Support sync kwarg in process_findings for inline post-processing#14309
Merged
Maffooch merged 10000 commits intoDefectDojo:bugfixfrom Feb 17, 2026
Merged
Support sync kwarg in process_findings for inline post-processing#14309Maffooch merged 10000 commits intoDefectDojo:bugfixfrom
Maffooch merged 10000 commits intoDefectDojo:bugfixfrom
Conversation
…4 (.github/workflows/validate_docs_build.yml) (DefectDojo#13985) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…x/2.53.5-2.54.0-dev Release: Merge back 2.53.5 into bugfix from: master-into-bugfix/2.53.5-2.54.0-dev
….53.5-2.54.0-dev Release: Merge back 2.53.5 into dev from: master-into-dev/2.53.5-2.54.0-dev
Bumps [django-filter](https://github.com/carltongibson/django-filter) from 25.1 to 25.2. - [Release notes](https://github.com/carltongibson/django-filter/releases) - [Changelog](https://github.com/carltongibson/django-filter/blob/main/CHANGES.rst) - [Commits](carltongibson/django-filter@25.1...25.2) --- updated-dependencies: - dependency-name: django-filter dependency-version: '25.2' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 7.0.0 to 7.1.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md) - [Commits](python-gitlab/python-gitlab@v7.0.0...v7.1.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…file.nginx-alpine) (DefectDojo#13995) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Updated weight for version 2.54.x and modified description.
…3.11 to v (dockerfile.integration-tests-debian) (DefectDojo#14003) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…tialization command (DefectDojo#14002)
* dedupe reopen: add test cases that prove the bug * remove obsolete method * dedupe reopen: proceed with next candidate if candidate is mitigated * rename methods
…Dojo#14017) * added code to remove unwanted vulnerability ids * Update dojo/finding/helper.py --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
…efectDojo#14018) Bumps [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) from 2025.12.1 to 2026.1.1. - [Commits](tfranzel/drf-spectacular-sidecar@2025.12.1...2026.1.1) --- updated-dependencies: - dependency-name: drf-spectacular-sidecar dependency-version: 2026.1.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…14019) Bumps [django-polymorphic](https://github.com/jazzband/django-polymorphic) from 4.5.1 to 4.5.2. - [Release notes](https://github.com/jazzband/django-polymorphic/releases) - [Changelog](https://github.com/jazzband/django-polymorphic/blob/master/docs/changelog.rst) - [Commits](jazzband/django-polymorphic@v4.5.1...v4.5.2) --- updated-dependencies: - dependency-name: django-polymorphic dependency-version: 4.5.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pillow](https://github.com/python-pillow/Pillow) from 12.0.0 to 12.1.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@12.0.0...12.1.0) --- updated-dependencies: - dependency-name: pillow dependency-version: 12.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…thub/workflows/renovate.yaml) (DefectDojo#14025) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…efectDojo#14026) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…Dojo#14021) Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.2.21 to 0.3.0. - [Release notes](https://github.com/bpampuch/pdfmake/releases) - [Changelog](https://github.com/bpampuch/pdfmake/blob/master/CHANGELOG.md) - [Commits](bpampuch/pdfmake@0.2.21...0.3.0) --- updated-dependencies: - dependency-name: pdfmake dependency-version: 0.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.45 to 3.1.46. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.45...3.1.46) --- updated-dependencies: - dependency-name: gitpython dependency-version: 3.1.46 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…json) (DefectDojo#14023) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [celery](https://github.com/celery/celery) from 5.6.0 to 5.6.1. - [Release notes](https://github.com/celery/celery/releases) - [Changelog](https://github.com/celery/celery/blob/main/Changelog.rst) - [Commits](celery/celery@v5.6.0...v5.6.1) --- updated-dependencies: - dependency-name: celery dependency-version: 5.6.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ckerfile.integration-tests-debian) (DefectDojo#14008) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Add permission classes and refine queryset in BurpRawRequestResponseViewSet
…efectDojo#14280) * Fix response status codes in DojoMetaViewSet for POST and PATCH methods * Refactor UserHasDojoMetaPermission to use a permission map for cleaner permission checks
…or decision and recommendation details (DefectDojo#14283)
* Add configuration permission check for authorized groups retrieval * Add case where user has add_group, but not view_group
github-actions
bot
added
the
settings_changes
Thread the sync kwarg from process_findings through to dojo_dispatch_task in both DefaultImporter and DefaultReImporter so callers can force post_process_findings_batch to run inline instead of spawning additional Celery tasks. Pop sync from kwargs in sync_process_findings to avoid duplicate keyword argument errors.
valentijnscholten
force-pushed
the
fix/async-import-optimization
branch
from
87b77c1 to
6835a3b
Compare
github-actions
bot
removed
the
settings_changes
The reimporter's process_results() checks kwargs.get("sync") to decide
whether to return real Finding objects or serialized JSON strings. Using
kwargs.pop() removed sync before process_results could see it, causing
findings_to_mitigate to contain JSON strings instead of Finding objects
and crashing close_old_findings with:
AttributeError: 'str' object has no attribute 'refresh_from_db'
Switch from pop() to get() so sync remains in kwargs for process_results.
…akage The sync=True injected by sync_process_findings was leaking through to dojo_dispatch_task(post_process_findings_batch), forcing it to run synchronously instead of async. This caused +7 to +61 extra queries in performance tests. - Remove sync=True from sync_process_findings (dead since ASYNC_FINDING_IMPORT removal) - Remove sync kwarg threading in process_findings for both importers - Remove dead serialization branches in process_results and process_findings - Remove unused django.core.serializers imports
Maffooch
approved these changes
Feb 13, 2026
Contributor
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Contributor
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
blakeaowens
approved these changes
Feb 17, 2026
rossops
approved these changes
Feb 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
synckwarg fromprocess_findings()through todojo_dispatch_task()in bothDefaultImporterandDefaultReImporter, so callers can forcepost_process_findings_batchto run inline.syncfrom kwargs insync_process_findings()to avoid duplicate keyword argument errors.