Merge branch 'main' into feat/gsoc-page

Author: DonnieBLT

.github/copilot-instructions.md

@@ -23,7 +23,7 @@ OWASP BLT is a Django-based web application for bug bounty management and securi
 
 ### Required Before Each Commit
 
-- **ALWAYS** run `pre-commit run --all-files` before committing any changes
+- **ALWAYS** run `pre-commit run --all-files` before committing any changes - don't run this when iterating locally, only before committing 
 - This will run automatic formatters and linters including:
   - Black (code formatting)
   - isort (import sorting)

.pre-commit-config.yaml

@@ -60,6 +60,7 @@ repos:
         entry: bash -c 'if [ -z "$GITHUB_ACTIONS" ]; then poetry run python manage.py test --failfast; fi'
         language: system
         types: [python]
+        stages: [pre-push]
         pass_filenames: false
         always_run: true
         verbose: true

blt/middleware/throttling.py

@@ -28,6 +28,10 @@ def __init__(self, get_response):
         logger.info("ThrottlingMiddleware initialized with limits: %s", self.THROTTLE_LIMITS)
 
     def __call__(self, request):
+        # Bypass all throttling without logging when DEBUG is True
+        if settings.DEBUG:
+            return self.get_response(request)
+
         ip = self.get_client_ip(request)
         method = request.method
         path = request.path

blt/settings.py

@@ -264,7 +264,11 @@
 EMAIL_PORT = 1025
 
 # Set the custom email backend that sends Slack notifications
-EMAIL_BACKEND = "blt.mail.SlackNotificationEmailBackend"
+# Use console backend in debug mode to print emails to terminal
+if DEBUG:
+    EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
+else:
+    EMAIL_BACKEND = "blt.mail.SlackNotificationEmailBackend"
 
 REPORT_EMAIL = os.environ.get("REPORT_EMAIL", "blank")
 REPORT_EMAIL_PASSWORD = os.environ.get("REPORT_PASSWORD", "blank")

blt/urls.py

@@ -233,6 +233,7 @@
     Listbounties,
     OngoingHunts,
     OrganizationDetailView,
+    OrganizationListModeView,
     OrganizationListView,
     OrganizationSettings,
     PreviousHunts,
@@ -269,6 +270,7 @@
     organization_dashboard_hunt_detail,
     organization_dashboard_hunt_edit,
     organization_hunt_results,
+    refresh_organization_repos_api,
     room_messages_api,
     send_message_api,
     sizzle,
@@ -1021,6 +1023,7 @@
     path("sponsor/", sponsor_view, name="sponsor"),
     path("donate/", donate_view, name="donate"),
     path("organizations/", OrganizationListView.as_view(), name="organizations"),
+    path("organizations/list/", OrganizationListModeView.as_view(), name="organizations_list_mode"),
     path("map/", MapView.as_view(), name="map"),
     path("domains/", DomainListView.as_view(), name="domains"),
     path("trademarks/", trademark_search, name="trademark_search"),
@@ -1165,6 +1168,9 @@
     path("add_repo", add_repo, name="add_repo"),
     path("organization/<slug:slug>/", OrganizationDetailView.as_view(), name="organization_detail"),
     path("organization/<slug:slug>/update-repos/", update_organization_repos, name="update_organization_repos"),
+    path(
+        "api/organization/<int:org_id>/refresh/", refresh_organization_repos_api, name="refresh_organization_repos_api"
+    ),
     # GitHub Issues
     path("github-issues/<int:pk>/", GitHubIssueDetailView.as_view(), name="github_issue_detail"),
     path("github-issues/", GitHubIssuesView.as_view(), name="github_issues"),

poetry.lock

@@ -62,7 +62,7 @@ drf-yasg = "^1.21.10"
 slack-bolt = "^1.23.0"
 slack-sdk = "^3.35.0"
 tld = "0.13"
-openai = "^2.9.0"
+openai = "^2.11.0"
 async-timeout = "^4.0.3"
 python-dateutil = "^2.9.0.post0"
 pyzipper = "^0.3.6"

project_channels.csv

@@ -13,5 +13,24 @@ if [ ! -f ./ssl/cert.pem ] || [ ! -f ./ssl/key.pem ]; then
     echo "Self-signed certificates generated successfully."
 fi
 
