fix: guard legacy endpoint access in Make Template / Merge Findings under V3_FEATURE_LOCATIONS#15139
Open
stevewallone wants to merge 1 commit into
Open
Conversation
…ATURE_LOCATIONS Creating a Finding Template from a finding or merging findings crashed with NotImplementedError when V3_FEATURE_LOCATIONS is enabled and the finding still carries legacy Endpoint rows (kept as backup by the locations migration). Both sites in dojo/finding/views.py iterated finding.endpoints.all() without the Endpoint.allow_endpoint_init() escape hatch used by the other legacy endpoint call sites. Fixes DefectDojo#15123. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Maffooch
approved these changes
Jul 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #15123.
Problem: Creating a Finding Template from a finding ("Make Template") or merging findings returns a 500 when
V3_FEATURE_LOCATIONSis enabled and the finding still carries legacyEndpointrows. The locations migration deliberately keeps legacy endpoint rows as backup, so any finding created before the migration trips this; findings created after V3 are unaffected — which is why the crash is data-dependent.Root cause: two sites in
dojo/finding/views.pyiteratefinding.endpoints.all()without theEndpoint.allow_endpoint_init()escape hatch. Iterating the queryset hydratesEndpointinstances viaModel.from_db()→Endpoint.__init__raisesNotImplementedError: Endpoint model is deprecated when V3_FEATURE_LOCATIONS is enabled:mktemplate—[str(ep) for ep in finding.endpoints.all()]merge_finding_product—finding_to_merge_into.endpoints.add(*finding.endpoints.all())Fix: wrap both sites in
with Endpoint.allow_endpoint_init():, matching the existing convention at the other legacy endpoint call sites (product/views.py,product_type/views.py,api_v2/views.py,api_v2/mixins.py), each tagged# TODO: Delete this after the move to Locations. This is also the approach the reporter (@DarkR0ast) suggested.Tests:
unittests/test_finding_template_merge_endpoints_v3.py— regression tests modeled ontest_delete_with_endpoints_v3.py: a finding carrying a legacy endpoint row underV3_FEATURE_LOCATIONS=True, exercising both views. Both error with the productionNotImplementedErrorbefore the fix and pass after; endpoint data is verified copied (templateendpoints_text/ merged finding's endpoints). Also verified manually in a local instance against both UI flows.Note on scope: this restores the pre-V3 merge/template behavior for legacy endpoint data (no more 500). Two adjacent gaps exist but look like design decisions beyond this issue: (1) legacy
finding.endpointsrows are not displayed anywhere in the V3 UI (the finding page renders onlyfinding.locations), so merged legacy endpoints are invisible under V3; (2) the merge and mktemplate views do not carry over V3finding.locationsat all, even thoughLocation.associate_with_finding()exists. Happy to file/take a follow-up issue for a locations-aware merge if wanted.🤖 Generated with Claude Code