss4_modified_subsequent_system_integrity_impact')
+    op.drop_column('vulnerability', 'cvss4_modified_vulnerable_system_integrity_impact')
+    op.drop_column('vulnerability', 'cvss4_modified_subsequent_system_confidentiality_impact')
+    op.drop_column('vulnerability', 'cvss4_modified_vulnerable_system_confidentiality_impact')
+    op.drop_column('vulnerability', 'cvss4_modified_user_interaction')
+    op.drop_column('vulnerability', 'cvss4_modified_privileges_required')
+    op.drop_column('vulnerability', 'cvss4_modified_attack_requirements')
+    op.drop_column('vulnerability', 'cvss4_modified_attack_complexity')
+    op.drop_column('vulnerability', 'cvss4_modified_attack_vector')
+    op.drop_column('vulnerability', 'cvss4_provider_urgency')
+    op.drop_column('vulnerability', 'cvss4_vulnerability_response_effort')
+    op.drop_column('vulnerability', 'cvss4_value_density')
+    op.drop_column('vulnerability', 'cvss4_recovery')
+    op.drop_column('vulnerability', 'cvss4_automatable')
+    op.drop_column('vulnerability', 'cvss4_safety')
+    op.drop_column('vulnerability', 'cvss4_subsequent_system_availability_impact')
+    op.drop_column('vulnerability', 'cvss4_vulnerable_system_availability_impact')
+    op.drop_column('vulnerability', 'cvss4_subsequent_system_integrity_impact')
+    op.drop_column('vulnerability', 'cvss4_vulnerable_system_integrity_impact')
+    op.drop_column('vulnerability', 'cvss4_subsequent_system_confidentiality_impact')
+    op.drop_column('vulnerability', 'cvss4_vulnerable_system_confidentiality_impact')
+    op.drop_column('vulnerability', 'cvss4_user_interaction')
+    op.drop_column('vulnerability', 'cvss4_privileges_required')
+    op.drop_column('vulnerability', 'cvss4_attack_requirements')
+    op.drop_column('vulnerability', 'cvss4_attack_complexity')
+    op.drop_column('vulnerability', 'cvss4_attack_vector')
+    op.drop_column('vulnerability', 'cvss4_base_severity')
+    op.drop_column('vulnerability', 'cvss4_base_score')
+    op.drop_column('vulnerability', '_cvss4_vector_string')
+    # ### end Alembic commands ###

faraday/migrations/versions/907c72c8d391_user_session_id.py

@@ -0,0 +1,23 @@
+"""user session_id
+
+Revision ID: 907c72c8d391
+Revises: ad29e4bcf2cf
+Create Date: 2024-09-18 13:34:52.883133+00:00
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+# revision identifiers, used by Alembic.
+revision = '907c72c8d391'
+down_revision = 'ad29e4bcf2cf'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.add_column('faraday_user', sa.Column('session_id', sa.String(length=64), nullable=True))
+
+
+def downgrade():
+    op.drop_column('faraday_user', 'session_id')

faraday/migrations/versions/e9a3ba96ea46_cloud_agent_scheduler_and_scheduler_.py

@@ -0,0 +1,68 @@
+"""cloud_agent_scheduler_and_scheduler_token
+
+Revision ID: e9a3ba96ea46
+Revises: 47e0c8f9856d
+Create Date: 2024-09-17 18:54:47.529304+00:00
+
+"""
+from alembic import op
+import sqlalchemy as sa
+from faraday.server.models import UserToken
+
+# revision identifiers, used by Alembic.
+revision = 'e9a3ba96ea46'
+down_revision = '47e0c8f9856d'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    scheduler_types_enum = sa.Enum('cloud_agent', 'agent', name='scheduler_types')
+    scheduler_types_enum.create(op.get_bind(), checkfirst=True)
+    op.add_column('agent_schedule', sa.Column('type', sa.Enum('cloud_agent', 'agent', name='scheduler_types'), nullable=False, server_default='agent'))
+    op.add_column('agent_schedule', sa.Column('cloud_agent_id', sa.Integer(), nullable=True))
+    op.alter_column('agent_schedule', 'executor_id',
+               existing_type=sa.INTEGER(),
+               nullable=True)
+    op.create_index(op.f('ix_agent_schedule_cloud_agent_id'), 'agent_schedule', ['cloud_agent_id'], unique=False)
+    op.create_foreign_key('agent_schedule_cloud_agent_id_fkey', 'agent_schedule', 'cloud_agent', ['cloud_agent_id'], ['id'])
+    with op.get_context().autocommit_block():
+        op.execute("ALTER TYPE token_scopes ADD VALUE IF NOT EXISTS 'scheduler'")
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_constraint('agent_schedule_cloud_agent_id_fkey', 'agent_schedule', type_='foreignkey')
+    op.drop_index(op.f('ix_agent_schedule_cloud_agent_id'), table_name='agent_schedule')
+    op.alter_column('agent_schedule', 'executor_id',
+               existing_type=sa.INTEGER(),
+               nullable=False)
+    op.drop_column('agent_schedule', 'cloud_agent_id')
+    op.drop_column('agent_schedule', 'type')
+    scheduler_types_enum = sa.Enum('cloud_agent', 'agent', name='scheduler_types')
+    scheduler_types_enum.drop(op.get_bind(), checkfirst=True)
+
+    # Step 1: Create a new enum type without the 'scheduler' value
+
+    scopes = [scope for scope in UserToken.SCOPES if scope != UserToken.SCHEDULER_SCOPE]
+
+    scopes_str = ', '.join(f"'{scope}'" for scope in scopes)
+
+    op.execute(f"CREATE TYPE token_scopes_tmp AS ENUM({scopes_str})")
+
+    # Step 2: Alter the table to use the new enum type
+    op.execute("""
+            ALTER TABLE user_token
+            ALTER COLUMN scope
+            SET DATA TYPE token_scopes_tmp
+            USING scope::text::token_scopes_tmp
+        """)
+
+    # Step 3: Drop the old enum type
+    op.execute("DROP TYPE token_scopes")
+
+    # Step 4: Rename the new enum type to the original one
+    op.execute("ALTER TYPE token_scopes_tmp RENAME TO token_scopes")
+    # ### end Alembic commands ###

faraday/openapi/faraday_swagger.json

@@ -1,7 +1,7 @@
 {
     "info": {
         "description": "The Faraday REST API enables you to interact with [our server](https://github.com/infobyte/faraday).\nUse this API to interact or integrate with Faraday server. This page documents the REST API, with HTTP response codes and example requests and responses.",
-        "title": "Faraday 5.7.0 API",
+        "title": "Faraday 5.8.0 API",
         "version": "v3"
     },
     "security": [
@@ -7446,6 +7446,7 @@
                     },
                     "cvss2": {},
                     "cvss3": {},
+                    "cvss4": {},
                     "refs": {
                         "type": "array",
                         "items": {
@@ -8090,6 +8091,7 @@
                     },
                     "cvss2": {},
                     "cvss3": {},
+                    "cvss4": {},
                     "cwe": {
                         "type": "array",
                         "items": {
@@ -8372,7 +8374,10 @@
                             ">=",
                             "<=",
                             "in",
-                            "not_in"
+                            "not_in",
+                            "any_in",
+                            "contains",
+                            "inverted_in"
                         ],
                         "nullable": true
                     },