Merge branch 'bugfix' into tests

paulOsinski · web-flow · commit 682436df3dbd · 2026-04-27T10:40:17.000-04:00
diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py
@@ -28,6 +28,7 @@
 import dojo.risk_acceptance.helper as ra_helper
 from dojo.authorization.authorization import user_has_permission
 from dojo.authorization.roles_permissions import Permissions
+from dojo.celery_dispatch import dojo_dispatch_task
 from dojo.endpoint.utils import endpoint_filter, endpoint_meta_import
 from dojo.finding.helper import (
     save_endpoints_template,
@@ -116,7 +117,7 @@
     Vulnerability_Id,
     get_current_date,
 )
-from dojo.notifications.helper import create_notification
+from dojo.notifications.helper import async_create_notification
 from dojo.product_announcements import (
     LargeScanSizeProductAnnouncement,
     ScanTypeProductAnnouncement,
@@ -2086,10 +2087,11 @@ def create(self, validated_data):
             jira_helper.push_to_jira(new_finding)
 
         # Create a notification
-        create_notification(
+        dojo_dispatch_task(
+            async_create_notification,
             event="finding_added",
             title=_("Addition of %s") % new_finding.title,
-            finding=new_finding,
+            finding_id=new_finding.id,
             description=_('Finding "%s" was added by %s') % (new_finding.title, new_finding.reporter),
             url=reverse("view_finding", args=(new_finding.id,)),
             icon="exclamation-triangle",
diff --git a/dojo/engagement/signals.py b/dojo/engagement/signals.py
@@ -7,19 +7,30 @@
 from django.urls import reverse
 from django.utils.translation import gettext as _
 
+from dojo.celery_dispatch import dojo_dispatch_task
 from dojo.file_uploads.helper import delete_related_files
 from dojo.models import Engagement, Product
 from dojo.notes.helper import delete_related_notes
-from dojo.notifications.helper import create_notification
+from dojo.notifications.helper import async_create_notification, create_notification
 from dojo.pghistory_models import DojoEvents
 
 
 @receiver(post_save, sender=Engagement)
 def engagement_post_save(sender, instance, created, **kwargs):
+    # raw=True is set by loaddata; skip dispatch so fixture loading doesn't require a live broker.
+    if kwargs.get("raw"):
+        return
     if created:
         title = _('Engagement created for "%(product)s": %(name)s') % {"product": instance.product, "name": instance.name}
-        create_notification(event="engagement_added", title=title, engagement=instance, product=instance.product,
-                            url=reverse("view_engagement", args=(instance.id,)), url_api=reverse("engagement-detail", args=(instance.id,)))
+        dojo_dispatch_task(
+            async_create_notification,
+            event="engagement_added",
+            title=title,
+            engagement_id=instance.id,
+            product_id=instance.product_id,
+            url=reverse("view_engagement", args=(instance.id,)),
+            url_api=reverse("engagement-detail", args=(instance.id,)),
+        )
 
 
 @receiver(pre_save, sender=Engagement)
diff --git a/dojo/importers/default_importer.py b/dojo/importers/default_importer.py
@@ -18,7 +18,7 @@
     Test,
     Test_Import,
 )
-from dojo.notifications.helper import create_notification
+from dojo.notifications.helper import async_create_notification
 from dojo.utils import get_full_url, perform_product_grading
 from dojo.validators import clean_tags
 
@@ -140,12 +140,13 @@ def process_scan(
         )
         # Send out some notifications to the user
         logger.debug("IMPORT_SCAN: Generating notifications")
-        create_notification(
+        dojo_dispatch_task(
+            async_create_notification,
             event="test_added",
             title=f"Test created for {self.test.engagement.product}: {self.test.engagement.name}: {self.test}",
-            test=self.test,
-            engagement=self.test.engagement,
-            product=self.test.engagement.product,
+            test_id=self.test.id,
+            engagement_id=self.test.engagement_id,
+            product_id=self.test.engagement.product_id,
             url=reverse("view_test", args=(self.test.id,)),
             url_api=reverse("test-detail", args=(self.test.id,)),
         )
diff --git a/dojo/metrics/views.py b/dojo/metrics/views.py
@@ -916,7 +916,10 @@ def _augment_series_with_accepted(series: list[list], ras_qs, *, period: str, tz
         )
 
