Skip to content

Fix bulk edit validation: prevent duplicate findings from being active/verified#13965

Merged
valentijnscholten merged 4 commits intoDefectDojo:devfrom
valentijnscholten:bulk-edit-update-validation
Dec 29, 2025
Merged

Fix bulk edit validation: prevent duplicate findings from being active/verified#13965
valentijnscholten merged 4 commits intoDefectDojo:devfrom
valentijnscholten:bulk-edit-update-validation

Conversation

@valentijnscholten
Copy link
Member

@valentijnscholten valentijnscholten commented Dec 22, 2025
edited
Loading

Description

This PR fixes the bug where bulk edit allows duplicate findings to be marked as active/verified, which violates business rules enforced in the regular edit form and API. And it adds other validation rules that were missing from bulk edit.
AI helped me to create test cases. And then I extracted logic into separate methods to please Ruff.

Fixes #11336

Changes

Form Validation ()

  • Added validation in FindingBulkUpdateForm.clean() to prevent active findings from being risk accepted
  • This matches the validation present in FindingForm but was missing from the bulk form

View Validation ()

  • Added view-level validation to check existing duplicate status before setting active/verified
  • Added view-level validation to check existing active status before risk accepting
  • Added comprehensive user feedback messages for skipped findings with specific reasons:
    • Warning when duplicate findings are skipped during status updates
    • Warning when active findings are skipped during risk acceptance
  • Updated success message to use actually_updated_count to accurately reflect findings that were actually updated (excluding skipped ones)

Validation Rules Enforced

All validation rules from the API and regular forms are now enforced in bulk edit:

  1. ✅ Duplicate findings cannot be active/verified
  2. ✅ False positive findings cannot be verified
  3. ✅ Active findings cannot be risk accepted
  4. ✅ Risk acceptance requires product setting enabled

User Feedback

Users now receive clear feedback about:

  • How many findings were successfully updated
  • How many findings were skipped and why (duplicate status, active status, authorization, etc.)

@valentijnscholten
Fix bulk edit validation: prevent duplicate findings from being activ…
ed11a52 
…e/verified

- Add validation in FindingBulkUpdateForm to prevent active findings from being risk accepted
- Add view-level validation to check existing duplicate status before setting active/verified
- Add view-level validation to check existing active status before risk accepting
- Add comprehensive user feedback for skipped findings with reasons
- Track actually_updated_count to accurately report successful updates

Fixes DefectDojo#11336
@github-actions github-actions bot added docker New Migration Adding a new migration file. Take care when merging. settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR apiv2 docs unittests ui parser helm lint labels Dec 22, 2025
@valentijnscholten valentijnscholten changed the base branch from master to dev December 22, 2025 19:13
@github-actions github-actions bot removed docker New Migration Adding a new migration file. Take care when merging. settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR apiv2 docs ui parser helm lint labels Dec 22, 2025
@valentijnscholten valentijnscholten marked this pull request as ready for review December 22, 2025 20:14
@valentijnscholten valentijnscholten added this to the 2.54.0 milestone Dec 22, 2025
mtesauro
mtesauro approved these changes Dec 23, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@valentijnscholten valentijnscholten merged commit 0c4bf3f into DefectDojo:dev Dec 29, 2025
90 checks passed
valentijnscholten added a commit to valentijnscholten/django-DefectDojo that referenced this pull request Dec 29, 2025
@valentijnscholten
Fix bulk edit validation: prevent duplicate findings from being activ…
31cc775 
…e/verified (DefectDojo#13965)

* Fix bulk edit validation: prevent duplicate findings from being active/verified

- Add validation in FindingBulkUpdateForm to prevent active findings from being risk accepted
- Add view-level validation to check existing duplicate status before setting active/verified
- Add view-level validation to check existing active status before risk accepting
- Add comprehensive user feedback for skipped findings with reasons
- Track actually_updated_count to accurately report successful updates

Fixes DefectDojo#11336

* add bulk edit validation tests

* bulk edit: reduce method complexity
Maffooch pushed a commit to valentijnscholten/django-DefectDojo that referenced this pull request Feb 16, 2026
@valentijnscholten
Fix bulk edit validation: prevent duplicate findings from being activ…
e95e4fa 
…e/verified (DefectDojo#13965)

* Fix bulk edit validation: prevent duplicate findings from being active/verified

- Add validation in FindingBulkUpdateForm to prevent active findings from being risk accepted
- Add view-level validation to check existing duplicate status before setting active/verified
- Add view-level validation to check existing active status before risk accepting
- Add comprehensive user feedback for skipped findings with reasons
- Track actually_updated_count to accurately report successful updates

Fixes DefectDojo#11336

* add bulk edit validation tests

* bulk edit: reduce method complexity
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

@Jino-T Jino-T Jino-T approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

Assignees

No one assigned

Labels

unittests

Projects

None yet

Milestone

2.54.0

Development

Successfully merging this pull request may close these issues.

Bulk edit feature of findings allows to create active/verified duplicate findings

5 participants

@valentijnscholten @mtesauro @Maffooch @Jino-T @blakeaowens