Release: Merge back 2.55.2 into dev from: master-into-dev/2.55.2-2.56.0-dev#14279
Merged
Release: Merge back 2.55.2 into dev from: master-into-dev/2.55.2-2.56.0-dev#14279
Conversation
The custom decorators that we have on Celery tasks interfere with some (advanced) celery functionality like signatures. This PR refactors this to have a clean base task that passes on context, but does not interfere with celery mechanisms. The logic to decide whether or not the task is to be called asynchronously is now in a dispatch method.
- Use class reference instead of self for task dispatch (self.method returns bound method without .si() attribute) - Update location_manager.py to use dojo_dispatch_task instead of @dojo_async_task decorator - Convert task methods to static-like functions (no self parameter)
- Avoid passing manager/task attributes via instance (use class task objects to ensure .si() is available) - Stop dispatching non-task jira_helper.push_to_jira through dojo_dispatch_task; call it directly and let it dispatch the underlying celery tasks
….56.0-dev Release: Merge back 2.55.1 into bugfix from: master-into-bugfix/2.55.1-2.56.0-dev
Fixes #12644 This commit addresses several issues with the risk acceptance API: 1. Risk acceptances created via API now appear in engagement panel - Added engagement.risk_acceptance.add(instance) in create() method - Fixes the main bug where API-created risk acceptances were orphaned 2. Added validation for enable_full_risk_acceptance product setting - API now respects the product-level setting before creating instances - Validates in validate() method to fail early 3. Added protection against engagement switching - Prevents moving risk acceptances between engagements via PATCH/PUT - Validates even when risk acceptance has no findings (edge case) 4. Performance improvement - Use self.instance.accepted_findings.all() instead of filtering 5. Comprehensive API tests - Added test_risk_acceptance_api.py with 7 test cases - Covers all edge cases and validation scenarios - All tests passing Changes: - dojo/api_v2/serializers.py: Enhanced RiskAcceptanceSerializer - unittests/test_risk_acceptance_api.py: New comprehensive test suite
[docs] pro changelog - 2.55.0
…e product reference
…portAndPushTestApi
* Replace old risk acceptance article and add calendar * revert thulite changes and block renovate * resize images * update lock file * change article directories * content changes * update lock file again --------- Co-authored-by: Paul Osinski <posinski34@gmail.com> Co-authored-by: Paul Osinski <42211303+paulOsinski@users.noreply.github.com>
…#14256) * added testing to ensure duplicate findings are deleted in the correct order * fix ruff issues * Update unittests/test_duplication_loops.py --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
The Test model uses 'title' field, not 'name'. This fixes the 500 error when filtering findings by Test name with Filter String Matching Optimization enabled. Fixes #14160 Co-authored-by: Cursor <cursoragent@cursor.com>
Update dockerfiles to ensure underlying OS is always running the late…
…sk-base-task-bugfix refactor dojo async task base task (bugfix branch)
…api-engagement-link Fix risk acceptance API to link to engagement and add validations and permission check
Auto Create Context: Fetch all objects for correct jira project associations
The `has_jira_issue` filter only checks if the finding itself has a JIRA issue. For findings in a group where the group has a JIRA issue, this filter doesn't match. A `FindingHasJIRAFilter` that checks both already existed but was never wired up to be visible in the UI or API. Rename it to `has_any_jira_issue`, add help text, and include it in `get_finding_filterset_fields()` so it appears in the finding filters when both JIRA and finding groups are enabled. Closes #12670
* Add finding group support to jira_status_reconciliation command The jira_status_reconciliation management command only processed individual findings with direct JIRA issues. Finding groups that were pushed to JIRA as groups were completely skipped because their JIRA issue is attached to the Finding_Group model, not to individual findings. This adds a second processing loop for Finding_Group objects with JIRA issues, supporting all three modes (reconcile, push_status_to_jira, import_status_from_jira). The group's aggregate status is derived from its member findings. To avoid pushing the same JIRA issue twice, we use push_status_to_jira directly on the group object (not push_finding_group_to_jira which would also push individual finding JIRA issues already handled by the existing loop). Also adds --include-findings/--no-include-findings and --include-finding-groups/--no-include-finding-groups flags so users can control which types are processed. Closes #14031 * add upgrade notes
* Enhance JIRA synchronization logic in importers and serializers - Updated push_to_jira conditions to include sync behavior based on JIRA instance settings. - Refactored JIRA push logic to check for sync status in FindingSerializer and DefaultImporter. - Improved handling of JIRA instance retrieval and sync checks in DefaultReImporter and BaseImporter. - Added support for prefetched JIRA instance in is_keep_in_sync_with_jira function. * Refactor JIRA sync flag to use 'finding_jira_sync' for consistency in importers and reimporters * Refactor is_keep_in_sync_with_jira function to use a generic object parameter for improved flexibility * Refactor is_keep_in_sync_with_jira function to improve JIRA issue detection and sync logic * Add tests * bulk edit: push groups to JIRA when sync is enabled (#14265) --------- Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
Release: Merge release into master from: release/2.55.2
github-actions
bot
requested review from
Maffooch and
mtesauro
as code owners
🔴 Risk threshold exceeded.This pull request modifies sensitive API codepaths (dojo/api_v2/views.py and dojo/api_v2/serializers.py) and the scanner flagged those edits as sensitive; reviewers should verify the changes against project security policies or
🔴 Configured Codepaths Edit in
|
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/api_v2/serializers.py
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/api_v2/views.py
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/api_v2/serializers.py
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/api_v2/views.py
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
We've notified @mtesauro.
All finding details can be found in the DryRun Security Dashboard.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release triggered by
rossops