Skip to content

Improve slack guidelines. #1507

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Improve slack guidelines. #1507

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
3688dd5
Update CONTRIBUTING.md
ahmedxgouda May 21, 2025
3f36169
Update CONTRIBUTING.md
ahmedxgouda May 21, 2025
48f83ae
Add Django prefix to the workspace env variable
ahmedxgouda May 21, 2025
4721bb8
Update tests
ahmedxgouda May 21, 2025
d89373b
Apply make-check
ahmedxgouda May 21, 2025
0a32221
Merge branch 'main' into feature/improve-slack-guidelines
ahmedxgouda Jun 8, 2025
334dc68
Fix lowercase
ahmedxgouda Jun 8, 2025
77a0649
Merge branch 'main' into feature/improve-slack-guidelines
kasya Jun 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 20 additions & 7 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -341,9 +341,9 @@ If you plan to fetch GitHub OWASP data locally, follow these additional steps:

#### NestBot Development

**Never install your development Slack application in the OWASP Slack workspace.**
**Doing so will interfere with OWASP Nest functionality and trigger unnecessary notifications to Slack admins.**
**Always use a different workspace (create your own if needed).**
- **Never install your development Slack application in the OWASP Slack workspace.**
- **Doing so will interfere with OWASP Nest functionality and trigger unnecessary notifications to Slack admins.**
- **Always use a different workspace (create your own if needed).**

To setup NestBot development environment, follow these steps:

Expand Down Expand Up @@ -374,21 +374,34 @@ To setup NestBot development environment, follow these steps:
ngrok start NestBot
```

1. **Update environment Variables with your NestBot Configuration**:
2. **Set up Slack application**:
- Create a slack workspace if you don't have one already (Don't use OWASP workspace).
- Open the workspace from your browser and get its id.
- Example link: `https://app.slack.com/client/T0123456789/...`, the id is: T0123456789.
- Open the admin page of the django project: `localhost:8000/a` (create a superuser with `make setup`), and add a new workspace with the id and the name of your workspace.
- Go to the [Slack API website](https://api.slack.com/apps), and create a new app.
- Open the app from the dashboard, and select `App Manifest` from `Features`.
- Copy the content from [NestBot manifest file](https://github.com/OWASP/Nest/blob/main/backend/apps/slack/MANIFEST.yaml) to the `App Manifest` from `Features`, and replace all `nest.owasp.org` with your ngrok domain (keep the slack endpoints like the original, just put your ngrok link).
- Reinstall your Slack application after making the changes using `Settings -- Install App` section.

3. **Update environment variables with your NestBot Configuration**:

- Open the app dashboard.
- Update `backend/.env` with your Slack application tokens:

- Bot User OAuth Token from `Settings -- Install App -- OAuth Tokens` section
- Signing Secret from `Settings -- Basic Information -- App Credentials` section

```plaintext
DJANGO_SLACK_BOT_TOKEN=<your-slack-bot-token>
DJANGO_SLACK_BOT_TOKEN_<your-workspace-id>=<your-slack-bot-token>
DJANGO_SLACK_SIGNING_SECRET=<your-slack-signing-secret>

```

1. **Set up Slack application**:
- Configure your Slack application using [NestBot manifest file](https://github.com/OWASP/Nest/blob/main/backend/apps/slack/MANIFEST.yaml) (copy its contents and save it into `Features -- App Manifest`). You'll need to replace slash commands endpoint with your ngrok static domain path.
- Reinstall your Slack application after making the changes using `Settings -- Install App` section.
4. **Sync the slack data**:
- Make sure that the app is running.
- Run `make slack-sync-data`.

#### OWASP Schema Development

Expand Down
2 changes: 1 addition & 1 deletion backend/apps/slack/models/workspace.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,4 +40,4 @@ def bot_token(self) -> str:
str: The bot token for the workspace.

"""
return os.getenv(f"SLACK_BOT_TOKEN_{self.slack_workspace_id.upper()}", "")
return os.getenv(f"DJANGO_SLACK_BOT_TOKEN_{self.slack_workspace_id.upper()}", "")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Ensure fallback for global bot token
The documentation instructs users to also set DJANGO_SLACK_BOT_TOKEN without a workspace suffix, but this property only reads the suffixed variable. You should either update the docs to drop the global var or add a fallback in code.

Apply this diff to fall back to the generic token when the workspace‐specific one isn’t set:

@@ class Workspace(TimestampedModel):
     @property
     def bot_token(self) -> str:
         """Get bot token for the workspace."""
-        return os.getenv(f"DJANGO_SLACK_BOT_TOKEN_{self.slack_workspace_id.upper()}", "")
+        return (
+            os.getenv(f"DJANGO_SLACK_BOT_TOKEN_{self.slack_workspace_id.upper()}")
+            or os.getenv("DJANGO_SLACK_BOT_TOKEN", "")
+        )
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
return os.getenv(f"DJANGO_SLACK_BOT_TOKEN_{self.slack_workspace_id.upper()}", "")
@property
def bot_token(self) -> str:
"""Get bot token for the workspace."""
return (
os.getenv(f"DJANGO_SLACK_BOT_TOKEN_{self.slack_workspace_id.upper()}")
or os.getenv("DJANGO_SLACK_BOT_TOKEN", "")
)
🤖 Prompt for AI Agents 
In backend/apps/slack/models/workspace.py at line 32, the code only retrieves
the workspace-specific Slack bot token environment variable and does not fall
back to the global DJANGO_SLACK_BOT_TOKEN if the specific one is not set. Modify
the return statement to first attempt fetching the workspace-specific token, and
if it is empty, then return the global DJANGO_SLACK_BOT_TOKEN environment
variable as a fallback.

4 changes: 3 additions & 1 deletion backend/tests/slack/models/workspace_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,9 @@ class TestWorkspaceModel:
def test_bot_token(self):
workspace_id = "T123ABC"
expected_token = "xoxb-test-token" # noqa: S105
with patch.dict(os.environ, {f"SLACK_BOT_TOKEN_{workspace_id.upper()}": expected_token}):
with patch.dict(
os.environ, {f"DJANGO_SLACK_BOT_TOKEN_{workspace_id.upper()}": expected_token}
):
workspace = Workspace(slack_workspace_id=workspace_id)

assert workspace.bot_token == expected_token
Expand Down