Summary:

The code changes in this pull request are related to the dojo/api_v2/serializers.py file, which contains serializers for various models in the Defect Dojo application. The key changes involve updating the help text for the active and verified fields in the CommonImportScanSerializer class. These fields can now be used to force the findings to be active/inactive or verified/not verified, or to default to the original tool settings (None).

From an application security perspective, these changes do not introduce any obvious security concerns. However, it's important to ensure that the validation logic in these serializers is robust and that they properly handle edge cases and malformed input to prevent potential security vulnerabilities, such as injection attacks or unauthorized data modifications. Additionally, it's worth reviewing the overall security practices and controls in the Defect Dojo application, such as input validation, access control, and logging, to ensure that the application is secure and resilient against common web application security threats.

Files Changed:

• dojo/api_v2/serializers.py: The changes in this file update the help text for the active and verified fields in the CommonImportScanSerializer class. These fields can now be used to force the findings to be active/inactive or verified/not verified, or to default to the original tool settings (None). The changes do not introduce any obvious security concerns, but it's important to ensure that the validation logic in the serializers is robust and that the application's overall security practices are sound.