remove: Stub Findings (2.57 deprecation, 2.59 EOL)#14837
Merged
Conversation
Per the 2.59 release notes, retires the Stub Findings feature in its
entirety: UI, API, model, and DB table. Stub_Finding has no inbound
foreign keys, so the deletion is self-contained.
Endpoint removed (now `404`):
- /api/v2/stub_findings/
UI removed:
- /finding/<id>/promote, /stub_finding/<id>/add, /stub_finding/<id>/delete
- "Potential Findings" table on the test detail page (view_test.html)
- The quick-add-form JS handler that powered it
- The promote_to_finding.html template
Code deleted:
- `StubFindingsViewSet`, `StubFindingSerializer`, `StubFindingCreateSerializer`
- `add_stub_finding`, `delete_stub_finding`, `promote_to_finding` views
- `StubFindingForm`, `DeleteStubFindingForm`
- `get_authorized_stub_findings` query helper
- `get_stub_findings` method and call site in `dojo/test/views.py`
- `Stub_Finding` admin registration and model class
- The `Stub_Finding` branch in `dojo/authorization/authorization.py`
(now just `Finding` instead of `Finding | Stub_Finding`)
- The `Stub_Finding` early-return and union check in `dojo/jira/helper.py`
- Unit tests: `StubFindingsTest` (REST), `TestGetAuthorizedStubFindings`,
the two `test_user_has_permission_stub_finding_*` tests, and the three
Selenium tests in `tests/test_test.py`
- Dead `#stub_findings` JS in `view_objects.html` / `view_objects_eng.html`
Schema dropped via 0265_remove_stub_finding:
- `DeleteModel('Stub_Finding')`
The 2.59 upgrade doc already documents the removal; no doc update.
Note: PR 2 also adds a 0265_* migration. Whichever PR merges second
must rebase the migration filename and `dependencies` tuple accordingly.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
github-actions
Bot
added
New Migration
- dojo/finding/views.py: drop now-unused `json` and `formats` imports (the only callers were in the deleted stub-finding views). - tests/test_test.py: drop the now-unused `on_exception_html_source_logger` import. - Remove dojo.stub_finding rows and watson.searchentry rows pointing at that content type from all four data fixtures so loaddata stops faulting. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- unittests/test_rest_framework.py: EngagementTest.deleted_objects went from 23 -> 21 because the cascading delete no longer pulls 2 Stub_Finding rows. - tests/test_test.py: drop test_merge_findings (the integration test needed two findings; the second one used to come from the stub finding promote flow which is now gone). The merge functionality is still covered by the unit tests. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Maffooch
force-pushed
the
remove-stub-findings
branch
from
57c5eb5 to
13d9acd
Compare
Maffooch
requested review from
Jino-T,
blakeaowens,
paulOsinski and
valentijnscholten
valentijnscholten
approved these changes
May 8, 2026
Jino-T
approved these changes
May 8, 2026
paulOsinski
approved these changes
May 8, 2026
Maffooch
added a commit
to devGregA/django-DefectDojo
that referenced
this pull request
May 8, 2026
Resolve conflicts from dev's removal of Credential Manager (DefectDojo#14836), Stub Findings (DefectDojo#14837), deprecated questionnaire API (DefectDojo#14835), plus Xygeni parser (DefectDojo#14769) and import-time tag batching (DefectDojo#14839). Accepted dev's deletions: cred module, stub findings, deprecated viewsets, and their UI sections in view_eng/view_finding/view_test. Kept tailwind's refactored auth (api_permissions shim, action-string roles, _user_authorized_for) over dev's legacy Permissions-enum code. Trimmed cred/Stub_Finding refs from authorization/{api_permissions, query_registrations,url_permissions}.py and the legacy auth tests. Note: dojo/templates_classic/ still references removed URL names (new_cred_*, promote_to_finding, delete_stub_finding) — follow-up. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Maffooch
pushed a commit
to devGregA/django-DefectDojo
that referenced
this pull request
May 8, 2026
Resolve conflicts from dev's removal of Credential Manager (DefectDojo#14836), Stub Findings (DefectDojo#14837), deprecated questionnaire API (DefectDojo#14835), plus Xygeni parser (DefectDojo#14769) and import-time tag batching (DefectDojo#14839). Accepted dev's deletions: cred module, stub findings, deprecated viewsets, and their UI sections in view_eng/view_finding/view_test. Kept tailwind's refactored auth (api_permissions shim, action-string roles, _user_authorized_for) over dev's legacy Permissions-enum code. Trimmed cred/Stub_Finding refs from authorization/{api_permissions, query_registrations,url_permissions}.py and the legacy auth tests. Note: dojo/templates_classic/ still references removed URL names (new_cred_*, promote_to_finding, delete_stub_finding) — follow-up. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Maffooch
pushed a commit
to devGregA/django-DefectDojo
that referenced
this pull request
May 8, 2026
Resolve conflicts from dev's removal of Credential Manager (DefectDojo#14836), Stub Findings (DefectDojo#14837), deprecated questionnaire API (DefectDojo#14835), plus Xygeni parser (DefectDojo#14769) and import-time tag batching (DefectDojo#14839). Accepted dev's deletions: cred module, stub findings, deprecated viewsets, and their UI sections in view_eng/view_finding/view_test. Kept tailwind's refactored auth (api_permissions shim, action-string roles, _user_authorized_for) over dev's legacy Permissions-enum code. Trimmed cred/Stub_Finding refs from authorization/{api_permissions, query_registrations,url_permissions}.py and the legacy auth tests. Note: dojo/templates_classic/ still references removed URL names (new_cred_*, promote_to_finding, delete_stub_finding) — follow-up. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Per the 2.59 upgrade notes, this PR retires the Stub Findings feature (announced for removal in 2.57.0). Full removal: UI, API, model, and DB table. `Stub_Finding` has no inbound foreign keys, so the deletion is self-contained.
Endpoint removed (now `404`)
UI removed
What changed
Schema changes
`dojo/db_migrations/0265_remove_stub_finding.py`:
Coordinating with #14836
This PR's migration uses number `0265`. PR #14836 (Credential Manager removal) also adds a `0265_` migration. **Whichever of the two PRs merges second must rebase its migration filename to `0266_` and update its `dependencies` tuple to point at the previously-merged `0265_*` migration.**
The `view_cred_*` templates contain leftover `#stub_findings` JS as well; those edits are intentionally left to PR #14836 since that PR deletes the entire files.
Verification
The 2.59 upgrade doc already documents this removal; no doc update required.
Diff: `20 files changed, 29 insertions(+), 955 deletions(-)`.
🤖 Generated with Claude Code