Fix: Apply tags to findings/endpoints when TRACK_IMPORT_HISTORY is disabled (#13969)

Fixes #13312

When TRACK_IMPORT_HISTORY is disabled, tags were not being applied to
findings and endpoints during import because the tag application logic
was inside update_import_history() which returned early.

Refactored to:
- Extract tag application into dedicated apply_import_tags() method
- Call apply_import_tags() from importers after update_import_history()
- Remove tag application logic from update_import_history()

This ensures tags are applied regardless of TRACK_IMPORT_HISTORY setting
while maintaining separation of concerns.

Author: valentijnscholten

dojo/importers/base_importer.py

@@ -1,6 +1,7 @@
 import base64
 import logging
 import time
+from collections.abc import Iterable
 
 from celery import chord, group
 from django.conf import settings
@@ -335,6 +336,71 @@ def update_test_tags(self):
         if self.tags is not None and len(self.tags) > 0:
             self.test.tags.set(self.tags)
 
+    def apply_import_tags(
+        self,
+        new_findings: Iterable[Finding] | None = None,
+        closed_findings: Iterable[Finding] | None = None,
+        reactivated_findings: Iterable[Finding] | None = None,
+        untouched_findings: Iterable[Finding] | None = None,
+    ) -> None:
+        """Apply tags to findings and endpoints from an import operation."""
+        # Normalize None values to empty lists and convert sets/other iterables to lists
+        if untouched_findings is None:
+            untouched_findings = []
+        elif not isinstance(untouched_findings, list):
+            untouched_findings = list(untouched_findings)
+
+        if reactivated_findings is None:
+            reactivated_findings = []
+        elif not isinstance(reactivated_findings, list):
+            reactivated_findings = list(reactivated_findings)
+
+        if closed_findings is None:
+            closed_findings = []
+        elif not isinstance(closed_findings, list):
+            closed_findings = list(closed_findings)
+
+        if new_findings is None:
+            new_findings = []
+        elif not isinstance(new_findings, list):
+            new_findings = list(new_findings)
+
+        # Collect all affected findings
+        findings_to_tag = new_findings + closed_findings + reactivated_findings + untouched_findings
+
+        if not findings_to_tag:
+            return
+
+        # Add any tags to the findings imported if necessary
+        if self.apply_tags_to_findings and self.tags:
+            findings_qs = Finding.objects.filter(id__in=[f.id for f in findings_to_tag])
+            try:
+                bulk_add_tags_to_instances(
+                    tag_or_tags=self.tags,
+                    instances=findings_qs,
+                    tag_field_name="tags",
+                )
+            except IntegrityError:
+                # Fallback to safe per-instance tagging if concurrent deletes occur
+                for finding in findings_to_tag:
+                    for tag in self.tags:
+                        self.add_tags_safe(finding, tag)
+
+        # Add any tags to any endpoints of the findings imported if necessary
+        if self.apply_tags_to_endpoints and self.tags:
+            endpoints_qs = Endpoint.objects.filter(finding__in=findings_to_tag).distinct()
+            try:
+                bulk_add_tags_to_instances(
+                    tag_or_tags=self.tags,
+                    instances=endpoints_qs,
+                    tag_field_name="tags",
+                )
+            except IntegrityError:
+                for finding in findings_to_tag:
+                    for endpoint in finding.endpoints.all():
+                        for tag in self.tags:
+                            self.add_tags_safe(endpoint, tag)
+
     def update_import_history(
         self,
         new_findings: list[Finding] | None = None,
@@ -355,6 +421,7 @@ def update_import_history(
             closed_findings = []
         if new_findings is None:
             new_findings = []
+
         # Log the current state of what has occurred in case there could be
         # deviation from what is displayed in the view
         logger.debug(
@@ -430,37 +497,6 @@ def update_import_history(
             for record in import_history_records:
                 self.create_import_history_record_safe(record)
 
-        # Add any tags to the findings imported if necessary
-        if self.apply_tags_to_findings and self.tags:
-            findings_qs = test_import.findings_affected.all()
-            try:
-                bulk_add_tags_to_instances(
-                    tag_or_tags=self.tags,
-                    instances=findings_qs,
-                    tag_field_name="tags",
-                )
-            except IntegrityError:
-                # Fallback to safe per-instance tagging if concurrent deletes occur
-                for finding in findings_qs:
-                    for tag in self.tags:
-                        self.add_tags_safe(finding, tag)
-
-        # Add any tags to any endpoints of the findings imported if necessary
-        if self.apply_tags_to_endpoints and self.tags:
-            # Collect all endpoints linked to the affected findings
-            endpoints_qs = Endpoint.objects.filter(finding__in=test_import.findings_affected.all()).distinct()
-            try:
-                bulk_add_tags_to_instances(
-                    tag_or_tags=self.tags,
-                    instances=endpoints_qs,
-                    tag_field_name="tags",
-                )
-            except IntegrityError:
-                for finding in test_import.findings_affected.all():
-                    for endpoint in finding.endpoints.all():
-                        for tag in self.tags:
-                            self.add_tags_safe(endpoint, tag)
-
         return test_import
 
     def create_import_history_record_safe(

dojo/importers/default_importer.py

@@ -129,6 +129,11 @@ def process_scan(
             new_findings=new_findings,
             closed_findings=closed_findings,
         )
+        # Apply tags to findings and endpoints
+        self.apply_import_tags(
+            new_findings=new_findings,
+            closed_findings=closed_findings,
+        )
         # Send out some notifications to the user
         logger.debug("IMPORT_SCAN: Generating notifications")
         create_notification(

dojo/importers/default_reimporter.py

@@ -132,6 +132,13 @@ def process_scan(
             reactivated_findings=reactivated_findings,
             untouched_findings=untouched_findings,
         )
+        # Apply tags to findings and endpoints
+        self.apply_import_tags(
+            new_findings=new_findings,
+            closed_findings=closed_findings,
+            reactivated_findings=reactivated_findings,
+            untouched_findings=untouched_findings,
+        )
         # Send out som notifications to the user
         logger.debug("REIMPORT_SCAN: Generating notifications")
         updated_count = (