Batch-refresh close_old_findings status fields to avoid N refresh_from_db queries.

Replace per-finding refresh_from_db(false_p, risk_accepted, out_of_scope) with one
values() query for all PKs and assign onto instances, falling back to refresh_from_db
when a row is missing.

Author: valentijnscholten

dojo/importers/default_reimporter.py

@@ -464,6 +464,38 @@ def process_findings(
 
         return self.new_items, self.reactivated_items, self.to_mitigate, self.untouched
 
+    def _sync_close_old_finding_status_fields(self, findings: list[Finding]) -> None:
+        """
+        Refresh false_p, risk_accepted, and out_of_scope from the DB for each finding.
+
+        These can change during reimport (e.g. false positive) while the in-memory instances
+        are stale. A naive refresh_from_db per finding issues one SELECT each; we batch one
+        query for all primary keys and fall back to refresh_from_db only when needed.
+        """
+        ids = [f.pk for f in findings if f.pk is not None]
+        if not ids:
+            for finding in findings:
+                finding.refresh_from_db(fields=["false_p", "risk_accepted", "out_of_scope"])
+            return
+
+        fresh_by_id = {
+            row["id"]: row
+            for row in Finding.objects.filter(pk__in=ids).values(
+                "id",
+                "false_p",
+                "risk_accepted",
+                "out_of_scope",
+            )
+        }
+        for finding in findings:
+            row = fresh_by_id.get(finding.pk)
+            if row is not None:
+                finding.false_p = row["false_p"]
+                finding.risk_accepted = row["risk_accepted"]
+                finding.out_of_scope = row["out_of_scope"]
+            else:
+                finding.refresh_from_db(fields=["false_p", "risk_accepted", "out_of_scope"])
+
     def close_old_findings(
         self,
         findings: list[Finding],
@@ -477,17 +509,17 @@ def close_old_findings(
         if self.close_old_findings_toggle is False:
             return []
         logger.debug("REIMPORT_SCAN: Closing findings no longer present in scan report")
+        # Get any status changes that could have occurred earlier in the process
+        # for special statuses only.
+        # An example of such is a finding being reported as false positive, and
+        # reimport makes this change in the database. However, the findings here
+        # are calculated based from the original values before the reimport, so
+        # any updates made during reimport are discarded without first getting the
+        # state of the finding as it stands at this moment
+        self._sync_close_old_finding_status_fields(findings)
         # Determine if pushing to jira or if the finding groups are enabled
         mitigated_findings = []
         for finding in findings:
-            # Get any status changes that could have occurred earlier in the process
-            # for special statuses only.
-            # An example of such is a finding being reported as false positive, and
-            # reimport makes this change in the database. However, the findings here
-            # are calculated based from the original values before the reimport, so
-            # any updates made during reimport are discarded without first getting the
-            # state of the finding as it stands at this moment
-            finding.refresh_from_db(fields=["false_p", "risk_accepted", "out_of_scope"])
             # Ensure the finding is not already closed
             if not finding.mitigated or not finding.is_mitigated:
                 logger.debug("mitigating finding: %i:%s", finding.id, finding)