feat(importers): apply import-time tags per batch before post-processing, do not tag old findings#14839
Merged
valentijnscholten merged 1 commit intoDefectDojo:devfrom May 8, 2026
Conversation
Previously, import-time tags (apply_tags_to_findings / apply_tags_to_endpoints) were applied after all findings were processed and post-processing tasks (deduplication, rules) had already been dispatched, so those tasks could not see the tags. Apply import-time tags per batch in process_findings(), immediately after parser tags and location persistence, before dojo_dispatch_task() — the same pattern already used by bulk_apply_parser_tags. Closed findings are intentionally excluded: they are absent from the current report and should not receive the import tags. Also renames the reimporter's ambiguous batch_findings (match-batch slice of unsaved parser objects) to unsaved_findings_batch, freeing batch_findings for the new dedupe-batch accumulator and preventing an iterator-mutation bug. Consolidates apply_import_tags() into apply_import_tags_for_batch(), removing a redundant DB re-query and unused Iterable import. Update performance test query counts accordingly (each import loses 1 query from the removed post-loop apply_import_tags call).
valentijnscholten
changed the title
Maffooch
approved these changes
May 8, 2026
dogboat
approved these changes
May 8, 2026
valentijnscholten
added
the
affects_pro
blakeaowens
approved these changes
May 8, 2026
Maffooch
added a commit
to devGregA/django-DefectDojo
that referenced
this pull request
May 8, 2026
Resolve conflicts from dev's removal of Credential Manager (DefectDojo#14836), Stub Findings (DefectDojo#14837), deprecated questionnaire API (DefectDojo#14835), plus Xygeni parser (DefectDojo#14769) and import-time tag batching (DefectDojo#14839). Accepted dev's deletions: cred module, stub findings, deprecated viewsets, and their UI sections in view_eng/view_finding/view_test. Kept tailwind's refactored auth (api_permissions shim, action-string roles, _user_authorized_for) over dev's legacy Permissions-enum code. Trimmed cred/Stub_Finding refs from authorization/{api_permissions, query_registrations,url_permissions}.py and the legacy auth tests. Note: dojo/templates_classic/ still references removed URL names (new_cred_*, promote_to_finding, delete_stub_finding) — follow-up. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Maffooch
pushed a commit
to devGregA/django-DefectDojo
that referenced
this pull request
May 8, 2026
Resolve conflicts from dev's removal of Credential Manager (DefectDojo#14836), Stub Findings (DefectDojo#14837), deprecated questionnaire API (DefectDojo#14835), plus Xygeni parser (DefectDojo#14769) and import-time tag batching (DefectDojo#14839). Accepted dev's deletions: cred module, stub findings, deprecated viewsets, and their UI sections in view_eng/view_finding/view_test. Kept tailwind's refactored auth (api_permissions shim, action-string roles, _user_authorized_for) over dev's legacy Permissions-enum code. Trimmed cred/Stub_Finding refs from authorization/{api_permissions, query_registrations,url_permissions}.py and the legacy auth tests. Note: dojo/templates_classic/ still references removed URL names (new_cred_*, promote_to_finding, delete_stub_finding) — follow-up. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Maffooch
pushed a commit
to devGregA/django-DefectDojo
that referenced
this pull request
May 8, 2026
Resolve conflicts from dev's removal of Credential Manager (DefectDojo#14836), Stub Findings (DefectDojo#14837), deprecated questionnaire API (DefectDojo#14835), plus Xygeni parser (DefectDojo#14769) and import-time tag batching (DefectDojo#14839). Accepted dev's deletions: cred module, stub findings, deprecated viewsets, and their UI sections in view_eng/view_finding/view_test. Kept tailwind's refactored auth (api_permissions shim, action-string roles, _user_authorized_for) over dev's legacy Permissions-enum code. Trimmed cred/Stub_Finding refs from authorization/{api_permissions, query_registrations,url_permissions}.py and the legacy auth tests. Note: dojo/templates_classic/ still references removed URL names (new_cred_*, promote_to_finding, delete_stub_finding) — follow-up. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
apply_tags_to_findings/apply_tags_to_endpoints) were previously applied after all findings were processed and post-processing tasks (deduplication, rules) had already been dispatched — those tasks could not see the tags on the findings.process_findings(), immediately after parser tags and location persistence, beforedojo_dispatch_task()— the same pattern already used bybulk_apply_parser_tags.batch_findings(match-batch slice of unsaved parser objects) tounsaved_findings_batch, freeingbatch_findingsfor the new dedupe-batch accumulator and fixing a latent iterator-mutation bug where appending to the iterated list caused extra loop iterations.apply_import_tags()intoapply_import_tags_for_batch(), removing a redundantFinding.objects.filter()re-query and an unusedIterableimport.apply_import_tagscall).