Skip to content

feat(settings): Drop time_zone#12999

Merged
valentijnscholten merged 1 commit intoDefectDojo:devfrom
kiblik:drop_sys_set_time_zone
Aug 24, 2025
Merged

feat(settings): Drop time_zone#12999
valentijnscholten merged 1 commit intoDefectDojo:devfrom
kiblik:drop_sys_set_time_zone

Conversation

@kiblik
Copy link
Copy Markdown
Contributor

@kiblik kiblik commented Aug 15, 2025

Drop support for time_zone in System settings

reason: #12974 (comment)

There are still some left calling of get_system_setting("time_zone"), but they will be dropped in #12995

@github-actions github-actions Bot added New Migration Adding a new migration file. Take care when merging. docs labels Aug 15, 2025
@dryrunsecurity
Copy link
Copy Markdown

dryrunsecurity Bot commented Aug 15, 2025
edited
Loading

DryRun Security

This pull request identifies a logic flaw in the sla_violated method where date comparisons might incorrectly report SLA violations due to comparing a DateTimeField with only the date component, potentially delaying the identification of expired SLAs.

Logic Flaw due to Date-Only Comparison in dojo/filters.py
Vulnerability Logic Flaw due to Date-Only Comparison
Description The sla_violated method uses Q(sla_expiration_date__lt=now().date()). If sla_expiration_date is a DateTimeField, this comparison will not correctly identify SLAs that expire on the current day. Any SLA expiring at any time on the current day will only be flagged as violated on the following day, as its DateTimeField value will not be strictly less than now().date() (which represents the beginning of the current day). This leads to a delay in reporting SLA violations.

django-DefectDojo/dojo/filters.py

Lines 222 to 228 in f618ae0

risk_accepted=False,
is_mitigated=False,
mitigated=None,
) & Q(sla_expiration_date__lt=now().date()),
)
options = {

All finding details can be found in the DryRun Security Dashboard.

@kiblik kiblik force-pushed the drop_sys_set_time_zone branch from f1c0e88 to c6a121a Compare August 15, 2025 17:22
dogboat
dogboat approved these changes Aug 19, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@dogboat dogboat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only one small nit. Approving regardless, thank you!

Comment thread docs/content/en/open_source/upgrading/2.50.md
mtesauro
mtesauro approved these changes Aug 22, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@kiblik kiblik force-pushed the drop_sys_set_time_zone branch from 63051d1 to f618ae0 Compare August 22, 2025 11:54
@Maffooch Maffooch requested a review from blakeaowens August 22, 2025 19:27
@valentijnscholten valentijnscholten merged commit cb7bfcf into DefectDojo:dev Aug 24, 2025
87 checks passed
@kiblik kiblik deleted the drop_sys_set_time_zone branch August 24, 2025 10:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@Maffooch Maffooch Maffooch approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

@valentijnscholten valentijnscholten Awaiting requested review from valentijnscholten

Assignees

No one assigned

Labels

docs New Migration Adding a new migration file. Take care when merging.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@kiblik @mtesauro @dogboat @Maffooch @blakeaowens @valentijnscholten