Skip to content

Expose effective dedupe matching policy on the Test API (2/3)#15151

Open
devGregA wants to merge 2 commits into
DefectDojo:devfrom
devGregA:devgrega/test-dedupe-policy-api
Open

Expose effective dedupe matching policy on the Test API (2/3)#15151
devGregA wants to merge 2 commits into
DefectDojo:devfrom
devGregA:devgrega/test-dedupe-policy-api

Conversation

@devGregA

@devGregA devGregA commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Part 2/3 of a visibility series: #15150 · #15151 (this PR) · #15152
No merge-order constraint — this PR is independent of the other two.

Description

Exposes the effective finding-matching policy on the Test API as two read-only fields:

  • deduplication_algorithmlegacy, unique_id_from_tool, hash_code, or unique_id_from_tool_or_hash_code
  • hash_code_fields — the finding fields hashed for this test's scan type (null when the scan type has no per-scanner configuration and legacy default fields apply)

Both are existing model properties on Test (dojo/test/models.py) that already resolve DEDUPLICATION_ALGORITHM_PER_PARSER / HASHCODE_FIELDS_PER_SCANNER — the importer and dedupe machinery use them on every import. This PR adds no new logic; it only surfaces what the system already computes.

Why: "which fields are compared exactly?" is a recurring support question — deduplication and reimport matching behave differently per scanner, and today the answer lives in settings.dist.py where users can't see it. With this change the effective policy is one API call away (and available for UIs to render on the test page).

Test results

New test module unittests/test_apiv2_test_dedupe_policy.py:

  • the fields are present on GET /api/v2/tests/{id}/ and mirror the per-scanner settings (asserted dynamically against the settings, so the test doesn't rot when configs change)
  • the fields are ignored on write (read-only), while normal PATCHes still work

Verified locally against PostgreSQL via the unit-test compose image: the new module plus unittests.test_rest_framework.TestsTest (21 tests) — all passing. Ruff (0.15.20, repo config) passes.

Documentation

No workflow changes — additive read-only API fields with self-documenting help_text (visible in the OpenAPI schema). Happy to add an API docs note if maintainers prefer.


🤖 Generated with Claude Code

Adds two read-only fields to TestSerializer, backed by the existing
Test model properties that the importer and dedupe machinery already
use on every import:

- deduplication_algorithm: legacy, unique_id_from_tool, hash_code, or
  unique_id_from_tool_or_hash_code
- hash_code_fields: the finding fields hashed for this test's scan
  type (null when the scan type has no per-scanner configuration and
  legacy default fields apply)

"Which fields are compared exactly?" is a recurring support question:
matching behavior differs per scanner and the answer currently lives
in settings.dist.py where users cannot see it. No new logic - this
only surfaces what the system already computes, making the effective
policy visible via the API and available for UIs to render.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
ReadOnlyField cannot be introspected by drf-spectacular (the CI schema
check runs --fail-on-warn), so declare the matching-policy fields with
their real types: CharField for deduplication_algorithm and a nullable
ListField of strings for hash_code_fields.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@devGregA devGregA changed the title Expose effective dedupe matching policy on the Test API Expose effective dedupe matching policy on the Test API (2/3) Jul 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant