[pull] main from intelowlproject:main#31
Merged
pull[bot] merged 110 commits intothreatcode:mainfrom Apr 1, 2026
Merged
Conversation
* Add IP enrichment via ThreatFox and AbuseIPDB (fetch-and-join approach) Implement IP enrichment using the 'fetch and join directly' strategy: cronjobs download feed data from ThreatFox/AbuseIPDB APIs and directly join against the IOC table to create Tag entries. No local cache tables needed — tags are replaced atomically on each run for data freshness. New files: - Tag model (ForeignKey to IOC, key/value/source fields) - TagRepository with bulk replace_tags_for_source() - ThreatFoxCron: fetches IOCs, extracts IPs, creates malware/threat tags - AbuseIPDBCron: fetches blacklist, creates abuse confidence/country tags - Weekly schedules for both enrichment cronjobs - ABUSEIPDB_API_KEY env var in settings and env_file_template Tests: - 31 new tests for Tag model, TagRepository, ThreatFoxCron, AbuseIPDBCron - Fix 2 pre-existing test failures in test_cowrie_extraction (mock issues) Closes #522 * Address review: transaction.atomic, reuse delete method, blocklist naming, db_default - Wrap replace_tags_for_source in transaction.atomic() for atomicity - Reuse delete_tags_by_source inside replace_tags_for_source - Rename blacklist -> blocklist in variable names, comments, docstrings - Use db_default=Now() instead of default=datetime.now on Tag.added - Regenerate migration with db_default=Now() baked in * fix: Ensure accurate and efficient counting of matched IOCs in ThreatFox and AbuseIPDB feed processing logs. * Address review: avoid extra DB query, clarify error behavior, fix index order - Replace matching_iocs.count() with in-loop counter (both feeds) - Clarify docstrings: stale tags preserved on API errors by design - Swap Tag index from (ioc, source) to (source, ioc) to match dominant filter(source=...) query pattern - Rebase on develop: renumber migration to 0038
* add folders to .dockerignore * refactor Dockerfile * update requirements * delete unnecessary files * adapt compose file * fix minor inconsistencies * add default stage at the end to ensure the default build target is production * move nginx healthcheck to compose file * refactor Dockerfile_nginx * clean up entrypoint and move start command to the compose files * refactor health checks in default.yml * conditionally adds django_watchfiles to INSTALLED_APPS * add bash to ngnix image * use curl for healthchecks * use explicit filenames for copying * restored waiting logic in entrypoint
…izer. Closes #881 (#885) - Create greedybear/utils.py with shared validation helpers (is_ip_address, is_sha256hash) - Replace REGEX_IP with is_ip_address() for proper IPv4/IPv6 validation - Add .strip() with write-back for whitespace handling - Improve domain validation to require at least one alphabetic character - Update all import sites to use greedybear.utils - Remove moved functions and unused imports from api/views/utils.py - Add regression tests for invalid IPs, valid IPv6, whitespace, and domains
* version(1): GeoIpEnrichment Signed-off-by: Drona Raj Gyawali <dronarajgyawali@gmail.com> * version(2): refactor pipeline & code logic Signed-off-by: Dorna Raj Gyawali <dronarajgyawali@gmail.com> * chores: linter resolved Signed-off-by: Dorna Raj Gyawali <dronarajgyawali@gmail.com> * version(3) : refactor code & logic --------- Signed-off-by: Drona Raj Gyawali <dronarajgyawali@gmail.com> Signed-off-by: Dorna Raj Gyawali <dronarajgyawali@gmail.com>
… (#909) * version(1): added geo field in api response Signed-off-by: Dorna Raj Gyawali <dronarajgyawali@gmail.com> * version(2): added only attacker_country --------- Signed-off-by: Dorna Raj Gyawali <dronarajgyawali@gmail.com>
* Fix DatabaseDefault crash in _update_days_seen. Closes #908 Signed-off-by: Sanchit2662 <sanchit2662@gmail.com> * Set explicit timestamps in Cowrie IOC constructors Signed-off-by: Sanchit2662 <sanchit2662@gmail.com> * Add missing @timestamp to Cowrie test hits Signed-off-by: Sanchit2662 <sanchit2662@gmail.com> * Remove defensive guards from ioc_processor.py Signed-off-by: Sanchit2662 <sanchit2662@gmail.com> --------- Signed-off-by: Sanchit2662 <sanchit2662@gmail.com>
* disable sorting by feed type and details * chain filter by feed types on backend * use multiselectdropdowninput from certego, to select feed types * frontend test * Set feeds_type in formik on feed type selection * add backend tests * resolve conflicts using formik state management * fix error in multiselect test * fix feed_type filtering for requests like all,cowrie Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * update docstring for feed_type * update feed_type handling to allow multiple selections and adjust URL construction * use union in place of intersection * update test for union * dropdown component for feeds_type * update tests to mock the new component * Update frontend/src/components/feeds/MultiSelectDropdown.jsx Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * bug fix: set distinct=True to prevent duplicated feed types * add parse_feed_types() function and update validation in feed request serializer * limit max feed_types based on distinct feed_types * set default for value prop in MultiSelectDropdown --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Bumps [django](https://github.com/django/django) from 5.2.11 to 5.2.12. - [Commits](django/django@5.2.11...5.2.12) --- updated-dependencies: - dependency-name: django dependency-version: 5.2.12 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [axios](https://github.com/axios/axios) from 1.13.5 to 1.13.6. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.5...v1.13.6) --- updated-dependencies: - dependency-name: axios dependency-version: 1.13.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [stylelint](https://github.com/stylelint/stylelint) from 17.3.0 to 17.4.0. - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md) - [Commits](stylelint/stylelint@17.3.0...17.4.0) --- updated-dependencies: - dependency-name: stylelint dependency-version: 17.4.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#899) * feat: expose tags in API responses and add tag-based filtering * feat(api): expose tags in API responses and add tag-based filtering (#522) * refactor(migrations): rename 0038 to match upstream and add Tag.key index in 0040 - Rename 0038_tag.py → 0038_add_tag_model.py to match upstream/develop exactly - Remove db_index=True from 0038 (keep it identical to upstream) - Add 0040_tag_key_index.py: separate migration for Tag.key btree index on top of upstream's 0039 (GeoIP attacker_country/sensor.country) * refactor(feeds): replace _prefetch_tags with DB-level ArrayAgg(JSONObject) for tags - Remove _prefetch_tags helper (manual reimplementation of prefetch_related) - Annotate tags directly on the queryset using ArrayAgg(JSONObject(key, value, source)) with Q(tags__isnull=False) to skip IOCs without tags and distinct=True to prevent duplication from the general_honeypot JOIN - For paginated (list) paths: run a targeted ArrayAgg query on the slice IDs - Use annotation name tags_json to avoid conflict with the tags reverse FK on IOC - Remove redundant comments, keep only non-obvious ones Addresses code review feedback from regulartim. * refactor(feeds): move tag_key/tag_value out of FeedRequestParams Pass tag_key and tag_value as explicit kwargs to get_queryset instead of storing them in FeedRequestParams. They are read directly from request.query_params only in feeds_advanced, so the standard feeds endpoint can never trigger tag filtering regardless of what query params are passed. Removes enable_tag_filtering flag entirely. Suggested by regulartim. * refactor(feeds): move tags_json annotation to get_queryset - Annotate tags_json in get_queryset alongside honeypots annotation - Simplifies feeds_response by removing dual list/queryset handling - Add tags_json to repository methods (get_scanners_by_pks, get_recent_scanners) - Eliminates separate query for paginated IOCs Addresses regulartim feedback. * perf: optimize tags_json annotation and fix honeypots deduplication - Only annotate tags_json when format is JSON to avoid unnecessary JOINs and aggregation for txt/csv downloads - Add distinct=True to honeypots ArrayAgg in repository methods to prevent duplicate names when IOCs have multiple tags Addresses Copilot feedback. * Refactor: Remove `tags_json` annotation from IOC repository queries and adapt API views to conditionally include it and truncate tag query parameters. * refactor: remove redundant assignment of verbose and paginate parameters in advanced feed view.
* Add rate limiting to feeds endpoints. * fix: use SimpleRateThrottle instead of ScopedRateThrottle ScopedRateThrottle.allow_request() always overwrites self.scope from view.throttle_scope, which our function-based views don't set. This caused scope to be None and all requests to bypass throttling entirely. Switch to SimpleRateThrottle (like DRF's built-in AnonRateThrottle and UserRateThrottle), which properly reads scope from the class attribute and applies throttling in __init__. * refactor: address review — scope cache.clear, env-configurable rates, unauth tests --------- Co-authored-by: Manik <maniksingh3606@gmaile.com>
… (#920) * Chore: Add missing rel="noopener noreferrer" to target="_blank" links for ESLint compliance * add "noopener" to line 138 in tableColumns.jsx * fix(frontend): prettier formatting for tableColumns.jsx * Delete fix-missing-rel-attributes.patch
* fix: use correct query param key for format in feeds_advanced Signed-off-by: Sanchit2662 <sanchit2662@gmail.com> * test: add tests for format query param in feeds_advanced Signed-off-by: Sanchit2662 <sanchit2662@gmail.com> * fix: disable DRF format query param override to avoid 404 on ?format=csv Signed-off-by: Sanchit2662 <sanchit2662@gmail.com> --------- Signed-off-by: Sanchit2662 <sanchit2662@gmail.com>
* feat: Add security check for wildcard ALLOWED_HOSTS and enable configuration via DJANGO_ALLOWED_HOSTS environment variable. * style: reformat hint string for ALLOWED_HOSTS wildcard warning. * fix: Allow `ALLOWED_HOSTS` configuration via `DJANGO_ALLOWED_HOSTS` environment variable and introduce a system check for wildcard usage.
