Tags: Add support for comma separation for multipart forms (import/reimport) (#12434)

Maffooch · valentijnscholten · web-flow · commit 741e23903c9b · 2025-05-15T15:23:40.000-06:00
* Tags: Add support for comma separation for multipart forms (import/reimport)

* Correcting ruff

* Revert multipart specific tests

* Ruff stuff

* Update unittests/test_tags.py

Co-authored-by: valentijnscholten &lt;valentijnscholten@gmail.com&gt;

---------

Co-authored-by: valentijnscholten &lt;valentijnscholten@gmail.com&gt;
diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py
@@ -225,9 +225,11 @@ def to_internal_value(self, data):
                 self.fail("not_a_str")
             # Run the children validation
             self.child.run_validation(s)
-            # Validate the tag to ensure it doesn't contain invalid characters
-            tag_validator(s, exception_class=RestFrameworkValidationError)
+            # Split the tags up in any way we need to
             substrings = re.findall(r'(?:"[^"]*"|[^",]+)', s)
+            # Validate the tag to ensure it doesn't contain invalid characters
+            for sub in substrings:
+                tag_validator(sub, exception_class=RestFrameworkValidationError)
             data_safe.extend(substrings)
 
         return tagulous.utils.render_tags(data_safe)
diff --git a/unittests/test_tags.py b/unittests/test_tags.py
@@ -163,10 +163,6 @@ def test_finding_patch_remove_tags_all(self):
     def test_finding_patch_remove_tags_non_existent(self):
         return self.test_finding_put_remove_tags_non_existent()
 
-    def test_finding_create_tags_with_commas(self):
-        tags = ["one,two"]
-        self.create_finding_with_tags(tags, expected_status_code=400)
-
     def test_finding_create_tags_with_spaces(self):
         tags = ["one two"]
         self.create_finding_with_tags(tags, expected_status_code=400)
@@ -212,6 +208,25 @@ def test_import_and_reimport_with_tags(self):
         for tag in tags:
             self.assertIn(tag, response["tags"])
 
+    def test_import_multipart_tags(self):
+        with (self.zap_sample5_filename).open(encoding="utf-8") as testfile:
+            data = {
+                "engagement": [1],
+                "file": [testfile],
+                "scan_type": ["ZAP Scan"],
+                "tags": ["bug,security", "urgent"],  # Attempting to mimic the two "tag" fields (-F 'tags=tag1' -F 'tags=tag2')
+            }
+            response = self.import_scan(data, 201)
+            # Make sure the serializer returns the correct tags
+            success_tags = ["bug", "security", "urgent"]
+            self.assertEqual(response["tags"], success_tags)
+            # Check that the test has the same issue
+            test_id = response["test"]
+            response = self.get_test_api(test_id)
+            self.assertEqual(len(success_tags), len(response.get("tags")))
+            for tag in success_tags:
+                self.assertIn(tag, response["tags"])
+
 
 class InheritedTagsTests(DojoAPITestCase):
     fixtures = ["dojo_testdata.json"]
