Expose effective dedupe matching policy on the Test API (2/3)#15151
Open
devGregA wants to merge 2 commits into
Open
Expose effective dedupe matching policy on the Test API (2/3)#15151devGregA wants to merge 2 commits into
devGregA wants to merge 2 commits into
Conversation
Adds two read-only fields to TestSerializer, backed by the existing Test model properties that the importer and dedupe machinery already use on every import: - deduplication_algorithm: legacy, unique_id_from_tool, hash_code, or unique_id_from_tool_or_hash_code - hash_code_fields: the finding fields hashed for this test's scan type (null when the scan type has no per-scanner configuration and legacy default fields apply) "Which fields are compared exactly?" is a recurring support question: matching behavior differs per scanner and the answer currently lives in settings.dist.py where users cannot see it. No new logic - this only surfaces what the system already computes, making the effective policy visible via the API and available for UIs to render. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
ReadOnlyField cannot be introspected by drf-spectacular (the CI schema check runs --fail-on-warn), so declare the matching-policy fields with their real types: CharField for deduplication_algorithm and a nullable ListField of strings for hash_code_fields. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Exposes the effective finding-matching policy on the Test API as two read-only fields:
deduplication_algorithm—legacy,unique_id_from_tool,hash_code, orunique_id_from_tool_or_hash_codehash_code_fields— the finding fields hashed for this test's scan type (nullwhen the scan type has no per-scanner configuration and legacy default fields apply)Both are existing model properties on
Test(dojo/test/models.py) that already resolveDEDUPLICATION_ALGORITHM_PER_PARSER/HASHCODE_FIELDS_PER_SCANNER— the importer and dedupe machinery use them on every import. This PR adds no new logic; it only surfaces what the system already computes.Why: "which fields are compared exactly?" is a recurring support question — deduplication and reimport matching behave differently per scanner, and today the answer lives in
settings.dist.pywhere users can't see it. With this change the effective policy is one API call away (and available for UIs to render on the test page).Test results
New test module
unittests/test_apiv2_test_dedupe_policy.py:GET /api/v2/tests/{id}/and mirror the per-scanner settings (asserted dynamically against the settings, so the test doesn't rot when configs change)Verified locally against PostgreSQL via the unit-test compose image: the new module plus
unittests.test_rest_framework.TestsTest(21 tests) — all passing. Ruff (0.15.20, repo config) passes.Documentation
No workflow changes — additive read-only API fields with self-documenting
help_text(visible in the OpenAPI schema). Happy to add an API docs note if maintainers prefer.🤖 Generated with Claude Code