fix: remove None databases name for removing provider Neo4j databases (#9858)

2026-01-25 02:08:11 +00:00 · 2026-01-22 13:45:35 +01:00
parent 963ece9a0b
commit 03d4c19ed5
3 changed files with 19 additions and 5 deletions
--- a/api/CHANGELOG.md
+++ b/api/CHANGELOG.md
@@ -2,6 +2,13 @@

 All notable changes to the **Prowler API** are documented in this file.

+## [1.18.1] (Prowler v5.17.1)
+
+### Changed
+
+- Improve API startup process by `manage.py` argument detection [(#9856)](https://github.com/prowler-cloud/prowler/pull/9856)
+- Deleting providers don't try to delete a `None` Neo4j database when an Attack Paths scan is scheduled [(#9858)](https://github.com/prowler-cloud/prowler/pull/9858)
+
 ## [1.18.0] (Prowler v5.17.0)

 ### Added
@@ -19,7 +26,6 @@ All notable changes to the **Prowler API** are documented in this file.
 - `pyasn1` to v0.6.2 to address [CVE-2026-23490](https://nvd.nist.gov/vuln/detail/CVE-2026-23490) [(#9818)](https://github.com/prowler-cloud/prowler/pull/9818)
 - `django-allauth[saml]` to v65.13.0 to address [CVE-2025-65431](https://nvd.nist.gov/vuln/detail/CVE-2025-65431) [(#9575)](https://github.com/prowler-cloud/prowler/pull/9575)

-
 ---

 ## [1.17.1] (Prowler v5.16.1)
--- a/api/src/backend/api/attack_paths/retryable_session.py
+++ b/api/src/backend/api/attack_paths/retryable_session.py
@@ -66,6 +66,7 @@ class RetryableSession:
            except (
                neo4j.exceptions.ServiceUnavailable,
                ConnectionResetError,
+                BrokenPipeError,
            ) as exc:  # pragma: no cover - depends on infra
                last_exc = exc
                attempt += 1
--- a/api/src/backend/tasks/jobs/attack_paths/db_utils.py
+++ b/api/src/backend/tasks/jobs/attack_paths/db_utils.py
@@ -1,6 +1,7 @@
 from datetime import datetime, timezone
 from typing import Any

+from django.db.models import Q
 from cartography.config import Config as CartographyConfig

 from api.db_utils import rls_transaction
@@ -153,9 +154,15 @@ def get_provider_graph_database_names(tenant_id: str, provider_id: str) -> list[
    Note: For accesing the `AttackPathsScan` we need to use `all_objects` manager because the provider is soft-deleted.
    """
    with rls_transaction(tenant_id):
-        graph_databases_names_qs = ProwlerAPIAttackPathsScan.all_objects.filter(
-            provider_id=provider_id,
-            is_graph_database_deleted=False,
-        ).values_list("graph_database", flat=True)
+        graph_databases_names_qs = (
+            ProwlerAPIAttackPathsScan.all_objects.filter(
+                ~Q(graph_database=""),
+                graph_database__isnull=False,
+                provider_id=provider_id,
+                is_graph_database_deleted=False,
+            )
+            .values_list("graph_database", flat=True)
+            .distinct()
+        )

        return list(graph_databases_names_qs)