jira_integration: changes risk acceptance expiration date to a better default (#13488)

* jira_integration: changes risk acceptance expiration date to a better default

* Update dojo/models.py

* Update dojo/models.py

---------

Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

Author: maxi-bee

dojo/db_migrations/0245_alter_jira_instance_accepted_mapping_resolution.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.1.13 on 2025-10-21 10:25
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dojo', '0244_pghistory_indices'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='jira_instance',
+            name='accepted_mapping_resolution',
+            field=models.CharField(blank=True, help_text='JIRA issues that are closed in JIRA with one of these resolutions will result in the Finding becoming Risk Accepted in Defect Dojo. JIRA issues that are closed in JIRA with one of these resolutions will result in the Finding becoming Risk Accepted in Defect Dojo. The expiration time for this Risk Acceptance will be determined by the "Risk acceptance form default days" in "System Settings". This mapping is not used when Findings are pushed to JIRA. In that case the Risk Accepted Findings are closed in JIRA and JIRA sets the default resolution.', max_length=300, null=True, verbose_name='Risk Accepted resolution mapping'),
+        ),
+    ]

dojo/jira_link/helper.py

@@ -6,6 +6,7 @@
 from typing import Any
 
 import requests
+from dateutil.relativedelta import relativedelta
 from django.conf import settings
 from django.contrib import messages
 from django.template import TemplateDoesNotExist
@@ -1802,9 +1803,14 @@ def process_resolution_from_jira(finding, resolution_id, resolution_name, assign
 
                 if finding.test.engagement.product.enable_full_risk_acceptance:
                     logger.debug(f"Creating risk acceptance for finding linked to {jira_issue.jira_key}.")
+                    # loads the expiration from the system setting "Risk acceptance form default days" as otherwise
+                    # the acceptance will never expire
+                    risk_acceptance_form_default_days = get_system_setting("risk_acceptance_form_default_days", 90)
+                    expiration_date_from_system_settings = timezone.now() + relativedelta(days=risk_acceptance_form_default_days)
                     ra = Risk_Acceptance.objects.create(
                         accepted_by=assignee_name,
                         owner=finding.reporter,
+                        expiration_date=expiration_date_from_system_settings,
                         decision_details=f"Risk Acceptance automatically created from JIRA issue {jira_issue.jira_key} with resolution {resolution_name}",
                     )
                     finding.test.engagement.risk_acceptance.add(ra)

dojo/models.py

@@ -3962,7 +3962,7 @@ class JIRA_Instance(models.Model):
     high_mapping_severity = models.CharField(max_length=200, help_text=_("Maps to the 'Priority' field in Jira. For example: High"))
     critical_mapping_severity = models.CharField(max_length=200, help_text=_("Maps to the 'Priority' field in Jira. For example: Critical"))
     finding_text = models.TextField(null=True, blank=True, help_text=_("Additional text that will be added to the finding in Jira. For example including how the finding was created or who to contact for more information."))
-    accepted_mapping_resolution = models.CharField(null=True, blank=True, max_length=300, verbose_name="Risk Accepted resolution mapping", help_text=_("JIRA issues that are closed in JIRA with one of these resolutions will result in the Finding becoming Risk Accepted in Defect Dojo. This Risk Acceptance will not have an expiration date. This mapping is not used when Findings are pushed to JIRA. In that case the Risk Accepted Findings are closed in JIRA and JIRA sets the default resolution."))
+    accepted_mapping_resolution = models.CharField(null=True, blank=True, max_length=300, verbose_name="Risk Accepted resolution mapping", help_text=_('JIRA issues that are closed in JIRA with one of these resolutions will result in the Finding becoming Risk Accepted in Defect Dojo. JIRA issues that are closed in JIRA with one of these resolutions will result in the Finding becoming Risk Accepted in Defect Dojo. The expiration time for this Risk Acceptance will be determined by the "Risk acceptance form default days" in "System Settings". This mapping is not used when Findings are pushed to JIRA. In that case the Risk Accepted Findings are closed in JIRA and JIRA sets the default resolution.'))
     false_positive_mapping_resolution = models.CharField(null=True, blank=True, verbose_name="False Positive resolution mapping", max_length=300, help_text=_("JIRA issues that are closed in JIRA with one of these resolutions will result in the Finding being marked as False Positive Defect Dojo. This mapping is not used when Findings are pushed to JIRA. In that case the Finding is closed in JIRA and JIRA sets the default resolution."))
     global_jira_sla_notification = models.BooleanField(default=True, blank=False, verbose_name=_("Globally send SLA notifications as comment?"), help_text=_("This setting can be overidden at the Product level"))
     finding_jira_sync = models.BooleanField(default=False, blank=False, verbose_name=_("Automatically sync Findings with JIRA?"), help_text=_("If enabled, this will sync changes to a Finding automatically to JIRA"))