Test Types: Return support for disabling test types via the active flag

[Maffooch]

Return the ability to remove a given test type from being used, but without deleting the test type. This change has the following impacts for test types with a False active status:

• Import forms will not list inactive test types
• Creating/editing a test will not allow for an inactive test type to be selected

There is a slight caveat to this such that the API swagger schema does not appear to be calling the function to generate the list of test types each time the schema is loaded. The test type list is updated on uwsgi reload. My best guess is the schema is being cached on the server somehow.

[sc-6869]

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on improving the handling of inactive test types in the dojo/tools/factory.py file, including introducing a new function to retrieve inactive test types, modifying functions to exclude inactive test types, and updating the get_api_scan_configuration_hints() function to exclude inactive test types, which enhances the overall maintainability and reliability of the application.

Expand for full summary

Summary:

The code changes in this pull request focus on improving the handling of inactive test types in the dojo/tools/factory.py file. The key changes include:

1. Introduction of a new function get_inactive_test_types() that retrieves a list of inactive test types from the database.
2. Modification of the get_scan_types_sorted() and get_choices_sorted() functions to exclude inactive test types from the results.
3. Update to the get_api_scan_configuration_hints() function to exclude inactive test types when generating the API scan configuration hints.

From an application security perspective, these changes are a positive improvement as they enhance the overall maintainability and reliability of the application. By properly handling and excluding inactive test types, the application can prevent potential issues or confusion that could arise from including outdated or irrelevant functionality. Additionally, the changes to the get_api_scan_configuration_hints() function ensure that the API scan configuration hints only include active test types, providing accurate and up-to-date information to users or other systems consuming the API.

Files Changed:

• dojo/tools/factory.py: This file has been updated to introduce a new function get_inactive_test_types() that retrieves a list of inactive test types from the database. The get_scan_types_sorted() and get_choices_sorted() functions have been modified to exclude inactive test types from the results, and the get_api_scan_configuration_hints() function has been updated to exclude inactive test types when generating the API scan configuration hints.

Code Analysis

We ran 7 analyzers against 1 file and 0 analyzers had findings. 7 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[kiblik]

I'm not 100% sure, this will work in multi-Django deployment (k8s, number of pods >1). signal will probably trigger reload of PARSERS only in the container in which Test_type has been disabled.

[Maffooch]

That is a good point. Maybe it really would be better to totally move away from the "in memory" list of parsers. I'll see what I can do

[mtesauro]

Approved