Support sync kwarg in process_findings for inline post-processing#14309
Merged
Maffooch merged 10000 commits intoDefectDojo:bugfixfrom Feb 17, 2026
Merged
Support sync kwarg in process_findings for inline post-processing#14309Maffooch merged 10000 commits intoDefectDojo:bugfixfrom
Maffooch merged 10000 commits intoDefectDojo:bugfixfrom
Conversation
…4 (.github/workflows/validate_docs_build.yml) (DefectDojo#13985) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…x/2.53.5-2.54.0-dev Release: Merge back 2.53.5 into bugfix from: master-into-bugfix/2.53.5-2.54.0-dev
….53.5-2.54.0-dev Release: Merge back 2.53.5 into dev from: master-into-dev/2.53.5-2.54.0-dev
Bumps [django-filter](https://github.com/carltongibson/django-filter) from 25.1 to 25.2. - [Release notes](https://github.com/carltongibson/django-filter/releases) - [Changelog](https://github.com/carltongibson/django-filter/blob/main/CHANGES.rst) - [Commits](carltongibson/django-filter@25.1...25.2) --- updated-dependencies: - dependency-name: django-filter dependency-version: '25.2' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 7.0.0 to 7.1.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md) - [Commits](python-gitlab/python-gitlab@v7.0.0...v7.1.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…file.nginx-alpine) (DefectDojo#13995) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Updated weight for version 2.54.x and modified description.
…3.11 to v (dockerfile.integration-tests-debian) (DefectDojo#14003) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…tialization command (DefectDojo#14002)
* dedupe reopen: add test cases that prove the bug * remove obsolete method * dedupe reopen: proceed with next candidate if candidate is mitigated * rename methods
…Dojo#14017) * added code to remove unwanted vulnerability ids * Update dojo/finding/helper.py --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
…efectDojo#14018) Bumps [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) from 2025.12.1 to 2026.1.1. - [Commits](tfranzel/drf-spectacular-sidecar@2025.12.1...2026.1.1) --- updated-dependencies: - dependency-name: drf-spectacular-sidecar dependency-version: 2026.1.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…14019) Bumps [django-polymorphic](https://github.com/jazzband/django-polymorphic) from 4.5.1 to 4.5.2. - [Release notes](https://github.com/jazzband/django-polymorphic/releases) - [Changelog](https://github.com/jazzband/django-polymorphic/blob/master/docs/changelog.rst) - [Commits](jazzband/django-polymorphic@v4.5.1...v4.5.2) --- updated-dependencies: - dependency-name: django-polymorphic dependency-version: 4.5.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pillow](https://github.com/python-pillow/Pillow) from 12.0.0 to 12.1.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@12.0.0...12.1.0) --- updated-dependencies: - dependency-name: pillow dependency-version: 12.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…thub/workflows/renovate.yaml) (DefectDojo#14025) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…efectDojo#14026) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…Dojo#14021) Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.2.21 to 0.3.0. - [Release notes](https://github.com/bpampuch/pdfmake/releases) - [Changelog](https://github.com/bpampuch/pdfmake/blob/master/CHANGELOG.md) - [Commits](bpampuch/pdfmake@0.2.21...0.3.0) --- updated-dependencies: - dependency-name: pdfmake dependency-version: 0.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.45 to 3.1.46. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.45...3.1.46) --- updated-dependencies: - dependency-name: gitpython dependency-version: 3.1.46 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…json) (DefectDojo#14023) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [celery](https://github.com/celery/celery) from 5.6.0 to 5.6.1. - [Release notes](https://github.com/celery/celery/releases) - [Changelog](https://github.com/celery/celery/blob/main/Changelog.rst) - [Commits](celery/celery@v5.6.0...v5.6.1) --- updated-dependencies: - dependency-name: celery dependency-version: 5.6.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ckerfile.integration-tests-debian) (DefectDojo#14008) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Add permission classes and refine queryset in BurpRawRequestResponseViewSet
* Add configuration permission check for authorized groups retrieval * Add case where user has add_group, but not view_group
github-actions
bot
added
the
settings_changes
Thread the sync kwarg from process_findings through to dojo_dispatch_task in both DefaultImporter and DefaultReImporter so callers can force post_process_findings_batch to run inline instead of spawning additional Celery tasks. Pop sync from kwargs in sync_process_findings to avoid duplicate keyword argument errors.
valentijnscholten
force-pushed
the
fix/async-import-optimization
branch
from
87b77c1 to
6835a3b
Compare
github-actions
bot
removed
the
settings_changes
The reimporter's process_results() checks kwargs.get("sync") to decide
whether to return real Finding objects or serialized JSON strings. Using
kwargs.pop() removed sync before process_results could see it, causing
findings_to_mitigate to contain JSON strings instead of Finding objects
and crashing close_old_findings with:
AttributeError: 'str' object has no attribute 'refresh_from_db'
Switch from pop() to get() so sync remains in kwargs for process_results.
…akage The sync=True injected by sync_process_findings was leaking through to dojo_dispatch_task(post_process_findings_batch), forcing it to run synchronously instead of async. This caused +7 to +61 extra queries in performance tests. - Remove sync=True from sync_process_findings (dead since ASYNC_FINDING_IMPORT removal) - Remove sync kwarg threading in process_findings for both importers - Remove dead serialization branches in process_results and process_findings - Remove unused django.core.serializers imports
Maffooch
approved these changes
Feb 13, 2026
Contributor
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Contributor
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
blakeaowens
approved these changes
Feb 17, 2026
rossops
approved these changes
Feb 17, 2026
valentijnscholten
added a commit
to valentijnscholten/django-DefectDojo
that referenced
this pull request
Feb 19, 2026
…s_results scaffolding
These three methods were introduced to support the ASYNC_FINDING_IMPORT feature
(async dispatch of findings processing to Celery). That feature has since been
removed, leaving a three-layer indirection:
process_scan -> determine_process_method -> sync_process_findings -> process_findings
-> process_results
None of this routing logic has any effect anymore:
- sync_process_findings just delegates to process_findings
- determine_process_method just delegates to sync_process_findings
- process_results just returns self.new_items / self.reactivated_items / etc.
Collapse the call chain so process_scan calls process_findings directly and
process_findings returns the finding lists directly. This also fixes the
indirection that was the root cause of DefectDojo#14309's performance test failures.
Maffooch
pushed a commit
that referenced
this pull request
Feb 23, 2026
…s_results scaffolding (#14351) These three methods were introduced to support the ASYNC_FINDING_IMPORT feature (async dispatch of findings processing to Celery). That feature has since been removed, leaving a three-layer indirection: process_scan -> determine_process_method -> sync_process_findings -> process_findings -> process_results None of this routing logic has any effect anymore: - sync_process_findings just delegates to process_findings - determine_process_method just delegates to sync_process_findings - process_results just returns self.new_items / self.reactivated_items / etc. Collapse the call chain so process_scan calls process_findings directly and process_findings returns the finding lists directly. This also fixes the indirection that was the root cause of #14309's performance test failures.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
synckwarg fromprocess_findings()through todojo_dispatch_task()in bothDefaultImporterandDefaultReImporter, so callers can forcepost_process_findings_batchto run inline.syncfrom kwargs insync_process_findings()to avoid duplicate keyword argument errors.