Thanks to visit codestin.com
Credit goes to github.com

Skip to content

sla_config: use mass update for recalculation #12133

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Apr 10, 2025
Merged

sla_config: use mass update for recalculation #12133

merged 10 commits into from
Apr 10, 2025

Conversation

valentijnscholten
Copy link
Member

@valentijnscholten valentijnscholten commented Mar 29, 2025
edited
Loading

This PR optimizes the updating of the sla_expiration_date field. A change to an SLA Configuration or Product can trigger a recalculation of this field for all affected findings.

Before this PR this took ~8.5 minutes for 20k findings. This is on a i9 16 core with an NVM SSD.
This PR used the mass_model_updater function that has proven to work more efficiently. Now the job completes in ~30s time.

Before this PR, every finding would be post processed in the background celery work. This isn't needed as a change to the SLA expiration doesn't affect dedupe or pushing to JIRA. Also the product grade would be calculated for each affected finding (so multiple times per product). This is not needed. This background work took over 30 minutes for 20k (I killed the instance after 30 minutes).

The PR also removes some code duplication.

I can imagine this change is also beneficial for Pro users where larger instances are more common, as well as more intensive usage of the instances.

@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@valentijnscholten valentijnscholten force-pushed the sla_config_mass_updater branch from 4502fac to 622a011 Compare March 29, 2025 15:57
@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@valentijnscholten valentijnscholten marked this pull request as ready for review March 29, 2025 16:10
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Mar 29, 2025
edited
Loading

DryRun Security Summary

A multi-file patch introduces potential security risks through modified logging practices, async task argument changes, and SLA configuration retrieval mechanisms that could expose sensitive information and bypass existing validation protections.

Expand for full summary

Summary: A patch across multiple files modifies SLA configuration, product, and utility functions with changes to logging, function signatures, and async task management.

Security Findings:
• Logging Security Risks

  • In dojo/models.py, new debug log statements might expose sensitive information about finding and save operations
  • Potential information disclosure if these logs are enabled in production environments

• Potential Behavioral Changes

  • Argument reordering in async task calls could introduce subtle behavioral modifications
  • Risk of impacting existing code that relies on specific argument order

• Logging Considerations

  • In dojo/sla_config/helpers.py, logging sensitive configuration details (SLA config name) in info-level logs
  • Potential information exposure through logging mechanisms

• Model Update Mechanism

  • Using super() for saving models in dojo/sla_config/helpers.py might bypass model-level validation or signals
  • Potential risk of circumventing intended model save protections

• SLA Configuration Retrieval

  • In dojo/models.py, changed from database query to direct attribute access
  • Potential for unexpected behavior if sla_configuration is not properly set

View PR in the DryRun Dashboard.

@valentijnscholten valentijnscholten changed the title sla_config: use mass update on changes sla_config: use mass update for recalculation Mar 29, 2025
@Maffooch Maffooch added this to the 2.46.0 milestone Mar 31, 2025
mtesauro
mtesauro approved these changes Apr 10, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 5e97c09 into DefectDojo:dev Apr 10, 2025
77 checks passed
Maffooch pushed a commit that referenced this pull request Apr 21, 2025
@valentijnscholten @Maffooch
sla_config: use mass update for recalculation (#12133)
8cc8cef 
* sla_config_updater: add logging

* sla_config: use mass update on changes

* sla_config: use mass update on changes

* sla_config: use mass update on changes

* sla_config: use mass update on changes

* sla_config: use mass update on changes

* sla_config: use mass update on changes

* sla_config: use mass update on changes

* sla_config: use mass update on changes

* cleanup
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

@blakeaowens blakeaowens Awaiting requested review from blakeaowens

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.46.0
Development

Successfully merging this pull request may close these issues.
6 participants
@valentijnscholten @mtesauro @dogboat @hblankenship @Maffooch @blakeaowens