refactor: consolidate audit-log code into dojo/auditlog/ package#14763
refactor: consolidate audit-log code into dojo/auditlog/ package#14763Maffooch merged 3 commits intoDefectDojo:devfrom
Conversation
github-actions
Bot
added
settings_changes
Move dojo/auditlog.py (1,083 lines), dojo/pghistory_models.py, and
dojo/pghistory_utils.py into a self-contained dojo/auditlog/ package
that mirrors the dojo/url/ canonical layout from CLAUDE.md. Also pulls
in the action_history view, its template, and the LogEntryFilter /
PgHistoryFilter that previously lived in dojo/views.py, dojo/templates/,
and dojo/filters.py.
Layout:
- models.py DojoEvents proxy model (app_label dropped, auto-inferred)
- services.py pghistory registration, retention/cleanup, config
- helpers.py display formatting + Celery context wrappers
- backfill.py backfill subsystem (used by migrations + commands)
- filters.py LogEntryFilter, PgHistoryFilter
- settings.py env-var schema + pghistory field defaults (source of truth)
- ui/views.py action_history view
- ui/urls.py action_history route (name preserved)
- templates/dojo/action_history.html
Backward-compatible re-exports stay at dojo/pghistory_models.py,
dojo/pghistory_utils.py, and dojo/filters.py per the playbook, so the
21 existing call sites keep working without churn. dojo/auditlog.py and
the original template are deleted (the package replaces the file).
Notable details:
- __init__.py uses PEP 562 lazy attribute resolution. settings.dist.py
imports dojo.auditlog.settings at Django settings-load time, before
django.conf.settings is built; eager re-exports would pull in
django-dependent submodules and circularly import settings.
- DojoEvents drops the explicit app_label = "dojo" per CLAUDE.md
("DO NOT set app_label in Meta — auto-inferred"). makemigrations
--check reports zero new migrations.
- Defensive try/except blocks in services and backfill are dropped per
the user's directive — let pgtrigger / COPY failures surface loudly
rather than silently swallowing them.
- settings.dist.py becomes a consumer of dojo.auditlog.settings:
imports the env-schema dict (splatted into environ.Env via
**AUDITLOG_ENV_SCHEMA), the three PGHISTORY_*_FIELD constants, and
AUDITLOG_DISABLE_ON_RAW_SAVE; adds dojo/auditlog/templates to
TEMPLATES[0]["DIRS"] since auditlog isn't a separate Django app.
- unittests/test_auditlog.py: two @patch targets updated from
dojo.auditlog.call_command to dojo.auditlog.services.call_command,
reflecting where the import now lives.
Verified end-to-end against the running stack:
- python manage.py check -> no issues
- python manage.py makemigrations --check -> No changes detected
- unittests.test_auditlog -> 7/7 pass
- unittests.test_importers_performance -> 10/10 pass
- reverse('action_history', cid=1, oid=2) -> /history/1/2
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Maffooch
force-pushed
the
auditlog-cleanup
branch
from
8e38aad to
5f7e0b0
Compare
valentijnscholten
left a comment
valentijnscholten
left a comment
There was a problem hiding this comment.
Defensive try/except blocks in services and backfill are intentionally dropped — let pgtrigger / COPY failures surface loudly rather than silently swallowing them.
Why are these being dropped? In case of some unexpected error this would block users from starting their instances after an upgrade.
