Ruff: add and fix PIE

[kiblik]

New rule PIE

https://docs.astral.sh/ruff/rules/#flake8-pie-pie

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Authn/Authz Analyzer	❕	1 finding
Sensitive Files Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request cover a wide range of functionality within the DefectDojo application, with a focus on improving the security and reliability of the application. The changes span various modules, including Engagement, Importers, Endpoints, Notifications, and the core application models and views.

Key security-related improvements include:

1. Improved Error Handling and Logging: The changes remove pass statements from exception handling blocks, ensuring that errors and exceptions are properly logged and can be investigated.
2. Enhanced Deduplication and Endpoint Management: The code changes improve the deduplication functionality, ensuring that findings are correctly identified as duplicates, even across different scanners and engagements. The Endpoint management functionality has also been enhanced to handle invalid or conflicting data.
3. Secure Input Handling: The changes include input validation and sanitization improvements, such as in the JIRA integration and the Xanitizer parser, to mitigate potential security vulnerabilities like SQL injection and code injection.
4. Secure Authentication and Authorization: The changes in the Okta integration and the Notifications module focus on ensuring that only authorized users can access and receive sensitive information.
5. Comprehensive Test Coverage: The addition of new test suites, such as the close_old_findings_dedupe_test.py and dedupe_test.py files, demonstrates a commitment to thorough testing and validation of the application's security-critical functionality.

Overall, the code changes in this pull request appear to be focused on improving the security, reliability, and maintainability of the DefectDojo application, which is a crucial tool for managing application security within organizations.

Files Changed:

1. engagement/views.py: Optimized database queries and improved exception handling in the Engagement functionality.
2. importers/base_importer.py: Removed the pass statement from the get_findings method, improving the handling of security scan report imports.
3. endpoint/utils.py: Enhanced the Endpoint cleanup and deduplication functionality, improving data quality and security.
4. importers/options.py: Removed the pass statement from the load_additional_options method, allowing for future extensibility.
5. filters.py: Improved the filtering and search capabilities for various models, including Findings, Engagements, and Endpoints.
6. jira_link/helper.py: Removed the pass statement from the exception handling block, improving the logging and handling of JIRA integration issues.
7. okta.py: Addressed a potential security vulnerability related to the handling of JWKS keys in the Okta integration.
8. models.py: Removed the pass statement from the github_conf and github_conf_new methods, improving the exception handling in the GitHub integration.
9. notifications/helper.py: Improved the notification handling and authorization checks, ensuring that only authorized users receive notifications.
10. tools/*: Updates to various vulnerability scan report parsers, improving the accuracy and security of the imported findings.
11. utils.py: Improved the deduplication functionality, making it more configurable and robust.
12. ruff.toml: Added the "PIE" linting rule, which helps detect potential Python Insecure Execution vulnerabilities.
13. tests/*: Added new test suites to validate the deduplication and finding management functionality, ensuring the overall security and reliability of the application.

Powered by DryRun Security

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[mtesauro]

Approved