Merge branch 'main' into copilot/add-peer-review-check-action

Author: DonnieBLT

.github/workflows/add-files-changed-label.yml

@@ -19,7 +19,7 @@ jobs:
     steps:
       - name: Add Files Changed Label
         env:
-          GITHUB_TOKEN: ${{ secrets.CUSTOM_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
           REPO_OWNER: ${{ github.repository_owner }}
           REPO_NAME: ${{ github.event.repository.name }}
@@ -42,9 +42,10 @@ jobs:
             -H "Accept: application/vnd.github.v3+json" \
             "https://api.github.com/repos/$REPO_OWNER/$REPO_NAME/pulls/$PR_NUMBER/files")
           
-          # Check if the API request was successful
-          if [[ "$FILES_API_RESPONSE" == *"message"*"Not Found"* ]] || [[ "$FILES_API_RESPONSE" == *"Resource not accessible by integration"* ]]; then
-            echo "Error: Could not fetch PR files. Response: $FILES_API_RESPONSE"
+          # Check if the API request was successful by verifying it's a valid array
+          if ! echo "$FILES_API_RESPONSE" | jq -e 'type == "array"' > /dev/null 2>&1; then
+            echo "Error: Could not fetch PR files. The API response was not a valid array."
+            echo "This could indicate an authentication issue or the PR may not exist."
             exit 1
           fi
           
@@ -88,7 +89,9 @@ jobs:
           if echo "$ALL_LABELS_RESPONSE" | jq -e 'type == "array"' > /dev/null 2>&1; then
             ALL_REPO_LABELS=$(echo "$ALL_LABELS_RESPONSE" | jq -r '.[].name')
           else
-            echo "Error: Failed to fetch repository labels. Response: $ALL_LABELS_RESPONSE"
+            ERROR_MSG=$(echo "$ALL_LABELS_RESPONSE" | jq -r '.message // empty' 2>/dev/null || echo "Invalid response")
+            ERROR_MSG="${ERROR_MSG:-Invalid response}"
+            echo "Error: Failed to fetch repository labels. Error: $ERROR_MSG"
             exit 1
           fi
           
@@ -101,17 +104,20 @@ jobs:
               "https://api.github.com/repos/$REPO_OWNER/$REPO_NAME/labels" \
               -d "{\"name\":\"$LABEL\",\"color\":\"$LABEL_COLOR\",\"description\":\"$DESCRIPTION\"}")
             
-            # Check if label creation was successful
-            if [[ "$CREATE_LABEL_RESPONSE" == *"message"* ]]; then
-              echo "Warning: There might be an issue creating the label. Response: $CREATE_LABEL_RESPONSE"
+            # Check if label creation was successful (successful response has "name" field)
+            if echo "$CREATE_LABEL_RESPONSE" | jq -e 'has("name")' > /dev/null 2>&1; then
+              echo "Label '$LABEL' created successfully."
+            else
+              ERROR_MSG=$(echo "$CREATE_LABEL_RESPONSE" | jq -r '.message // empty' 2>/dev/null || echo "Invalid response")
+              ERROR_MSG="${ERROR_MSG:-Invalid response}"
+              echo "Warning: There might be an issue creating the label. Error: $ERROR_MSG"
               
               # Provide more detailed guidance for permission errors
-              if [[ "$CREATE_LABEL_RESPONSE" == *"Resource not accessible by integration"* ]]; then
+              if [[ "$ERROR_MSG" == *"Resource not accessible by integration"* ]]; then
                 echo "This appears to be a permissions issue with creating labels."
-                echo "Please check the .github/README.md file for instructions on setting up a CUSTOM_GITHUB_TOKEN with proper permissions."
+                echo "The workflow has been configured with appropriate permissions (pull-requests: write, issues: write)."
+                echo "If this error persists, please check the repository settings."
               fi
-            else
-              echo "Label '$LABEL' created successfully."
             fi
           else
             echo "Label '$LABEL' already exists in the repository."
@@ -128,7 +134,9 @@ jobs:
           if echo "$PR_LABELS_RESPONSE" | jq -e 'type == "array"' > /dev/null 2>&1; then
             EXISTING_LABELS=$(echo "$PR_LABELS_RESPONSE" | jq -r '.[].name')
           else
-            echo "Error: Failed to fetch PR labels. Response: $PR_LABELS_RESPONSE"
+            ERROR_MSG=$(echo "$PR_LABELS_RESPONSE" | jq -r '.message // empty' 2>/dev/null || echo "Invalid response")
+            ERROR_MSG="${ERROR_MSG:-Invalid response}"
+            echo "Error: Failed to fetch PR labels. Error: $ERROR_MSG"
             exit 1
           fi
           