|
I went back and looked at each spot to make sure the upgrade path wouldn't blow up, and I think we are actually safe here. For For the outer try/catch around The one real behavior change is in the manual |
Restore the seven try/except blocks that were dropped in the auditlog/ reorg: pgtrigger enable/disable wrappers in configure_pghistory_triggers, the outer + per-batch (consecutive_failures) wrappers and the id-column ValueError fallback in process_model_backfill, and the LookupError + per-event Exception fallbacks in process_events_for_display. Behavior now matches dev: a single bad pghistory event no longer 500s the action-history page, a single bad batch is logged and skipped (up to 3 in a row before bailing on the model), a model-level failure returns (0, 0.0) so pghistory_backfill_fast continues with the next model, and pgtrigger enable/disable surface a friendly diagnostic log line ahead of the traceback before re-raising. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
This pull request contains a high-severity SQL injection risk in
🟠 Potential SQL Injection in
|
| Vulnerability | Potential SQL Injection |
|---|---|
| Description | The code uses raw SQL execution with dynamically formatted table names and SQL fragments via cursor.execute(f"SELECT COUNT(*) FROM {table_name}"), cursor.execute(f"SELECT COUNT(*) FROM {event_table_name} ..."), cursor.execute(f"SELECT t.id FROM {table_name} t ..."), and copy_sql = f"COPY {event_table_name} (...) ...". Even though the table names come from internal mappings rather than direct request input, this is still raw SQL built via string interpolation, which is the kind of pattern that can lead to SQL injection if any of those values become attacker-controlled or are modified unsafely. |
django-DefectDojo/dojo/auditlog/backfill.py
Lines 173 to 176 in 0fbdf08
Comment to provide feedback on these findings.
Report false positive: @dryrunsecurity fp [FINDING ID] [FEEDBACK]
Report low-impact: @dryrunsecurity nit [FINDING ID] [FEEDBACK]
Example: @dryrunsecurity fp drs_90eda195 This code is not user-facing
All finding details can be found in the DryRun Security Dashboard.
ok sounds like it is ok as-is |
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
# Conflicts: # dojo/settings/settings.dist.py
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
5 participants
Summary
dojo/auditlog.py(1,083 lines),dojo/pghistory_models.py, anddojo/pghistory_utils.pyinto a self-containeddojo/auditlog/package that mirrors thedojo/url/canonical layout fromCLAUDE.md.action_history), its template, andLogEntryFilter/PgHistoryFilterinto the package — they previously lived indojo/views.py,dojo/templates/, anddojo/filters.py.dojo/auditlog/settings.pybecomes the source of truth for the audit-log env-var schema and pghistory field defaults;settings.dist.pyimports from it.Layout
Notable details
__init__.pyuses PEP 562 lazy attribute resolution.settings.dist.pyimportsdojo.auditlog.settingsat Django settings-load time, beforedjango.conf.settingsis built; eager re-exports would circularly pull in django-dependent submodules.DojoEventsdrops the explicitapp_label = "dojo"perCLAUDE.md("DO NOT setapp_labelin Meta — auto-inferred").makemigrations --checkreports zero new migrations.try/exceptblocks in services and backfill are intentionally dropped — letpgtrigger/COPYfailures surface loudly rather than silently swallowing them.dojo/settings/settings.dist.pybecomes a consumer ofdojo.auditlog.settings: imports the env-schema dict (splatted intoenviron.Envvia**AUDITLOG_ENV_SCHEMA), the threePGHISTORY_*_FIELDconstants, andAUDITLOG_DISABLE_ON_RAW_SAVE; addsdojo/auditlog/templatestoTEMPLATES[0][\"DIRS\"]sincedojo.auditlogisn't a separate Django app.unittests/test_auditlog.py: two@patchtargets updated fromdojo.auditlog.call_commandtodojo.auditlog.services.call_command, reflecting where the import now lives.Out of scope (deferred per playbook)
dojo/test/signals.pyetc.) intodojo/auditlog/signals.py— they're domain-coupled by design.django-auditloglibrary;LogEntryFilterstill references it for the page's "legacy entries" pane.Test plan
python manage.py check— no issuespython manage.py makemigrations --check—No changes detected(the critical migration gate)unittests.test_auditlog— 7/7 passunittests.test_importers_performance— 10/10 passreverse('action_history', cid=1, oid=2)— resolves to/history/1/2(route name preserved)/history/<cid>/<oid>; confirm template renders, filters work (event type, user, IP, diff search), and a pghistory event is recorded withuser/url/remote_addr/source/scan_typecontext fields populated.🤖 Generated with Claude Code