Merge branch 'dev' into master-into-dev/2.46.1-2.47.0-dev

Author: Maffooch

.github/workflows/release-x-manual-helm-chart.yml

@@ -56,7 +56,7 @@ jobs:
              helm dependency update ./helm/defectdojo
 
       - name: Add yq
-        uses: mikefarah/yq@8bf425b4d1344db7cd469a8d10a390876e0c77fd # v4.45.1
+        uses: mikefarah/yq@c59fa8de59f1f5a16fdbfd1e2a6e97a1b42a64b9 # v4.45.2
 
       - name: Pin version docker version
         id: pin_image

docs/content/en/open_source/upgrading/2.47.md

@@ -0,0 +1,7 @@
+---
+title: 'Upgrading to DefectDojo Version 2.47.x'
+toc_hide: true
+weight: -20250505
+description: No special instructions.
+---
+There are no special instructions for upgrading to 2.47.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.47.0) for the contents of the release.

docs/package-lock.json

@@ -21,7 +21,7 @@
   },
   "devDependencies": {
     "prettier": "3.5.3",
-    "vite": "6.3.4"
+    "vite": "6.3.5"
   },
   "engines": {
     "node": "22.15.0"

docs/package.json

@@ -57,3 +57,22 @@ def bind_announcement(request):
             ).get(user=request.user)
             return {"announcement": user_announcement.announcement}
     return {}
+
+
+def session_expiry_notification(request):
+    import time
+
+    try:
+        if request.user.is_authenticated:
+            last_activity = request.session.get("_last_activity", time.time())
+            expiry_time = last_activity + settings.SESSION_COOKIE_AGE  # When the session will expire
+            warning_time = settings.SESSION_EXPIRE_WARNING  # Show warning X seconds before expiry
+            notify_time = expiry_time - warning_time
+        else:
+            notify_time = None
+    except Exception:
+        return {}
+    else:
+        return {
+            "session_notify_time": notify_time,
+        }

dojo/context_processors.py

@@ -43,6 +43,7 @@
     DD_SECURE_HSTS_SECONDS=(int, 31536000),  # One year expiration
     DD_SESSION_COOKIE_SECURE=(bool, False),
     DD_SESSION_EXPIRE_AT_BROWSER_CLOSE=(bool, False),
+    DD_SESSION_EXPIRE_WARNING=(int, 300),  # warning 5 mins before expiration
     DD_SESSION_COOKIE_AGE=(int, 1209600),  # 14 days
     DD_CSRF_COOKIE_SECURE=(bool, False),
     DD_CSRF_TRUSTED_ORIGINS=(list, []),
@@ -756,6 +757,7 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
     SECURE_HSTS_INCLUDE_SUBDOMAINS = env("DD_SECURE_HSTS_INCLUDE_SUBDOMAINS")
 
 SESSION_EXPIRE_AT_BROWSER_CLOSE = env("DD_SESSION_EXPIRE_AT_BROWSER_CLOSE")
+SESSION_EXPIRE_WARNING = env("DD_SESSION_EXPIRE_WARNING")
 SESSION_COOKIE_AGE = env("DD_SESSION_COOKIE_AGE")
 
 # ------------------------------------------------------------------------------
@@ -858,6 +860,7 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
                 "dojo.context_processors.bind_system_settings",
                 "dojo.context_processors.bind_alert_count",
                 "dojo.context_processors.bind_announcement",
+                "dojo.context_processors.session_expiry_notification",
             ],
         },
     },

dojo/settings/settings.dist.py

@@ -1032,6 +1032,26 @@ <h3 class="no-margin-top" style="padding-bottom: 5px;">
             </div>
             <!-- /.dojo-modals-wrapper -->
 
+            <!-- Session Timeout Modal -->
+            <div class="modal fade" id="sessionTimeoutModal" tabindex="-1" role="dialog" aria-labelledby="sessionModalLabel" aria-hidden="true">
+                <div class="modal-dialog" role="document">
+                <div class="modal-content">
+                    <div class="modal-header"> 
+                    <button type="button" class="close" data-dismiss="modal" aria-label="Close">
+                        <span aria-hidden="true">&times;</span>
+                    </button>
+                    <h4 class="modal-title" id="sessionModalLabel">Session Expiring Soon</h4>
+                    </div>
+                    <div class="modal-body">
+                        Your session is about to expire due to inactivity.
+                    </div>
+                    <div class="modal-footer">
+                        <button type="button" class="btn btn-primary" data-dismiss="modal">Close</button>
+                    </div>
+                </div>
+                </div>
+            </div>
+
             <!-- #footer-wrapper -->
             <div id="footer-wrapper">
             {% block footer %}
@@ -1083,6 +1103,27 @@ <h3 class="no-margin-top" style="padding-bottom: 5px;">
                     function() { $(this).popover('show'); }, // hover
                     function() { $(this).popover('hide'); } // unhover
                 );
+                
+                {% if request.user.is_authenticated %}
+                    function session_notifcation() {
+                        var warningTime = "{{ session_notify_time|default:0|escapejs }}"; // When the warning will show
+                        var currentTime = Math.floor(Date.now() / 1000);  // Get current timestamp in seconds
+                        var timeout = warningTime - currentTime; // how many seconds until warning needs to show
+
+                        setTimeout(() => {
+                            $('#sessionTimeoutModal').modal('show');
+                        }, timeout * 1000);
+
+                    }  
+                    session_notifcation();
+                    $('#sessionTimeoutModal').on('show.bs.modal', function (event) {
+                        $(this).attr('aria-hidden', 'false');
+                    })
+                    $('#sessionTimeoutModal').on('hidden.bs.modal', function (event) {
+                        $(this).attr('aria-hidden', 'true');
+                    })
+                {% endif %}
+
                 {% if request.user.is_authenticated and not 'DISABLE_ALERT_COUNTER'|setting_enabled %}
                     function get_alerts() {
                         $('.dropdown-alerts').html('<div class="text-center"><i class="fa-solid fa-spinner fa-spin"></i></div>');

dojo/templates/base.html

@@ -32,7 +32,7 @@ Markdown==3.8
 openpyxl==3.1.5
 Pillow==11.2.1  # required by django-imagekit
 psycopg[c]==3.2.7
-cryptography==44.0.2
+cryptography==44.0.3
 python-dateutil==2.9.0.post0
 pytz==2025.1
 redis==5.2.1
@@ -69,7 +69,7 @@ django-ratelimit==4.1.0
 argon2-cffi==23.1.0
 blackduck==1.1.3
 pycurl==7.45.6  # Required for Celery Broker AWS (SQS) support
-boto3==1.38.7  # Required for Celery Broker AWS (SQS) support
+boto3==1.38.9  # Required for Celery Broker AWS (SQS) support
 netaddr==1.3.0
 vulners==2.3.6
 fontawesomefree==6.6.0

requirements.txt

@@ -76,7 +76,7 @@ select = [
    "PGH",
    "PLC01", "PLC0205", "PLC0208", "PLC0414", "PLC18", "PLC24", "PLC28", "PLC3",
    "PLE",
-   "PLR01", "PLR02", "PLR04", "PLR0915", "PLR1716", "PLR172", "PLR1733", "PLR1736", "PLR5", "PLR6104", "PLR6201",
+   "PLR01", "PLR02", "PLR04", "PLR0915", "PLR1716", "PLR172", "PLR173", "PLR2044", "PLR5", "PLR6104", "PLR6201",
    "PLW01", "PLW02", "PLW04", "PLW0602", "PLW0604", "PLW07", "PLW1", "PLW2", "PLW3",
    "TRY003", "TRY004", "TRY2", "TRY300", "TRY401",
    "PT001", "PT002", "PT003", "PT006", "PT007", "PT008", "PT01", "PT020", "PT021", "PT022", "PT023", "PT024", "PT025", "PT026", "PT028", "PT029", "PT03",