[pull] main from intelowlproject:main

.coveragerc

@@ -0,0 +1,32 @@
+[run]
+source = greedybear
+omit = 
+    */migrations/*
+    */tests/*
+    */test_*.py
+    */__pycache__/*
+    */venv/*
+    */env/*
+    manage.py
+    greedybear/settings.py
+    greedybear/wsgi.py
+
+[report]
+show_missing = True
+precision = 2
+skip_covered = False
+skip_empty = True
+exclude_lines =
+    pragma: no cover
+    def __repr__
+    def __str__
+    raise AssertionError
+    raise NotImplementedError
+    if __name__ == "__main__":
+    @(abc\.)?abstractmethod
+
+[html]
+directory = htmlcov
+
+[xml]
+output = coverage.xml

.env_template

@@ -13,4 +13,4 @@ COMPOSE_FILE=docker/default.yml:docker/local.override.yml
 #COMPOSE_FILE=docker/default.yml:docker/local.override.yml:docker/elasticsearch.yml
 
 # If you want to run a specific version, populate this
-# REACT_APP_INTELOWL_VERSION="2.1.0"
+# REACT_APP_INTELOWL_VERSION="3.0.0"

.gitattributes

@@ -0,0 +1,67 @@
+# =============================================================================
+# Git Attributes Configuration for GreedyBear
+# Ensures consistent line endings across all platforms
+# =============================================================================
+
+# Default behavior: Auto-detect text files and normalize to LF
+* text=auto eol=lf
+
+# -----------------------------------------------------------------------------
+# Text files (normalize to LF)
+# -----------------------------------------------------------------------------
+
+# Python
+*.py text eol=lf
+
+# JavaScript/React
+*.js text eol=lf
+*.jsx text eol=lf
+*.mjs text eol=lf
+*.cjs text eol=lf
+
+# Styles
+*.css text eol=lf
+*.scss text eol=lf
+
+# Web
+*.html text eol=lf
+
+# Config files
+*.json text eol=lf
+*.yml text eol=lf
+*.yaml text eol=lf
+*.toml text eol=lf
+*.conf text eol=lf
+
+# Documentation
+*.md text eol=lf
+*.txt text eol=lf
+
+# Shell scripts
+*.sh text eol=lf
+
+# Docker
+Dockerfile text eol=lf
+Dockerfile_nginx text eol=lf
+
+# Git
+.gitignore text eol=lf
+.gitattributes text eol=lf
+
+# -----------------------------------------------------------------------------
+# Binary files (do not normalize)
+# -----------------------------------------------------------------------------
+
+# Images
+*.png binary
+*.ico binary
+
+# -----------------------------------------------------------------------------
+# Linguist overrides (GitHub language statistics)
+# -----------------------------------------------------------------------------
+
+# Exclude from language statistics
+*.min.js linguist-vendored
+*.min.css linguist-vendored
+**/migrations/* linguist-generated
+package-lock.json linguist-generated

.github/.pre-commit-config.yaml

@@ -1,18 +1,32 @@
 repos:
--   repo: https://github.com/pycqa/flake8
-    rev: 7.1.1
+# Python linting with Ruff
+-   repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.12.7
     hooks:
-    - id: flake8
-      args: ["--config", ".github/configurations/python_linters/.flake8"]
+      - id: ruff
+        name: ruff-lint
+        args: ["--fix", "--config", "./.github/configurations/python_linters/.ruff.toml"]
+      - id: ruff-format
+        args: ["--config", "./.github/configurations/python_linters/.ruff.toml"]
 
--   repo: https://github.com/pycqa/isort
-    rev: 5.13.2
+# Frontend formatting with Prettier (using local npm)
+# Skips if frontend/node_modules doesn't exist (for backend-only contributors)
+-   repo: local
     hooks:
-      - id: isort
-        args: ["--settings-path", ".github/configurations/python_linters/.isort.cfg", "--filter-files", "--skip", "venv"]
+      - id: prettier
+        name: prettier
+        entry: bash -c 'if [ -d frontend/node_modules ]; then cd frontend && npm run formatter; else echo "Skipping prettier - run npm install in frontend/ to enable"; fi'
+        language: system
+        files: ^frontend/src/.*\.(js|jsx)$|^frontend/tests/.*\.(js|jsx)$|^frontend/src/styles/.*\.(css|scss)$
+        pass_filenames: false
 
