Set up pre-commit

.github/workflows/docker-build-and-push.yml

@@ -36,14 +36,14 @@ jobs:
       run: |
         echo "VERSION=$(git describe --tags --always)" >> $GITHUB_ENV
         echo "BUILD=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
-        
+
         echo "CISO_ASSISTANT_VERSION=$(git describe --tags --always)" > .meta
         echo "CISO_ASSISTANT_BUILD=$(git rev-parse --short HEAD)" >> .meta
-        
+
         cp .meta ./backend/
         cp .meta ./backend/ciso_assistant/
-  
-  
+
+
     - name: Build and Push Backend Docker Image
       uses: docker/build-push-action@v5
       with:

.github/workflows/functional-tests.yml

@@ -27,7 +27,10 @@ jobs:
         options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
       mailhog:
         image: mailhog/mailhog
-        ports: ["1025:1025", "8025:8025"]
+        ports: [
+          "1025:1025",
+          "8025:8025"
+        ]
 
     strategy:
       max-parallel: 4

.pre-commit-config.yaml

@@ -0,0 +1,23 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: check-yaml
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.4.1
+    hooks:
+      # Run the linter.
+      - id: ruff
+        args: [--fix backend]
+      # Run the formatter.
+      - id: ruff-format
+        args: [backend]
+  - repo: local
+    hooks:
+      - id: format-frontend
+        name: format-frontend
+        files: ^frontend/.$
+        language: system
+        entry: sh -c "npm run format --prefix frontend"

LICENSE

@@ -658,4 +658,4 @@ specific requirements.
   You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
 For more information on this, and how to apply and follow the GNU AGPL, see
-<https://www.gnu.org/licenses/>.
+<https://www.gnu.org/licenses/>.

README.md

@@ -1,4 +1,3 @@
-
 <p align="center">
     <br />
     <a href="https://intuitem.com">intuitem.com</a>
@@ -13,7 +12,6 @@
     <br />
 </p>
 
-
 ![](gh_banner.png)
 
 [![Backend code coverage](https://github.com/intuitem/ciso-assistant-community/actions/workflows/backend-coverage.yaml/badge.svg)](https://github.com/intuitem/ciso-assistant-community/actions/workflows/backend-coverage.yaml)
@@ -53,8 +51,7 @@ CISO Assistant is developed and maintained by [intuitem](https://intuitem.com/),
 > [!TIP]
 > The easiest way to get started is through the [free trial of cloud instance available here](https://intuitem.com/trial).
 
-
-Alternatively, once you have *Docker* and *Docker-compose* installed, on your workstation or server, *clone* the repo and run:
+Alternatively, once you have _Docker_ and _Docker-compose_ installed, on your workstation or server, _clone_ the repo and run:
 
 ```sh
 ./docker-compose.sh
@@ -65,7 +62,7 @@ Alternatively, once you have *Docker* and *Docker-compose* installed, on your wo
 > If you're using **Windows**, Make sure to have [WSL](https://learn.microsoft.com/en-us/windows/wsl/install) installed and trigger the script within a WSL command line. It will feed Docker Desktop on your behalf.
 
 > [!WARNING]
-If you're getting warnings or errors about image's platform not matching host platform, raise an issue with the details and we'll add it shortly after. You can also use `docker-compose-build.sh` instead (see below) to build for your specific architecture.
+> If you're getting warnings or errors about image's platform not matching host platform, raise an issue with the details and we'll add it shortly after. You can also use `docker-compose-build.sh` instead (see below) to build for your specific architecture.
 
 ## End-user Documentation
 
@@ -100,15 +97,14 @@ Check out the online documentation on https://intuitem.gitbook.io/ciso-assistant
 25. Tisax 🚘
 26. ANSSI hygiene guide 🇫🇷
 27. Essential Cybersecurity Controls (ECC) 🇸🇦
-28. CIS Controls v8*
-29. CSA CCM (Cloud Controls Matrix)*
+28. CIS Controls v8\*
+29. CSA CCM (Cloud Controls Matrix)\*
 30. FADP (Federal Act on Data Protection) 🇨🇭
 31. NIST SP 800-171 rev2 🇺🇸
 
 <br/>
 
-> [!NOTE]
-> `*` These frameworks require an extra manual step of getting the latest Excel sheet through their website as their license prevent direct usage. 
+> [!NOTE] > `*` These frameworks require an extra manual step of getting the latest Excel sheet through their website as their license prevent direct usage.
 
 <br/>
 
@@ -125,7 +121,7 @@ Checkout the [library](/backend/library/libraries/) and [tools](/tools/) for the
 - FedRAMP
 - NCSC Cyber Assessment Framework (CAF)
 - UK Cyber Essentials
-- and much more: just ask on [Discord](https://discord.gg/qvkaMdQ8da). If it's an open standard, we'll do it for you, *free of charge* 😉
+- and much more: just ask on [Discord](https://discord.gg/qvkaMdQ8da). If it's an open standard, we'll do it for you, _free of charge_ 😉
 
 ### Add your own framework
 
@@ -162,7 +158,7 @@ cd ciso-assistant-community
 ./docker-compose.sh
 ```
 
