🐛 fix create questionnaire with empty survey

[manuel-sommer]

nginx-1         | 172.18.0.1 - - [17/Nov/2025:14:37:32 +0000] "GET /empty_questionnaire HTTP/1.1" 200 8573 "http://localhost:8080/questionnaire" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
nginx-1         | 172.18.0.1 - - [17/Nov/2025:14:37:32 +0000] "GET /static/dojo/img/favicon.png HTTP/1.1" 200 243 "http://localhost:8080/empty_questionnaire" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:144.0) Gecko/20100101 Firefox/144.0" "-"
uwsgi-1         | [17/Nov/2025 14:37:37] DEBUG [dojo.middleware:71] Authenticated user:
uwsgi-1         | [17/Nov/2025 14:37:37] ERROR [dojo.middleware:104] Unhandled exception during social login: DateTimeField General_Survey.expiration received a naive datetime (2025-11-19 00:00:00) while time zone support is active.
uwsgi-1         | [17/Nov/2025 14:37:37] ERROR [django.request:253] Internal Server Error: /empty_questionnaire
uwsgi-1         | Traceback (most recent call last):
uwsgi-1         |   File "/usr/local/lib/python3.13/site-packages/django/core/handlers/exception.py", line 55, in inner
uwsgi-1         |     response = get_response(request)
uwsgi-1         |   File "/usr/local/lib/python3.13/site-packages/django/core/handlers/base.py", line 197, in _get_response
uwsgi-1         |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
uwsgi-1         |   File "/app/dojo/authorization/authorization_decorators.py", line 63, in _wrapped
uwsgi-1         |     return func(request, *args, **kwargs)
uwsgi-1         |   File "/app/dojo/survey/views.py", line 621, in add_empty_questionnaire
uwsgi-1         |     if form.is_valid():
uwsgi-1         |        ~~~~~~~~~~~~~^^
uwsgi-1         |   File "/usr/local/lib/python3.13/site-packages/django/forms/forms.py", line 197, in is_valid
uwsgi-1         |     return self.is_bound and not self.errors
uwsgi-1         |                                  ^^^^^^^^^^^
uwsgi-1         |   File "/usr/local/lib/python3.13/site-packages/django/forms/forms.py", line 192, in errors
uwsgi-1         |     self.full_clean()
uwsgi-1         |     ~~~~~~~~~~~~~~~^^
uwsgi-1         |   File "/usr/local/lib/python3.13/site-packages/django/forms/forms.py", line 327, in full_clean
uwsgi-1         |     self._post_clean()
uwsgi-1         |     ~~~~~~~~~~~~~~~~^^
uwsgi-1         |   File "/usr/local/lib/python3.13/site-packages/django/forms/models.py", line 498, in _post_clean
uwsgi-1         |     self.instance.full_clean(exclude=exclude, validate_unique=False)
uwsgi-1         |     ~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
uwsgi-1         |   File "/usr/local/lib/python3.13/site-packages/django/db/models/base.py", line 1619, in full_clean
uwsgi-1         |     self.clean_fields(exclude=exclude)
uwsgi-1         |     ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
uwsgi-1         |   File "/usr/local/lib/python3.13/site-packages/django/db/models/base.py", line 1674, in clean_fields
uwsgi-1         |     setattr(self, f.attname, f.clean(raw_value, self))
uwsgi-1         |                              ~~~~~~~^^^^^^^^^^^^^^^^^
uwsgi-1         |   File "/usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py", line 830, in clean
uwsgi-1         |     value = self.to_python(value)
uwsgi-1         |   File "/usr/local/lib/python3.13/site-packages/django/db/models/fields/__init__.py", line 1606, in to_python
uwsgi-1         |     warnings.warn(
uwsgi-1         |     ~~~~~~~~~~~~~^
uwsgi-1         |         f"DateTimeField {name} received a naive datetime ({value}) while "
uwsgi-1         |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
uwsgi-1         |         "time zone support is active.",
uwsgi-1         |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
uwsgi-1         |         RuntimeWarning,
uwsgi-1         |         ^^^^^^^^^^^^^^^
uwsgi-1         |     )
uwsgi-1         |     ^
uwsgi-1         | RuntimeWarning: DateTimeField General_Survey.expiration received a naive datetime (2025-11-19 00:00:00) while time zone support is active.

[manuel-sommer]

here you go @valentijnscholten. I closed the other PR, messed up the rebase

[dryrunsecurity]

🔴 Risk threshold exceeded.

This pull request modifies several sensitive files (dojo/db_migrations/0248_alter_general_survey_expiration.py, dojo/forms.py, and dojo/models.py) and the scanner flagged these edits as sensitive codepath changes that should be reviewed against the project’s .dryrunsecurity.yaml configuration for allowed paths and authors.

🔴 Configured Codepaths Edit in dojo/db_migrations/0248_alter_general_survey_expiration.py

Vulnerability	Configured Codepaths Edit
Description	Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.

🔴 Configured Codepaths Edit in dojo/forms.py

Vulnerability	Configured Codepaths Edit
Description	Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.

🔴 Configured Codepaths Edit in dojo/models.py

Vulnerability	Configured Codepaths Edit
Description	Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.

🔴 Configured Codepaths Edit in dojo/db_migrations/0248_alter_general_survey_expiration.py

Vulnerability	Configured Codepaths Edit
Description	Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.

🔴 Configured Codepaths Edit in dojo/models.py

Vulnerability	Configured Codepaths Edit
Description	Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.

🔴 Configured Codepaths Edit in dojo/models.py

Vulnerability	Configured Codepaths Edit
Description	Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.

We've notified @mtesauro.

---

All finding details can be found in the DryRun Security Dashboard.

[mtesauro]

Approved