Skip to content

fix: close unclosed file handles in views, management commands#14446

Open
xovishnukosuri wants to merge 1 commit intoDefectDojo:devfrom
xovishnukosuri:fix/resource-leaks-file-handles
Open

fix: close unclosed file handles in views, management commands#14446
xovishnukosuri wants to merge 1 commit intoDefectDojo:devfrom
xovishnukosuri:fix/resource-leaks-file-handles

Conversation

@xovishnukosuri
Copy link

@xovishnukosuri xovishnukosuri commented Mar 5, 2026

This PR fixes resource leaks where file handles were not properly closed:

  • dojo/api_v2/views.py: download_proof() now properly closes file handles
  • dojo/engagement/views.py: risk_acceptance file handling now uses context managers
  • dojo/management/commands/csv_findings_export.py: refactored to use with statement
  • dojo/management/commands/import_surveys.py: properly closes file after reading

Changes ensure proper resource cleanup and prevent potential file descriptor exhaustion.

@github-actions github-actions bot added the apiv2 label Mar 5, 2026
@dryrunsecurity
Copy link

dryrunsecurity bot commented Mar 5, 2026

DryRun Security

🔴 Risk threshold exceeded.

This pull request makes edits to sensitive code paths: dojo/api_v2/views.py and dojo/engagement/views.py, which the scanner flagged as sensitive and suggests configuring allowed authors or paths in .dryrunsecurity.yaml. Reviewers should verify these changes carefully against project security policies and update .dryrunsecurity.yaml if the edits are authorized.

🔴 Configured Codepaths Edit in dojo/api_v2/views.py (drs_bf535789)
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.
🔴 Configured Codepaths Edit in dojo/engagement/views.py (drs_401040f5)
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.

We've notified @mtesauro.

Comment to provide feedback on these findings.

Report false positive: @dryrunsecurity fp [FINDING ID] [FEEDBACK]
Report low-impact: @dryrunsecurity nit [FINDING ID] [FEEDBACK]

Example: @dryrunsecurity fp drs_90eda195 This code is not user-facing

All finding details can be found in the DryRun Security Dashboard.

@xovishnukosuri
Copy link
Author

xovishnukosuri commented Mar 5, 2026

Thanks for the heads-up. These edits are limited to safe resource cleanup (closing file handles) in and while preserving existing behavior. No auth/permission logic changes. Happy to adjust if you prefer a different pattern or want these paths added to the allowlist in .dryrunsecurity.yaml.

@xovishnukosuri
Copy link
Author

xovishnukosuri commented Mar 5, 2026

Follow-up (previous comment had a shell-escaping issue): these edits are limited to safe resource cleanup (closing file handles) in download_proof and download_risk_acceptance while preserving existing behavior. No auth/permission logic changes. Happy to adjust if you prefer a different pattern or want these paths added to the allowlist in .dryrunsecurity.yaml.

@valentijnscholten valentijnscholten added this to the 2.57.0 milestone Mar 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@Maffooch Maffooch Awaiting requested review from Maffooch Maffooch is a code owner

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

At least 4 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

apiv2

Projects

None yet

Milestone

2.57.0

Development

Successfully merging this pull request may close these issues.

2 participants

@xovishnukosuri @valentijnscholten