Skip to content

fix: remove frozen flag definitions and centralise CRE_ALLOW_IMPORT gate#884

Merged
Pa04rth merged 1 commit into
OWASP:mainfrom
shiwani42:fix/test-myopencre-flag
Apr 26, 2026
Merged

fix: remove frozen flag definitions and centralise CRE_ALLOW_IMPORT gate#884
Pa04rth merged 1 commit into
OWASP:mainfrom
shiwani42:fix/test-myopencre-flag

Conversation

@shiwani42

@shiwani42 shiwani42 commented Apr 17, 2026

Copy link
Copy Markdown
Contributor

Closes #871
Closes #869

Summary

Removed frozen ENABLE_MYOPENCRE and GAP_ANALYSIS_OPTIMIZED definitions from config.py. Upstream has since removed all usages of both flags; the frozen definitions were dead code.

Introduces application/feature_flags.py with is_cre_import_allowed(), which reads os.getenv("CRE_ALLOW_IMPORT") fresh on every call using a TRUE_VALUES whitelist (1, true, yes) matching upstream gate semantics.

Also fixes a pre-existing inconsistency in the /rest/v1/config endpoint: it previously returned True only for "1", while the gate accepted "1", "true", and "yes". Both now use is_cre_import_allowed() so the frontend reflects the actual gate state.

Why

Upstream removed the usages of ENABLE_MYOPENCRE and GAP_ANALYSIS_OPTIMIZED from web_main.py and db.py, but left their frozen definitions in config.py as dead code. This PR cleans them up.

CRE_ALLOW_IMPORT had the same import-time risk and was duplicated inline across multiple call sites in web_main.py with slightly inconsistent semantics (the gate and the /rest/v1/config endpoint checked different value sets). Centralising into feature_flags.py gives it a single source of truth and prevents future drift.

Changes

  • application/feature_flags.py (new) - is_cre_import_allowed() reads dynamically at call time
  • application/config.py - removed dead frozen definitions of ENABLE_MYOPENCRE and GAP_ANALYSIS_OPTIMIZED
  • application/web/web_main.py - use is_cre_import_allowed() at all CRE_ALLOW_IMPORT call sites; /rest/v1/config now reflects the actual gate state
  • application/tests/gap_analysis_db_test.py - removed stale Config.GAP_ANALYSIS_OPTIMIZED patch; tiered pruning is always-on
  • application/tests/web_main_test.py - use patch.dict(os.environ, ...) for proper env isolation

Test plan

  • test_tiered_execution_optimization passes
  • test_get_cre_csv passes
  • test_import_from_cre_csv passes
  • Full suite: 228 passed, 0 failures; 1 skipped (test_parse_row_dicts_produces_cres_and_new_standards skips when fixture file OpenCRE-AI-6-WithMitre.csv is absent, pre-existing and unrelated to this change)
  • black formatting verified

@shiwani42 shiwani42 force-pushed the fix/test-myopencre-flag branch from 0471fc3 to 63db128 Compare April 21, 2026 14:37
@shiwani42 shiwani42 changed the title fix: patch ENABLE_MYOPENCRE in csv tests to bypass feature flag gate fix: read ENABLE_MYOPENCRE and GAP_ANALYSIS_OPTIMIZED dynamically at call time Apr 21, 2026
@northdpole

Copy link
Copy Markdown
Collaborator

thanks for this pr, due to several last minute debugging changes and a brand new AI taxonomy we had to merge quickly several breaking changes, this is useful can you please resolve the conflicts so we can merge?

@shiwani42

Copy link
Copy Markdown
Contributor Author

Yes sure, will do👍

@shiwani42 shiwani42 force-pushed the fix/test-myopencre-flag branch from 63db128 to ee6c72a Compare April 23, 2026 13:42
ENABLE_MYOPENCRE and GAP_ANALYSIS_OPTIMIZED were evaluated once at import/class definition time, freezing their values. Upstream has since removed all usages of both flags, so their frozen definitions in config.py are dropped.

Introduces application/feature_flags.py with is_cre_import_allowed(), which reads os.getenv("CRE_ALLOW_IMPORT") fresh on every call using a TRUE_VALUES whitelist matching upstream gate semantics (1, true, yes).

Also fixes a pre-existing inconsistency in the /rest/v1/config endpoint: it previously returned True only for "1", while the gate accepted "1", "true", and "yes". Both now use is_cre_import_allowed() so the frontend reflects the actual gate state.

Tests updated to remove stale flag patches and use patch.dict for proper env isolation.
@shiwani42 shiwani42 force-pushed the fix/test-myopencre-flag branch from ee6c72a to d5eebbf Compare April 23, 2026 14:05
@shiwani42 shiwani42 changed the title fix: read ENABLE_MYOPENCRE and GAP_ANALYSIS_OPTIMIZED dynamically at call time fix: remove frozen flag definitions and centralise CRE_ALLOW_IMPORT gate Apr 23, 2026
@shiwani42

Copy link
Copy Markdown
Contributor Author

Hi @northdpole, rebased onto main and resolved the conflicts. The scope shifted during the rebase since upstream had already removed the ENABLE_MYOPENCRE and GAP_ANALYSIS_OPTIMIZED usages, so the PR now focuses on cleaning up the dead frozen definitions and centralising the CRE_ALLOW_IMPORT gate. Updated the title and description to reflect this.

@Pa04rth Pa04rth self-requested a review April 26, 2026 03:24
@Pa04rth Pa04rth merged commit 997c172 into OWASP:main Apr 26, 2026
3 checks passed
@Pa04rth

Pa04rth commented Apr 26, 2026

Copy link
Copy Markdown
Collaborator

Merged ! @shiwani42 @PRAteek-singHWY

@shiwani42 shiwani42 deleted the fix/test-myopencre-flag branch April 26, 2026 03:28
Bornunique911 pushed a commit to Bornunique911/OpenCRE that referenced this pull request Apr 26, 2026
…ate (OWASP#884)

ENABLE_MYOPENCRE and GAP_ANALYSIS_OPTIMIZED were evaluated once at import/class definition time, freezing their values. Upstream has since removed all usages of both flags, so their frozen definitions in config.py are dropped.

Introduces application/feature_flags.py with is_cre_import_allowed(), which reads os.getenv("CRE_ALLOW_IMPORT") fresh on every call using a TRUE_VALUES whitelist matching upstream gate semantics (1, true, yes).

Also fixes a pre-existing inconsistency in the /rest/v1/config endpoint: it previously returned True only for "1", while the gate accepted "1", "true", and "yes". Both now use is_cre_import_allowed() so the frontend reflects the actual gate state.

Tests updated to remove stale flag patches and use patch.dict for proper env isolation.
Bornunique911 pushed a commit to Bornunique911/OpenCRE that referenced this pull request Apr 26, 2026
…ate (OWASP#884)

ENABLE_MYOPENCRE and GAP_ANALYSIS_OPTIMIZED were evaluated once at import/class definition time, freezing their values. Upstream has since removed all usages of both flags, so their frozen definitions in config.py are dropped.

Introduces application/feature_flags.py with is_cre_import_allowed(), which reads os.getenv("CRE_ALLOW_IMPORT") fresh on every call using a TRUE_VALUES whitelist matching upstream gate semantics (1, true, yes).

Also fixes a pre-existing inconsistency in the /rest/v1/config endpoint: it previously returned True only for "1", while the gate accepted "1", "true", and "yes". Both now use is_cre_import_allowed() so the frontend reflects the actual gate state.

Tests updated to remove stale flag patches and use patch.dict for proper env isolation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

3 participants