Skip to content

fix(api): add created/updated date filters to risk_acceptance endpoint#14792

Open
SAY-5 wants to merge 1 commit intoDefectDojo:masterfrom
SAY-5:fix/issue-14623-risk-acceptance-date-filters
Open

fix(api): add created/updated date filters to risk_acceptance endpoint#14792
SAY-5 wants to merge 1 commit intoDefectDojo:masterfrom
SAY-5:fix/issue-14623-risk-acceptance-date-filters

Conversation

@SAY-5
Copy link
Copy Markdown

@SAY-5 SAY-5 commented Apr 30, 2026

Summary

Closes #14623.

The risk_acceptance API returns created and updated timestamps in its responses but ApiRiskAcceptanceFilter did not expose either as a query parameter, while the matching findings, products, and assets filters all do (see ApiProductFilter, ApiFindingFilter for the same pattern). Clients had no way to scope listings by acceptance date.

Change

Add DateRangeFilter(created) and DateRangeFilter(updated) to ApiRiskAcceptanceFilter and expose both fields in the existing OrderingFilter, matching the convention used by the sibling resources.

class ApiRiskAcceptanceFilter(DojoFilter):
    created = DateRangeFilter()
    updated = DateRangeFilter()

    o = OrderingFilter(
        fields=(
            ("name", "name"),
            ("created", "created"),
            ("updated", "updated"),
        ),
    )
    ...

Risk_Acceptance.created (auto_now_add) and Risk_Acceptance.updated (auto_now) already exist on the model (dojo/models.py L3976–3977) so no migration is needed.

Test plan

  • python -c 'import ast; ast.parse(open("dojo/filters.py").read())' — file parses
  • Confirm OpenAPI schema for /api/v2/risk_acceptance/ lists created, updated, and o query parameters
  • Manual: GET /api/v2/risk_acceptance/?created=week returns last week's acceptances; GET /api/v2/risk_acceptance/?o=-updated sorts by most-recently-updated first

@SAY-5
fix(api): add created/updated date filters to risk_acceptance endpoint
8333e08 
Risk_Acceptance returns created and updated fields in its API response
but ApiRiskAcceptanceFilter exposed neither as a query parameter, while
the matching findings, products, and assets filters all do (see
ApiProductFilter for the same pattern).

Add DateRangeFilter('created') and DateRangeFilter('updated') to
ApiRiskAcceptanceFilter and expose both fields in the OrderingFilter so
clients can filter and sort risk_acceptance lists by date the same way
they already can for the sibling resources.

Closes DefectDojo#14623.

Signed-off-by: SAY-5 <say.apm35@gmail.com>
@SAY-5 SAY-5 requested review from Maffooch and mtesauro as code owners April 30, 2026 18:47
@dryrunsecurity
Copy link
Copy Markdown

dryrunsecurity Bot commented Apr 30, 2026

DryRun Security

This pull request includes a sensitive edit in dojo/filters.py that was flagged by the configured codepaths policy. The scanner indicates this file is treated as sensitive and may require special authorization or configuration in .dryrunsecurity.yaml.

🔴 Configured Codepaths Edit in dojo/filters.py (drs_b5dcf06e)
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.

We've notified @mtesauro.

Comment to provide feedback on these findings.

Report false positive: @dryrunsecurity fp [FINDING ID] [FEEDBACK]
Report low-impact: @dryrunsecurity nit [FINDING ID] [FEEDBACK]

Example: @dryrunsecurity fp drs_90eda195 This code is not user-facing

All finding details can be found in the DryRun Security Dashboard.

@mtesauro
Copy link
Copy Markdown
Contributor

mtesauro commented May 1, 2026

@SAY-5 Please make your PR against the DEV branch - we don't accept PRs against master.

For more info, see https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md#submitting-pull-requests

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Maffooch Maffooch Awaiting requested review from Maffooch Maffooch is a code owner

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

At least 4 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Risk Acceptance Endpoint is Missing Created and Update Date Filters

2 participants

@SAY-5 @mtesauro