-*Alternatively*, you can use this variant to build the docker images for your specific architecture:
+_Alternatively_, you can use this variant to build the docker images for your specific architecture:
 
 ```sh
 ./docker-compose-build.sh
@@ -177,7 +173,6 @@ For the following executions, use "docker compose up" directly.
 > [!TIP]
 > If you want a fresh install, simply delete the `db` directory, (default: backend/db) where the database is stored.
 
-
 ## Setting up CISO Assistant for development
 
 ### Requirements
@@ -269,7 +264,13 @@ deactivate
 pip install -r requirements.txt
 ```
 
-5. If you want to setup Postgres:
+5. Recommended: Install the pre-commit hooks.
+
+```sh
+pre-commit install
+```
+
+6. If you want to setup Postgres:
 
 - Launch one of these commands to enter in Postgres:
   - `psql as superadmin`
@@ -281,27 +282,27 @@ pip install -r requirements.txt
   - `create user ciso-assistantuser with password '<POSTGRES_PASSWORD>';`
   - `grant all privileges on database ciso-assistant to ciso-assistantuser;`
 
-6. Apply migrations.
+7. Apply migrations.
 
 ```sh
 python manage.py migrate
 ```
 
-7. Create a Django superuser, that will be CISO Assistant administrator.
+8. Create a Django superuser, that will be CISO Assistant administrator.
 
 > If you have set a mailer and CISO_SUPERUSER_EMAIL variable, there's no need to create a Django superuser with `createsuperuser`, as it will be created automatically on first start. You should receive an email with a link to setup your password.
 
 ```sh
 python manage.py createsuperuser
 ```
 
-8.  Run development server.
+9.  Run development server.
 
 ```sh
 python manage.py runserver
 ```
 
-9.  Configure the git hooks for generating the build name.
+10. Configure the git hooks for generating the build name.
 
 ```sh
 cd .git/hooks
@@ -317,7 +318,6 @@ ln -fs ../../git_hooks/post-merge .
 cd frontend
 ```
 
