Merge branch 'dev' into fix/dependency-track-unique-id-from-tool

Author: valentijnscholten

.github/workflows/gh-pages.yml

@@ -24,7 +24,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
-          node-version: '24.13.1' # TODO: Renovate helper might not be needed here - needs to be fully tested
+          node-version: '24.14.0' # TODO: Renovate helper might not be needed here - needs to be fully tested
 
       - name: Cache dependencies
         uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3

.github/workflows/validate_docs_build.yml

@@ -19,7 +19,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
-          node-version: '24.13.1' # TODO: Renovate helper might not be needed here - needs to be fully tested
+          node-version: '24.14.0' # TODO: Renovate helper might not be needed here - needs to be fully tested
 
       - name: Cache dependencies
         uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3

Dockerfile.django-debian

@@ -5,7 +5,7 @@
 # Dockerfile.nginx to use the caching mechanism of Docker.
 
 # Ref: https://devguide.python.org/#branchstatus
-FROM python:3.13.12-slim-trixie@sha256:3de9a8d7aedbb7984dc18f2dff178a7850f16c1ae7c34ba9d7ecc23d0755e35f AS base
+FROM python:3.13.12-slim-trixie@sha256:f50f56f1471fc430b394ee75fc826be2d212e35d85ed1171ac79abbba485dce9 AS base
 FROM base AS build
 WORKDIR /app
 RUN \

Dockerfile.integration-tests-debian

@@ -3,7 +3,7 @@
 
 FROM openapitools/openapi-generator-cli:v7.20.0@sha256:fa4add01856e44becf70674164df354d61bd37ba0f444d27be949801e013921b AS openapitools
 # currently only supports x64, no arm yet due to chrome and selenium dependencies
-FROM python:3.13.12-slim-trixie@sha256:3de9a8d7aedbb7984dc18f2dff178a7850f16c1ae7c34ba9d7ecc23d0755e35f AS build
+FROM python:3.13.12-slim-trixie@sha256:f50f56f1471fc430b394ee75fc826be2d212e35d85ed1171ac79abbba485dce9 AS build
 WORKDIR /app
 RUN \
   apt-get -y update && \

components/package.json

@@ -33,7 +33,7 @@
     "metismenu": "~3.0.7",
     "moment": "^2.30.1",
     "morris.js": "morrisjs/morris.js",
-    "pdfmake": "^0.3.4",
+    "pdfmake": "^0.3.5",
     "startbootstrap-sb-admin-2": "1.0.7"
   },
   "engines": {

components/yarn.lock

@@ -385,10 +385,10 @@ pdfkit@^0.17.2:
     linebreak "^1.1.0"
     png-js "^1.0.0"
 
-pdfmake@^0.3.4:
-  version "0.3.4"
-  resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.3.4.tgz#3448ca1434396275dce8f49202e761fefad781eb"
-  integrity sha512-zbGBox6pgNeGdG7tlLVBbQJlYIlTHtXo5q8+dNhCb2O0Q2+Nc5bcpsgNzbzqfzlcJ0gX9f+ZBv1z4FuJjUHwVA==
+pdfmake@^0.3.5:
+  version "0.3.5"
+  resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.3.5.tgz#74ebca563b3fd5bf8a50104bc702e42dd63ffae5"
+  integrity sha512-DR7jRrK4lk7UiRT6pi+NeWhW1ToTsL2Y8CH+bFKNYz3M7agIVgeCtwARveEORhCAqoG3AUDrN318xU/lkOr1Bg==
   dependencies:
     linebreak "^1.1.0"
     pdfkit "^0.17.2"

dojo/benchmark/views.py

@@ -46,6 +46,8 @@ def update_benchmark(request, pid, _type):
         field = request.POST.get("field")
         value = request.POST.get("value")
         value = {"true": True, "false": False}.get(value, value)
+        product = get_object_or_404(Product, id=pid)
+        bench = get_object_or_404(Benchmark_Product.objects.filter(product=product), id=bench_id)
 
