Prefetch Serialization: Add a preference during mapping

[Maffooch]

When prefetching via the API, the serializer to user is dynamically fetched. There are cases where there is more than one ModelSerializer on defined, and the wrong one is selected. This PR adds a dict to specify the preferred serializer to user a per model basis

The motivation for this PR is when prefetching a finding with files. Before this PR, a 500 error would be generated

[sc-6061]

[dryrunsecurity]

DryRun Security Summary

The pull request optimizes the serialization process in the prefetcher.py file by adding a preferred_serializers dictionary and modifying the _build_serializers method, which does not appear to introduce any obvious security vulnerabilities but requires careful management to prevent unintended consequences.

Expand for full summary

Summary:

The code changes in this pull request are focused on optimizing the serialization process in the prefetcher.py file. The key changes include the addition of a preferred_serializers dictionary to map the FileUpload model to the FileSerializer serializer, and the modification of the _build_serializers method to use the preferred serializer if available.

From an application security perspective, these changes do not appear to introduce any obvious security vulnerabilities. The optimizations can potentially improve the performance of the application, which is a positive security measure. However, it's important to ensure that the use of the "preferred serializers" dictionary is carefully managed to prevent any unintended consequences, such as using an outdated or insecure serializer. Additionally, the code's use of the inspect module and dynamic class loading should be reviewed to ensure that input is properly sanitized and validated to prevent potential injection attacks.

Overall, the changes in this code appear to be focused on performance optimization and do not introduce any obvious security vulnerabilities. Nevertheless, it's essential to maintain a vigilant approach to security and regularly review the code for potential issues.

Files Changed:

• dojo/api_v2/prefetch/prefetcher.py: The changes in this file are focused on optimizing the serialization process. A preferred_serializers dictionary has been added to map the FileUpload model to the FileSerializer serializer, and the _build_serializers method has been modified to use the preferred serializer if available. These changes do not appear to introduce any obvious security vulnerabilities, but the use of the "preferred serializers" dictionary should be carefully managed to prevent any unintended consequences.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved