Skip to content

perf: Use lazy loading for Product_Tab to improve edit finding performance Fixes#10313 #13805

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
valentijnscholten merged 1 commit into from
Dec 8, 2025
Merged

perf: Use lazy loading for Product_Tab to improve edit finding performance Fixes#10313 #13805

valentijnscholten merged 1 commit into from
Dec 8, 2025

Conversation

@Vincent-Ngobeh
Copy link

@Vincent-Ngobeh Vincent-Ngobeh commented Dec 2, 2025
edited
Loading

Summary

Refactored Product_Tab class in dojo/utils.py to use @cached_property decorators for lazy loading instead of executing all database queries eagerly in __init__. This significantly improves page load performance for views like Edit Finding.

Related Issue: Fixes #10313

Problem

When editing a finding in a product with 100,000+ findings, the page takes 50+ seconds to load. This is because Product_Tab.__init__ executes 5+ expensive COUNT queries immediately, even though the Edit Finding page doesn't need all of them.

Solution

  • Replace eager query execution with @cached_property decorators
  • Queries are now deferred until actually accessed
  • Results are cached for the duration of the request

Key changes:

  • Add functools.cached_property import
  • Convert engagement_count, open_findings_count, endpoints_count, endpoint_hosts_count, and benchmark_type to @cached_property
  • Rename internal attributes to use underscore prefix (_product, _title, etc.)
  • Convert title, tab, product, engagement to @property for consistency

Test Plan

  • Verified syntax with python -m py_compile dojo/utils.py
  • Verified no flake8 errors in changed code
  • Template access patterns remain compatible (properties accessible same way)

Checklist

  • Rebased against latest dev
  • Code is flake8 compliant
  • Code is Python 3.13 compliant
  • Meaningful PR title for release notes
  • Added unit tests (existing tests cover template access patterns)

@Vincent-Ngobeh
perf: Use lazy loading for Product_Tab to improve edit finding perfor…
3c3b467 
…mance

Replace eager query execution in Product_Tab.__init__ with @cached_property
decorators. This defers expensive database queries until they are actually
accessed, improving page load performance.

Fixes DefectDojo#10313
@dryrunsecurity
Copy link

dryrunsecurity bot commented Dec 2, 2025

DryRun Security

🔴 Risk threshold exceeded.

This pull request modifies a sensitive file path (dojo/utils.py) flagged by the scanner for potentially sensitive edits; repository owners can configure sensitive paths and allowed authors in .dryrunsecurity.yaml to adjust blocking behavior.

🔴 Configured Codepaths Edit in dojo/utils.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.

We've notified @mtesauro.

All finding details can be found in the DryRun Security Dashboard.

@Vincent-Ngobeh Vincent-Ngobeh changed the base branch from master to dev December 2, 2025 08:39
@Vincent-Ngobeh Vincent-Ngobeh changed the title perf: Use lazy loading for Product_Tab to improve edit finding performance perf: Use lazy loading for Product_Tab to improve edit finding performance Fixes#10313 Dec 2, 2025
valentijnscholten
valentijnscholten approved these changes Dec 4, 2025
View reviewed changes
Copy link
Member

@valentijnscholten valentijnscholten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wow, I've never seen this code. I don't think we should keep this in this way as we have predefined queries for what is meant by "Open" findings etc. But for now there's no harm in merging this to make it more "lazy" :-)

@valentijnscholten valentijnscholten added this to the 2.54.0 milestone Dec 4, 2025
@valentijnscholten
Copy link
Member

valentijnscholten commented Dec 4, 2025

@Vincent-Ngobeh If you want you can rebase the fix onto bugfix so we can release it sooner. Leaving it as-is is also fine by me.

Maffooch
Maffooch approved these changes Dec 5, 2025
View reviewed changes
Copy link
Contributor

@Maffooch Maffooch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed with everything Val said. Excellent job!

mtesauro
mtesauro approved these changes Dec 6, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@valentijnscholten valentijnscholten merged commit f01d0c2 into DefectDojo:dev Dec 8, 2025
150 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@Maffooch Maffooch Maffooch approved these changes

@Jino-T Jino-T Jino-T approved these changes

@blakeaowens blakeaowens Awaiting requested review from blakeaowens

Assignees

No one assigned

Labels

docs helm

Projects

None yet

Milestone

2.54.0

Development

Successfully merging this pull request may close these issues.

Performance Improvement Review: Dojo Edit finding takes 50 seconds to complete

5 participants

@Vincent-Ngobeh @valentijnscholten @mtesauro @Maffooch @Jino-T