@@ -149,7 +157,9 @@ jobs:
               if [[ "$REMOVE_RESPONSE" == "" ]]; then
                 echo "Successfully removed label: $EXISTING_LABEL"
               else
-                echo "Warning: There might be an issue removing the label. Response: $REMOVE_RESPONSE"
+                ERROR_MSG=$(echo "$REMOVE_RESPONSE" | jq -r '.message // empty' 2>/dev/null || echo "Invalid response")
+                ERROR_MSG="${ERROR_MSG:-Invalid response}"
+                echo "Warning: There might be an issue removing the label. Error: $ERROR_MSG"
               fi
             fi
           done
@@ -166,21 +176,20 @@ jobs:
             "https://api.github.com/repos/$REPO_OWNER/$REPO_NAME/issues/$PR_NUMBER/labels" \
             -d "{\"labels\":[\"$LABEL\"]}")
           
-          # Check if label was added successfully
-          if [[ "$ADD_LABEL_RESPONSE" == *"message"* ]]; then
-            echo "Error: Failed to add label. Response: $ADD_LABEL_RESPONSE"
+          # Check if label was added successfully (successful response is an array)
+          if echo "$ADD_LABEL_RESPONSE" | jq -e 'type == "array"' > /dev/null 2>&1; then
+            echo "Successfully applied label '$LABEL' to PR #$PR_NUMBER"
+          else
+            ERROR_MSG=$(echo "$ADD_LABEL_RESPONSE" | jq -r '.message // empty' 2>/dev/null || echo "Invalid response")
+            ERROR_MSG="${ERROR_MSG:-Invalid response}"
+            echo "Error: Failed to add label. Error: $ERROR_MSG"
             
-            # Check if it's a permissions issue and suggest using a custom token
-            if [[ "$ADD_LABEL_RESPONSE" == *"Resource not accessible by integration"* ]]; then
-              echo "This appears to be a permissions issue. Please follow these steps:"
-              echo "1. Create a Personal Access Token (PAT) with 'repo' scope"
-              echo "2. Add the token to your repository secrets as CUSTOM_GITHUB_TOKEN"
-              echo "3. See the .github/README.md file for detailed instructions on setting up the token"
-              echo ""
-              echo "Note: The workflow is configured to use CUSTOM_GITHUB_TOKEN if available, falling back to GITHUB_TOKEN"
+            # Check if it's a permissions issue
+            if [[ "$ERROR_MSG" == *"Resource not accessible by integration"* ]]; then
+              echo "This appears to be a permissions issue."
+              echo "The workflow has been configured with appropriate permissions (pull-requests: write, issues: write)."
+              echo "If this error persists, please verify the repository settings allow workflow actions."
             fi
             
             exit 1
-          else
-            echo "Successfully applied label '$LABEL' to PR #$PR_NUMBER"
           fi

.github/workflows/autoupdate.yaml

@@ -10,7 +10,7 @@ on:
 jobs:
   autoupdate:
     name: autoupdate
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - uses: docker://chinthakagodawita/autoupdate-action:v1
         env:

.github/workflows/enforce-issue-number-in-description.yml

@@ -20,9 +20,11 @@ jobs:
       github.actor != 'dependabot[bot]'
       && github.actor != 'dependabot-preview[bot]'
       && github.actor != 'dependabot'
-      && github.actor != github.repository_owner
       && github.actor != 'sentry-autofix'
       && github.actor != 'DonnieBLT'
+      && github.actor != 'Copilot'
+      && github.actor != 'copilot-swe-agent[bot]'
+      && github.actor != 'copilot-swe-agent'
     steps:
       - name: Validate PR closing issues with GraphQL
         env:

Dockerfile

@@ -20,15 +20,12 @@ RUN apt-get update && \
 #     chmod +x /opt/chromedriver-$CHROMEDRIVER_VERSION/chromedriver && \
 #     ln -fs /opt/chromedriver-$CHROMEDRIVER_VERSION/chromedriver /usr/local/bin/chromedriver
 
-# Install Google Chrome
-RUN curl -sS -o - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - && \
-    echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list && \
-    apt-get -yqq update && \
-    apt-get -yqq install google-chrome-stable && \
+# Install Chromium (works on all architectures)
+RUN apt-get update && \
+    apt-get install -y chromium && \
+    ln -sf /usr/bin/chromium /usr/local/bin/google-chrome && \
     rm -rf /var/lib/apt/lists/*
 
-RUN ln -s /usr/bin/google-chrome-stable /usr/local/bin/google-chrome
-
 # Install Poetry and dependencies
 RUN pip install poetry
 RUN poetry config virtualenvs.create false

README.md

@@ -1,14 +1,148 @@
-<h1 align="center"> OWASP BLT </h1>
+<h1 align="center"> 🐛 OWASP BLT </h1>
+<h3 align="center">Bug Logging Tool - Democratizing Bug Bounties</h3>
 
+<p align="center">
+  <strong>A community-driven platform for discovering, reporting, and tracking security vulnerabilities</strong>
+</p>
 
-<p align="center"><a href="https://github.com/OWASP/BLT/actions" rel="noopener noreferrer" target="__blank"><img alt="Build" src="https://github.com/OWASP/BLT/actions/workflows/auto-merge.yml/badge.svg"></a> <a href="https://github.com/OWASP/BLT/blob/main/LICENSE.md" rel="noopener noreferrer"><img src="https://img.shields.io/badge/license-AGPL--3.0-blue"></a>
-<a href="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/OWASP/BLT" rel="noopener noreferrer" target="__blank"><img alt="GitHub stars" src="https://img.shields.io/github/stars/OWASP/BLT?style=social"></a></p>
+<p align="center">
+  <a href="https://owaspblt.org">🌐 Website</a> •
+  <a href="https://github.com/OWASP-BLT/BLT/blob/main/CONTRIBUTING.md">📖 Contributing Guide</a> •
+  <a href="https://owasp.org/slack/invite">💬 Join Slack</a> •
+  <a href="https://github.com/OWASP-BLT/BLT/issues">🐛 Report Bug</a>
+</p>
 
-<img alt="Views" src="https://owaspblt.org/repos/blt/badge/">
+---
 
-Everything is on our <a href="https://owaspblt.org">homepage</a>
+## 📊 Project Stats
 