-
 2. Install dependencies
 
 ```bash
@@ -332,7 +332,6 @@ npm run dev
 
 4. Reach the frontend on http://localhost:5173
 
-
 > [!NOTE]
 > Safari will not properly work in this setup, as it requires https for secure cookies. The simplest solution is to use Chrome or Firefox. An alternative is to use a caddy proxy. This is the solution used in docker-compose, so you can use it as an example.
 
@@ -371,7 +370,9 @@ These migration files should be tracked by version control.
 To run API tests on the backend, simply type "pytest" in a shell in the backend folder.
 
 To run functional tests on the frontend, do the following actions:
+
 - in the frontend folder, launch the following command:
+
 ```shell
 tests/e2e-tests.sh
 ```

SECURITY.md

@@ -10,4 +10,4 @@ We typically and primarily support the latest releases of our products for maint
 
 If you discover any issue regarding security, please disclose the information responsibly by sending an email to [email protected] and not by creating a GitHub issue. We'll get back to you ASAP and work with you to confirm and plan a fix for the issue.
 
-Please note that we do not currently offer a bug bounty program.
+Please note that we do not currently offer a bug bounty program.

backend/.dockerignore

@@ -6,4 +6,4 @@
 .pytest*
 .idea*
 .dockerignore
-Dockerfile
+Dockerfile

backend/.gitignore

@@ -17,4 +17,4 @@ db/django_secret_key
 db/pg_password.txt
 ./db/
 .coverage
-pytest-report.html
+pytest-report.html

backend/.meta

@@ -1,2 +1,2 @@
 CISO_ASSISTANT_VERSION=dev
-CISO_ASSISTANT_BUILD=dev
+CISO_ASSISTANT_BUILD=dev

backend/app_tests/test_file.txt

@@ -1 +1 @@
-This is a test file
+This is a test file

backend/ciso_assistant/.meta

@@ -1,2 +1,2 @@
 CISO_ASSISTANT_VERSION=dev
-CISO_ASSISTANT_BUILD=dev
+CISO_ASSISTANT_BUILD=dev

backend/ciso_assistant/scripts/generate_build_file.sh

@@ -37,4 +37,4 @@ main() {
 }"
 }
 
-main "$@"
+main "$@"

backend/core/templates/core/base_pdf.html

@@ -290,4 +290,4 @@
 
 {% block content %}{% endblock %}
 
-</body>
+</body>

backend/core/templates/core/mp_pdf.html

@@ -1,4 +1,4 @@
 {% extends 'core/base_pdf.html' %}
 {% block content %}
 {% include 'snippets/mp_data.html' %}
-{% endblock %}
+{% endblock %}

backend/core/templates/core/ra_pdf.html

@@ -1,4 +1,4 @@
 {% extends 'core/base_pdf.html' %}
 {% block content %}
 {% include 'snippets/ra_data.html' with pdf=True scenarios=context %}
-{% endblock %}
+{% endblock %}

backend/core/templates/registration/first_connexion_email.html

@@ -35,7 +35,7 @@ <h3>{% trans "Your all-in-one GRC Management Platform" %}</h3>
 </p>
 
 <p>
-<a href="{{ root_url }}/first-connexion?uidb64={{ uid }}&token={{ token }}" role="button" data-testid="set-password-btn"> {% trans "Set my password" %}</a> 
+<a href="{{ root_url }}/first-connexion?uidb64={{ uid }}&token={{ token }}" role="button" data-testid="set-password-btn"> {% trans "Set my password" %}</a>
 </p>
 
 <p>{% trans "An issue with the link? copy and paste the following in your browser" %}:</p>
@@ -68,4 +68,4 @@ <h3>{% trans "Your all-in-one GRC Management Platform" %}</h3>
 </body>
 {% endautoescape %}
 
-</html>
+</html>

backend/core/templates/registration/password_reset_email.html

@@ -64,4 +64,4 @@ <h3>{% trans "Your all-in-one GRC Management Platform" %}</h3>
 
 
 
-</html>
+</html>

backend/core/templates/snippets/mp_data.html

@@ -11,20 +11,20 @@
     <p class="p-2 m-2 text-lg font-semibold"> {% trans "Associated risk scenarios" %}: </p>
     <div class="bg-white p-2 m-2 shadow overflow-hidden rounded-lg flex">
         <table class="w-full p-2 mt-2">
-            <thead>    
+            <thead>
             </thead>
             <tbody>
             {% if not context %}
             <tr class="">
-                <td colspan="" class="p-4 m-2 text-xl text-center"><i class="fas fa-exclamation-circle"></i> 
+                <td colspan="" class="p-4 m-2 text-xl text-center"><i class="fas fa-exclamation-circle"></i>
                 {% trans "Risk risk_assessment seems to be empty. Measure Plan cannot be generated." %}
                 </td>
             </tr>
             {% endif %}
             {% for scenario in context %}
             <tr class="bg-gray-100">
                 <td class="text-lg p-3" colspan="9">
-                    <p class="text-indigo-500 hover:text-indigo-700">{{ scenario.rid }}: {{ scenario.name }}</p> 
+                    <p class="text-indigo-500 hover:text-indigo-700">{{ scenario.rid }}: {{ scenario.name }}</p>
                     <span class="text-xs text-center p-1 mx-1 rounded"
                     {% if scenario.treatment == 'open' %}
                     style="background-color: #fed7aa"
@@ -80,14 +80,14 @@
                 </td>
                 <td class="text-center"><span class="text-xs text-gray-900 whitespace-nowrap text-center p-1 mx-1 rounded
                     {% if appliedcontrol.status == 'open' %}
-                    bg-orange-200 
+                    bg-orange-200
                     {% elif appliedcontrol.status == 'in_progress' %}
-                    bg-blue-200 
+                    bg-blue-200
                     {% elif appliedcontrol.status == 'on_hold' %}
-                    bg-red-300 
+                    bg-red-300
                     {% else %}
-                    bg-green-200 
-                    {% endif %}">{{ appliedcontrol.get_status_display|lower }} 
+                    bg-green-200
+                    {% endif %}">{{ appliedcontrol.get_status_display|lower }}
                     </span></td>
             </tr>
             {% endfor %}
@@ -96,4 +96,4 @@
         </table>
     </div>
 
-</main>
+</main>

backend/core/templates/snippets/ra_data.html

@@ -17,7 +17,7 @@
                             {% endfor %}
                           </ul>
                         </li>
-                        <li class="pb-1"><span class="font-semibold">{% trans "Status:" %}</span> {% if risk_assessment.is_draft %} 
+                        <li class="pb-1"><span class="font-semibold">{% trans "Status:" %}</span> {% if risk_assessment.is_draft %}
                         <span class="bg-blue-200 py-1 px-2 rounded-lg">{% trans "Draft" %}</span> {% else %} <span class="bg-green-200 py-1 px-2 rounded-lg">{% trans "Ready" %} </span>{% endif %}
                         </li>
                         <li class="pb-1"><span class="font-semibold">{% trans "Created at:" %}</span> {{ risk_assessment.created_at|date }}</li>

backend/core/templates/snippets/risk_matrix.html

@@ -85,7 +85,7 @@
         <div class="text-black font-bold text-center mx-auto mt-4">
             {% trans "Impact" %}
         </div>
-    </div>   
+    </div>
     <div class="w-full flex flex-col justify-start">
         <h3 class="flex font-semibold p-2 m-2 text-md">{% trans "Risk levels" %}</h3>
         <div class="flex justify-start mx-2">

backend/library/libraries/owasp-top-10-web.yaml

@@ -47,7 +47,7 @@ objects:
         Insecure design is a broad category representing different weaknesses,
         expressed as missing or ineffective control design.
     - urn: urn:intuitem:risk:threat:A05
-      ref_id: A05 
+      ref_id: A05
       name: Security Misconfiguration
       description:
         "The application might be vulnerable if the application is: Missing

backend/requirements.txt

@@ -18,3 +18,4 @@ structlog==24.1.0
 python-dotenv==1.0.1
 drf-spectacular==0.27.2
 django-rest-knox==4.2.0
+pre-commit==3.7.0

docker-compose-build.sh

@@ -19,7 +19,7 @@ else
     prepare_meta_file
 
     # Build and start the containers
-    docker compose -f docker-compose-build.yml build 
+    docker compose -f docker-compose-build.yml build
     docker compose -f docker-compose-build.yml up -d
 
     # Perform database migrations