--   repo: https://github.com/psf/black
-    rev: 24.8.0
+# Frontend linting with ESLint (using local npm)
+# Skips if frontend/node_modules doesn't exist (for backend-only contributors)
+-   repo: local
     hooks:
-      - id: black
-        args: ["--config", ".github/configurations/python_linters/.black"]
+      - id: eslint
+        name: eslint
+        entry: bash -c 'if [ -d frontend/node_modules ]; then cd frontend && npm run lint; else echo "Skipping eslint - run npm install in frontend/ to enable"; fi'
+        language: system
+        files: ^frontend/src/.*\.(js|jsx)$|^frontend/tests/.*\.(js|jsx)$
+        pass_filenames: false

.github/CHANGELOG.md

@@ -1,5 +1,40 @@
 # Changelog
-From the v1.3.0 afterwards please check the Release Pages on Github for information regarding the changelog
+From the v1.3.0 onwards please check the Release Pages on Github for information regarding the changelog
+
+## Certego .github Package Changelog
+
+## 2.0.x
+### 2.0.0
+#### Features
+* Added "release.yml" action to to push containers to AWS ECR
+* Added *create_apt_cache.yaml* workflow to cache APT requirements each time a commit is pushed on selected branch and **when the requirements file has changed**.
+* Added documentation.
+* Added "Ruff" to the list of available Python linters.
+#### Bugfix
+* Updated python linters also in '_python.yml' workflow (missing from previous release)
+* Explicitly disabled `xpack.security` in Elasticsearch container, since it is enabled by default in newer versions of Elasticsearch
+* Added missing inputs for "create_linter_requirements_file" action.
+#### Changes
+* Deprecation of license check table-headers
+* Updated Python linters:
+  * bandit 1.7.9 -> 1.8.3
+  * black 24.8.0 -> 25.1.0
+  * flake8 7.1.1 -> 7.1.2
+  * isort 5.13.2 -> 6.0.1
+  * pylint-django 2.5.5 -> 2.6.1
+  * pylint 3.2.6 -> 3.3.5
+* Removed `awalsh128/cache-apt-pkgs-action@latest` action and rewrote APT caching using GitHub's `actions/cache/restore@v4` and `actions/cache/save@v4`.
+* Added both frontend and backend exclusions on _detect_changes.yaml (paths that won't be considered by git diff)
+* Updated CodeQL action v2 -> v3 (v2 has been [deprecated](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/) on december '24)
+* Removed `setup-python-dependencies` from `codeql/action.yml` since it has no effect anymore. See [this](https://github.blog/changelog/2024-01-23-codeql-2-16-python-dependency-installation-disabled-new-queries-and-bug-fixes/) for more information.
+* Linters versions in step `Create requirements-linters.txt` of `_python.yml` action are now computed according to `configurations/python_linters/requirements-linters.txt`. As of now, linter updates are only required in `configurations/python_linters/requirements-linters.txt`.
+* Reworked Python requirements caching.
+* Updated some Github actions:
+  * setup-python v4 -> v5
+  * action-gh-release v1 -> v2
+* Added "Install system dependencies required by Python packages" step to "Create Python cache" workflow.
+
+## GreedyBear Changelog
 
 ## [v1.2.1](https://github.com/honeynet/GreedyBear/releases/tag/v1.2.1)
 * Fixes and adjusts in the "Feeds Page"
@@ -42,4 +77,5 @@ Added support for all the other available honeypots! (#86)
 ## [v1.0.0](https://github.com/honeynet/GreedyBear/releases/tag/v1.0.0)
 
 ** FIRST RELEASE! **
-A new GUI is available to explore the data with an awesome dashboard!
+A new GUI is available to explore the data with an awesome dashboard!
+

.github/actions/apt_requirements/restore_apt_cache/README.md

@@ -0,0 +1,29 @@
+# Composite action restore APT cache
+
+This action restores an APT cache from GitHub's cache.
+
+Combined with [**save_apt_cache**](../save_apt_cache/README.md), it helps save time by avoiding the download of APT requirements.
+
+The action is composed of five steps:
+
+1. **Compute APT requirements files SHA256 hash** - This step uses [**misc/compute_files_hash**](../../misc/compute_files_hash/README.md) action to compute a single SHA256 hash of the APT requirements file described by the *apt_rquirements_file_path* input variable. The computed SHA256 hash will be part of the cache key.
+2. **Backup `/var/cache/apt/archives permissions`** - This step backs up the permissions associated to the `/var/cache/apt/archives` directory. So, after restoring the APT cache they can be restored to the original ones.
+3. **Add write permissions for all to `/var/cache/apt/archives`** - This step sets the write permission to the `/var/cache/apt/archives`. This is crucial because the [**cache/restore**](https://github.com/actions/cache/blob/main/restore/README.md) GitHub's action needs to be able to write to it. Without setting the correct write permission, a permission error is raised.
+4. **Restore APT cache** - This step restores the APT cache. It uses the GitHub's [**cache/restore**](https://github.com/actions/cache/blob/main/restore/README.md) action with the following parameters:
+   * **path** - A list of files, directories, or paths to restore - set to `/var/cache/apt/archives/*.deb`.
+   * **key** - An explicit key for a cache entry - set to the combination of three strings:
+      * *git_reference*, provided as an input to the action.
+      * A static part, `-apt-`
+      * The previously computed SHA256 hash of the APT requirements file.
+5. **Restore original permissions to `/var/cache/apt/archives` and delete backup** - This step restore the original permissions to the `/var/cache/apt/archives` directory. Finally, the backup file is deleted.
+
+## Documentation
+
+### Inputs
+
+* **apt_requirements_file_path** - Required - Path to the APT requirements file. It will be used to compute a SHA256 hash used in the cache key.
+* **git_reference** - Optional - A git reference that will be used to build the cache key. It defaults to `github.ref_name` which is a context variable containing **the short ref name of the branch or tag that triggered the workflow run**. For example it may be `feature-branch-1` or, for pull requests, `<pr_number>/merge`.
+
+### Outputs
+
+* **cache-hit** - A boolean value which is true when APT cache is found in the GitHub's cache, false otherwise.

.github/actions/apt_requirements/restore_apt_cache/action.yml

@@ -0,0 +1,64 @@
+name: Composite action restore APT cache
+description: Composite action to restore APT cache
+inputs:
+  apt_requirements_file_path:
+    description: Path to the APT requirements file
+    required: true
+  git_reference:
+    description: A git reference (name of the branch, reference to the PR) that will be used to build the cache key.
+    required: false
+    default: ${{ github.ref_name }}
+
+outputs:
+  cache-hit:
+    description: Whether the APT cache was found in the GitHub's cache or not.
+    value: ${{ steps.restore_apt_cache.outputs.cache-hit }}
+
+
+runs:
+  using: "composite"
+  steps:
+    - name: Compute APT requirements file SHA256 hash
+      id: compute_apt_requirements_file_sha256_hash
+      uses: ./.github/actions/misc/compute_files_hash
+      with:
+        file_paths: ${{ inputs.apt_requirements_file_path }}
+
+    - name: Backup /var/cache/apt/archives permissions
+      id: backup_apt_cache_dir_permissions
+      run: |
+        PERMISSIONS_FILE_PATH="/tmp/apt_cache_dir_permissions.facl"
+        echo "apt_cache_dir_permissions_file=$PERMISSIONS_FILE_PATH" > $GITHUB_OUTPUT
+        sudo getfacl -p /var/cache/apt/archives > $PERMISSIONS_FILE_PATH
+        ARCHIVES_PERMISSIONS=$(ls -ld /var/cache/apt/archives)
+        echo "::debug::Original permissions given to /var/cache/apt/archives: $ARCHIVES_PERMISSIONS"
+        echo "::debug::Created /var/cache/apt/archives permissions backup to $PERMISSIONS_FILE_PATH"
+      shell: bash
+
+    # Vital to be able to restore cache
+    # If write permission is not set, a permissions error will be raised
+    - name: Add write permission for all to /var/cache/apt/archives
+      run: |
+        sudo chmod a+w /var/cache/apt/archives
+        ARCHIVES_NEW_PERMISSIONS=$(ls -ld /var/cache/apt/archives)
+        echo "::debug::New permissions given to /var/cache/apt/archives: $ARCHIVES_NEW_PERMISSIONS"
+      shell: bash
+
+    - name: Restore APT cache
+      uses: actions/cache/restore@v4
+      id: restore_apt_cache
+      with:
+        path: /var/cache/apt/archives/*.deb
+        key: ${{ inputs.git_reference }}-apt-${{ steps.compute_apt_requirements_file_sha256_hash.outputs.computed_hash }}
+
+    - name: Restore original permissions to /var/cache/apt/archives and delete backup
+      run: |
+        PERMISSIONS_FILE_PATH=${{ steps.backup_apt_cache_dir_permissions.outputs.apt_cache_dir_permissions_file }}
+        sudo setfacl --restore="$PERMISSIONS_FILE_PATH"
+        ARCHIVES_RESTORED_PERMISSIONS=$(ls -ld /var/cache/apt/archives)
+        echo "::debug::Restored original permissions to /var/cache/apt/archives: $ARCHIVES_RESTORED_PERMISSIONS"
+        if [[ -f "$PERMISSIONS_FILE_PATH" ]]; then
+          sudo rm "$PERMISSIONS_FILE_PATH"
+          echo "::debug::Correctly removed $PERMISSIONS_FILE_PATH permissions backup file"
+        fi
+      shell: bash

.github/actions/apt_requirements/save_apt_cache/README.md

@@ -0,0 +1,22 @@
+# Composite action save APT cache
+
+This action saves the APT cache, almost always located at `/var/cache/apt/archives/*.deb` to the GitHub's cache.
+
+Combined with [**restore_apt_cache**](../restore_apt_cache/README.md) helps save time by avoiding the download of APT requirements.
+
+The action is composed of two steps:
+
+1. **Compute APT requirements file SHA256 hash** - This step uses the [**misc/compute_files_hash**](../../misc/compute_files_hash/README.md) action to compute the SHA256 hash of the APT requriments file that will be part of the cache key.
+2. **Save APT cache** - This step does the real caching on GitHub. The GitHub's [**cache/save**](https://github.com/actions/cache/blob/main/save/README.md) is used with the following parameters:
+   1. **path** - A list of files, directories, or paths to cache - set to `/var/cache/apt/archives/*.deb` to save all `*.deb` files in APT cache.
+   2. **key** - An explicit key for a cache entry - set to the combination of three strings:
+      1. *git_reference*, provided as an input to the action.
+      2. A static part, `-apt-`
+      3. The previously computed SHA256 hash of the APT requirements file.
+
+## Documentation
+
+### Inputs
+
+* **apt_requirements_file_path** - Required - Path to the APT requirements file. It will be used to compute a SHA256 hash used in the cache key.
+* **git_reference** - Optional - A git reference that will be used to build the cache key. It defaults to `github.ref_name` which is a context variable containing **the short ref name of the branch or tag that triggered the workflow run**. For example it may be `feature-branch-1` or, for pull requests, `<pr_number>/merge`.

.github/actions/apt_requirements/save_apt_cache/action.yml

@@ -0,0 +1,24 @@
+name: Composite action save APT cache
+description: Composite action to save APT cache
+inputs:
+  apt_requirements_file_path:
+    description: Path to the APT requirements file
+    required: true
+  git_reference:
+    description: A git reference (name of the branch, reference to the PR) that will be used to build the cache key.
+    required: false
+    default: ${{ github.ref_name }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Compute APT requiremments file SHA256 hash
+      id: compute_apt_requirements_file_sha256_hash
+      uses: ./.github/actions/misc/compute_files_hash
+      with:
+        file_paths: ${{ inputs.apt_requirements_file_path }}
+    - name: Save APT cache
+      uses: actions/cache/save@v4
+      with:
+        path: /var/cache/apt/archives/*.deb
+        key: ${{ inputs.git_reference }}-apt-${{ steps.compute_apt_requirements_file_sha256_hash.outputs.computed_hash }}

.github/actions/codeql/action.yml

@@ -12,13 +12,12 @@ runs:
   using: "composite"
   steps:
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ inputs.language }}
-        setup-python-dependencies: false
         source-root: ${{ inputs.working_directory }}
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3