-## Star History
+<p align="center">
+  <a href="https://github.com/OWASP-BLT/BLT/actions">
+    <img src="https://github.com/OWASP-BLT/BLT/actions/workflows/auto-merge.yml/badge.svg" alt="Build Status">
+  </a>
+  <a href="https://github.com/OWASP-BLT/BLT/blob/main/LICENSE.md">
+    <img src="https://img.shields.io/badge/license-AGPL--3.0-blue" alt="License">
+  </a>
+  <a href="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/OWASP-BLT/BLT">
+    <img src="https://img.shields.io/github/stars/OWASP-BLT/BLT?style=social" alt="GitHub stars">
+  </a>
+</p>
+
+<p align="center">
+  <a href="https://github.com/OWASP-BLT/BLT/graphs/contributors">
+    <img src="https://img.shields.io/github/contributors/OWASP-BLT/BLT?color=%23e74c3c" alt="Contributors">
+  </a>
+  <a href="https://github.com/OWASP-BLT/BLT/commits/main">
+    <img src="https://img.shields.io/github/last-commit/OWASP-BLT/BLT?color=%23e74c3c" alt="Last Commit">
+  </a>
+  <a href="https://github.com/OWASP-BLT/BLT/issues">
+    <img src="https://img.shields.io/github/issues/OWASP-BLT/BLT?color=%23e74c3c" alt="Open Issues">
+  </a>
+  <a href="https://github.com/OWASP-BLT/BLT/pulls">
+    <img src="https://img.shields.io/github/issues-pr/OWASP-BLT/BLT?color=%23e74c3c" alt="Pull Requests">
+  </a>
+</p>
+
+<p align="center">
+  <a href="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/OWASP-BLT/BLT">
+    <img src="https://img.shields.io/github/languages/top/OWASP-BLT/BLT?color=%23e74c3c" alt="Top Language">
+  </a>
+  <a href="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/OWASP-BLT/BLT">
+    <img src="https://img.shields.io/github/repo-size/OWASP-BLT/BLT?color=%23e74c3c" alt="Repo Size">
+  </a>
+  <a href="https://github.com/OWASP-BLT/BLT/fork">
+    <img src="https://img.shields.io/github/forks/OWASP-BLT/BLT?style=social" alt="Forks">
+  </a>
+  <img src="https://owaspblt.org/repos/blt/badge/" alt="Views">
+</p>
+
+---
+
+## 🎯 What is OWASP BLT?
+
+**OWASP BLT (Bug Logging Tool)** is an open-source platform that democratizes bug bounties and security research. Built by the community for the community, BLT makes it easy for security researchers, developers, and organizations to collaborate on finding and fixing security vulnerabilities.
+
+### ✨ Key Features
+
+- 🔍 **Bug Discovery & Reporting** - Discover and report security vulnerabilities across various applications and websites
+- 🏆 **Rewards & Recognition** - Earn rewards, badges, and recognition for your contributions to web security
+- 👥 **Community Driven** - Join a vibrant community of security researchers and developers
+- 🎮 **Gamification** - Leaderboards, challenges, and competitions to make security research engaging
+- 💰 **Staking System** - Innovative blockchain-based reward system for contributors
+- 📊 **Comprehensive Dashboard** - Track your progress, statistics, and impact
+- 🌐 **Open Source** - Built with transparency and collaboration at its core
+- 🛡️ **OWASP Project** - Part of the Open Worldwide Application Security Project family
+
+---
+
+## 🚀 Quick Start
+
+### Prerequisites
+- Python 3.11.2+
+- PostgreSQL
+- Docker & Docker Compose (recommended)
+
+### Installation
+
+#### Using Docker (Recommended)
+```bash
+# Clone the repository
+git clone https://github.com/OWASP-BLT/BLT.git
+cd BLT
+
+# Configure environment
+cp .env.example .env
+
+# Build and start
+docker-compose build
+docker-compose up
+```
+
+Access the application at **http://localhost:8000**
+
+#### Using Poetry
+```bash
+# Install dependencies
+pip install poetry
+poetry shell
+poetry install
+
+# Set up database
+python manage.py migrate
+python manage.py loaddata website/fixtures/initial_data.json
+python manage.py createsuperuser
+
+# Run the server
+python manage.py runserver
+```
+
+For detailed setup instructions, see our [Contributing Guide](https://github.com/OWASP-BLT/BLT/blob/main/CONTRIBUTING.md).
+
+---
+
+## 🤝 Contributing
+
+We welcome contributions from everyone! Whether you're fixing bugs, adding features, improving documentation, or spreading the word, your help is appreciated.
+
+- 📚 Read our [Contributing Guide](https://github.com/OWASP-BLT/BLT/blob/main/CONTRIBUTING.md)
+- 🐛 Check out [open issues](https://github.com/OWASP-BLT/BLT/issues)
+- 💡 Look for issues tagged with `good first issue` if you're new
+- 🎨 Follow our coding standards (Black, isort, ruff)
+- ✅ Run `pre-commit` before submitting changes
+
+---
+
+## 💬 Community & Support
+
+- 🌐 **Website**: [owaspblt.org](https://owaspblt.org)
+- 💬 **Slack**: [Join OWASP Slack](https://owasp.org/slack/invite)
+- 🐦 **Twitter**: [@OWASP_BLT](https://twitter.com/OWASP_BLT)
+- 💰 **Sponsor**: [Support the project](https://github.com/sponsors/OWASP-BLT)
+- 📧 **Contact**: Reach out through GitHub issues
+
+---
+
+## 📈 Star History
 
 <a href="https://star-history.com/#OWASP-BLT/BLT&Date">
  <picture>
@@ -18,3 +152,15 @@ Everything is on our <a href="https://owaspblt.org">homepage</a>
  </picture>
 </a>
 
+---
+
+## 📄 License
+
+This project is licensed under the **AGPL-3.0 License** - see the [LICENSE.md](LICENSE.md) file for details.
+
+---
+
+<p align="center">
+  <strong>⭐ Star this repository if you find it helpful!</strong><br>
+  Made with ❤️ by the OWASP BLT Community
+</p>

blt/middleware/throttling.py

@@ -1,5 +1,4 @@
 import logging
-import sys
 
 from django.conf import settings
 from django.core.cache import cache
@@ -49,7 +48,7 @@ def __call__(self, request):
     def should_skip_throttle(self, request):
         """Check if request should be exempt from throttling."""
         # Skip throttling during tests
-        if "test" in sys.argv:
+        if getattr(settings, "IS_TEST", False) or getattr(settings, "TESTING", False):
             logger.debug("Skipping throttling for test mode")
             return True
         if any(request.path.startswith(p) for p in self.EXEMPT_PATHS):

blt/settings.py

@@ -318,7 +318,6 @@
             "BACKEND": "django.contrib.staticfiles.storage.ManifestStaticFilesStorage",
         },
     }
-    DEFAULT_FILE_STORAGE = "storages.backends.gcloud.GoogleCloudStorage"
     # Removed DEBUG override - DEBUG should be controlled by environment variable
 
     # use this to debug emails locally

blt/urls.py

@@ -93,11 +93,8 @@
     badge_list,
     check_owasp_compliance,
     donate_view,
-    facebook_callback,
     features_view,
     find_key,
-    github_callback,
-    google_callback,
     home,
     management_commands,
     robots_txt,
@@ -391,12 +388,12 @@
     path("accounts/", include("allauth.urls")),
     path("accounts/delete/", UserDeleteView.as_view(), name="user_deletion"),
     path("auth/github/", GithubLogin.as_view(), name="github_login"),
-    path("accounts/github/login/callback/", github_callback, name="github_callback"),
+    path("accounts/github/login/callback/", github_views.oauth2_callback, name="github_callback"),
     re_path(r"^auth/github/connect/$", GithubConnect.as_view(), name="github_connect"),
     path("auth/github/url/", github_views.oauth2_login),
     path("auth/google/", GoogleLogin.as_view(), name="google_login"),
-    path("accounts/google/login/callback/", google_callback, name="google_callback"),
-    path("accounts/facebook/login/callback/", facebook_callback, name="facebook_callback"),
+    path("accounts/google/login/callback/", google_views.oauth2_callback, name="google_callback"),
+    path("accounts/facebook/login/callback/", facebook_views.oauth2_callback, name="facebook_callback"),
     re_path(r"^auth/facebook/connect/$", FacebookConnect.as_view(), name="facebook_connect"),
     re_path(r"^auth/google/connect/$", GoogleConnect.as_view(), name="google_connect"),
     path("auth/github/url/", github_views.oauth2_login),

docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   db:
-    image: postgres
+    image: postgres:17.6
     ports:
       - "${POSTGRES_PORT}:5432"
     volumes: