|
| 1 | +import logging |
| 2 | + |
| 3 | +from django.db import migrations |
| 4 | +from django.db.models import Q |
| 5 | + |
| 6 | +logger = logging.getLogger(__name__) |
| 7 | + |
| 8 | + |
| 9 | +AFFECTED_PARSER_SCAN_TYPES = [ |
| 10 | + "Trivy Scan", |
| 11 | + "Trivy Operator Scan", |
| 12 | + "Hydra Scan", |
| 13 | + "JFrog Xray API Summary Artifact Scan", |
| 14 | + "Orca Security Alerts", |
| 15 | + "OpenReports", |
| 16 | + "StackHawk HawkScan", |
| 17 | +] |
| 18 | + |
| 19 | + |
| 20 | +def clear_service_and_rehash_findings(apps, schema_editor): |
| 21 | + """ |
| 22 | + Clear parser-populated service values for affected parser scan types and |
| 23 | + recompute hash_code. |
| 24 | +
|
| 25 | + This migration only touches findings where: |
| 26 | + - the finding belongs to an affected parser by test_type or scan_type |
| 27 | + - service is set (not NULL and not empty) |
| 28 | + """ |
| 29 | + historical_finding = apps.get_model("dojo", "Finding") |
| 30 | + |
| 31 | + affected_ids = set() |
| 32 | + for scan_type in AFFECTED_PARSER_SCAN_TYPES: |
| 33 | + findings = ( |
| 34 | + historical_finding.objects |
| 35 | + .filter( |
| 36 | + Q(test__test_type__name=scan_type) |
| 37 | + | Q(test__scan_type=scan_type), |
| 38 | + ) |
| 39 | + .exclude(service__isnull=True) |
| 40 | + .exclude(service="") |
| 41 | + ) |
| 42 | + count = findings.count() |
| 43 | + if count: |
| 44 | + logger.warning( |
| 45 | + "Identified %d findings with parser-populated service for scan type '%s'", |
| 46 | + count, |
| 47 | + scan_type, |
| 48 | + ) |
| 49 | + affected_ids.update(findings.values_list("id", flat=True)) |
| 50 | + |
| 51 | + if not affected_ids: |
| 52 | + logger.warning("No findings found for parser service cleanup migration") |
| 53 | + return |
| 54 | + |
| 55 | + # Use live model here to access compute_hash_code() and save() behavior. |
| 56 | + from dojo.models import Finding # noqa: PLC0415 |
| 57 | + |
| 58 | + migrated = 0 |
| 59 | + for finding in ( |
| 60 | + Finding.objects |
| 61 | + .filter(id__in=affected_ids) |
| 62 | + .select_related("test", "test__test_type") |
| 63 | + .iterator(chunk_size=200) |
| 64 | + ): |
| 65 | + finding.service = None |
| 66 | + finding.hash_code = finding.compute_hash_code() |
| 67 | + finding.save( |
| 68 | + dedupe_option=False, |
| 69 | + rules_option=False, |
| 70 | + product_grading_option=False, |
| 71 | + issue_updater_option=False, |
| 72 | + push_to_jira=False, |
| 73 | + ) |
| 74 | + migrated += 1 |
| 75 | + |
| 76 | + logger.warning( |
| 77 | + "Parser service cleanup migration updated %d findings (service cleared, hash_code recomputed)", |
| 78 | + migrated, |
| 79 | + ) |
| 80 | + |
| 81 | + |
| 82 | +def noop_reverse(apps, schema_editor): |
| 83 | + # Intentionally irreversible: previous parser-populated service values are not recoverable. |
| 84 | + pass |
| 85 | + |
| 86 | + |
| 87 | +class Migration(migrations.Migration): |
| 88 | + |
| 89 | + dependencies = [ |
| 90 | + ("dojo", "0263_language_type_unique_language"), |
| 91 | + ] |
| 92 | + |
| 93 | + operations = [ |
| 94 | + migrations.RunPython(clear_service_and_rehash_findings, noop_reverse), |
| 95 | + ] |
0 commit comments