From 8034a7611580d86402a3e82afeaff25680a6601d Mon Sep 17 00:00:00 2001 From: dogboat Date: Fri, 27 Feb 2026 13:07:40 -0500 Subject: [PATCH] fix the way bulk update endpoints in finding view works when v3 is enabled --- dojo/templates/dojo/snippets/endpoints.html | 4 +- dojo/templates/dojo/view_finding.html | 108 ++++++++++++-------- dojo/url/ui/views.py | 24 ++--- 3 files changed, 74 insertions(+), 62 deletions(-) diff --git a/dojo/templates/dojo/snippets/endpoints.html b/dojo/templates/dojo/snippets/endpoints.html index 893379d853e..e7d4d740ea8 100644 --- a/dojo/templates/dojo/snippets/endpoints.html +++ b/dojo/templates/dojo/snippets/endpoints.html @@ -147,7 +147,7 @@
Location
-

Vulnerable Endpoints / Systems ({{ finding.active_endpoint_count }})

+

Vulnerable Endpoints / Systems ({{ finding.active_endpoint_count }})

@@ -255,7 +255,7 @@

Mitigated Endpoints / Systems ({{ finding.mitigated_endpoint_count }}) {{ endpoint.location|url_shortener }}{% if endpoint.is_broken %} 🚩{% endif %} {% include "dojo/snippets/tags.html" with tags=endpoint.location.tags.all %} - {{ endpoint.status }} + {{ endpoint.get_status_display }} {{ endpoint.auditor|safe }} {{ endpoint.audit_time|date }} {% else %} diff --git a/dojo/templates/dojo/view_finding.html b/dojo/templates/dojo/view_finding.html index bae3abbe8b8..f577a773815 100755 --- a/dojo/templates/dojo/view_finding.html +++ b/dojo/templates/dojo/view_finding.html @@ -758,48 +758,6 @@

Similar Findings ({{ similar_findings.paginator.count }} - - {% if 'TRACK_IMPORT_HISTORY'|setting_enabled and latest_test_import_finding_action %}
@@ -907,6 +865,72 @@

{% endif %} + + {% include "dojo/snippets/endpoints.html" with finding=finding destination="UI" %}
diff --git a/dojo/url/ui/views.py b/dojo/url/ui/views.py index a879867ea75..fcf2226522f 100644 --- a/dojo/url/ui/views.py +++ b/dojo/url/ui/views.py @@ -559,26 +559,14 @@ def finding_location_bulk_update(request, finding_id): if request.method == "POST": # Get the list of endpoint IDs to update and the statuses to enable finding_locations_to_update = request.POST.getlist("endpoints_to_update") - status_list = FindingLocationStatus.values - enable = [item for item in status_list if item in list(request.POST.keys())] + # Get the status + status = request.POST.get("bulk_status") # Check that endpoints and statuses are selected before proceeding - if finding_locations_to_update and len(enable) > 0: + if finding_locations_to_update and status in FindingLocationStatus: # Iterate over selected locations and update their finding location references - for location in Location.objects.filter(id__in=finding_locations_to_update): - finding_location = LocationFindingReference.objects.get(location=location, finding__id=finding_id) - for status in status_list: - # Set the status attribute based on whether it is enabled in the POST request - if status in enable: - # Enable this status - finding_location.__setattr__(status, True) # noqa: PLC2801 - # If the status is 'Mitigated', record the auditor and audit time - if status == FindingLocationStatus.Mitigated: - finding_location.auditor = request.user - finding_location.audit_time = timezone.now() - else: - # Disable this status - finding_location.__setattr__(status, False) # noqa: PLC2801 - finding_location.save() + for location_ref in LocationFindingReference.objects.filter(location__in=finding_locations_to_update, finding__id=finding_id): + # Set the status + location_ref.set_status(FindingLocationStatus(status), request.user, timezone.now()) # Add a success message after bulk editing endpoints messages.add_message( request,