risk acceptance expiration: keep link with findings

valentijnscholten · valentijnscholten · commit b767aa433332 · 2025-07-03T19:31:35.000+02:00
diff --git a/dojo/jira_link/helper.py b/dojo/jira_link/helper.py
@@ -1758,7 +1758,14 @@ def process_resolution_from_jira(finding, resolution_id, resolution_name, assign
     jira_instance = get_jira_instance(finding)
 
     if resolved:
-        if jira_instance and resolution_name in jira_instance.accepted_resolutions and (finding.test.engagement.product.enable_simple_risk_acceptance or finding.test.engagement.enable_full_risk_acceptance):
+        if (
+            jira_instance
+            and resolution_name in jira_instance.accepted_resolutions
+            and (
+            finding.test.engagement.product.enable_simple_risk_acceptance
+            or finding.test.engagement.enable_full_risk_acceptance
+            )
+        ):
             if not finding.risk_accepted:
                 logger.debug(f"Marking related finding of {jira_issue.jira_key} as accepted.")
                 finding.risk_accepted = True
diff --git a/dojo/risk_acceptance/helper.py b/dojo/risk_acceptance/helper.py
@@ -24,19 +24,22 @@ def expire_now(risk_acceptance):
         for finding in risk_acceptance.accepted_findings.all():
             if not finding.active:  # not sure why this is important
                 logger.debug("%i:%s: unaccepting/reactivating finding.", finding.id, finding)
+                finding.active = True
+                finding.risk_accepted = False
 
                 # Update any endpoint statuses on each of the findings
                 update_endpoint_statuses(finding, accept_risk=False)
-                risk_unaccept(None, finding, post_comments=False)  # comments will be posted at end
 
                 if risk_acceptance.restart_sla_expired:
                     finding.sla_start_date = timezone.now().date()
-                    finding.save(dedupe_option=False)  # resave if changed after risk_unaccept
+
+                finding.save(dedupe_option=False)
 
                 reactivated_findings.append(finding)
             else:
                 logger.debug("%i:%s already active, no changes made.", finding.id, finding)
 
+        # best effort JIRA integration, no status changes, just a comment
         post_jira_comments(risk_acceptance, risk_acceptance.accepted_findings.all(), expiration_message_creator)
 
     risk_acceptance.expiration_date = timezone.now()
@@ -73,7 +76,7 @@ def reinstate(risk_acceptance, old_expiration_date):
             else:
                 logger.debug("%i:%s: already inactive, not making any changes", finding.id, finding)
 
-        # best effort JIRA integration, no status changes
+        # best effort JIRA integration, no status changes, just a comment
         post_jira_comments(risk_acceptance, risk_acceptance.accepted_findings.all(), reinstation_message_creator)
 
     risk_acceptance.expiration_date_handled = None
diff --git a/dojo/templates/dojo/view_eng.html b/dojo/templates/dojo/view_eng.html
@@ -437,7 +437,7 @@ <h4> Risk Acceptance
                                                         Never
                                                     {% endif %}
                                                 </td>
-                                                <td>{{ risk_acceptance.accepted_findings_count }}</td>
+                                                <td><a href="{% url 'view_risk_acceptance' eng.id risk_acceptance.id %}">{{ risk_acceptance.accepted_findings_count }}</a></td>
                                                 {% if risk_acceptance.filename %}
                                                     <td><a href="{% url 'download_risk_acceptance' eng.id risk_acceptance.id %}">Yes</a>
                                                         &nbsp;<i style="position:absolute;" class="fa has-popover fa-info-circle" title="Uploaded proof" data-trigger="hover" data-placement="bottom" data-container="body" data-html="true"
@@ -717,7 +717,7 @@ <h4>Files<span class="pull-right">
         <div class="col-md-4">
             <div class="panel panel-default-secondary">
                 <div class="panel-heading">
-                    <h3 class="panel-title"><span class="fa-solid fa-circle-info fa-fw" aria-hidden="true"></span> 
+                    <h3 class="panel-title"><span class="fa-solid fa-circle-info fa-fw" aria-hidden="true"></span>
                         {% if eng.name %}
                             {{ eng.name }}
                         {% else %}
@@ -1040,25 +1040,25 @@ <h4><span class="fa-solid fa-key" aria-hidden="true"></span>
             $(document).on('keypress', null, 'e', function () {
                 window.location.assign('{% url 'edit_engagement' eng.id %}');
             });
-        
+
             $(document).on('keypress', null, 'a', function () {
                 window.location.assign('{% url 'add_tests' eng.id %}');
             });
-        
+
             $(document).on('keypress', null, 'i', function () {
                 window.location.assign('{% url 'import_scan_results' eng.id %}');
             });
-        
+
             $("a[data-toggle='collapse']").on('click', function () {
                 var i = $($(this).find('i').get(0));
                 i.toggleClass('glyphicon-chevron-up').toggleClass('glyphicon-chevron-down');
             });
-        
+
             //Ensures dropdown has proper zindex
             $('.table-responsive').on('show.bs.dropdown', function () {
             $('.table-responsive').css( "overflow", "inherit" );
             });
-        
+
             $('.table-responsive').on('hide.bs.dropdown', function () {
                 $('.table-responsive').css( "overflow", "auto" );
             })
@@ -1067,15 +1067,15 @@ <h4><span class="fa-solid fa-key" aria-hidden="true"></span>
                 var terms = '';
                 if ($.cookie('highlight')) {
                     terms = $.cookie('highlight').split(' ');
-                    
+
                     for (var i = 0; i < terms.length; i++) {
                         $('body').highlight(terms[i]);
                     }
                 }
-                
+
                 $('input#simple_search').val(terms);
             }
-        
+
             $('#shareQuestionnaireModal').on('show.bs.modal', function (event) {
             var button = $(event.relatedTarget) // Button that triggered the modal
             var path = button.data('whatever') // Extract info from data-* attributes
@@ -1088,8 +1088,8 @@ <h4><span class="fa-solid fa-key" aria-hidden="true"></span>
             modal.find('p#questionnaireURL').text('Questionnaire URL: ' + host + path)
             })
         });
-        
+
         {% include 'dojo/snippets/risk_acceptance_actions_snippet_js.html' %}
-        
+
     </script>
 {% endblock %}
