Merge branch 'bugfix' into Maffooch-patch-1

valentijnscholten · web-flow · commit 3d8b5772f96c · 2026-01-30T23:05:48.000+01:00
diff --git a/docs/content/en/open_source/upgrading/2.52.md b/docs/content/en/open_source/upgrading/2.52.md
@@ -90,7 +90,7 @@ There are other instructions for upgrading to 2.52.x. Check the [Release Notes](
 
 ## Merge of MobSF parsers
 
-Mobsfscan Scan" has been merged into the "MobSF Scan" parser. The "Mobsfscan Scan" scan_type has been retained to keep deduplication working for existing Tests, but users are encouraged to move to the "MobSF Scan" scan_type.
+"Mobsfscan Scan" has been merged into the "MobSF Scan" parser. The "Mobsfscan Scan" scan_type has been retained to keep deduplication working for existing Tests, but users are encouraged to move to the "MobSF Scan" scan_type.
 
 ## Release notes
 Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.52.0) for the contents of the release.
diff --git a/dojo/jira_link/helper.py b/dojo/jira_link/helper.py
@@ -906,13 +906,30 @@ def failure_to_add_message(message: str, exception: Exception, _: Any) -> bool:
         message = f"Object {obj.id} cannot be pushed to JIRA as the JIRA instance has been deleted or is not available."
         return failure_to_add_message(message, None, obj)
 
-    obj_can_be_pushed_to_jira, error_message, _error_code = can_be_pushed_to_jira(obj)
+    obj_can_be_pushed_to_jira, error_message, error_code = can_be_pushed_to_jira(obj)
     if not obj_can_be_pushed_to_jira:
+        # Expected validation failures (not verified, not active, below threshold)
+        # should not create alerts when auto-pushing via "push all issues"
+        # These are expected conditions that don't indicate a problem
+        expected_validation_errors = [
+            "error_not_active_or_verified",
+            "error_below_minimum_threshold",
+            "error_empty",
+            "error_inactive",
+        ]
+
         # not sure why this check is not part of can_be_pushed_to_jira, but afraid to change it
         if isinstance(obj, Finding) and obj.duplicate and not obj.active:
-            logger.warning("%s will not be pushed to JIRA as it's a duplicate finding", to_str_typed(obj))
-            log_jira_cannot_be_pushed_reason(error_message + " and findis a duplicate", obj)
+            logger.info("%s will not be pushed to JIRA as it's a duplicate finding", to_str_typed(obj))
+            # Duplicates are expected, don't create alerts
+            logger.info("%s cannot be pushed to JIRA: %s (expected - duplicate finding)",
+                       to_str_typed(obj), error_message)
+        elif error_code in expected_validation_errors:
+            # These are expected when auto-pushing, only log, don't alert
+            logger.info("%s cannot be pushed to JIRA: %s (expected - finding not ready yet)",
+                       to_str_typed(obj), error_message)
         else:
+            # Unexpected errors (configuration issues, etc.) should still alert
             log_jira_cannot_be_pushed_reason(error_message, obj)
             logger.warning("%s cannot be pushed to JIRA: %s.", to_str_typed(obj), error_message)
             logger.warning("The JIRA issue will NOT be created.")
diff --git a/dojo/jira_link/views.py b/dojo/jira_link/views.py
@@ -287,7 +287,9 @@ def check_for_and_create_comment(parsed_json):
             finding.jira_issue.save()
             finding.last_reviewed = new_note.date
             finding.last_reviewed_by = author
-            finding.save(update_fields=["last_reviewed", "last_reviewed_by"])
+            # Only update the timestamp fields, not other fields like 'active' to avoid
+            # race conditions with concurrent webhook events (e.g. issue_updated)
+            finding.save(update_fields=["last_reviewed", "last_reviewed_by", "updated"])
     return None
 
 