         for row in accepted:
-            bucket[sev_idx[row["severity"]]] += row["cnt"]
+            sev = row["severity"]
+            if sev not in sev_idx:
+                continue
+            bucket[sev_idx[sev]] += row["cnt"]
 
         bucket[5] = sum(bucket[1:])
 
diff --git a/dojo/notifications/helper.py b/dojo/notifications/helper.py
@@ -911,6 +911,67 @@ def send_webhooks_notification(event: str, user_id: int | None = None, **kwargs:
     get_manager_class_instance()._get_manager_instance("webhooks").send_webhooks_notification(event, user=user, **kwargs)
 
 
+@app.task
+def async_create_notification(
+    event: str,
+    engagement_id: int | None = None,
+    product_id: int | None = None,
+    product_type_id: int | None = None,
+    finding_id: int | None = None,
+    test_id: int | None = None,
+    **kwargs: dict,
+) -> None:
+    # Re-fetch by id so the recipient-enumeration query and per-user Alert writes
+    # run in the worker rather than the request thread.
+    # Fetch most-specific first and derive parent objects from the already-loaded
+    # select_related chain to avoid redundant queries. For example, fetching a
+    # Test with select_related("engagement__product") covers all three objects in
+    # one query, so engagement_id and product_id don't need separate fetches.
+    fetched_engagement = None
+    fetched_product = None
+
+    if test_id is not None:
+        test = Test.objects.filter(pk=test_id).select_related("engagement__product").first()
+        if test is None:
+            return
+        kwargs["test"] = test
+        fetched_engagement = test.engagement
+        fetched_product = test.engagement.product
+
+    if engagement_id is not None:
+        if fetched_engagement is not None:
+            kwargs["engagement"] = fetched_engagement
+        else:
+            engagement = Engagement.objects.filter(pk=engagement_id).select_related("product").first()
+            if engagement is None:
+                return
+            kwargs["engagement"] = engagement
+            fetched_product = engagement.product
+
+    if product_id is not None:
+        if fetched_product is not None:
+            kwargs["product"] = fetched_product
+        else:
+            product = Product.objects.filter(pk=product_id).first()
+            if product is None:
+                return
+            kwargs["product"] = product
+
+    if product_type_id is not None:
+        product_type = Product_Type.objects.filter(pk=product_type_id).first()
+        if product_type is None:
+            return
+        kwargs["product_type"] = product_type
+
+    if finding_id is not None:
+        finding = Finding.objects.filter(pk=finding_id).select_related("test__engagement__product").first()
+        if finding is None:
+            return
+        kwargs["finding"] = finding
+
+    create_notification(event=event, **kwargs)
+
+
 @app.task(ignore_result=True)
 def webhook_reactivation(endpoint_id: int, **_kwargs: dict) -> None:
     get_manager_class_instance()._get_manager_instance("webhooks")._webhook_reactivation(endpoint_id=endpoint_id)
diff --git a/dojo/product/signals.py b/dojo/product/signals.py
@@ -7,9 +7,10 @@
 from django.urls import reverse
 from django.utils.translation import gettext as _
 
+from dojo.celery_dispatch import dojo_dispatch_task
 from dojo.labels import get_labels
 from dojo.models import Product
-from dojo.notifications.helper import create_notification
+from dojo.notifications.helper import async_create_notification, create_notification
 from dojo.pghistory_models import DojoEvents
 from dojo.utils import get_current_user
 
@@ -18,13 +19,18 @@
 
 @receiver(post_save, sender=Product)
 def product_post_save(sender, instance, created, **kwargs):
+    # raw=True is set by loaddata; skip dispatch so fixture loading doesn't require a live broker.
+    if kwargs.get("raw"):
+        return
     if created:
-        create_notification(event="product_added",
-                            title=instance.name,
-                            product=instance,
-                            url=reverse("view_product", args=(instance.id,)),
-                            url_api=reverse("product-detail", args=(instance.id,)),
-                        )
+        dojo_dispatch_task(
+            async_create_notification,
+            event="product_added",
+            title=instance.name,
+            product_id=instance.id,
+            url=reverse("view_product", args=(instance.id,)),
+            url_api=reverse("product-detail", args=(instance.id,)),
+        )
 
 
 @receiver(post_delete, sender=Product)
diff --git a/dojo/product_type/signals.py b/dojo/product_type/signals.py
@@ -8,23 +8,29 @@
 from django.urls import reverse
 from django.utils.translation import gettext as _
 
+from dojo.celery_dispatch import dojo_dispatch_task
 from dojo.labels import get_labels
 from dojo.models import Product_Type
-from dojo.notifications.helper import create_notification
+from dojo.notifications.helper import async_create_notification, create_notification
 from dojo.pghistory_models import DojoEvents
 
 labels = get_labels()
 
 
 @receiver(post_save, sender=Product_Type)
 def product_type_post_save(sender, instance, created, **kwargs):
+    # raw=True is set by loaddata; skip dispatch so fixture loading doesn't require a live broker.
+    if kwargs.get("raw"):
+        return
     if created:
-        create_notification(event="product_type_added",
-                            title=instance.name,
-                            product_type=instance,
-                            url=reverse("view_product_type", args=(instance.id,)),
-                            url_api=reverse("product_type-detail", args=(instance.id,)),
-                        )
+        dojo_dispatch_task(
+            async_create_notification,
+            event="product_type_added",
+            title=instance.name,
+            product_type_id=instance.id,
+            url=reverse("view_product_type", args=(instance.id,)),
+            url_api=reverse("product_type-detail", args=(instance.id,)),
+        )
 
 
 @receiver(post_delete, sender=Product_Type)
diff --git a/dojo/templates/notifications/mail/sla_breach.tpl b/dojo/templates/notifications/mail/sla_breach.tpl
@@ -14,14 +14,14 @@
                 {% if sla_age < 0 %}
                   {% blocktranslate trimmed %}
                     This security finding has breached its SLA.
-                    
-                    - Day(s) overdue: {{sla}}
+                    <br/>
+                    - Day(s) overdue: {{sla_age}}
                   {% endblocktranslate %}
                 {% else %}
                   {% blocktranslate trimmed %}
                     A security finding is about to breach its SLA.
-                    
-                    - Day(s) remaining: {{sla}}
+                    <br/>   
+                    - Day(s) remaining: {{sla_age}}
                   {% endblocktranslate %}
                 {% endif %}
             </p>
diff --git a/dojo/utils.py b/dojo/utils.py
@@ -1576,12 +1576,13 @@ def _create_notifications():
                     findings_list = []
 
                     for n in comb_notif_kind:
-                        title = _notification_title_for_finding(n.finding, kind, n.finding.sla_days_remaining())
-
+                        sla_age = n.finding.sla_days_remaining()
+                        title = _notification_title_for_finding(n.finding, kind, sla_age)
                         create_notification(
                             event="sla_breach",
                             title=title,
                             finding=n.finding,
+                            sla_age=sla_age,
                             url=reverse("view_finding", args=(n.finding.id,)),
                         )
 
diff --git a/requirements.txt b/requirements.txt
@@ -43,7 +43,7 @@ whitenoise==5.2.0
 titlecase==2.4.1
 social-auth-app-django==5.6.0
 social-auth-core==4.8.5
-gitpython==3.1.46
+gitpython==3.1.47
 python-gitlab==8.2.0
 cpe==1.3.1
 packageurl-python==0.17.6
diff --git a/unittests/test_importers_performance.py b/unittests/test_importers_performance.py
diff --git a/unittests/test_notifications.py b/unittests/test_notifications.py
diff --git a/unittests/test_rest_framework.py b/unittests/test_rest_framework.py

Original file line number	Diff line number	Diff line change
`@@ -916,7 +916,10 @@ def _augment_series_with_accepted(series: list[list], ras_qs, *, period: str, tz`
`916`	`916`	`)`
`917`	`917`
`918`	`918`	`for row in accepted:`
`919`		`- bucket[sev_idx[row["severity"]]] += row["cnt"]`
	`919`	`+ sev = row["severity"]`
	`920`	`+ if sev not in sev_idx:`
	`921`	`+ continue`
	`922`	`+ bucket[sev_idx[sev]] += row["cnt"]`
`920`	`923`
`921`	`924`	`bucket[5] = sum(bucket[1:])`
`922`	`925`