From 8d1e7da3161a865d214ceb477d31e8d2a821983f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Dec 2021 15:22:33 +0000 Subject: [PATCH 1/6] Bump djangorestframework from 3.12.4 to 3.13.1 Bumps [djangorestframework](https://github.com/encode/django-rest-framework) from 3.12.4 to 3.13.1. - [Release notes](https://github.com/encode/django-rest-framework/releases) - [Commits](https://github.com/encode/django-rest-framework/compare/3.12.4...3.13.1) --- updated-dependencies: - dependency-name: djangorestframework dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index bdb3ad7..1b77afd 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,7 +11,7 @@ django-background-tasks==1.2.5 django-compat==1.0.15 django-cors-headers==3.10.1 django-db-logger==0.1.11 -djangorestframework==3.12.4 +djangorestframework==3.13.1 google-auth==2.3.3 gunicorn==20.1.0 idna==3.3 From 86127edd1a9045c2b8e9c763ca017dac00b79725 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 10 Feb 2022 15:21:56 +0000 Subject: [PATCH 2/6] Bump django from 3.2.10 to 3.2.12 Bumps [django](https://github.com/django/django) from 3.2.10 to 3.2.12. - [Release notes](https://github.com/django/django/releases) - [Commits](https://github.com/django/django/compare/3.2.10...3.2.12) --- updated-dependencies: - dependency-name: django dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index fc2002f..8a1e439 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,7 +6,7 @@ chardet==4.0.0 charset-normalizer==2.0.9 colorama==0.4.4 dj-database-url==0.5.0 -Django==3.2.10 +Django==3.2.12 django-background-tasks==1.2.5 django-compat==1.0.15 django-cors-headers==3.10.1 From b33685720c7e1bb76a97fd13801220cf13e62731 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Mar 2022 15:27:41 +0000 Subject: [PATCH 3/6] Bump importlib-metadata from 4.8.2 to 4.11.3 Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 4.8.2 to 4.11.3. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/CHANGES.rst) - [Commits](https://github.com/python/importlib_metadata/compare/v4.8.2...v4.11.3) --- updated-dependencies: - dependency-name: importlib-metadata dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index fc2002f..d95cf88 100644 --- a/requirements.txt +++ b/requirements.txt @@ -15,7 +15,7 @@ djangorestframework==3.12.4 google-auth==2.3.3 gunicorn==20.1.0 idna==3.3 -importlib-metadata==4.8.2 +importlib-metadata==4.11.3 isort==5.10.1 jsonfield==3.1.0 lazy-object-proxy==1.6.0 From 110234d0ac8c3e0c9d4e8e1c7a864056d7a8a6d4 Mon Sep 17 00:00:00 2001 From: karthikmv Date: Sat, 9 Apr 2022 22:12:34 +0530 Subject: [PATCH 4/6] Revert "added recaptcha verification" This reverts commit 7d8fe03b1acafaa86e15389788bf63ccfea89f0b. --- CDC_Backend/APIs/companyViews.py | 5 ++--- CDC_Backend/APIs/constants.py | 1 - CDC_Backend/APIs/utils.py | 16 ---------------- CDC_Backend/CDC_Backend/settings.py | 2 -- 4 files changed, 2 insertions(+), 22 deletions(-) diff --git a/CDC_Backend/APIs/companyViews.py b/CDC_Backend/APIs/companyViews.py index c03f695..b133b81 100644 --- a/CDC_Backend/APIs/companyViews.py +++ b/CDC_Backend/APIs/companyViews.py @@ -16,15 +16,14 @@ logger = logging.getLogger('db') IS_COMPENSATION_DETAILS_PDF, ALLOWED_BRANCH, SELECTION_PROCEDURE_ROUNDS, SELECTION_PROCEDURE_DETAILS, IS_SELECTION_PROCEDURE_DETAILS_PDF, TENTATIVE_DATE_OF_JOINING, - TENTATIVE_NO_OF_OFFERS, OTHER_REQUIREMENTS, RECAPTCHA_VALUE + TENTATIVE_NO_OF_OFFERS, OTHER_REQUIREMENTS ]) def addPlacement(request): try: data = request.data files = request.FILES opening = Placement() - if not verify_recaptcha(data[RECAPTCHA_VALUE]): - raise Exception("Recaptcha Failed") + opening.id = generateRandomString() # Add a company details in the opening opening.company_name = data[COMPANY_NAME] diff --git a/CDC_Backend/APIs/constants.py b/CDC_Backend/APIs/constants.py index 0fca0ae..af96560 100644 --- a/CDC_Backend/APIs/constants.py +++ b/CDC_Backend/APIs/constants.py @@ -117,7 +117,6 @@ OTHER_REQUIREMENTS = 'other_requirements' DEADLINE_DATETIME = 'deadline_datetime' OFFER_ACCEPTED = 'offer_accepted' EMAIL_VERIFIED = 'email_verified' -RECAPTCHA_VALUE = 'recaptchakey' STUDENT_LIST = "student_list" STUDENT_ID = "student_id" diff --git a/CDC_Backend/APIs/utils.py b/CDC_Backend/APIs/utils.py index fc17705..d00e35c 100644 --- a/CDC_Backend/APIs/utils.py +++ b/CDC_Backend/APIs/utils.py @@ -19,7 +19,6 @@ from google.auth.transport import requests from google.oauth2 import id_token from rest_framework import status from rest_framework.response import Response -import requests as rq from .constants import * from .models import User, PrePlacementOffer, PlacementApplication @@ -234,18 +233,3 @@ def generateOneTimeVerificationLink(email, opening_id, opening_type): print(sys.exc_info()) logger.warning("Utils - generateOneTimeVerificationLink: " + str(sys.exc_info())) return False, "_" - -def verify_recaptcha(request): - try: - data = { - 'secret': settings.RECAPTCHA_SECRET_KEY, - 'response': request - } - r = rq.post('https://www.google.com/recaptcha/api/siteverify', data=data) - result = r.json() - # logger.info("Recaptcha Response: " + str(result)+"request: "+str(data)) - return result['success'] - except: - print(sys.exc_info()) - logger.warning("Utils - verify_recaptcha: " + str(sys.exc_info())) - return False, "_" \ No newline at end of file diff --git a/CDC_Backend/CDC_Backend/settings.py b/CDC_Backend/CDC_Backend/settings.py index c96c4d8..d524b5b 100644 --- a/CDC_Backend/CDC_Backend/settings.py +++ b/CDC_Backend/CDC_Backend/settings.py @@ -161,8 +161,6 @@ EMAIL_PORT = 587 EMAIL_HOST_USER = os.environ.get("EMAIL") # 'email here' EMAIL_HOST_PASSWORD = os.environ.get("EMAIL_PASSWORD") # 'password here' -RECAPTCHA_SECRET_KEY = os.environ.get("RECAPTCHA_SECRET_KEY") - LOGGING = { 'version': 1, 'disable_existing_loggers': False, From 67a408067267cd64edfc6c1ff4c246a11e65cb85 Mon Sep 17 00:00:00 2001 From: karthik mv Date: Sun, 10 Apr 2022 23:12:02 +0530 Subject: [PATCH 5/6] added recaptcha verification (#79) --- CDC_Backend/APIs/companyViews.py | 5 +++-- CDC_Backend/APIs/constants.py | 1 + CDC_Backend/APIs/utils.py | 16 ++++++++++++++++ CDC_Backend/CDC_Backend/settings.py | 2 ++ 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/CDC_Backend/APIs/companyViews.py b/CDC_Backend/APIs/companyViews.py index b133b81..c03f695 100644 --- a/CDC_Backend/APIs/companyViews.py +++ b/CDC_Backend/APIs/companyViews.py @@ -16,14 +16,15 @@ logger = logging.getLogger('db') IS_COMPENSATION_DETAILS_PDF, ALLOWED_BRANCH, SELECTION_PROCEDURE_ROUNDS, SELECTION_PROCEDURE_DETAILS, IS_SELECTION_PROCEDURE_DETAILS_PDF, TENTATIVE_DATE_OF_JOINING, - TENTATIVE_NO_OF_OFFERS, OTHER_REQUIREMENTS + TENTATIVE_NO_OF_OFFERS, OTHER_REQUIREMENTS, RECAPTCHA_VALUE ]) def addPlacement(request): try: data = request.data files = request.FILES opening = Placement() - + if not verify_recaptcha(data[RECAPTCHA_VALUE]): + raise Exception("Recaptcha Failed") opening.id = generateRandomString() # Add a company details in the opening opening.company_name = data[COMPANY_NAME] diff --git a/CDC_Backend/APIs/constants.py b/CDC_Backend/APIs/constants.py index af96560..0fca0ae 100644 --- a/CDC_Backend/APIs/constants.py +++ b/CDC_Backend/APIs/constants.py @@ -117,6 +117,7 @@ OTHER_REQUIREMENTS = 'other_requirements' DEADLINE_DATETIME = 'deadline_datetime' OFFER_ACCEPTED = 'offer_accepted' EMAIL_VERIFIED = 'email_verified' +RECAPTCHA_VALUE = 'recaptchakey' STUDENT_LIST = "student_list" STUDENT_ID = "student_id" diff --git a/CDC_Backend/APIs/utils.py b/CDC_Backend/APIs/utils.py index d00e35c..fc17705 100644 --- a/CDC_Backend/APIs/utils.py +++ b/CDC_Backend/APIs/utils.py @@ -19,6 +19,7 @@ from google.auth.transport import requests from google.oauth2 import id_token from rest_framework import status from rest_framework.response import Response +import requests as rq from .constants import * from .models import User, PrePlacementOffer, PlacementApplication @@ -233,3 +234,18 @@ def generateOneTimeVerificationLink(email, opening_id, opening_type): print(sys.exc_info()) logger.warning("Utils - generateOneTimeVerificationLink: " + str(sys.exc_info())) return False, "_" + +def verify_recaptcha(request): + try: + data = { + 'secret': settings.RECAPTCHA_SECRET_KEY, + 'response': request + } + r = rq.post('https://www.google.com/recaptcha/api/siteverify', data=data) + result = r.json() + # logger.info("Recaptcha Response: " + str(result)+"request: "+str(data)) + return result['success'] + except: + print(sys.exc_info()) + logger.warning("Utils - verify_recaptcha: " + str(sys.exc_info())) + return False, "_" \ No newline at end of file diff --git a/CDC_Backend/CDC_Backend/settings.py b/CDC_Backend/CDC_Backend/settings.py index d524b5b..c96c4d8 100644 --- a/CDC_Backend/CDC_Backend/settings.py +++ b/CDC_Backend/CDC_Backend/settings.py @@ -161,6 +161,8 @@ EMAIL_PORT = 587 EMAIL_HOST_USER = os.environ.get("EMAIL") # 'email here' EMAIL_HOST_PASSWORD = os.environ.get("EMAIL_PASSWORD") # 'password here' +RECAPTCHA_SECRET_KEY = os.environ.get("RECAPTCHA_SECRET_KEY") + LOGGING = { 'version': 1, 'disable_existing_loggers': False, From 63ddbe8ce85a494a9c3646a232257dd0bea768d1 Mon Sep 17 00:00:00 2001 From: Gowtham Sai <66207607+gowtham3105@users.noreply.github.com> Date: Sun, 10 Apr 2022 23:13:21 +0530 Subject: [PATCH 6/6] Delete codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 71 --------------------------- 1 file changed, 71 deletions(-) delete mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 9f38583..0000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,71 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -on: - push: - branches: [ main ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ main ] - schedule: - - cron: '29 15 * * 1' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'python' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more: - # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1