Release 2.0.0 #299
Draft
Release 2.0.0 #299
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Restructure directories
Fix pipelines errors
… path field to target ports
…d new API token model
… well as, Telegram bot chats
* Add Chain-Bench scans to CI/CD * Fix chain-bench hash * Add quotes to echo and remove debugging echo * Upgrade Semgrep version and add Njsscan scans for frontend code * Force frontend change for testing Njsscan * Add Dockle scans to CI/CD * Force Docker change for testing Dockle * Fix syntax in workflow * Add github environment to chain-bench scans * Fix chain-bench results handling * Add continue-on-error to Dockle scans * Remove chain-bench reporting as it's not working
* Limit triaging features to those findings that need it, handle finding fixes and new auto fix findings feature * Fix findings automatically when they are no longer present in the target, or when their parent findings are marked as fixed * Fix findings related to automatically fixed findings too * Fix code style * Fix import * Fix code style * Fix some findings errors * Unit tests for latest changes on findings handling * Fix some errors in unit tests * Replace POST method for dislike by DELETE * Fix custom DELETE endpoints * Fix code style * Update changelog * Fix filtering issue in reporting feature * Fix get_related_findings method
* Update NVD NIST API calls to use the API version 2.0 * Fix unit tests
) * Hide authentication details in execution output, error and reports * Fix code style * Fix code style * Improve unit tests coverage and don't protect authentication name as it will be shown on UI * Fix error in unit tests * Fix code style * Check if report file exists before protecting it * Fix unit tests * Fix error in unit tests
* Customization of HTTP headers * Fix code style * Fix unit tests
* Remove scheduled_in and scheduled_time_unit from tasks * Fix code style * Fix code style * Fix typo * Remove debug input * Fix input validation
* Multi Factor Authentication * Unit tests for MFA * Fix code style * Fix code style * Fix code style * Fix Bandit finding * Remove unused import * Fix error in reset password feature * Fix errors and unit tests
* Initial implementation for the alert system and the CVE Crowd integration * Fix integrations and add notifications for the alerts via Telegram and mail * Unit tests for CVE Crowd integration, fix code style and ignore Semgrep false positives * Fix code style and ignore Bandit false positive * Fix code style * Move monitor job to RQ * Unit tests for alerts * Fix code style * Fix code style * Fix code style * Fix unit test * Fix unit tests * Fix error in PUT operation * Fix unit tests
* Initialization of the new Vue 3 project for the Rekono frontend * Default implementation of Rekono API requests * Move from Vue & Bootstrap-Vue to Nuxt & Vuetify and new Login page * New reset password page * Automatically forward user to login and index page based on the authentication status * MFA page * Main header * Initial tools page * Improve code and add loading gif to forms * Initial processes page * Initial wordlists page * Improve processes page * Improve resources page including all actions and dialogs except tasks creation * Task form triggered from Tools and Processes pages * Add ESLint and Prettier to check and fix format * Prettier format fix * Fix style issues reported by ESLint * Fix warnings reported by ESLint * Fix refresh handling and login forwarding * Fix usage of Pinia storages from API composable * Administration page structure * Notifications page * Initial integrations page and renaming Target Blacklist to Target Denylist * Fix prettier pipelines * CVE Crowd form * Improve wordlist form code organization * Improve task form code organization * Improve code organization in CVE Crowd form * Improve variable handling in notification forms * Defect-Dojo form * Fix submit functions * Add info alert to Defect-Dojo form * HTTP headers page * Some code optimization and HTTP header validation * Target denylist page * General settings page * Users page * Queues page * Signup page * Only show resources tab to Admins and Auditors * Notes page without creation and edition form * Initial note form (WIP) * Make app menus simpler * Add more link options to Notes * Improve UX in public forms * Original projects page * Fix forwarding to login after logout * Project page structure * Profile page structure * HTTP headers page within Profile section * Change notifications background and setup Rekono bot section in profile * Rekono Bot page within User profile * Personal information section in Profile page * MFA section in Profile page * Security section in Profile page * Projects page * Fix style and other issues detected on CICD * Fix style and other issues detected on CICD * Fix black style * Initial Targets page * Improve Targets page * Structure of new Note page * Links to the note's related entities * Optimize markdown rendering in Note page * Remove validation for note body and update dependencies * Refactor components structure * Fix code style * Refactor components structure and improve UX in notes pages * Improve UX of card actions * Improve UX in note page * General implementation for counters and first target links * Improve note page appearance and add note button to targets page * Project members page * Project reports page * Improve reports page * Optimize code organization * Fix some filters in the UI and finish reports page * Alerts page * Fix unit tests * Fix some mocks for unit tests * Fix unit test * Fix code style * Tasks page * Initialization of target page and fix unit tests * Fix code style * Fix variable reference and code style * Target scope page * Initial OSINT findings page * Refactor findings page to