Closed coheigea closed 1 month ago
FAO @mtesauro
Hi @coheigea,
did you look at the settings? Maybe these help:
@manuel-sommer I suspect these won't help, the problem is the huge volume of data that appears when I try to delete the alerts
@coheigea There's a couple of options:
(1) Set DD_DELETE_PREVIEW to false in settings/local_settings.py or pass in as ENV variable. This keeps the "here's what's going to be deleted" list from being generated and can help when deleting a large number of objects in the UI/browser.
(2) If you're careful and know Python/Django & DefectDojo Internals, there's manage.py shell which gives you direct access to the objects in Django/DefectDojo. However, it's definitely a power tool so it can help in situations like this one but it can also cut off fingers aka you can break your DefectDojo install if you do the wrong thing.
HTH
@mtesauro Thanks for your response. I did set DD_DELETE_PREVIEW to false, but it's not taken into account for alerts. IMO this is probably a bug to fix?
I was able to workaround the issue by reading the code: https://github.com/DefectDojo/django-DefectDojo/blob/b6d6e61f58f17572f5e1e54d7caa40900f5f0725/dojo/user/views.py#L194
def delete_alerts(request):
alerts = Alerts.objects.filter(user_id=request.user)
if request.method == 'POST':
alerts.filter().delete()
messages.add_message(
request,
messages.SUCCESS,
_('Alerts removed.'),
extra_tags='alert-success')
return HttpResponseRedirect('alerts')
return render(request,
'dojo/delete_alerts.html',
{'alerts': alerts})
I used an intercepting proxy to change the deletion from GET to POST to avoid printing out the alerts in the form and it did the trick.
@coheigea Yeah, that looks like a bug to me - seems like that got missed when the rest of the delete previews were made optional.
:+1: On your sneaky fix/workaround.
Give us some time and we'll see about a PR to remove that Alert preview.
I guess this can be closed @mtesauro
Thanks for the fix @Maffooch , I just updated and was able to delete the alerts in the UI
I've ended up in a situation where DefectDojo has a huge number of alerts (~600k) that weren't cleared over a long time with much refactoring. There is no way to delete the alerts as the browser tab crashed trying to load all the alerts /delete_alerts
I did not find an API to delete the alerts. Is there a way to do this in the UI that I've missed (or a REST API)?