[pull] master from kevoreilly:master#491
Merged
Merged
Conversation
Three sites used \$PYTHON_MGR directly (or hardcoded 'run') instead of \$PYTHON_MGR \$PYTHON_MGR_CMD, breaking the uv code path: - install_yara_python: uv pip install yara-python - install_CAPE: uv pip install -r pyproject.toml - install_volatility3: hardcoded 'run' instead of \$PYTHON_MGR_CMD
- install_CAPE: replace uv pip install -r pyproject.toml with uv sync --no-install-project; the former fails because poetry-core refuses to build an editable package when package-mode=false - install_yara_python: drop $PYTHON_MGR_CMD so uv uses uv pip install rather than uv run pip install; uv run triggers a project sync (and the same build failure) before running any command
Add PYTHON_MGR_PIP ("run pip" / "pip") so $PYTHON_MGR $PYTHON_MGR_PIP install X
resolves to the correct subcommand for each manager — poetry uses "run pip" while
uv uses "pip" directly (uv run pip install triggers a project sync that fails on
package-mode=false projects).
Rename PYTHON_MGR_INSTALL -> PYTHON_MGR_INSTALL_PYPROJECT and fix its uv value
from "" (no-op) to "sync --no-install-project", enabling install_CAPE() and
install_guacamole() to collapse their USE_UV branches into a single line.
Also collapse four other USE_UV pip install branches (distributed, yara-python,
libvirt, capa) into unconditional lines using $PYTHON_MGR_PIP, and fix a pip3
typo in install_volatility3().
Two bugs broke CAPE services on boot with --use-uv: 1. cape-rooter ExecStartPre ran `uv config cache-dir ...` because the removal sed ran after the poetry→uv replacement, so its pattern (/poetry ) no longer matched. Fix: remove ExecStartPre lines first. 2. All services failed with build_editable because uv tried to install CAPEv2 as an editable package; poetry-core refused due to package-mode = false. Fix: add [tool.uv] package = false so uv natively skips the install step.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
install_suricata must run before install_systemd so suricata is present when systemctl first starts the service. Also create pcap and suricata groups if absent — the OISF PPA package does not create them.
…al flags Previously IFACE_IP was only set when $# -eq 3, making it impossible to pass both an interface IP and flags like --use-uv simultaneously. Change to -ge 2 and read IFACE_IP from $2 directly (sandbox_version was set but never used).
dependencies() runs before install_CAPE() which is where CAPE_ROOT is created/cloned. On a fresh install, the uv venv call would fail because the directory doesn't exist yet.
PYTHON_MGR vars were only set to uv inside the CLI arg-parsing loop, so USE_UV=True in the environment (or cape-config.sh) would install uv but still run poetry commands. Extract assignment into set_python_mgr() and call it after sourcing cape-config.sh so all three entry points (env var, config file, --use-uv flag) work correctly.
Extract shell-profile export into idempotent _set_libvirt_default_uri helper and call it from install_libvirt so the variable is set on server installs too. Also fixes ~/.zsh typo (should be ~/.zshrc).
Summary of Fixes Applied:
1. Fixed Installation Regression (installer/cape2.sh):
* Removed the premature creation of $CAPE_ROOT and .venv from the dependencies() function.
* Moved the uv venv creation to the install_CAPE() function, ensuring it happens after the repository is successfully cloned. This avoids the "destination path already exists" error during git clone.
2. Improved Argument Parsing (installer/cape2.sh):
* Updated the IFACE_IP assignment logic to verify that the second argument is not a flag (e.g., --use-uv). This prevents flags from being incorrectly interpreted as IP addresses.
3. Code Cleanup (installer/cape2.sh):
* Removed the unused sandbox_version transformation line, as the variable is no longer initialized or used within the script.
These changes ensure the installation process is robust and that command-line arguments are handled correctly.
