Prefetching: Add swagger docs for models already supporting prefetching

[Maffooch]

• The /api/v2/global_role endpoint does not support prefetching, but it really should
• I felt sorta icky copy pasting the whole drf-spectacular schema extension, so I added a function to generalize it, then add it to all of the viewsets that already supported prefetch via the PrefetchDojoModelViewSet mixin

[sc-7579]

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on improving the performance and flexibility of the Defect Dojo API version 2 by adding a schema_with_prefetch() function to allow selective fetching of related model instances and introducing a custom DojoOpenApiJsonRenderer class to handle the indentation of the API responses.

Expand for full summary

Summary:

The code changes in this pull request appear to be focused on improving the performance and flexibility of the Defect Dojo API version 2. The main changes include the addition of a schema_with_prefetch() function that allows clients to selectively fetch related model instances using a prefetch query parameter, and the introduction of a custom DojoOpenApiJsonRenderer class to handle the indentation of the API responses.

These changes do not introduce any obvious security concerns. The API is still using the appropriate authentication and authorization mechanisms, and the addition of the prefetch parameter does not create any new security risks. However, it is always important to review the implementation of any new features or changes to ensure that they do not introduce vulnerabilities or unexpected behavior.

Files Changed:

• dojo/api_v2/views.py: This file contains the view classes and functions for the Defect Dojo API version 2. The changes include:
  1. Addition of a schema_with_prefetch() function that defines the schema for the list and retrieve actions of various view sets, allowing for the inclusion of a prefetch query parameter to fetch related model instances.
  2. Introduction of a DojoOpenApiJsonRenderer class that extends the OpenApiJsonRenderer2 class to provide custom indentation handling for the API responses.
  3. Modification of several view sets to use the schema_with_prefetch() function, including DojoGroupViewSet, DojoGroupMemberViewSet, GlobalRoleViewSet, EndpointStatusViewSet, EngagementViewSet, RiskAcceptanceViewSet, AppAnalysisViewSet, CredentialsViewSet, CredentialsMappingViewSet, DojoMetaViewSet, ProductViewSet, ProductMemberViewSet, ProductGroupViewSet, ProductTypeViewSet, ProductTypeMemberViewSet, ProductTypeGroupViewSet, StubFindingsViewSet, TestsViewSet, TestImportViewSet, ToolConfigurationsViewSet, ToolProductSettingsViewSet, UserContactInfoViewSet, LanguageViewSet, NotificationsViewSet, EngagementPresetsViewset, and QuestionnaireAnsweredSurveyViewSet.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Authn/Authz Analyzer	25 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved