Expose created/updated date filters for Risk Acceptance API (created_before/after, updated_before/after)#14786
Conversation
|
This pull request includes a sensitive edit to
🔴 Configured Codepaths Edit in
|
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
We've notified @mtesauro.
Comment to provide feedback on these findings.
Report false positive: @dryrunsecurity fp [FINDING ID] [FEEDBACK]
Report low-impact: @dryrunsecurity nit [FINDING ID] [FEEDBACK]
Example: @dryrunsecurity fp drs_90eda195 This code is not user-facing
All finding details can be found in the DryRun Security Dashboard.
PDFour4
force-pushed
the
testing/risk-acceptance-filter
branch
from
1e2803f to
55a722f
Compare
|
@PDFour4 PRs need to be against the Dev branch - please update this PR to be against that branch. For details see: |
|
@mtesauro I've updated the PR base branch from master to dev. Should be all set now! |
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
• use DateRangeFilter for created and updated • add explicit DateTimeFilter comparisons • updated risk acceptance API tests to assert new query params and deterministic result inclusion
PDFour4
force-pushed
the
testing/risk-acceptance-filter
branch
from
2d8bfa8 to
7a0ed0a
Compare
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
Update:The filter implementation has evolved since this PR was initiated. The maintainers have refactored ApiRiskAcceptanceFilter to use a dictionary-style fields configuration with automatic lookup expressions (gt/lt), which replaces the original explicit DateTimeFilter definitions my team initially contributed. Both approaches provide identical functionality and expose the same query parameters in the OpenAPI schema. This PR now focuses on adding comprehensive tests for the risk acceptance timestamp filters created_before/after, updated_before/after. The tests validate the new upstream implementation and ensure the filtering behavior works correctly. Locally verified: Both test_risk_acceptance_created_filter and test_risk_acceptance_updated_filter pass successfully with the latest code. |
3 participants
Summary
This adds before/after DateTime filter parameters for
createdandupdatedon the Risk Acceptance API and aligns the filter naming with existing API conventions.Changes
dojo/filters.py—ApiRiskAcceptanceFilter: useDateRangeFilterforcreated/updatedand add explicitcreated_before,created_after,updated_before,updated_after(DateTimeFilterwithlt/gt).unittests/test_risk_acceptance_api.py— addcreate_risk_acceptancetest helper and update tests to assert the new query params deterministically.Why
Consumers need precise before/after semantics for risk acceptance timestamps. This follows the established pattern used across the API (DateRangeFilter + explicit
_before/_afterDateTime filters) and ensures OpenAPI schema exposes the correct params.Fixes #14623
Testing
unittests/test_risk_acceptance_api.py. Run targeted tests:No migrations required.