         if field in {
             "enabled",
@@ -54,7 +56,6 @@ def update_benchmark(request, pid, _type):
             "get_notes",
             "delete_notes",
         }:
-            bench = Benchmark_Product.objects.get(id=bench_id)
             if field == "enabled":
                 bench.enabled = value
             elif field == "pass_fail":
@@ -90,21 +91,22 @@ def update_benchmark(request, pid, _type):
 @user_is_authorized(Product, Permissions.Benchmark_Edit, "pid")
 def update_benchmark_summary(request, pid, _type, summary):
     if request.method == "POST":
+        product = get_object_or_404(Product, id=pid)
+        benchmark_summary = get_object_or_404(Benchmark_Product_Summary.objects.filter(product=product), id=summary)
         field = request.POST.get("field")
         value = request.POST.get("value")
         value = {"true": True, "false": False}.get(value, value)
 
         if field in {"publish", "desired_level"}:
-            summary = Benchmark_Product_Summary.objects.get(id=summary)
             data = {}
             if field == "publish":
-                summary.publish = value
+                benchmark_summary.publish = value
                 data = {"publish": value}
             elif field == "desired_level":
-                summary.desired_level = value
-                data = {"desired_level": value, "text": asvs_level(summary)}
+                benchmark_summary.desired_level = value
+                data = {"desired_level": value, "text": asvs_level(benchmark_summary)}
 
-            summary.save()
+            benchmark_summary.save()
             return JsonResponse(data)
 
     return redirect_to_return_url_or_else(
@@ -290,9 +292,9 @@ def benchmark_view(request, pid, benchmark_type, cat=None):
 @user_is_authorized(Product, Permissions.Benchmark_Delete, "pid")
 def delete(request, pid, benchmark_type):
     product = get_object_or_404(Product, id=pid)
-    benchmark_product_summary = Benchmark_Product_Summary.objects.filter(
-        product=product, benchmark_type=benchmark_type,
-    ).first()
+    benchmark_product_summary = get_object_or_404(
+        Benchmark_Product_Summary.objects.filter(product=product), benchmark_type=benchmark_type,
+    )
     form = DeleteBenchmarkForm(instance=benchmark_product_summary)
 
     if request.method == "POST":

dojo/engagement/views.py

@@ -1377,7 +1377,7 @@ def edit_risk_acceptance(request, eid, raid):
 # will only be called by view_risk_acceptance and edit_risk_acceptance
 def view_edit_risk_acceptance(request, eid, raid, *, edit_mode=False):
     risk_acceptance = get_object_or_404(Risk_Acceptance, pk=raid)
-    eng = get_object_or_404(Engagement, pk=eid)
+    eng = get_object_or_404(Engagement.objects.filter(risk_acceptance=risk_acceptance), pk=eid)
 
     if edit_mode and not eng.product.enable_full_risk_acceptance:
         raise PermissionDenied
@@ -1538,7 +1538,7 @@ def view_edit_risk_acceptance(request, eid, raid, *, edit_mode=False):
 def expire_risk_acceptance(request, eid, raid):
     risk_acceptance = get_object_or_404(prefetch_for_expiration(Risk_Acceptance.objects.all()), pk=raid)
     # Validate the engagement ID exists before moving forward
-    get_object_or_404(Engagement, pk=eid)
+    get_object_or_404(Engagement.objects.filter(risk_acceptance=risk_acceptance), pk=eid)
 
     ra_helper.expire_now(risk_acceptance)
 
@@ -1548,8 +1548,7 @@ def expire_risk_acceptance(request, eid, raid):
 @user_is_authorized(Engagement, Permissions.Risk_Acceptance, "eid")
 def reinstate_risk_acceptance(request, eid, raid):
     risk_acceptance = get_object_or_404(prefetch_for_expiration(Risk_Acceptance.objects.all()), pk=raid)
-    eng = get_object_or_404(Engagement, pk=eid)
-
+    eng = get_object_or_404(Engagement.objects.filter(risk_acceptance=risk_acceptance), pk=eid)
     if not eng.product.enable_full_risk_acceptance:
         raise PermissionDenied
 
@@ -1561,8 +1560,7 @@ def reinstate_risk_acceptance(request, eid, raid):
 @user_is_authorized(Engagement, Permissions.Risk_Acceptance, "eid")
 def delete_risk_acceptance(request, eid, raid):
     risk_acceptance = get_object_or_404(Risk_Acceptance, pk=raid)
-    eng = get_object_or_404(Engagement, pk=eid)
-
+    eng = get_object_or_404(Engagement.objects.filter(risk_acceptance=risk_acceptance), pk=eid)
     ra_helper.delete(eng, risk_acceptance)
 
     messages.add_message(