Skip to content

Unicity of Files' titles #12507

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
X0x1RG9f opened this issue May 26, 2025 · 1 comment
Open

Unicity of Files' titles #12507

X0x1RG9f opened this issue May 26, 2025 · 1 comment
Labels
bug

Comments

@X0x1RG9f
Copy link
Contributor

Bug description
When uploading a new file into DefectDojo (Engagement, Test, Finding), the title is unique due to the model declaration:
title = models.CharField(max_length=100, unique=True)

Thus, it is not only unique for that Engagement, Test or Finding but for the whole DefectDojo instance.

Steps to reproduce
Steps to reproduce the behavior:

  1. Go to Manage Files in Engagement, Test or Finding
  2. Upload a first file called "Test"
  3. Go to a different Engagement, Test or Finding
  4. Upload a new file called "Test"
  5. "File with this name already exists" pops

Expected behavior
Even if the Title could be a way of recognizing the file, as DD is intended to store a lot of Findings (then lot of engagements, tests, etc.), it's quite common that the chosen title will often or always match one already existing. For example, naming XSS, or Screenshot 1, etc. Thus, it become more and more complicated with time to find a title that has not been used yet and feature seems impossible to use.

Title should allow non unique values and maybe should allow 1000 chars and not just 100. Or, maybe should be split into 2 fields adding some kind of description in the FileUpload class?
@X0x1RG9f X0x1RG9f added the bug label May 26, 2025
@valentijnscholten
Copy link
Member

I also notice there's a ManyToMany relationship between FileUpload and Test or Finding or Engagement. Not sure if that is needed, I think it could be a OneToMany.

@Maffooch @mtesauro Any thoughts on this and the issue reported by @X0x1RG9f ? If a FileUpload record has a unique id the title might not need to be unique at all? Or could be made unique by Defect Dojo by adding some random suffix similar to what is happening when a Finding and its files are copied?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@valentijnscholten @X0x1RG9f
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy