Skip to content

feat(settings): Drop time_zone #12999

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 24, 2025
Merged

feat(settings): Drop time_zone #12999

merged 1 commit into from
Aug 24, 2025

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Aug 15, 2025

Drop support for time_zone in System settings

reason: #12974 (comment)

There are still some left calling of get_system_setting("time_zone"), but they will be dropped in #12995

@github-actions github-actions bot added New Migration Adding a new migration file. Take care when merging. docs labels Aug 15, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Aug 15, 2025
edited
Loading

DryRun Security

This pull request identifies a logic flaw in the sla_violated method where date comparisons might incorrectly report SLA violations due to comparing a DateTimeField with only the date component, potentially delaying the identification of expired SLAs.

Logic Flaw due to Date-Only Comparison in dojo/filters.py
Vulnerability Logic Flaw due to Date-Only Comparison
Description The sla_violated method uses Q(sla_expiration_date__lt=now().date()). If sla_expiration_date is a DateTimeField, this comparison will not correctly identify SLAs that expire on the current day. Any SLA expiring at any time on the current day will only be flagged as violated on the following day, as its DateTimeField value will not be strictly less than now().date() (which represents the beginning of the current day). This leads to a delay in reporting SLA violations.

django-DefectDojo/dojo/filters.py

Lines 222 to 228 in f618ae0

risk_accepted=False,
is_mitigated=False,
mitigated=None,
) & Q(sla_expiration_date__lt=now().date()),
)
options = {

All finding details can be found in the DryRun Security Dashboard.

@kiblik kiblik force-pushed the drop_sys_set_time_zone branch from f1c0e88 to c6a121a Compare August 15, 2025 17:22
dogboat
dogboat approved these changes Aug 19, 2025
View reviewed changes
Copy link
Contributor

@dogboat dogboat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only one small nit. Approving regardless, thank you!

mtesauro
mtesauro approved these changes Aug 22, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@kiblik kiblik force-pushed the drop_sys_set_time_zone branch from 63051d1 to f618ae0 Compare August 22, 2025 11:54
@Maffooch Maffooch requested a review from blakeaowens August 22, 2025 19:27
@valentijnscholten valentijnscholten merged commit cb7bfcf into DefectDojo:dev Aug 24, 2025
87 checks passed
@kiblik kiblik deleted the drop_sys_set_time_zone branch August 24, 2025 10:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@Maffooch Maffooch Maffooch approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

@valentijnscholten valentijnscholten Awaiting requested review from valentijnscholten

Assignees
No one assigned
Labels
docs New Migration Adding a new migration file. Take care when merging.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@kiblik @mtesauro @dogboat @Maffooch @blakeaowens @valentijnscholten