Merge branch 'refs/heads/white/staging' into white/master

Author: Diego Nadares

CHANGELOG/5.13.0/community.md

@@ -0,0 +1,10 @@
+ * [FIX] Fixed sync host stats command to update workspaces statistics. #7943
+ * [ADD] Adds support for vulnerability status changes on report upload. #7903
+ * [FIX] Enhanced workspace performance by pre-calculating statistics, reducing the overhead of on-demand calculations during data retrieval. #7780
+ * [ADD] Introduced support for RabbitMQ as a task processing broker. #7866
+ * [ADD] Added filtering to schedulers view. #7857
+ * [MOD] Rework the Credential API. #7912
+ * [ADD] Added Idle Session Timeout feature. #7876
+ * [MOD] Redesigned the Credential Model to work more closely with vulnerabilities. #7911
+ * [FIX] Improve vulnerability count on contextual view. #7901
+ * [FIX] Calculate stats as soon as file reports are uploaded. #7937

CHANGELOG/5.13.0/date.md

@@ -0,0 +1 @@
+Apr 24th, 2025

RELEASE.md

@@ -1,6 +1,19 @@
 New features in the latest update
 =====================================
 
+5.13.0 [Apr 24th, 2025]:
+---
+ * [ADD] Added support for vulnerability status changes on report upload. #7903
+ * [ADD] Introduced support for RabbitMQ as a task processing broker. #7866
+ * [ADD] Added filtering to schedulers view. #7857
+ * [ADD] Added Idle Session Timeout feature. #7876
+ * [MOD] Rework the Credential API. #7912
+ * [MOD] Redesigned the Credential Model to work more closely with vulnerabilities. #7911
+ * [FIX] Fixed sync host stats command to update workspaces statistics. #7943
+ * [FIX] Enhanced workspace performance by pre-calculating statistics, reducing the overhead of on-demand calculations during data retrieval. #7780
+ * [FIX] Improved vulnerability count on contextual view. #7901
+ * [FIX] Stats are now calculated automatically upon file report upload. #7937
+
 5.12.0 [Mar 13th, 2025]:
 ---
  * [ADD] Added update in bulk mode for workspaces. #7830

architecture.md

@@ -0,0 +1,51 @@
+# Faraday Architecture
+
+Faraday is a comprehensive security platform that combines a Flask-based API with background task processing capabilities. The system is designed to handle both synchronous HTTP requests and real-time WebSocket communications, while efficiently processing long-running tasks through a distributed worker system.
+
+## System Overview
+
+```ascii
++------------------+
+|                  |
+|     Clients      |
+|  - API Clients   |
+|  - Cloud Agents  |
+|  - Faraday Agents|
+|  - Faraday-cli   |
+|  - Faraday's     |
+|    React UI      |
+|                  |
++------------------+
+        |
+        v
++------------------+     +------------------+     +------------------+
+|                  |     |                  |     |                  |
+|  Faraday Flask   |     |  Message Broker  |     |  Faraday Workers |
+|       API        |<--->| (Redis/RabbitMQ) |<--->|     (Celery)     |
+|    (HTTP/WS)     |     |                  |     |                  |
++------------------+     +------------------+     +------------------+
+        |                                                |
+        |                                                |
+        v                                                v
++------------------+                               +------------------+
+|                  |                               |                  |
+|    PostgreSQL    |                               |  Long Tasks:     |
+|    Database      |                               |  - Exec Reports  |
+|                  |                               |  - Scan Imports  |
+|                  |                               |  - Stats Gen     |
++------------------+                               +------------------+
+```
+
+## Components
+
+- **Faraday Flask API**: Main application server handling HTTP and WebSocket requests
+- **Message Broker**: Queue system (Redis/RabbitMQ) for task distribution
+- **Faraday Workers**: Celery workers processing background tasks
+- **PostgreSQL**: Primary database for data storage
+- **Long Tasks**: Background jobs processed by workers
+- **Clients**: Various client interfaces including:
+  - API Clients: External applications using Faraday's API
+  - Cloud Agents: Cloud-based agents for distributed task execution
+  - [Faraday Agents](https://github.com/infobyte/faraday_agent_dispatcher): Local agents for task execution
+  - [Faraday-cli](https://github.com/infobyte/faraday-cli): Command-line interface
+  - Faraday's React UI: Web-based user interface

faraday/__init__.py

@@ -4,4 +4,4 @@
 See the file 'doc/LICENSE' for the license information
 """
 
-__version__ = '5.12.0'
+__version__ = '5.13.0'

faraday/migrations/versions/39ddd3ca3a20_rework_credentials.py

@@ -0,0 +1,94 @@
+"""rework credentials
+
+Revision ID: 39ddd3ca3a20
+Revises: 618a59151523
+Create Date: 2025-02-18 15:17:51.883711+00:00
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '39ddd3ca3a20'
+down_revision = '615a6fdd9af4'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+
+    op.execute('DROP TABLE IF EXISTS credential')
+    op.create_table('credential',
+    sa.Column('id', sa.Integer(), nullable=False, autoincrement=True, primary_key=True),
+    sa.Column('password', sa.Text(), nullable=False),
+    sa.Column('username', sa.Text(), nullable=False),
+    sa.Column('endpoint', sa.Text(), nullable=False, server_default=''),
+    sa.Column('leak_date', sa.DateTime(), nullable=True),
+    sa.Column('owned', sa.Boolean(), nullable=False, server_default='false'),
+    sa.Column('workspace_id', sa.Integer(), nullable=False),
+    sa.Column('create_date', sa.DateTime(), nullable=False),
+    sa.Column('update_date', sa.DateTime(), nullable=False),
+    sa.Column('creator_id', sa.Integer(), nullable=True),
+    sa.Column('update_user_id', sa.Integer(), nullable=True),
+    sa.ForeignKeyConstraint(['creator_id'], ['faraday_user.id'], ondelete='SET NULL'),
+    sa.ForeignKeyConstraint(['update_user_id'], ['faraday_user.id'], ondelete='SET NULL'),
+    sa.ForeignKeyConstraint(['workspace_id'], ['workspace.id'], ondelete='CASCADE'),
+    sa.UniqueConstraint('username', 'password', 'endpoint', 'workspace_id',
+                        name='uix_credential_username_password_endpoint_workspace'),
+    sa.CheckConstraint("username != ''", name="check_username_not_empty"),
+    sa.CheckConstraint("password != ''", name="check_password_not_empty")
+    )
+
+    op.create_index('ix_credential_leak_date', 'credential', ['leak_date'])
+    op.create_index('ix_credential_leak_date_workspace_id', 'credential', ['workspace_id', 'leak_date'])
+
+    op.create_table('association_table_vulnerabilities_credentials',
+    sa.Column('vulnerability_id', sa.Integer(), nullable=False),
+    sa.Column('credential_id', sa.Integer(), nullable=False),
+    sa.ForeignKeyConstraint(['credential_id'], ['credential.id'], ondelete='CASCADE'),
+    sa.ForeignKeyConstraint(['vulnerability_id'], ['vulnerability.id'], ondelete='CASCADE')
+    )
+
+    op.create_index('ix_association_vuln_creds_vuln_id',
+                    'association_table_vulnerabilities_credentials',
+                    ['vulnerability_id'])
+
+    op.create_index('ix_association_vuln_creds_cred_id',
+                    'association_table_vulnerabilities_credentials',
+                    ['credential_id'])
+
+
+def downgrade():
+    op.drop_index('ix_association_vuln_creds_vuln_id',
+                 table_name='association_table_vulnerabilities_credentials')
+    op.drop_index('ix_association_vuln_creds_cred_id',
+                 table_name='association_table_vulnerabilities_credentials')
+
+    op.drop_table('association_table_vulnerabilities_credentials')
+
+    op.drop_index('ix_credential_leak_date_workspace_id', table_name='credential')
+    op.drop_index('ix_credential_leak_date', table_name='credential')
+    op.drop_table('credential')
+    # Recreate the old table to restore the previous schema during downgrade
+    op.create_table('credential',
+    sa.Column('id', sa.Integer(), nullable=False),
+    sa.Column('username', sa.Text(), nullable=False),
+    sa.Column('password', sa.Text(), nullable=False),
+    sa.Column('description', sa.Text(), nullable=False),
+    sa.Column('name', sa.Text(), nullable=True),
+    sa.Column('host_id', sa.Integer(), nullable=True),
+    sa.Column('service_id', sa.Integer(), nullable=True),
+    sa.Column('workspace_id', sa.Integer(), nullable=False),
+    sa.ForeignKeyConstraint(['host_id'], ['host.id'], ondelete='CASCADE'),
+    sa.ForeignKeyConstraint(['service_id'], ['service.id'], ondelete='CASCADE'),
+    sa.ForeignKeyConstraint(['workspace_id'], ['workspace.id'], ondelete='CASCADE'),
+    sa.PrimaryKeyConstraint('id'),
+    sa.UniqueConstraint(
+            'username',
+            'host_id',
+            'service_id',
+            'workspace_id',
+            name='uix_credential_username_host_service_workspace'
+        )
+    )

faraday/migrations/versions/615a6fdd9af4_analytics_user_settings.py

@@ -0,0 +1,29 @@
+"""analytics user settings
+
+Revision ID: 615a6fdd9af4
+Revises: f2435999bc54
+Create Date: 2025-04-01 15:26:42.904208+00:00
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+revision = '615a6fdd9af4'
+down_revision = 'f2435999bc54'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.add_column('user_notification_settings', sa.Column('analytics_enabled', sa.Boolean(), nullable=False, server_default=sa.text('true')))
+    op.add_column('user_notification_settings', sa.Column('analytics_app', sa.Boolean(), nullable=False, server_default=sa.text('true')))
+    op.add_column('user_notification_settings', sa.Column('analytics_email', sa.Boolean(), nullable=False, server_default=sa.text('false')))
+    op.add_column('user_notification_settings', sa.Column('analytics_slack', sa.Boolean(), nullable=False, server_default=sa.text('false')))
+
+
+def downgrade():
+    op.drop_column('user_notification_settings', 'analytics_slack')
+    op.drop_column('user_notification_settings', 'analytics_email')
+    op.drop_column('user_notification_settings', 'analytics_app')
+    op.drop_column('user_notification_settings', 'analytics_enabled')