Dynamic Parsing: Add flag to indicate new test types

[Maffooch]

When using parsers that are capable of creating new test types (e.i. generic, sarif, GitLab, etc.) it would beneficial to know if a test type was generated "dynamically" or if it is supported by DefectDojo out of the box

[sc-7401]

[dryrunsecurity]

DryRun Security Summary

The pull request covers various improvements to the Defect Dojo application, including handling of test types, form management, API serialization, and the import/reimport functionality for security scan reports, without introducing any obvious security vulnerabilities.

Expand for full summary

Summary:

The code changes in this pull request cover various aspects of the Defect Dojo application, including the handling of test types, form management, API serialization, and the import/reimport functionality for security scan reports.

From an application security perspective, the changes do not introduce any obvious security vulnerabilities. The changes are primarily focused on enhancing the functionality and maintainability of the application, such as:

1. Tracking whether test types are dynamically generated during the import process.
2. Updating forms to exclude certain fields from being displayed.
3. Adjusting the serialization of test type data to remove unnecessary fields.
4. Improving the handling of import and reimport of security scan reports, including preserving finding history, managing unique identifiers, and providing detailed statistics.

While these changes do not directly address security vulnerabilities, it's important to review the broader context and potential implications of the changes. Proper input validation, access control, and secure data handling should be maintained throughout the application to prevent common web application vulnerabilities.

Files Changed:

1. dojo/importers/base_importer.py: The changes add functionality to mark dynamically generated test types and save them to the database.
2. dojo/db_migrations/0214_test_type_dynamically_generated.py: This database migration adds a new dynamically_generated field to the test_type model.
3. dojo/forms.py: The changes update the Test_TypeForm class to exclude the dynamically_generated field from the form.
4. dojo/api_v2/serializers.py: The changes remove the dynamically_generated field from the TestTypeSerializer.
5. dojo/models.py: The changes add a new dynamically_generated field to the Test_Type model.
6. unittests/test_import_reimport.py: The changes enhance the import and reimport functionality for various types of security scan reports, including handling of unique identifiers, preserving existing findings, and providing detailed statistics.

Code Analysis

We ran 9 analyzers against 6 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved