Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DojoMeta: Ability to create or update multiple objects in batch #11268

Merged
merged 4 commits into from
Nov 15, 2024

Conversation

hblankenship
Copy link
Collaborator

[sc-856]

Added 'batch' endpoint for metadata to create or update multiple metadata at once. The same constraints still apply: can only be added to a single product, finding, or endpoint at a time and the metadata must be unique across the parent object id and the name of the metadata.

@github-actions github-actions bot added the apiv2 label Nov 15, 2024
Copy link

dryrunsecurity bot commented Nov 15, 2024

DryRun Security Summary

The pull request adds new serializers and functionality to the DojoMeta model, including batch creation and updating of DojoMeta objects, and demonstrates a focus on maintaining data integrity and preventing potential security issues through the use of serializers and error handling.

Expand for full summary

Summary:

The changes in this pull request are focused on adding new serializers and functionality to the DojoMeta model in the application. The MetadataSerializer is a simple serializer that handles the serialization and deserialization of metadata objects, while the MetaMainSerializer is a more complex serializer that includes fields for associating metadata with various entities, such as products, endpoints, and findings.

The changes also introduce new actions in the DojoMetaViewSet class, including batch and process_post/process_patch, which allow for batch creation and updating of DojoMeta objects. These changes seem to be aimed at enhancing the application's ability to manage and store metadata for various entities.

From an application security perspective, the use of serializers to handle data validation and deserialization is a good practice, as it helps to ensure that the input data is properly formatted and validated before being processed by the application. Additionally, the validate method in the MetaMainSerializer and the error handling in the DojoMetaViewSet class demonstrate a focus on maintaining data integrity and preventing potential security issues.

Files Changed:

  1. dojo/api_v2/serializers.py:

    • Addition of the MetadataSerializer and MetaMainSerializer classes.
    • The MetadataSerializer is a simple serializer that handles the serialization and deserialization of metadata objects.
    • The MetaMainSerializer is a more complex serializer that includes fields for associating metadata with various entities, such as products, endpoints, and findings.
    • The MetaMainSerializer also includes a validate method that ensures that only one of the product, endpoint, or finding fields is set.
  2. dojo/api_v2/views.py:

    • Addition of two new actions, batch and process_post/process_patch, to the DojoMetaViewSet class.
    • The batch action allows for batch creation and updating of DojoMeta objects.
    • The process_post and process_patch methods handle the creation and update of DojoMeta objects, respectively.
    • The code uses the serializers.MetaMainSerializer to validate the incoming data before processing it, and it handles IntegrityError exceptions that may occur during the creation or update of DojoMeta objects.
    • The DojoMetaViewSet class has the UserHasDojoMetaPermission permission class, which likely checks the user's permissions before allowing access to the endpoints.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch changed the title put and patch batch metada DojoMeta: Ability to create or update multiple objects in batch Nov 15, 2024
dojo/api_v2/views.py Outdated Show resolved Hide resolved
dojo/api_v2/views.py Outdated Show resolved Hide resolved
hblankenship and others added 2 commits November 15, 2024 16:35
Oof. Good eye

Co-authored-by: Charles Neill <[email protected]>
Same

Co-authored-by: Charles Neill <[email protected]>
@Maffooch Maffooch merged commit 67b89ed into dev Nov 15, 2024
75 checks passed
@Maffooch Maffooch deleted the hb-multiple-metadata-one-API-call branch November 15, 2024 23:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants