Skip to content

Add report API formats#15148

Open
samiat4911 wants to merge 1 commit into
DefectDojo:devfrom
samiat4911:fix/report-api-formats
Open

Add report API formats#15148
samiat4911 wants to merge 1 commit into
DefectDojo:devfrom
samiat4911:fix/report-api-formats

Conversation

@samiat4911

Copy link
Copy Markdown
Contributor

Description

Closes #12018.

This PR adds selectable output formats to the report generation API. The existing API behavior remains the default by keeping JSON as the default report_type, while callers can now request HTML, CSV, or Excel.

The request serializer now accepts a report_type field:

class ReportGenerateOptionSerializer(serializers.Serializer):
    REPORT_TYPE_CHOICES = (
        ("JSON", "JSON"),
        ("HTML", "HTML"),
        ("CSV", "CSV"),
        ("Excel", "Excel"),
    )

    include_finding_notes = serializers.BooleanField(default=False)
    include_finding_images = serializers.BooleanField(default=False)
    include_executive_summary = serializers.BooleanField(default=False)
    include_table_of_contents = serializers.BooleanField(default=False)
    report_type = serializers.ChoiceField(
        choices=REPORT_TYPE_CHOICES,
        default="JSON",
        help_text="Format for the generated report.",
    )

The shared API report helper now formats the response based on the requested type:

def report_generate_response(request, obj, options):
    report_type = options.get("report_type", "JSON")
    data = report_generate(request, obj, options)

    if report_type == "JSON":
        report = serializers.ReportGenerateSerializer(data)
        return Response(report.data)

    if report_type == "HTML":
        return render(request, data["report_template"], data)

    if report_type == "CSV":
        return CSVExportView().build_response(data["findings"])

    if report_type == "Excel":
        return ExcelExportView().build_response(data["findings"])

    msg = f"Unsupported report_type: {report_type}"
    raise ValidationError(msg)

The existing CSV and Excel UI export views were refactored slightly so their response builders can be reused by the API without changing the existing UI export routes:

    def get(self, request):
        findings, _obj = get_findings(request)
        findings = prefetch_related_findings_for_report(findings)
        self.findings = findings
        findings = self.add_findings_data()
        return self.build_response(findings)

    def build_response(self, findings):

The four existing report generation API actions now pass the validated report_type into the shared response helper:

            options["report_type"] = report_options.validated_data["report_type"]

During testing, API requests exposed that report_url_resolver() could raise KeyError when HTTP_HOST was not present in request metadata. This PR adds a safe fallback:

        if "HTTP_HOST" not in request.META:
            return request.build_absolute_uri("/").rstrip("/")

Test results

Added targeted API tests covering:

  • Default JSON report output.
  • HTML report output.
  • CSV report output.
  • Excel report output.
  • Invalid report_type validation.

Test class added:

@versioned_fixtures
class ReportGenerateFormatAPITest(DojoAPITestCase):
    fixtures = ["dojo_testdata.json"]

Documentation

Please update any documentation when needed in the documentation folder)

Checklist

This checklist is for your information.

  • Make sure to rebase your PR against the very latest dev.
  • Features/Changes should be submitted against the dev.
  • Bugfixes should be submitted against the bugfix branch.
  • Give a meaningful name to your PR, as it may end up being used in the release notes.
  • Your code is Ruff compliant (see ruff.toml).
  • Your code is python 3.13 compliant.
  • If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
  • Model changes must include the necessary migrations in the dojo/db_migrations folder.
  • Add applicable tests to the unit tests.
  • Add the proper label to categorize your PR.

@samiat4911 samiat4911 force-pushed the fix/report-api-formats branch from cbb4241 to b811c2e Compare July 3, 2026 10:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant