@@ -1920,43 +1920,42 @@ class Meta:
19201920
19211921 # Overriding this to push add Push to JIRA functionality
19221922 def create (self , validated_data ):
1923- # remove tags from validated data and store them seperately
1923+ # Pop off of some fields that should not be sent to the model at this time
19241924 to_be_tagged , validated_data = self ._pop_tags (validated_data )
1925-
1926- # pop push_to_jira so it won't get send to the model as a field
1927- push_to_jira = validated_data .pop ("push_to_jira" )
1928-
1929- # Save vulnerability ids and pop them
1930- if "vulnerability_id_set" in validated_data :
1931- vulnerability_id_set = validated_data .pop ("vulnerability_id_set" )
1932- else :
1933- vulnerability_id_set = None
1934-
1935- # first save, so we have an instance to get push_all_to_jira from
1936- new_finding = super (TaggitSerializer , self ).create (validated_data )
1937-
1938- if vulnerability_id_set :
1939- vulnerability_ids = []
1940- for vulnerability_id in vulnerability_id_set :
1941- vulnerability_ids .append (vulnerability_id ["vulnerability_id" ])
1942- validated_data ["cve" ] = vulnerability_ids [0 ]
1943- save_vulnerability_ids (new_finding , vulnerability_ids )
1944- new_finding .save ()
1945-
1925+ push_to_jira = validated_data .pop ("push_to_jira" , False )
1926+ notes = validated_data .pop ("notes" , None )
1927+ found_by = validated_data .pop ("found_by" , None )
1928+ reviewers = validated_data .pop ("reviewers" , None )
1929+ # Process the vulnerability IDs specially
1930+ parsed_vulnerability_ids = []
1931+ if (vulnerability_ids := validated_data .pop ("vulnerability_id_set" , None )):
1932+ for vulnerability_id in vulnerability_ids :
1933+ parsed_vulnerability_ids .append (vulnerability_id ["vulnerability_id" ])
1934+ validated_data ["cve" ] = parsed_vulnerability_ids [0 ]
1935+ # Create a findings in memory so that we have access to unsaved_vulnerability_ids
1936+ new_finding = Finding (** validated_data )
1937+ new_finding .unsaved_vulnerability_ids = parsed_vulnerability_ids
1938+ new_finding .save ()
1939+ # Deal with all of the many to many things
1940+ if notes :
1941+ new_finding .notes .set (notes )
1942+ if found_by :
1943+ new_finding .found_by .set (found_by )
1944+ if reviewers :
1945+ new_finding .reviewers .set (reviewers )
1946+ if parsed_vulnerability_ids :
1947+ save_vulnerability_ids (new_finding , parsed_vulnerability_ids )
19461948 # TODO: JIRA can we remove this is_push_all_issues, already checked in
19471949 # apiv2 viewset?
19481950 push_to_jira = push_to_jira or jira_helper .is_push_all_issues (
19491951 new_finding ,
19501952 )
1951-
19521953 # If we need to push to JIRA, an extra save call is needed.
19531954 # TODO: try to combine create and save, but for now I'm just fixing a
19541955 # bug and don't want to change to much
19551956 if push_to_jira or new_finding :
19561957 new_finding .save (push_to_jira = push_to_jira )
1957-
1958- # not sure why we are returning a tag_object, but don't want to change
1959- # too much now as we're just fixing a bug
1958+ # This final call will save the finding again and return it
19601959 return self ._save_tags (new_finding , to_be_tagged )
19611960
19621961 def validate (self , data ):
0 commit comments