stackabletech
diff --git a/‎.github/workflows/build_push_dev.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/build_push_dev.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/build_push_release.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/build_push_release.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/scorecard.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/scorecard.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎backend/application/access_control/api/serializers.py‎
Lines changed: 5 additions & 0 deletions b/‎backend/application/access_control/api/serializers.py‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎backend/application/access_control/api/views.py‎
Lines changed: 3 additions & 2 deletions b/‎backend/application/access_control/api/views.py‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎backend/application/core/api/serializers_observation.py‎
Lines changed: 6 additions & 2 deletions b/‎backend/application/core/api/serializers_observation.py‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎backend/application/core/api/serializers_product.py‎
Lines changed: 25 additions & 18 deletions b/‎backend/application/core/api/serializers_product.py‎
Lines changed: 25 additions & 18 deletions
diff --git a/‎backend/application/core/migrations/0063_observation_origin_source_file_link.py‎
Lines changed: 18 additions & 0 deletions b/‎backend/application/core/migrations/0063_observation_origin_source_file_link.py‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎backend/application/core/models.py‎
Lines changed: 2 additions & 0 deletions b/‎backend/application/core/models.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎backend/application/core/services/observation.py‎
Lines changed: 4 additions & 0 deletions b/‎backend/application/core/services/observation.py‎
Lines changed: 4 additions & 0 deletions
@@ -37,7 +37,7 @@ jobs:
       -
         name: Build and push backend
         id: build-and-push-backend
-        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           context: .
           file: ./docker/backend/prod/django/Dockerfile
@@ -78,7 +78,7 @@ jobs:
       -
         name: Build and push frontend
         id: build-and-push-frontend
-        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           context: .
           file: ./docker/frontend/prod/Dockerfile
 
@@ -36,7 +36,7 @@ jobs:
         run: echo "CREATED=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV
       -
         name: Build and push backend
-        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           context: .
           file: ./docker/backend/prod/django/Dockerfile
@@ -74,7 +74,7 @@ jobs:
         run: echo "CREATED=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV
       -
         name: Build and push frontend
-        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           context: .
           file: ./docker/frontend/prod/Dockerfile
 
@@ -37,7 +37,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
         with:
           results_file: results.sarif
           results_format: sarif
 
@@ -232,6 +232,11 @@ def validate(self, attrs: dict) -> dict:
             raise ValidationError("Authorization group and user cannot be changed")
 
         if self.instance is None:
+            if data_authorization_group is None:
+                raise ValidationError("Authorization group is required")
+            if data_user is None:
+                raise ValidationError("User is required")
+
             authorization_group_member = get_authorization_group_member(data_authorization_group, data_user)
             if authorization_group_member:
                 raise ValidationError(
 
@@ -211,8 +211,9 @@ def password_rules(self, request: Request) -> Response:
         class PasswordRules:
             password_rules: str
 
-        password_rules_text = password_validators_help_texts(self._get_password_validators())
-        password_rules = PasswordRules("- " + "\n- ".join(password_rules_text))
+        password_rules_list = password_validators_help_texts(self._get_password_validators())
+        password_rules_list = list(map(lambda s: s.replace("Your password", "The password"), password_rules_list))
+        password_rules = PasswordRules("- " + "\n- ".join(password_rules_list))
         response_serializer = UserPasswortRulesSerializer(password_rules)
         return Response(response_serializer.data, status=status.HTTP_200_OK)
 
 
@@ -100,7 +100,7 @@ class ObservationSerializer(ModelSerializer):
 
     class Meta:
         model = Observation
-        exclude = ["numerical_severity", "issue_tracker_jira_initial_status"]
+        exclude = ["numerical_severity", "issue_tracker_jira_initial_status", "origin_source_file_link"]
 
     def to_representation(self, instance: Observation) -> dict:
         response = super().to_representation(instance)
@@ -174,6 +174,7 @@ class Meta:
             "numerical_severity",
             "issue_tracker_jira_initial_status",
             "origin_component_dependencies",
+            "origin_source_file_link",
         ]
 
     def get_branch_name(self, observation: Observation) -> str:
@@ -208,6 +209,9 @@ def get_cve_found_in(self, observation: Observation) -> list[dict[str, str]]:
 def _get_origin_source_file_url(observation: Observation) -> Optional[str]:
     origin_source_file_url = None
 
+    if observation.origin_source_file_link:
+        return observation.origin_source_file_link
+
     if observation.product.repository_prefix and observation.origin_source_file:
         if not validators.url(observation.product.repository_prefix):
             return None
@@ -567,7 +571,7 @@ class NestedObservationSerializer(ModelSerializer):
 
     class Meta:
         model = Observation
-        exclude = ["numerical_severity", "issue_tracker_jira_initial_status"]
+        exclude = ["numerical_severity", "issue_tracker_jira_initial_status", "origin_source_file_link"]
 
     def get_scanner_name(self, observation: Observation) -> str:
         return get_scanner_name(observation)
 
@@ -460,21 +460,26 @@ def validate(self, attrs: dict) -> dict:
         data_product: Optional[Product] = attrs.get("product")
         data_user = attrs.get("user")
 
-        if self.instance is not None and (
-            (data_product and data_product != self.instance.product) or (data_user and data_user != self.instance.user)
-        ):
-            raise ValidationError("Product and user cannot be changed")
+        current_user = get_current_user()
 
         if self.instance is None:
+            if data_product is None:
+                raise ValidationError("Product must be set")
+            if data_user is None:
+                raise ValidationError("User must be set")
+
             product_member = get_product_member(data_product, data_user)
             if product_member:
                 raise ValidationError(f"Product member {data_product} / {data_user} already exists")
 
-        current_user = get_current_user()
-        if self.instance is not None:
-            highest_user_role = get_highest_user_role(self.instance.product, current_user)
-        else:
             highest_user_role = get_highest_user_role(data_product, current_user)
+        else:
+            if (data_product and data_product != self.instance.product) or (
+                data_user and data_user != self.instance.user
+            ):
+                raise ValidationError("Product and user cannot be changed")
+
+            highest_user_role = get_highest_user_role(self.instance.product, current_user)
 
         if highest_user_role != Roles.Owner and not (current_user and current_user.is_superuser):
             if attrs.get("role") == Roles.Owner:
@@ -498,26 +503,28 @@ def validate(self, attrs: dict) -> dict:
         data_product: Optional[Product] = attrs.get("product")
         data_authorization_group = attrs.get("authorization_group")
 
-        if self.instance is not None and (
-            (data_product and data_product != self.instance.product)
-            or (data_authorization_group and data_authorization_group != self.instance.authorization_group)
-        ):
-            raise ValidationError("Product and authorization group cannot be changed")
+        current_user = get_current_user()
 
         if self.instance is None:
+            if data_product is None:
+                raise ValidationError("Product must be set")
+            if data_authorization_group is None:
+                raise ValidationError("Authorization group must be set")
+
             product_authorization_group_member = get_product_authorization_group_member(
                 data_product, data_authorization_group
             )
             if product_authorization_group_member:
                 raise ValidationError(
                     f"Product authorization group member {data_product} / {data_authorization_group} already exists"
                 )
-
-        current_user = get_current_user()
-        if self.instance is not None:
-            highest_user_role = get_highest_user_role(self.instance.product, current_user)
-        else:
             highest_user_role = get_highest_user_role(data_product, current_user)
+        else:
+            if (data_product and data_product != self.instance.product) or (
+                data_authorization_group and data_authorization_group != self.instance.authorization_group
+            ):
+                raise ValidationError("Product and authorization group cannot be changed")
+            highest_user_role = get_highest_user_role(self.instance.product, current_user)
 
         if highest_user_role != Roles.Owner and not (current_user and current_user.is_superuser):
             if attrs.get("role") == Roles.Owner:
 
@@ -0,0 +1,18 @@
+# Generated by Django 5.2.1 on 2025-05-26 20:07
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("core", "0062_alter_branch_osv_linux_distribution_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="observation",
+            name="origin_source_file_link",
+            field=models.CharField(blank=True, max_length=2048),
+        ),
+    ]
@@ -461,6 +461,8 @@ class Observation(Model):
     origin_source_line_start = IntegerField(null=True, validators=[MinValueValidator(0), MaxValueValidator(999999)])
     origin_source_line_end = IntegerField(null=True, validators=[MinValueValidator(0), MaxValueValidator(999999)])
 
+    origin_source_file_link = CharField(max_length=2048, blank=True)
+
     origin_cloud_provider = CharField(max_length=255, blank=True)
     origin_cloud_account_subscription_project = CharField(max_length=255, blank=True)
     origin_cloud_resource = CharField(max_length=255, blank=True)
 
@@ -42,6 +42,8 @@ def _get_string_to_hash(observation: Observation) -> str:  # pylint: disable=too
         hash_string += str(observation.origin_source_line_start)
     if observation.origin_source_line_end:
         hash_string += str(observation.origin_source_line_end)
+    if observation.origin_source_file_link:
+        hash_string += observation.origin_source_file_link
 
     if observation.origin_cloud_provider:
         hash_string += observation.origin_cloud_provider
@@ -178,6 +180,8 @@ def normalize_observation_fields(observation: Observation) -> None:
         observation.origin_service_name = ""
     if observation.origin_source_file is None:
         observation.origin_source_file = ""
+    if observation.origin_source_file_link is None:
+        observation.origin_source_file_link = ""
     if observation.scanner is None:
         observation.scanner = ""
     if observation.api_configuration_name is None: