From 3688dd574cc3daf16656f4112ff25ed581533d1b Mon Sep 17 00:00:00 2001 From: Ahmed Gouda <62152210+ahmedxgouda@users.noreply.github.com> Date: Thu, 22 May 2025 02:01:54 +0300 Subject: [PATCH 1/6] Update CONTRIBUTING.md --- CONTRIBUTING.md | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0c68efba1..16d5132b3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -341,9 +341,9 @@ If you plan to fetch GitHub OWASP data locally, follow these additional steps: #### NestBot Development -❗ **Never install your development Slack application in the OWASP Slack workspace.** -❗ **Doing so will interfere with OWASP Nest functionality and trigger unnecessary notifications to Slack admins.** -❗ **Always use a different workspace (create your own if needed).** + - **❗Never install your development Slack application in the OWASP Slack workspace.** + - **❗Doing so will interfere with OWASP Nest functionality and trigger unnecessary notifications to Slack admins.** + - **❗Always use a different workspace (create your own if needed).** To setup NestBot development environment, follow these steps: @@ -374,8 +374,19 @@ To setup NestBot development environment, follow these steps: ngrok start NestBot ``` -1. **Update environment Variables with your NestBot Configuration**: +2. **Set up Slack application**: + - Create a slack workspace if you don't have one already (Don't use OWASP workspace). + - Open the workspace from your browser and get its id. + - Example link: `https://app.slack.com/client/T0123456789/...`, the id is: T0123456789. + - Open the admin page of the django project: `localhost:8000/a` (create a superuser with `make setup`), and add a new workspace with the id and the name of your workspace. + - Go to the [Slack API website](https://api.slack.com/apps), and create a new app. + - Open the app from the dashboard, and select `App Manifest` from `Features`. + - Copy the content from [NestBot manifest file](https://github.com/OWASP/Nest/blob/main/backend/apps/slack/MANIFEST.yaml) to the `App Manifest` from `Features`, and replace all `nest.owasp.org` with your ngrok domain (keep the slack endpoints like the original, just put your ngrok link). + - Reinstall your Slack application after making the changes using `Settings -- Install App` section. + +3. **Update environment Variables with your NestBot Configuration**: + - Open the app dashboard. - Update `backend/.env` with your Slack application tokens: - Bot User OAuth Token from `Settings -- Install App -- OAuth Tokens` section @@ -383,12 +394,11 @@ To setup NestBot development environment, follow these steps: ```plaintext DJANGO_SLACK_BOT_TOKEN= + DJANGO_SLACK_BOT_TOKEN_= DJANGO_SLACK_SIGNING_SECRET= ``` - -1. **Set up Slack application**: - - Configure your Slack application using [NestBot manifest file](https://github.com/OWASP/Nest/blob/main/backend/apps/slack/MANIFEST.yaml) (copy its contents and save it into `Features -- App Manifest`). You'll need to replace slash commands endpoint with your ngrok static domain path. - - Reinstall your Slack application after making the changes using `Settings -- Install App` section. +4. **Sync the slack data**: + - Run `make slack_sync_data`. #### OWASP Schema Development From 3f36169f61ae9f7024dc151ef26ecb4196d5c22b Mon Sep 17 00:00:00 2001 From: Ahmed Gouda Date: Thu, 22 May 2025 02:05:20 +0300 Subject: [PATCH 2/6] Update CONTRIBUTING.md --- CONTRIBUTING.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 16d5132b3..b5c80367b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -341,9 +341,9 @@ If you plan to fetch GitHub OWASP data locally, follow these additional steps: #### NestBot Development - - **❗Never install your development Slack application in the OWASP Slack workspace.** - - **❗Doing so will interfere with OWASP Nest functionality and trigger unnecessary notifications to Slack admins.** - - **❗Always use a different workspace (create your own if needed).** +- **❗Never install your development Slack application in the OWASP Slack workspace.** +- **❗Doing so will interfere with OWASP Nest functionality and trigger unnecessary notifications to Slack admins.** +- **❗Always use a different workspace (create your own if needed).** To setup NestBot development environment, follow these steps: @@ -396,9 +396,12 @@ To setup NestBot development environment, follow these steps: DJANGO_SLACK_BOT_TOKEN= DJANGO_SLACK_BOT_TOKEN_= DJANGO_SLACK_SIGNING_SECRET= + ``` + 4. **Sync the slack data**: - - Run `make slack_sync_data`. + - Make sure that the app is running. + - Run `make slack-sync-data`. #### OWASP Schema Development From 48f83ae266cc724de6ccfc0951ebfa257fcd53f2 Mon Sep 17 00:00:00 2001 From: Ahmed Gouda Date: Thu, 22 May 2025 02:06:36 +0300 Subject: [PATCH 3/6] Add Django prefix to the workspace env variable --- backend/apps/slack/models/workspace.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/apps/slack/models/workspace.py b/backend/apps/slack/models/workspace.py index c97300649..b9b0c2f0b 100644 --- a/backend/apps/slack/models/workspace.py +++ b/backend/apps/slack/models/workspace.py @@ -29,4 +29,4 @@ def bot_token(self) -> str: str: The bot token for the workspace. """ - return os.getenv(f"SLACK_BOT_TOKEN_{self.slack_workspace_id.upper()}", "") + return os.getenv(f"DJANGO_SLACK_BOT_TOKEN_{self.slack_workspace_id.upper()}", "") From 4721bb85b7f44fd9b975708ad391d9ff7ee61094 Mon Sep 17 00:00:00 2001 From: Ahmed Gouda Date: Thu, 22 May 2025 02:13:00 +0300 Subject: [PATCH 4/6] Update tests --- backend/tests/slack/models/workspace_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/tests/slack/models/workspace_test.py b/backend/tests/slack/models/workspace_test.py index c8516113b..f3b6717d7 100644 --- a/backend/tests/slack/models/workspace_test.py +++ b/backend/tests/slack/models/workspace_test.py @@ -8,7 +8,7 @@ class TestWorkspaceModel: def test_bot_token(self): workspace_id = "T123ABC" expected_token = "xoxb-test-token" # noqa: S105 - with patch.dict(os.environ, {f"SLACK_BOT_TOKEN_{workspace_id.upper()}": expected_token}): + with patch.dict(os.environ, {f"DJANGO_SLACK_BOT_TOKEN_{workspace_id.upper()}": expected_token}): workspace = Workspace(slack_workspace_id=workspace_id) assert workspace.bot_token == expected_token From d89373b0d988e83389d5ba8e7c1838810924edcb Mon Sep 17 00:00:00 2001 From: Ahmed Gouda Date: Thu, 22 May 2025 02:14:52 +0300 Subject: [PATCH 5/6] Apply make-check --- backend/tests/slack/models/workspace_test.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/backend/tests/slack/models/workspace_test.py b/backend/tests/slack/models/workspace_test.py index f3b6717d7..b7f0237e5 100644 --- a/backend/tests/slack/models/workspace_test.py +++ b/backend/tests/slack/models/workspace_test.py @@ -8,7 +8,9 @@ class TestWorkspaceModel: def test_bot_token(self): workspace_id = "T123ABC" expected_token = "xoxb-test-token" # noqa: S105 - with patch.dict(os.environ, {f"DJANGO_SLACK_BOT_TOKEN_{workspace_id.upper()}": expected_token}): + with patch.dict( + os.environ, {f"DJANGO_SLACK_BOT_TOKEN_{workspace_id.upper()}": expected_token} + ): workspace = Workspace(slack_workspace_id=workspace_id) assert workspace.bot_token == expected_token From 334dc689ace72d51c964955185ada62f7d023471 Mon Sep 17 00:00:00 2001 From: Ahmed Gouda Date: Sun, 8 Jun 2025 06:19:16 +0300 Subject: [PATCH 6/6] Fix lowercase --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 9e06e2bce..16c4829f5 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -384,7 +384,7 @@ To setup NestBot development environment, follow these steps: - Copy the content from [NestBot manifest file](https://github.com/OWASP/Nest/blob/main/backend/apps/slack/MANIFEST.yaml) to the `App Manifest` from `Features`, and replace all `nest.owasp.org` with your ngrok domain (keep the slack endpoints like the original, just put your ngrok link). - Reinstall your Slack application after making the changes using `Settings -- Install App` section. -3. **Update environment Variables with your NestBot Configuration**: +3. **Update environment variables with your NestBot Configuration**: - Open the app dashboard. - Update `backend/.env` with your Slack application tokens: