Merge branch 'white/staging' into white/master

Author: Diego Nadares

.gitignore

@@ -92,3 +92,6 @@ result
 
 # Pytest config for local testing
 pytest.ini
+
+# venv
+venv

CHANGELOG/5.16.0/community.md

@@ -0,0 +1,9 @@
+ * [FIX] Fixed scope of a workspace being deleted on patch. #7945
+ * [ADD] Implemented 'range' operator for date fields in filters. #7990
+ * [ADD] Added severity range filtering for agent execution, scheduling and import. #7928
+ * [FIX] Fixed issue with workspace scope not being correctly populated in the filter endpoint. #7987
+ * [ADD] Add CVSS4 support for vuln template. #8000
+ * [ADD] Added `last_detected` field to the Vulnerability model to track the most recent detection timestamp. #7936
+ * [FIX] Fix randomly failing test in credentials. #8010
+ * [FIX] Fixed Agents endpoint not supporting filters. #7798
+ * [MOD] removed obsolete vulners endpoint. #7864

CHANGELOG/5.16.0/date.md

@@ -0,0 +1 @@
+Aug 27th, 2025

RELEASE.md

@@ -1,6 +1,18 @@
 New features in the latest update
 =====================================
 
+5.16.0 [Aug 27th, 2025]:
+---
+ * [ADD] Implemented `range` operator for date fields in filters. #7990
+ * [ADD] Added severity range filtering for agent execution, scheduling and import. #7928
+ * [ADD] Added CVSS4 support for vuln template. #8000
+ * [ADD] Added `last_detected` field to the Vulnerability model to track the most recent detection timestamp. #7936
+ * [MOD] Removed obsolete `vulners` endpoint. #7864
+ * [FIX] Fixed randomly failing test in credentials. #8010
+ * [FIX] Fixed `Agents` endpoint not supporting filters. #7798
+ * [FIX] Fixed issue with workspace scope not being correctly populated in the filter endpoint. #7987
+ * [FIX] Fixed scope of a workspace being deleted on patch. #7945
+
 5.15.3 [Jul 30th, 2025]:
 ---
  * [FIX] Fixed roles permissions. #8004

faraday/__init__.py

@@ -4,4 +4,4 @@
 See the file 'doc/LICENSE' for the license information
 """
 
-__version__ = '5.15.3'
+__version__ = '5.16.0'

faraday/migrations/versions/000918b77c25_add_jira_scope.py

@@ -0,0 +1,42 @@
+"""add jira scope
+
+Revision ID: 000918b77c25
+Revises: 2ee8b7eb119f
+Create Date: 2025-03-27 13:08:56.838630+00:00
+
+"""
+from alembic import op
+from faraday.server.models import UserToken
+
+# revision identifiers, used by Alembic.
+revision = '000918b77c25'
+down_revision = '2ee8b7eb119f'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    with op.get_context().autocommit_block():
+        op.execute("ALTER TYPE token_scopes ADD VALUE IF NOT EXISTS 'jira'")
+
+
+def downgrade():
+    op.execute("DELETE FROM user_token WHERE scope = 'jira'")
+
+    scopes = [scope for scope in UserToken.SCOPES if scope != UserToken.JIRA_SCOPE]
+
+    scopes_str = ', '.join(f"'{scope}'" for scope in scopes)
+
+    op.execute(f"CREATE TYPE token_scopes_tmp AS ENUM({scopes_str})")
+
+    # Step 2: Alter the table to use the new enum type
+    op.execute("""
+                    ALTER TABLE user_token
+                    ALTER COLUMN scope
+                    SET DATA TYPE token_scopes_tmp
+                    USING scope::text::token_scopes_tmp
+                """)
+
+    op.execute("DROP TYPE token_scopes")
+
+    op.execute("ALTER TYPE token_scopes_tmp RENAME TO token_scopes")

faraday/migrations/versions/2063ac75ffb1_workspace_summary_report.py

@@ -0,0 +1,50 @@
+"""workspace summary report
+
+Revision ID: 2063ac75ffb1
+Revises: 8884e7d3681e
+Create Date: 2025-05-22 19:58:33.565693+00:00
+
+"""
+from alembic import op
+import sqlalchemy as sa
+from faraday.server.fields import JSONType
+
+# revision identifiers, used by Alembic.
+revision = '2063ac75ffb1'
+down_revision = '8884e7d3681e'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.create_table('workspace_summary_report',
+    sa.Column('create_date', sa.DateTime(), nullable=True),
+    sa.Column('update_date', sa.DateTime(), nullable=True),
+    sa.Column('id', sa.Integer(), nullable=False),
+    sa.Column('user_id', sa.Integer(), nullable=False),
+    sa.Column('workspace_id', sa.Integer(), nullable=False),
+    sa.Column('recipients', JSONType(), nullable=False),
+    sa.Column(
+        'summary_period_type',
+        sa.Enum('daily', 'weekly', 'monthly', 'yearly', name='summary_period_types'),
+        default='weekly',
+        nullable=False,
+    ),
+    sa.Column('creator_id', sa.Integer(), nullable=True),
+    sa.Column('update_user_id', sa.Integer(), nullable=True),
+    sa.ForeignKeyConstraint(['creator_id'], ['faraday_user.id'], ondelete='SET NULL'),
+    sa.ForeignKeyConstraint(['update_user_id'], ['faraday_user.id'], ondelete='SET NULL'),
+    sa.ForeignKeyConstraint(['user_id'], ['faraday_user.id'], ondelete='CASCADE'),
+    sa.ForeignKeyConstraint(['workspace_id'], ['workspace.id'], ondelete='CASCADE'),
+    sa.PrimaryKeyConstraint('id'),
+    sa.UniqueConstraint('creator_id', 'workspace_id', name='uix_workspace_summary_report_creator_workspace')
+    )
+    op.create_index(op.f('ix_workspace_summary_report_workspace_id'), 'workspace_summary_report', ['workspace_id'], unique=False)
+    op.create_index(op.f('ix_workspace_summary_report_user_id'), 'workspace_summary_report', ['user_id'], unique=False)
+
+
+def downgrade():
+    op.drop_index(op.f('ix_workspace_summary_report_user_id'), table_name='workspace_summary_report')
+    op.drop_index(op.f('ix_workspace_summary_report_workspace_id'), table_name='workspace_summary_report')
+    op.drop_table('workspace_summary_report')
+    op.execute("DROP TYPE summary_period_types")

faraday/migrations/versions/2ee8b7eb119f_ws_sum_reports_permissions.py

@@ -0,0 +1,104 @@
+"""ws_sum_reports permissions
+
+Revision ID: 2ee8b7eb119f
+Revises: 2063ac75ffb1
+Create Date: 2025-05-30 16:22:47.068338+00:00
+
+"""
+from alembic import op
+
+from faraday.server.models import PermissionsUnitAction, Role
+from faraday.server.utils.permissions import GROUP_WS_SUM_REPORTS, UNIT_WS_SUM_REPORTS
+
+CREATE = PermissionsUnitAction.CREATE_ACTION
+READ = PermissionsUnitAction.READ_ACTION
+UPDATE = PermissionsUnitAction.UPDATE_ACTION
+DELETE = PermissionsUnitAction.DELETE_ACTION
+ACTIONS = [CREATE, READ, UPDATE, DELETE]
+
+
+# revision identifiers, used by Alembic.
+revision = '2ee8b7eb119f'
+down_revision = '2063ac75ffb1'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.execute(
+        "SELECT setval('permissions_group_id_seq', (SELECT MAX(id) FROM permissions_group));"
+    )
+
+    op.execute(
+        "SELECT setval('permissions_unit_id_seq', (SELECT MAX(id) FROM permissions_unit));"
+    )
+
+    op.execute(
+        "SELECT setval('permissions_unit_action_id_seq', (SELECT MAX(id) FROM permissions_unit_action));"
+    )
+
+    op.execute(f"INSERT INTO permissions_group (name) VALUES ('{GROUP_WS_SUM_REPORTS}');")  # nosec B608
+
+    result = op.get_bind().execute(
+        f"SELECT id FROM permissions_group WHERE name = '{GROUP_WS_SUM_REPORTS}';"  # nosec B608
+    )
+    group_id = result.scalar()
+
+    op.execute(
+        f"INSERT INTO permissions_unit (name, permissions_group_id) VALUES ('{UNIT_WS_SUM_REPORTS}', {group_id});"  # nosec B608
+    )
+
+    result = op.get_bind().execute(
+        f"SELECT id FROM permissions_unit WHERE name = '{UNIT_WS_SUM_REPORTS}';"  # nosec B608
+    )
+    unit_id = result.scalar()
+
+    op.execute(
+        f"INSERT INTO permissions_unit_action (action_type, permissions_unit_id) VALUES "
+        f"('{CREATE}', {unit_id}), ('{READ}', {unit_id}), ('{UPDATE}', {unit_id}), ('{DELETE}', {unit_id});"  # nosec B608
+    )
+
+    permisison_unit_action_ids = []
+    for action in ACTIONS:
+        result = op.get_bind().execute(
+            f"SELECT id FROM permissions_unit_action WHERE action_type = '{action}' AND permissions_unit_id = {unit_id};"  # nosec B608
+        )
+        permisison_unit_action_ids.append(result.scalar())
+
+    roles = Role.query.all()
+    for action_id in permisison_unit_action_ids:
+        for role in roles:
+            op.execute(
+                f"INSERT INTO role_permission (unit_action_id, role_id, allowed) VALUES ({action_id}, {role.id}, true);"  # nosec B608
+            )
+
+
+def downgrade():
+    result = op.get_bind().execute(
+        f"SELECT id FROM permissions_unit WHERE name = '{UNIT_WS_SUM_REPORTS}';"  # nosec B608
+    )
+    unit_id = result.scalar()
+
+    permisison_unit_action_ids = []
+    for action in ACTIONS:
+        result = op.get_bind().execute(
+            f"SELECT id FROM permissions_unit_action WHERE action_type = '{action}' AND permissions_unit_id = {unit_id};"  # nosec B608
+        )
+        permisison_unit_action_ids.append(result.scalar())
+
+    for action_id in permisison_unit_action_ids:
+        op.execute(
+            f"DELETE FROM role_permission WHERE unit_action_id = {action_id};"  # nosec B608
+        )
+
+    op.execute(
+        f"DELETE FROM permissions_unit_action WHERE permissions_unit_id = (SELECT id FROM permissions_unit WHERE name = '{UNIT_WS_SUM_REPORTS}');"  # nosec B608
+    )
+
+    op.execute(
+        f"DELETE FROM permissions_unit WHERE id = {unit_id};"  # nosec B608
+    )
+
+    op.execute(
+        f"DELETE FROM permissions_group WHERE name = '{GROUP_WS_SUM_REPORTS}';"  # nosec B608
+    )

faraday/migrations/versions/5f1d2027ec67_add_severity_range.py

@@ -0,0 +1,31 @@
+"""add severity range
+
+Revision ID: 5f1d2027ec67
+Revises: e4c1903496cb
+Create Date: 2025-05-13 15:45:25.683218+00:00
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '5f1d2027ec67'
+down_revision = 'e4c1903496cb'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # Create enum type for severity levels
+    conn = op.get_bind()
+    conn.execute("CREATE TYPE scheduler_severities AS ENUM ('UNCLASSIFIED', 'INFO', 'LOW', 'MED', 'HIGH', 'CRITICAL')")
+    op.add_column('agent_schedule', sa.Column('min_severity', sa.Enum('UNCLASSIFIED', 'INFO', 'LOW', 'MED', 'HIGH', 'CRITICAL', name='scheduler_severities', create_type=False), nullable=True))
+    op.add_column('agent_schedule', sa.Column('max_severity', sa.Enum('UNCLASSIFIED', 'INFO', 'LOW', 'MED', 'HIGH', 'CRITICAL', name='scheduler_severities', create_type=False), nullable=True))
+
+
+def downgrade():
+    op.drop_column('agent_schedule', 'max_severity')
+    op.drop_column('agent_schedule', 'min_severity')
+    conn = op.get_bind()
+    conn.execute("DROP TYPE scheduler_severities")

faraday/migrations/versions/8884e7d3681e_vulnerability_last_detected.py

@@ -0,0 +1,23 @@
+"""vulnerability last_detected
+
+Revision ID: 8884e7d3681e
+Revises: 5f1d2027ec67
+Create Date: 2025-05-09 15:57:14.610228+00:00
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+# revision identifiers, used by Alembic.
+revision = '8884e7d3681e'
+down_revision = '5f1d2027ec67'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.add_column('vulnerability', sa.Column('last_detected', sa.DateTime(), nullable=True))
+
+
+def downgrade():
+    op.drop_column('vulnerability', 'last_detected')