improve code quality * Improve tabs handling on findings page * Fix code style and unit tests * Optimize filters in findings page * Keep filters in query params to make search sharing easier * Move assets to a different page * Initial assets page * Initial port page and refactoring of dataset with shared tabs * Refactor and remove duplicated counters * Fix unapplied default filters in assets page * Fix code style and change fix syntax for assets * Add link to the latest task where a finding was found by a given tool * Show exposure time for each finding * Remove some ports links in hosts page * Remove related technologies in backend * Add credentials info and link to vulnerabilities per technology * Apply asset syntax to filters * Fix icons in shared tabs * Vulnerability page * Exploit dialogs from technology and vulnerability pages * Fix OSINT page and some TODOs * Initial task page * Show executions per stage, remove execution groups, and display output in a navigation drawer instead of a dialog * Improve task page UX * Recent activity and assets dashboards * Vulnerabilities dashboard * Triaging dashboard * Keep dashboard tabs in query params * Improve UX with loading animation and icon colors * Add project details to project's dashboard page * Fix project tags visualization and fix error in stats filtering * Move all projects and run buttons to the top of the project's dashboard page * Optimize stats endpoints in the backend * Optimize frontend code to show dashboards * Finish dashboard pages * Replace severity text values by integers to order data properly * Only create users when SMTP is configured, and allow to resend invitations before the user creates the account * Fix some code style issues * Handle Defect-Dojo sync and add links to project pages * Fix code style and update dependencies * Fix unit tests * Remove debugging code * Fix code style * Fix code style * Update TODO comments and add footer to all pages * Add links to home and projects pages from tabs * Composable to display numbers greater than 1k * Composable to get CWE reference * Remove tooltips in footer * Improve Dataset usage * Improve for loop syntax everywhere * Improve UtilsButtonLink component * Improve usage of prepend slot * Define types for TS function parameters and return values * Common component for forms with name and description fields * Improve frontend code * Refactor base components structure * Improve components definition * Improve target and note components definition * Improve dashboard, findings and utils components definition * Improve some code * Improve button utils * Improve counter utils * Replace BaseLink by BaseButton * Improve utils and base definitions * Adopt usage of BaseButton * Fix BaseButton slots * Optimize administration settings page * Optimize administration queues page * Optimize administration notifications page * Optimize administration integrations page * Optimize HTTP headers page in administration section * Check user role to show add button in Dataset component * Optimize target denylist page in administration section * Optimize users page in administration section * Optimize profile info page * Fix unit tests * Optimize telegram bot page in profile section * Optimize security page in profile section * Optimize tools page * Optimize wordlists page * Optimize processes page * Remove TODO comment * Optimize projects page * Optimize public pages: login, signup, MFA and reset password * Optimize targets page * Improve some Vue code * Move input parameters from targets to tasks (#324) * Move input parameters from targets to tasks * Remove unneeded imports * Adapt unit tests and fix errors * Support API key for NVD NIST requests (#327) * NvdNistSettings model * Unit tests, enable new endpoints and configure authorization * Replace defect_dojo syntax by defectdojo and CVECrowd syntax by CveCrowd * Add form to configure the NVD NIST API key to the UI * Unit tests * Fix code style * Fix some text fields * Only show target links when there is related data * Generate hash value per execution and use it to identify fixed findings (#328) * Optimize main project page * Fix DefectDojo button in project pages * Optimize main target page * Optimize target scope page * Fix authorization in target scope page * Fix authorization and input validation of HTTP headers * Optimize scans page * Fix notes authorization when are included as part of their related entities * Fix unit test and allow task cancelling when no executions were created * Optimize current scan dialog * Fix serializers usage to fix erros in unit tests * Fix serializers context * Add technology parameters to task form * Add vulnerability parameters to task form * Optimize scan page * Update integration with HackTricks (#336) * Fix unit tests (#338) * Fix unit tests for hacktricks integration * Fix github workflows * Fix github workflows * Update external actions * Fix SAST artifact names * Fix SAST artifact names * Fix hacktricks tests * Fix hacktricks tests * Aggregate hosts metadata: domain and geolocation (#341) * Update dependencies and migrate backend to UV (#343) * Integrate uv as package manager and update dependencies * Adapt GitHub workflows to uv * Update frontend dependencies * Allow the execution of code style check manually * Fix github steps conditions * Remove path condition to run code style * Ruff format * Fix code style workflow * Fix installation step * Fix steps conditions * Ignore bandit issue * Continue on error for code style tools * Fix error handling on code style workflow * Ignore .venv and migrations files for flake8 * Keep flake8 exclusions properly * Update uv.lock * Run pytype with --keep-going option * Custom python version for pytype * Downgrade python version for pytype * Fix eslint ignore * Fix typo * Fix prettier issue * Fix and ignore some pytype issues * Fix and ignore some pytype issues * Fix code style and some TODO (#344) * Replace Optional typing by | None * Replace get_project_field method by project_field attribute * Allow the execution of integrations per finding and per execution * Allow BaseInput parsing in a declarative way * Fix flake8 and pytype issues * Fix create_finding typing * Fix typing * Workaround to fix issues reported by pytype on TextChoices * Fix typing of Gitleaks executor on Gitleaks parser * Workaround to fix issues reported by pytype on TextChoices * Fix issues on cmseek and gitleaks executor and/or parsers * Disable pytype when accessing dynamic attributes of CONFIG class * Try to fix pytype issue when calling lower over an string from a dict * Disable pytype when accessing dynamic attributes of CONFIG class * Fix typing issue * Fix typing issue on load_report_as_json method * Fix some typing issues * Fix return type from load_report_as_json * Ignore pytype attribute error * Fix method signature * Fix return type * Remove mypy ignores * Remove flake8 ignores * Fix pytype and flake8 issues * Fix typing * Fix typing * Fix typing * Fix typing * Fix typing * Fix typing * Fix typing * exclude unit tests from strict typing check * fix pytype execution on cicd * fix typing in telegram BaseMixin * fix typing issues * fix typing issues * remove tests exclusion * ignore pytype false positives in tests * fix typing issues * always return a model for _get_model method * fix some issues on unit tests * test if unit tests work without extending Enum in all the Django choices (google/pytype#1048) * try another approach to avoid error google/pytype#1048 while not breaking the code * fix unit tests for defectdojo integration * fix unit tests for tool executor * Optimize GitHub workflows (#347) * update code style workflow * update supply chain workflow * new workflow to detect secrets * optimize SAST workflow * optimize containers workflow * rename containers workflow to security-workflows for compatibility with main * fix issues on workflows * fix quotes * fix push command * fix usage of secrets * fix usage of secrets * replace semgrep ci by semgrep scan * remove daily ssc scans as we are using a pinned version of the actions * update and clean third party actions used * remove ignores for bandit * fix tag references for github actions * pin legitify action to a commit that is runnable * pin legitify action to a commit that is runnable * add if condition to the kali release job * remove if conditions at step level * Verify and fix tool parsers (#349) * improve dirsearch parser and add unit test for the new output json format * adapt nikto parser to latest version and add new unit test * new dirsearch reports for testing * remove osvdb id from vulnerability model, as nikto has removed it as well from its support * fix frontend style * improve little things in cmseek parser * improve metasploit parser * exclude ask plugin in emailharvester due to maldevel/EmailHarvester#68 * fix nuclei command * improve nuclei parser * new nuclei unit tests * improve gitleaks parser * parse shellcode results from searchsploit as well * use smbmap csv output instead of stdout and define version command * improve ssh-audit command, start using json output instead of stdout and new unit tests * fix run directory for gobuster * workflow to detect new versions of the supported tools * fix runs-on o tools workflow * Update tools.yml * define bash as shell * fix tool installation * fix scripts for tools checking * fix installation of python tools in tool checker * fix python installation in tool checker * fix scripting and dirsearch installation in tool checker * install setuptools explicitly in tool checker * fix version command for msfconsole and nuclei * customize error log * customize error message in tool checker * debug error on gitleaks version checker * remove gitleaks version checker as it always return the same * fix unit tests and default processes * Optimize Docker images (#348) * Fix tool commands and improve execution outpus (#351) * Free more disk space to build rekono-worker image * Try to execute containers workflow on /mnt * Fix syntax * Update tool resources from an entrypoint script instead of as part of the image
* New integration with VirusTotal * fix issue on integrations test * Docstrings for virustotal module * Increase coverage for virus total
* Initial fix of the findings chain * Fix import issues * Fix issues on unit tests * Fix issues on unit tests * Fix code style issue * Update some docstrings * update comments and docstrings * update comments and docstrings * fix some pytype issues * unit tests for new create_findings approach and fix pytype issues
* Replace Protocol enum name by TransportProtocol * Fix some TODOs * Fix some issues and some TODOs * Monitor static Hacktricks links * Fix issue on monitoring workflow * Fix integrity of default and user data after loading fixtures * Save CVSS information on vulnerabilities * Save remediation information on vulnerabilities * Remove deprecated TODO comments * Review and reformat security headers * Fix telegram bot startup and identify some pending TODOs * Remove discarded TODOs * Fix issues and resolve TODOs on Telegram module * Prevent API tokens to be abused via API * Pre-commit and fix unit tests * Pre-commit * Restructure the project to move backend and frontend directories to the root * Fix default home directory * Add missing backend debian dependencies to Dockerfile * Update .gitignore * Update .gitignore * Update .gitignore * Update gitleaks ignore * Increase required coverage on unit tests
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.