Skip to content

🐛 fix close_old_findings through service field in several parsers #14640#14687

Open
manuel-sommer wants to merge 13 commits intoDefectDojo:devfrom
manuel-sommer:issue_14640_closeoldfindings
Open

🐛 fix close_old_findings through service field in several parsers #14640#14687
manuel-sommer wants to merge 13 commits intoDefectDojo:devfrom
manuel-sommer:issue_14640_closeoldfindings

Conversation

@manuel-sommer
Copy link
Copy Markdown
Contributor

@manuel-sommer manuel-sommer commented Apr 15, 2026
edited
Loading

@github-actions github-actions Bot added the docs label Apr 15, 2026
@manuel-sommer manuel-sommer marked this pull request as ready for review April 15, 2026 07:56
@github-actions github-actions Bot added the New Migration Adding a new migration file. Take care when merging. label Apr 15, 2026
@manuel-sommer
Copy link
Copy Markdown
Contributor Author

manuel-sommer commented Apr 15, 2026

@valentijnscholten please take a look here

@dryrunsecurity
Copy link
Copy Markdown

dryrunsecurity Bot commented Apr 15, 2026
edited
Loading

DryRun Security

This pull request includes a sensitive edit to the file dojo/db_migrations/0264_clear_service_for_affected_parsers.py, which matches configured sensitive codepaths (see .dryrunsecurity.yaml) and has been flagged as an error by the configured-codepaths analyzer. The change is marked as high risk per the scanner and may require review or explicit authorization for the authors.

🔴 Configured Codepaths Edit in dojo/db_migrations/0264_clear_service_for_affected_parsers.py (drs_5ddbcdfb)
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.

We've notified @mtesauro.

Comment to provide feedback on these findings.

Report false positive: @dryrunsecurity fp [FINDING ID] [FEEDBACK]
Report low-impact: @dryrunsecurity nit [FINDING ID] [FEEDBACK]

Example: @dryrunsecurity fp drs_90eda195 This code is not user-facing

All finding details can be found in the DryRun Security Dashboard.

@manuel-sommer manuel-sommer changed the title 🐛 fix close_old_findings field in several parsers #14640 🐛 fix close_old_findings through service field in several parsers #14640 Apr 15, 2026
Maffooch
Maffooch reviewed Apr 15, 2026
View reviewed changes
Comment thread dojo/db_migrations/0264_clear_service_for_affected_parsers.py
Copy link
Copy Markdown
Contributor

@Maffooch Maffooch Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If a service was supplied to these test types at import time, does that value override the value set by the parser? If so, could this migration potentially erase service fields that are from the user?

Copy link
Copy Markdown
Contributor Author

@manuel-sommer manuel-sommer Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a question beyond my knowledge. Maybe @valentijnscholten has an opinion on this.

Copy link
Copy Markdown
Member

@valentijnscholten valentijnscholten Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The importers overwrite any fields set by the parsers:

django-DefectDojo/dojo/importers/default_importer.py

Lines 216 to 217 in 9d661d7

if self.service is not None:
unsaved_finding.service = self.service

django-DefectDojo/dojo/importers/default_reimporter.py

Lines 337 to 338 in 9d661d7

if self.service is not None:
unsaved_finding.service = self.service

Copy link
Copy Markdown
Contributor

@Maffooch Maffooch Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So it seems like this migration would erase data intentionally set by users...

Copy link
Copy Markdown
Contributor Author

@manuel-sommer manuel-sommer Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a possibility to distinguish between the two ways?

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 30, 2026

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@manuel-sommer
Copy link
Copy Markdown
Contributor Author

manuel-sommer commented May 5, 2026

any updates on this @valentijnscholten and @Maffooch ? I will resolve conflicts after the next review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

@valentijnscholten valentijnscholten Awaiting requested review from valentijnscholten

@Maffooch Maffooch Awaiting requested review from Maffooch Maffooch is a code owner

At least 4 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

conflicts-detected docs New Migration Adding a new migration file. Take care when merging. parser unittests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@manuel-sommer @valentijnscholten @Maffooch