diff --git a/dojo/benchmark/views.py b/dojo/benchmark/views.py index 04f4fb68e3b..645cdb941ac 100644 --- a/dojo/benchmark/views.py +++ b/dojo/benchmark/views.py @@ -37,10 +37,8 @@ def add_benchmark(queryset, product): benchmark_product.control = requirement requirements.append(benchmark_product) - try: - Benchmark_Product.objects.bulk_create(requirements) - except Exception: - pass + # TODO: This code might need better exception handling or data processing + Benchmark_Product.objects.bulk_create(requirements) @user_is_authorized(Product, Permissions.Benchmark_Edit, "pid") diff --git a/dojo/cred/views.py b/dojo/cred/views.py index 2fc373c3ac9..03ec144a402 100644 --- a/dojo/cred/views.py +++ b/dojo/cred/views.py @@ -585,10 +585,8 @@ def new_cred_finding(request, fid): @user_is_authorized(Cred_User, Permissions.Credential_Delete, "ttid") def delete_cred_controller(request, destination_url, id, ttid): cred = None - try: - cred = Cred_Mapping.objects.get(pk=ttid) - except: - pass + # TODO: This code might need better exception handling or data processing + cred = Cred_Mapping.objects.get(pk=ttid) if request.method == "POST": tform = CredMappingForm(request.POST, instance=cred) message = "" diff --git a/dojo/finding/helper.py b/dojo/finding/helper.py index 1182cb26d68..ea8623f80d8 100644 --- a/dojo/finding/helper.py +++ b/dojo/finding/helper.py @@ -171,14 +171,12 @@ def create_finding_group(finds, finding_group_name): # if user provided a name, we use that, else: # if we have components, we may set a nice name but catch 'name already exist' exceptions - try: - if finding_group_name: - finding_group.name = finding_group_name - elif finding_group.components: - finding_group.name = finding_group.components - finding_group.save() - except: - pass + # TODO: This code might need better exception handling or data processing + if finding_group_name: + finding_group.name = finding_group_name + elif finding_group.components: + finding_group.name = finding_group.components + finding_group.save() added = len(available_findings) skipped = len(finds) - added diff --git a/dojo/middleware.py b/dojo/middleware.py index 9fcb8a51dbc..239a2d92f4b 100644 --- a/dojo/middleware.py +++ b/dojo/middleware.py @@ -1,5 +1,6 @@ import logging import re +from contextlib import suppress from threading import local from urllib.parse import quote @@ -56,13 +57,10 @@ def __call__(self, request): if request.user.is_authenticated: logger.debug("Authenticated user: %s", str(request.user)) - try: + with suppress(ModuleNotFoundError): # to avoid unittests to fail uwsgi = __import__("uwsgi", globals(), locals(), ["set_logvar"], 0) # this populates dd_user log var, so can appear in the uwsgi logs uwsgi.set_logvar("dd_user", str(request.user)) - except: - # to avoid unittests to fail - pass path = request.path_info.lstrip("/") from dojo.models import Dojo_User if Dojo_User.force_password_reset(request.user) and path != "change_password": diff --git a/dojo/product/views.py b/dojo/product/views.py index 7db5b47b56b..760418e4cb9 100644 --- a/dojo/product/views.py +++ b/dojo/product/views.py @@ -964,11 +964,8 @@ def edit_product(request, pid): if get_system_setting("enable_github") and github_inst: gform = GITHUB_Product_Form(request.POST, instance=github_inst) - # need to handle delete - try: - gform.save() - except: - pass + # TODO: This code might need better exception handling or data processing + gform.save() elif get_system_setting("enable_github"): gform = GITHUB_Product_Form(request.POST) if gform.is_valid(): diff --git a/dojo/templatetags/display_tags.py b/dojo/templatetags/display_tags.py index 3fa030d90a4..080668076be 100644 --- a/dojo/templatetags/display_tags.py +++ b/dojo/templatetags/display_tags.py @@ -429,13 +429,11 @@ def pic_token(context, image, size): @register.filter def inline_image(image_file): - try: - if img_type := mimetypes.guess_type(image_file.file.name)[0]: - if img_type.startswith("image/"): - img_data = base64.b64encode(image_file.file.read()) - return f"data:{img_type};base64, {img_data.decode('utf-8')}" - except: - pass + # TODO: This code might need better exception handling or data processing + if img_type := mimetypes.guess_type(image_file.file.name)[0]: + if img_type.startswith("image/"): + img_data = base64.b64encode(image_file.file.read()) + return f"data:{img_type};base64, {img_data.decode('utf-8')}" return "" diff --git a/dojo/tools/gitlab_api_fuzzing/parser.py b/dojo/tools/gitlab_api_fuzzing/parser.py index c536dc00205..51d1caf1f54 100644 --- a/dojo/tools/gitlab_api_fuzzing/parser.py +++ b/dojo/tools/gitlab_api_fuzzing/parser.py @@ -28,12 +28,10 @@ def get_findings(self, file, test): title = vulnerability["name"] severity = self.normalise_severity(vulnerability["severity"]) description = vulnerability.get("category", "") - try: - location = vulnerability["location"] - description += "\n" + location["crash_type"] - description += "\n" + location["crash_state"] - except: - pass + # TODO: This code might need better exception handling or data processing or data processing + location = vulnerability["location"] + description += "\n" + location["crash_type"] + description += "\n" + location["crash_state"] findings.append( Finding( title=title, diff --git a/dojo/tools/h1/parser.py b/dojo/tools/h1/parser.py index a106f07d5d6..2466113e7ff 100644 --- a/dojo/tools/h1/parser.py +++ b/dojo/tools/h1/parser.py @@ -121,11 +121,9 @@ def build_description(self, content): description += f"Triaged: {triaged_date}\n" # Try to grab CVSS - try: - cvss = content["relationships"]["severity"]["data"]["attributes"]["score"] - description += f"CVSS: {cvss}\n" - except Exception: - pass + # TODO: This code might need better exception handling or data processing + cvss = content["relationships"]["severity"]["data"]["attributes"]["score"] + description += f"CVSS: {cvss}\n" # Build rest of description meat description += "##Report: \n{}\n".format( @@ -133,12 +131,10 @@ def build_description(self, content): ) # Try to grab weakness if it's there - try: - weakness_title = content["relationships"]["weakness"]["data"]["attributes"]["name"] - weakness_desc = content["relationships"]["weakness"]["data"]["attributes"]["description"] - description += f"\n##Weakness: {weakness_title}\n{weakness_desc}" - except Exception: - pass + # TODO: This code might need better exception handling or data processing + weakness_title = content["relationships"]["weakness"]["data"]["attributes"]["name"] + weakness_desc = content["relationships"]["weakness"]["data"]["attributes"]["description"] + description += f"\n##Weakness: {weakness_title}\n{weakness_desc}" return description diff --git a/dojo/tools/kiuwan/parser.py b/dojo/tools/kiuwan/parser.py index 5d91e5a315e..17b06f5a8a3 100644 --- a/dojo/tools/kiuwan/parser.py +++ b/dojo/tools/kiuwan/parser.py @@ -104,10 +104,8 @@ def get_findings(self, filename, test): finding.mitigation = "Not provided!" finding.severity = findingdict["severity"] finding.static_finding = True - try: + if "CWE" in row: finding.cwe = int(row["CWE"]) - except Exception: - pass if finding is not None: if finding.title is None: diff --git a/dojo/tools/veracode/json_parser.py b/dojo/tools/veracode/json_parser.py index 55ea07602d3..89fc1107274 100644 --- a/dojo/tools/veracode/json_parser.py +++ b/dojo/tools/veracode/json_parser.py @@ -85,13 +85,13 @@ def get_items(self, tree, test): if not finding: continue # Set the date of the finding from the report if it is present - try: + if finding_status := vuln.get("finding_status"): if settings.USE_FIRST_SEEN: - finding.date = parser.parse(vuln.get("finding_status", {}).get("first_found_date", "")) + if first_found_date := finding_status.get("first_found_date"): + finding.date = parser.parse(first_found_date) else: - finding.date = parser.parse(vuln.get("finding_status", {}).get("last_found_date", "")) - except Exception: - pass + if last_found_date := finding_status.get("last_found_date"): + finding.date = parser.parse(last_found_date) # Generate the description finding = self.parse_description(finding, vuln.get("description"), scan_type) finding.nb_occurences = vuln.get("count", 1) diff --git a/ruff.toml b/ruff.toml index c78256a9d2e..b333b907370 100644 --- a/ruff.toml +++ b/ruff.toml @@ -41,7 +41,7 @@ select = [ "UP", "YTT", "ASYNC", - "S2", "S5", "S7", "S101", "S104", "S105", "S106", "S108", "S311", "S112", "S113", + "S1", "S2", "S5", "S7", "S311", "FBT001", "FBT003", "A003", "A004", "A006", "COM", diff --git a/tests/Import_scanner_test.py b/tests/Import_scanner_test.py index 737b48bdcf0..ea255f7c426 100644 --- a/tests/Import_scanner_test.py +++ b/tests/Import_scanner_test.py @@ -172,11 +172,9 @@ def test_engagement_import_scan_result(self): index = list(found_matches.keys())[0] scan_map[test] = options_text[index] elif len(found_matches) > 1: - try: - index = list(found_matches.values()).index(temp_test) - scan_map[test] = options_text[list(found_matches.keys())[index]] - except: - pass + # TODO: This code might need better exception handling or data processing + index = list(found_matches.values()).index(temp_test) + scan_map[test] = options_text[list(found_matches.keys())[index]] failed_tests = [] for test in self.tests: diff --git a/tests/base_test_class.py b/tests/base_test_class.py index bf966bab17d..5ace2934b8c 100644 --- a/tests/base_test_class.py +++ b/tests/base_test_class.py @@ -237,13 +237,7 @@ def goto_all_findings_list(self, driver): return driver def wait_for_datatable_if_content(self, no_content_id, wrapper_id): - no_content = None - try: - no_content = self.driver.find_element(By.ID, no_content_id) - except: - pass - - if no_content is None: + if not self.is_element_by_id_present(no_content_id): # wait for product_wrapper div as datatables javascript modifies the DOM on page load. WebDriverWait(self.driver, 30).until( EC.presence_of_element_located((By.ID, wrapper_id)),