Request/Response API CRUD Endpoints

[hblankenship]

Added an endpoint with full CRUD for Request/Response Pairs.

[sc-8980]

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on enhancing Defect Dojo's handling of Burp Suite scan data by introducing a new ViewSet, serializer, and unit tests for managing raw request and response information while potentially deprecating an existing model.

Expand for full summary

Summary:

The code changes in this pull request are focused on the handling and management of Burp Suite scan data within the Defect Dojo application. The key changes include:

1. Removal of the BurpRawRequestResponse Model: The changes involve the removal of the BurpRawRequestResponse model from the unittests/test_apiv2_methods_and_endpoints.py file, which suggests that the functionality related to Burp Suite integration is being deprecated or removed from the application.

2. Addition of the BurpRawRequestResponseViewSet: A new BurpRawRequestResponseViewSet has been added to the Django REST Framework (DRF) API version 2 of the Dojo application. This ViewSet is responsible for handling the API endpoints related to Burp raw request and response data.

3. Implementation of the BurpRawRequestResponseMultiSerializer: A new serializer class called BurpRawRequestResponseMultiSerializer has been added to handle the serialization and validation of Burp raw request and response data.

4. Unit Tests for Burp Raw Request and Response Handling: The changes include the addition of new unit tests in the unittests/test_rest_framework.py file to test the functionality of the BurpRawRequestResponse API endpoint, including the ability to create, update, and delete records.

From an application security perspective, the changes related to the handling of Burp Suite scan data are generally positive, as they provide the ability to store and manage this sensitive information within the Defect Dojo application. However, it's important to ensure that the implementation of these features follows best practices for handling sensitive data, such as proper sanitization and validation of user input, appropriate access controls, and secure storage and transmission of the raw request and response data.

Files Changed:

1. unittests/test_apiv2_methods_and_endpoints.py: The changes involve the removal of the BurpRawRequestResponse model, which suggests that the functionality related to Burp Suite integration is being deprecated or removed from the application.
2. dojo/urls.py: The changes include the addition of a new BurpRawRequestResponseViewSet to the Django REST Framework (DRF) API version 2 of the Dojo application.
3. dojo/api_v2/serializers.py: The changes introduce a new BurpRawRequestResponseMultiSerializer class to handle the serialization and validation of Burp raw request and response data.
4. dojo/api_v2/views.py: The changes include the implementation of the BurpRawRequestResponseViewSet, which is responsible for handling the API endpoints related to Burp raw request and response data.
5. unittests/test_rest_framework.py: The changes include the addition of new unit tests to test the functionality of the BurpRawRequestResponse API endpoint, including the ability to create, update, and delete records.

Code Analysis

We ran 9 analyzers against 5 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

View PR in the DryRun Dashboard.

[mtesauro]

Approved