Skip to content

Fix bulk edit validation: prevent duplicate findings from being active/verified #13965

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
valentijnscholten wants to merge 4 commits into
base: dev
Choose a base branch
from
Open

Fix bulk edit validation: prevent duplicate findings from being active/verified #13965

valentijnscholten wants to merge 4 commits into from
+1,166 −318

Conversation

@valentijnscholten
Copy link
Member

@valentijnscholten valentijnscholten commented Dec 22, 2025
edited
Loading

Description

This PR fixes the bug where bulk edit allows duplicate findings to be marked as active/verified, which violates business rules enforced in the regular edit form and API. And it adds other validation rules that were missing from bulk edit.
AI helped me to create test cases. And then I extracted logic into separate methods to please Ruff.

Fixes #11336

Changes

Form Validation ()

  • Added validation in FindingBulkUpdateForm.clean() to prevent active findings from being risk accepted
  • This matches the validation present in FindingForm but was missing from the bulk form

View Validation ()

  • Added view-level validation to check existing duplicate status before setting active/verified
  • Added view-level validation to check existing active status before risk accepting
  • Added comprehensive user feedback messages for skipped findings with specific reasons:
    • Warning when duplicate findings are skipped during status updates
    • Warning when active findings are skipped during risk acceptance
  • Updated success message to use actually_updated_count to accurately reflect findings that were actually updated (excluding skipped ones)

Validation Rules Enforced

All validation rules from the API and regular forms are now enforced in bulk edit:

  1. ✅ Duplicate findings cannot be active/verified
  2. ✅ False positive findings cannot be verified
  3. ✅ Active findings cannot be risk accepted
  4. ✅ Risk acceptance requires product setting enabled

User Feedback

Users now receive clear feedback about:

  • How many findings were successfully updated
  • How many findings were skipped and why (duplicate status, active status, authorization, etc.)

@valentijnscholten
Fix bulk edit validation: prevent duplicate findings from being activ…
ed11a52 
…e/verified

- Add validation in FindingBulkUpdateForm to prevent active findings from being risk accepted
- Add view-level validation to check existing duplicate status before setting active/verified
- Add view-level validation to check existing active status before risk accepting
- Add comprehensive user feedback for skipped findings with reasons
- Track actually_updated_count to accurately report successful updates

Fixes DefectDojo#11336
@github-actions github-actions bot added docker New Migration Adding a new migration file. Take care when merging. settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR apiv2 docs unittests ui parser helm lint labels Dec 22, 2025
@valentijnscholten valentijnscholten changed the base branch from master to dev December 22, 2025 19:13
@github-actions github-actions bot removed docker New Migration Adding a new migration file. Take care when merging. settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR apiv2 docs ui parser helm lint labels Dec 22, 2025
@valentijnscholten valentijnscholten marked this pull request as ready for review December 22, 2025 20:14
@valentijnscholten valentijnscholten added this to the 2.54.0 milestone Dec 22, 2025
mtesauro
mtesauro approved these changes Dec 23, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

@Jino-T Jino-T Awaiting requested review from Jino-T

@blakeaowens blakeaowens Awaiting requested review from blakeaowens

At least 4 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

unittests

Projects

None yet

Milestone

2.54.0

Development

Successfully merging this pull request may close these issues.

Bulk edit feature of findings allows to create active/verified duplicate findings

3 participants

@valentijnscholten @mtesauro @Maffooch