Bumps [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.1/packages/coverage-v8) --- updated-dependencies: - dependency-name: "@vitest/coverage-v8" dependency-version: 4.1.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.1 to 8.0.2. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.2/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [djangorestframework](https://github.com/encode/django-rest-framework) from 3.16.1 to 3.17.1. - [Release notes](https://github.com/encode/django-rest-framework/releases) - [Commits](encode/django-rest-framework@3.16.1...3.17.1) --- updated-dependencies: - dependency-name: djangorestframework dependency-version: 3.17.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…1113) Bumps [stylelint](https://github.com/stylelint/stylelint) from 17.4.0 to 17.5.0. - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md) - [Commits](stylelint/stylelint@17.4.0...17.5.0) --- updated-dependencies: - dependency-name: stylelint dependency-version: 17.5.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) from 5.2.0 to 6.0.1. - [Release notes](https://github.com/vitejs/vite-plugin-react/releases) - [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.1/packages/plugin-react) --- updated-dependencies: - dependency-name: "@vitejs/plugin-react" dependency-version: 6.0.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* enhancement: run app container as non-root user using gosu - install gosu in Dockerfile alongside existing runtime dependencies - add mkdir -p /run/gunicorn and chown -R 2000:82 /var/log/greedybear /run in entrypoint_gunicorn.sh to pre-create socket directory and fix ownership of any root-owned files from previous deployments - replace exec "$@" with exec gosu www-data "$@" at the end of entrypoint_gunicorn.sh so gunicorn runs as www-data (uid 2000) instead of root the entrypoint still starts as root so chown, migrations and collectstatic continue to work correctly. gosu drops privileges to www-data right before gunicorn starts, ensuring gunicorn and all its workers run as non-root for their entire lifetime. existing deployments with log files owned by root are automatically fixed by the chown step on every restart — no manual migration needed. * Changes: - Scope chown to /var/log/greedybear /run/ginucorn only (least privilege) - Skip gosu in dev mode (DJANGO_TEST_SERVER=True)
* tests: add behavioral coverage for dashboard/utils/charts.jsx * fix: correct import paths and remove unused screen import * tests: extend charts.test.jsx with missing edge cases * chore: remove duplicate charts test file from utils
* feat: Add global Axios interceptor to reset authentication state on 401/403 responses and centralize auth state clearing with a new `reset` function. * style: Reformat the `INITIAL_USER` object for improved readability. * fix: refine interceptor to handle 403 as role sync instead of logout
* add .venv folder to .dockerignore * add early uv stage to Dockerfile to serve version number for frontend build * add requirements to pyproject.toml * read version number from pyproject.toml * add uv lock file * use uv to obtain version number in entrypoint * update release template * use uv in CI * override outdated dependency * update dependency-review action * make dependabot use uv * update dependencies * remove unused files * allow automatic minor updates and update dependencies * use uv in docker build * clean up old flake8 comment * re- add explicit linter exclusions in PR automation * bump uv in CI * use short version output * pin versions in pyproject.toml
* refactor: centralize attacker country data fetching and state management into a new Zustand store * created and verified a comprehensive unit test suite for the new store. * fix(frontend): reset shared store state in dashboard tests and restore empty-map behavior * refactor: simplify dashboard error rendering * fixed the error rendering
Bumps library/nginx from 1.29.6-alpine to 1.29.7-alpine. --- updated-dependencies: - dependency-name: library/nginx dependency-version: 1.29.7-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) from 4.1.1 to 4.1.2. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/coverage-v8) --- updated-dependencies: - dependency-name: "@vitest/coverage-v8" dependency-version: 4.1.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.2 to 8.0.3. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.3/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…1156) Bumps [stylelint](https://github.com/stylelint/stylelint) from 17.5.0 to 17.6.0. - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md) - [Commits](stylelint/stylelint@17.5.0...17.6.0) --- updated-dependencies: - dependency-name: stylelint dependency-version: 17.6.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [axios](https://github.com/axios/axios) from 1.13.6 to 1.14.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.6...v1.14.0) --- updated-dependencies: - dependency-name: axios dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* add endpoint to revoke other user sessions * add modal for session revoke confirmation; revoke other sessions button * add test for session revoke endpoint * add frontend tests for session management * move revoke other sessions to TokenSessionsViewSet subclass * token revocation logic into a separate function * revoke session cancelled when confirmation rejected * add comment to clarify token revocation logic
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )