chore: upgrade to django 4 and bump dependencies/containers

.env.example

@@ -1,6 +1,7 @@
 SECRET_KEY='akj)aa@2rp+$duf_m$)4!@cc#()h@q(ag0f=h8#1@dlpdouni5'
 DEBUG=0
 DJANGO_ALLOWED_HOSTS=['web','app','localhost','127.0.0.1']
+CSRF_TRUSTED_ORIGINS=['http://localhost','http://localhost:8888','http://127.0.0.1:8888']
 ENV=PROD
 SQL_ENGINE=django.db.backends.postgresql
 SQL_DATABASE=postgres

.github/workflows/semgrep.yml

@@ -2,33 +2,26 @@ name: Semgrep
 
 on:
   pull_request_target: {}
+  workflow_dispatch: {}
   push:
-    branches: ["main"]
-  # Schedule the CI job (this method uses cron syntax):
-  schedule:
-    - cron: '0 0 1 * *' # Sets Semgrep to scan every month
-
+    branches: ["master", "main"]
 jobs:
   semgrep:
-    name: Scan
+    name: semgrep/ci 
     runs-on: ubuntu-latest
 
     container:
-      image: returntocorp/semgrep
+      image: semgrep/semgrep
 
-    # Skip any PR created by dependabot to avoid permission issues:
     if: (github.actor != 'dependabot[bot]')
-
     steps:
-      # Fetch project source with GitHub Actions Checkout.
       - uses: actions/checkout@v3
-      # Run the "semgrep ci" command on the command line of the docker image.
-      - run: semgrep ci --sarif --output=semgrep.sarif
+      - run: semgrep ci --sarif > semgrep.sarif
         env:
           SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
-      # Upload the results to Github Advanced Security
+
       - name: Upload SARIF file for GitHub Advanced Security Dashboard
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: semgrep.sarif
-        if: always()
+        if: always()

Dockerfile

@@ -1,14 +1,10 @@
-FROM python:3.9.16-buster@sha256:5e28891402c02291f65c6652a8abddedcb5af15933e923c07c2670f836243833
+FROM python:3.10-bullseye@sha256:02c7cb92b8f23908de6457f7800c93b84ed8c6e7201da7935443d4c5eca7b381
 
 # Update and package installation
 RUN apt-get update && \
 	apt-get clean && \
 	apt-get install -y ca-certificates-java --no-install-recommends && \
-	apt-get clean
-
-RUN apt-get update && \
 	apt-get install -y openjdk-11-jdk p11-kit wkhtmltopdf libqt5gui5 && \
-	apt-get install -y  && \
 	apt-get clean && \
 	update-ca-certificates -f
 

app/config/settings.py

@@ -1,5 +1,4 @@
 import os
-import logging
 from getenv import env
 
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@@ -65,6 +64,7 @@
 DEBUG = int(env("DEBUG", 0))
 
 ALLOWED_HOSTS = tuple(env("DJANGO_ALLOWED_HOSTS", ['web','app','localhost','127.0.0.1']))
+CSRF_TRUSTED_ORIGINS=tuple(env("CSRF_TRUSTED_ORIGINS", ['http://web','http://app','http://localhost','http://127.0.0.1']))
 
 # Database
 # https://docs.djangoproject.com/en/3.0/ref/settings/#databases
@@ -140,8 +140,6 @@
 
 LANGUAGE_CODE = 'en-us'
 
-TIME_ZONE = 'UTC'
-
 USE_I18N = True
 
 USE_L10N = True

app/config/urls.py

@@ -1,10 +1,8 @@
 from django.contrib import admin
-from django.urls import path, include
+from django.urls import path, include, re_path
 from app import views, api
-from django.conf.urls import url
 from rest_framework import routers
 from rest_framework.authtoken.views import obtain_auth_token
-from rest_framework import permissions
 from drf_yasg.views import get_schema_view
 from drf_yasg import openapi
 from app.worker.tasks import scan_state
@@ -58,8 +56,8 @@
     path('api/v1/auth-token/', obtain_auth_token, name='api_token_auth'),
     path('api/v1/', include(router.urls)),
     path('scan_state/<int:id>', scan_state, name="scan_state"),
-    url(r'^swagger(?P<format>\.json|\.yaml)$', schema_view.without_ui(cache_timeout=0), name='schema-json'),
-    url(r'^swagger/$', schema_view.with_ui('swagger', cache_timeout=0), name='schema-swagger-ui'),
-    url(r'^redoc/$', schema_view.with_ui('redoc', cache_timeout=0), name='schema-redoc'),
+    re_path(r'^swagger(?P<format>\.json|\.yaml)$', schema_view.without_ui(cache_timeout=0), name='schema-json'),
+    re_path(r'^swagger/$', schema_view.with_ui('swagger', cache_timeout=0), name='schema-swagger-ui'),
+    re_path(r'^redoc/$', schema_view.with_ui('redoc', cache_timeout=0), name='schema-redoc'),
 