-# Run the application with SSL
-uvicorn blt.asgi:application --host 0.0.0.0 --port 8443 --ssl-keyfile ./ssl/key.pem --ssl-certfile ./ssl/cert.pem --log-level debug --reload --reload-include *.html
+# Run migrations
+echo "Checking and applying migrations..."
+poetry run python manage.py migrate
+
+# Open browser after a short delay (in background)
+(
+  sleep 3
+  URL="https://localhost:8443"
+  if command -v xdg-open >/dev/null 2>&1; then
+    xdg-open "$URL"
+  elif command -v open >/dev/null 2>&1; then
+    open "$URL"
+  elif command -v start >/dev/null 2>&1; then
+    start "$URL"
+  else
+    echo "Please open $URL in your browser."
+  fi
+) &
+
+# Run the application with SSL in poetry shell
+poetry run uvicorn blt.asgi:application --host 0.0.0.0 --port 8443 --ssl-keyfile ./ssl/key.pem --ssl-certfile ./ssl/cert.pem --log-level debug --reload --reload-include *.html

pyproject.toml

@@ -0,0 +1,123 @@
+from urllib.parse import urlparse
+
+from website.management.base import LoggedBaseCommand
+from website.models import Organization
+
+
+class Command(LoggedBaseCommand):
+    help = "Populate github_org field from source_code field for organizations"
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            "--dry-run",
+            action="store_true",
+            help="Show what would be updated without making changes",
+        )
+        parser.add_argument(
+            "--overwrite",
+            action="store_true",
+            help="Overwrite existing github_org values",
+        )
+
+    def handle(self, *args, **options):
+        dry_run = options["dry_run"]
+        overwrite = options["overwrite"]
+
+        self.stdout.write(self.style.SUCCESS("Starting GitHub organization population..."))
+
+        # Get organizations with source_code but no github_org (or all if overwrite)
+        if overwrite:
+            orgs = Organization.objects.filter(source_code__isnull=False).exclude(source_code="")
+            self.stdout.write(f"Processing {orgs.count()} organizations (overwrite mode)...")
+        else:
+            orgs = Organization.objects.filter(source_code__isnull=False, github_org__isnull=True).exclude(
+                source_code=""
+            ) | Organization.objects.filter(source_code__isnull=False, github_org="").exclude(source_code="")
+            self.stdout.write(f"Processing {orgs.count()} organizations without github_org...")
+
+        updated_count = 0
+        skipped_count = 0
+        error_count = 0
+
+        for org in orgs:
+            try:
+                github_org = self.extract_github_org(org.source_code)
+
+                if github_org:
+                    if dry_run:
+                        self.stdout.write(
+                            f"[DRY RUN] Would set '{org.name}' github_org to: {github_org} (from {org.source_code})"
+                        )
+                        updated_count += 1
+                    else:
+                        org.github_org = github_org
+                        org.save(update_fields=["github_org"])
+                        self.stdout.write(
+                            self.style.SUCCESS(
+                                f"✓ Updated '{org.name}' github_org to: {github_org} (from {org.source_code})"
+                            )
+                        )
+                        updated_count += 1
+                else:
+                    self.stdout.write(
+                        self.style.WARNING(f"⚠ Could not extract GitHub org from '{org.source_code}' for '{org.name}'")
+                    )
+                    skipped_count += 1
+
+            except Exception as e:
+                self.stdout.write(self.style.ERROR(f"✗ Error processing '{org.name}': {str(e)}"))
+                error_count += 1
+
+        # Summary
+        self.stdout.write("\n" + "=" * 60)
+        self.stdout.write(self.style.SUCCESS("Summary:"))
+        if dry_run:
+            self.stdout.write(f"  Organizations that would be updated: {updated_count}")
+        else:
+            self.stdout.write(f"  Organizations updated: {updated_count}")
+        self.stdout.write(f"  Organizations skipped: {skipped_count}")
+        self.stdout.write(f"  Errors: {error_count}")
+        self.stdout.write("=" * 60)
+
+        if dry_run:
+            self.stdout.write(self.style.WARNING("\nThis was a dry run. No changes were made."))
+            self.stdout.write("Run without --dry-run to apply changes.")
+
+    def extract_github_org(self, url):
+        """
+        Extract GitHub organization name from various GitHub URL formats.
+
+        Supports:
+        - https://github.com/org
+        - https://github.com/org/
+        - https://github.com/org/repo
+        - https://github.com/org/repo/...
+        - http://github.com/org
+        - www.github.com/org
+        - github.com/org
+        """
+        if not url:
+            return None
+
+        try:
+            # Handle URLs without scheme
+            if not url.startswith(("http://", "https://")):
+                url = "https://" + url
+
+            parsed = urlparse(url)
+
+            # Check if it's a GitHub URL
+            if "github.com" not in parsed.netloc:
+                return None
+
+            # Extract path parts
+            path_parts = [p for p in parsed.path.split("/") if p]
+
+            # GitHub org is the first part of the path
+            if path_parts:
+                return path_parts[0]
+
+            return None
+
+        except Exception:
+            return None