Mark Finding properties related_fields, jira_creation and jira_change as nullable

[ccronca]

Description

Currently the OpenAPI spec lists the properties related_fields, jira_creation and jira_change as required in Findings objects. However, response may include these fields as null if they are not set.

This PR updates the specification to mark these properties as nullable. This is useful for generating clients from the openapi spec.

Test results

I don't believe there are tests for this.

Documentation

This is just a change to the openapi spec.

Checklist

This checklist is for your information.

• Make sure to rebase your PR against the very latest dev.
• Features/Changes should be submitted against the dev.
• Bugfixes should be submitted against the bugfix branch.
• Give a meaningful name to your PR, as it may end up being used in the release notes.
• Your code is flake8 compliant.
• Your code is python 3.11 compliant.
• If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
• Model changes must include the necessary migrations in the dojo/db_migrations folder.
• Add applicable tests to the unit tests.
• Add the proper label to categorize your PR.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	❌	1 finding
IDOR Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
AppSec Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings

Note

🔴 Risk threshold exceeded. Adding a reviewer if one is configured in .dryrunsecurity.yaml.

notification list: @mtesauro @grendel513

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in the provided patch are related to the FindingSerializer class in the dojo/api_v2/serializers.py file. The changes update the related_fields, jira_creation, and jira_change fields to allow null values. These changes are likely made to handle cases where the related fields or JIRA-related fields may not have a value.

From an application security perspective, these changes do not introduce any obvious security concerns. However, it's important to ensure that the overall application design and implementation follow secure coding practices, such as proper input validation and sanitization, secure authentication and authorization mechanisms, secure data storage and transmission, and regular security testing and vulnerability assessments.

Files Changed:

• dojo/api_v2/serializers.py: The changes in this file update the FindingSerializer class to allow null values for the related_fields, jira_creation, and jira_change fields. These changes are likely made to handle cases where the related fields or JIRA-related fields may not have a value. While these changes do not introduce any obvious security concerns, it's important to review the overall application security practices to ensure that the data handled by the FindingSerializer is properly secured and does not expose any sensitive information or introduce vulnerabilities.

Powered by DryRun Security

[mtesauro]

Approved