 ]

docker-compose.prod.yaml

@@ -1,7 +1,7 @@
 version: '3.8'
 services:
   db:
-    image: postgres:15.1-alpine@sha256:07c3361c9e8e1d734dfc51e239327b11d25196347be630fbdc556ca41f219184
+    image: postgres:16-bullseye@sha256:7174d2a352ad138906e3dc4a28a5d11b5a158180e9bff80beed8c8cc346f874c
     env_file:
       - ./.env.example
     environment:
@@ -28,7 +28,7 @@ services:
       - db
     restart: on-failure
   nginx:
-    image: nginx:1.23.3-alpine@sha256:dd8a054d7ef030e94a6449783605d6c306c1f69c10c2fa06b66a030e0d1db793
+    image: nginx:stable-bullseye@sha256:ee187e563496b690edaab157f89db924cd35fab42631309f4d62957baecf7d6c
     ports:
       - "443:443"
     volumes:
@@ -40,7 +40,7 @@ services:
       - web
     restart: on-failure
   rabbitmq:
-    image: rabbitmq:3.11.5-management-alpine@sha256:826a39d68330e7c380f527d0ac31e87999ade0afa6747e688c9d56989319a2c2
+    image: rabbitmq:3.13.0-management@sha256:ba406c7daaef53b59c92a13db37a27d0425579a40c59266d10022a40a8ba7242
     env_file:
       - ./.env.example
     environment:

docker-compose.yaml

@@ -1,7 +1,7 @@
 version: '3.8'
 services:
   db:
-    image: postgres:15.1-alpine@sha256:07c3361c9e8e1d734dfc51e239327b11d25196347be630fbdc556ca41f219184
+    image: postgres:16-bullseye@sha256:7174d2a352ad138906e3dc4a28a5d11b5a158180e9bff80beed8c8cc346f874c
     env_file:
       - ./.env.example
     environment:
@@ -28,7 +28,7 @@ services:
       - db
     restart: on-failure
   nginx:
-    image: nginx:1.23.3-alpine@sha256:dd8a054d7ef030e94a6449783605d6c306c1f69c10c2fa06b66a030e0d1db793
+    image: nginx:stable-bullseye@sha256:ee187e563496b690edaab157f89db924cd35fab42631309f4d62957baecf7d6c
     ports:
       - "8888:8888"
     volumes:
@@ -39,7 +39,7 @@ services:
       - web
     restart: on-failure
   rabbitmq:
-    image: rabbitmq:3.11.5-management-alpine@sha256:826a39d68330e7c380f527d0ac31e87999ade0afa6747e688c9d56989319a2c2
+    image: rabbitmq:3.13.0-management@sha256:ba406c7daaef53b59c92a13db37a27d0425579a40c59266d10022a40a8ba7242
     env_file:
       - ./.env.example
     environment:

requirements.txt

@@ -1,21 +1,74 @@
-django==3.2.23
-psycopg2==2.9.3
+amqp==5.2.0
+androguard==3.4.0a1
+asgiref==3.7.2
+asn1crypto==1.5.1
+asttokens==2.4.1
+beautifulsoup4==4.12.3
+billiard==3.6.4.0
+celery==5.2.2
+certifi==2024.2.2
+charset-normalizer==3.3.2
+click==8.1.7
+click-didyoumean==0.3.0
+click-plugins==1.1.1
+click-repl==0.3.0
+colorama==0.4.6
+contourpy==1.2.0
+coreapi==2.3.3
+coreschema==0.0.4
+cycler==0.12.1
+decorator==5.1.1
+Django==4.1.0
 django-bootstrap4==3.0.1
-django-widget-tweaks==1.4.8
+django-extensions==3.1.3
+django-filter==2.4.0
 django-fontawesome-5==1.0.18
 django-getenv==1.3.2
-androguard==3.4.0a1
-requests==2.31.0
-pdfkit==0.6.1
-uwsgi==2.0.22
-Pygments==2.15.0
+django-widget-tweaks==1.4.8
 djangorestframework==3.12.4
 drf-yasg==1.20.0
-Celery==5.2.2
-django-filter==2.4.0
-sqlalchemy==1.4.23
-django-extensions==3.1.3
-setuptools==65.5.1
-ipython>=8.10.0
-numpy>=1.22.2
-pillow>=10.0.1
+executing==2.0.1
+fonttools==4.49.0
+idna==3.6
+inflection==0.5.1
+ipython==8.22.2
+itypes==1.2.0
+jedi==0.19.1
+Jinja2==3.1.3
+kiwisolver==1.4.5
+kombu==5.3.5
+lxml==5.1.0
+MarkupSafe==2.1.5
+matplotlib==3.8.3
+matplotlib-inline==0.1.6
+networkx==3.2.1
+numpy==1.26.4
+packaging==23.2
+parso==0.8.3
+pdfkit==0.6.1
+pexpect==4.9.0
+pillow==10.2.0
+prompt-toolkit==3.0.43
+psycopg2-binary==2.9.9
+psycopg2==2.9.9
+ptyprocess==0.7.0
+pure-eval==0.2.2
+pydot==2.0.0
+Pygments==2.15.0
+pyparsing==3.1.2
+python-dateutil==2.9.0.post0
+pytz==2024.1
+requests==2.31.0
+ruamel.yaml==0.18.6
+ruamel.yaml.clib==0.2.8
+six==1.16.0
+soupsieve==2.5
+SQLAlchemy==1.4.23
+sqlparse==0.4.4
+stack-data==0.6.3
+traitlets==5.14.1
+uritemplate==4.1.1
+urllib3==2.2.1
+uWSGI==2.0.22
+vine==5.1.0
+wcwidth==0.2.13