…loak) Add optional OpenID Connect single sign-on, wired through allauth's generic `openid_connect` provider so it works with any OIDC-compliant IdP. Disabled by default; enable and configure via a new [oauth_oidc] section in web.conf. Builds on the per-user apikey app (PR #3053): with SSO on, DRF drops SessionAuthentication so an IdP-issued browser cookie can't authenticate API calls — scripts must present an explicit API key. Highlights: - CachedOpenIDConnect{Provider,OAuth2Adapter}: serves the OIDC discovery doc and JWKS from a process-wide TTL cache with bounded timeouts, issuer validation, and stale-on-error fallback, so a transient IdP blip no longer 500s the login. - MySocialAccountAdapter: email-domain allowlist (enforced every login), and optional IdP-group -> role mapping. is_staff/is_superuser are reconciled on EVERY login via a user_logged_in receiver (allauth only calls save_user at first provisioning), so removing a user from the admin group demotes them on next sign-in. Usernames are derived once and kept stable. - okta_user_sync management command (run via systemd timer): deactivates local users no longer ACTIVE in Okta and cascade-revokes their API keys, bounding the disable-to-revoke gap. Configured via admin_api_url/admin_api_token. - SECURE_PROXY_SSL_HEADER + USE_X_FORWARDED_HOST so the OIDC redirect_uri is built as https:// behind an nginx TLS-terminating proxy. - 8h sliding session lifetime (local_settings) to cap the SSO re-auth window. - Redesigned account / socialaccount templates with an SSO sign-in button. Notes for reviewers: - UI-internal /apiv2/ endpoints that are fetched with a browser cookie need a per-view @authentication_classes([SessionAuthentication]) once SSO is on; none are added here since that depends on which endpoints a deployment uses. - New on-login role reconciliation and the username-collision fallback want a test pass against a live IdP before this leaves draft.
From the automated review on #3054: - pre_social_login fails closed when an email-domain allowlist is set but the IdP returns no email (previously the check was bypassed). - role reconciliation skips (rather than demoting) when the groups claim is entirely absent from the token; a present-but-empty claim still demotes. - _extract_groups ignores unexpected claim types instead of raising. - username derivation truncates the base before appending the uniqueness suffix, so it can't exceed 150 chars or lose the suffix that makes it unique. - _cached_fetch re-checks the cache under lock on fetch error, so a concurrent cold-start success is served instead of failing the login. - okta_user_sync escapes quotes/backslashes in the Okta search filter.
OIDC SSO:
- gate SECURE_PROXY_SSL_HEADER / USE_X_FORWARDED_HOST behind a new
[general] behind_proxy flag (default off) — trusting X-Forwarded-Proto/
Host is only safe behind a header-sanitizing reverse proxy.
- pin id_token decoding to the provider's advertised signing algorithms
(or an asymmetric default allowlist) instead of reflecting the token
header's `alg`, closing algorithm-confusion edge cases.
- render the domain-mismatch auth error as HTTP 403 and wrap the reason
text in gettext; wrap the login page title in {% trans %}.
- merge into SOCIALACCOUNT_PROVIDERS rather than reassigning it, so
enabling OIDC can't clobber other configured providers.
- correct the session-lifetime comment (8h sliding idle timeout, not
"8h absolute").
apikey app (folded in here since #3053 already merged):
- escapejs the key name in the revoke confirm() prompt (was an XSS /
string-break vector if a name contained a quote).
- move _user_may_manage_keys into apikey/policy.py so the context
processor no longer imports from views (decouples, avoids cycle risk).
- reference apikey.apps.ApiKeyConfig explicitly in INSTALLED_APPS so the
disable-cascade signal wiring in ready() always loads.
Improve AnalysisManager cleanup and error handling: track dead machines so stop/release are only attempted for healthy machines (moved stop/release into finally guarded by is_dead), log and set TASK_FAILED_ANALYSIS on unexpected exceptions during launch_analysis, and unlock the machine before re-raising. Prevent guest file path collisions by storing samples in a per-task subdirectory (use task id in temp path). Add tests to verify final cleanup on unhandled exceptions and that unexpected analysis errors set task status and unlock machines; update imports accordingly.
Prefix uploaded sample paths with a task-id subdirectory for file/archive analyses by updating options['file_name'] (sanitized) before add_config, using platform-appropriate separators. The guest upload now builds the destination filepath directly from options['file_name'], preventing guest path collisions and ensuring analysis.conf contains the correct path. Also simplify AnalysisManager teardown: move the DB session context into a try block and catch CuckooMachineError outside it to log failures to stop the machine without performing an explicit manual rollback.
Added optional parameter to demux_sflock and updated return types for better clarity. Enhanced file handling logic and added new patterns for executable identification.
Ensure machine cleanup and handle unexpected errors
Refactor demux.py for improved file handling and type hints
feat(web): generic OIDC SSO via django-allauth (Okta/Azure/Auth0/Keycloak)
Various fixes to cape2.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )