Ruff: Add and fix D2

[kiblik]

Add D2 and fix findings. https://docs.astral.sh/ruff/rules/#pydocstyle-d

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on improving various security-related features and functionality within the DefectDojo application, including enhancing scan report imports, strengthening JIRA integration, refining authorization and permission management, improving vulnerability tracking, optimizing performance and reliability, and addressing security-related aspects such as input validation, error handling, logging, and access control.

Expand for full summary

Summary:

The code changes in this pull request are focused on improving various security-related features and functionality within the DefectDojo application. The changes cover a wide range of areas, including:

1. Enhancing the handling of scan report imports, with improvements to input validation, deduplication, and finding management.
2. Strengthening the JIRA integration, ensuring that the status of findings is properly synchronized between DefectDojo and JIRA.
3. Refining the authorization and permission management system, including the migration of legacy authorization mechanisms.
4. Improving the tracking and management of vulnerabilities, such as the creation of vulnerability IDs for findings.
5. Optimizing the performance and reliability of the application, particularly in areas related to asynchronous processing and caching.
6. Addressing various security-related aspects, such as input validation, error handling, logging, and access control.

Overall, the changes in this pull request appear to be focused on improving the security posture of the DefectDojo application, while also enhancing its functionality and maintainability.

Files Changed:

1. dojo/admin.py: The changes in this file simplify the docstrings for various admin classes and remove unnecessary whitespace, improving the code's readability.
2. dojo/api_v2/prefetch/schema.py: The changes in this file handle the processing of prefetched data in the OpenAPI v3 documentation generation process.
3. dojo/api_v2/prefetch/utils.py: The changes in this file introduce utility functions to determine the prefetchable fields in a Django serializer.
4. dojo/api_v2/prefetch/prefetcher.py: The changes in this file improve the implementation of the _Prefetcher class, which manages the prefetching of data in the application.
5. dojo/authorization/authorization_decorators.py: The changes in this file enhance the authorization and permission management functionality, ensuring that users have the necessary permissions to perform actions.
6. dojo/authorization/roles_permissions.py: The changes in this file define the roles and permissions for the application, providing a comprehensive RBAC system.
7. dojo/api_v2/views.py: The changes in this file focus on improving the functionality related to the import of scan reports, endpoint management, engagement management, and system settings.
8. dojo/finding/helper.py: The changes in this file address a bug related to transitive duplicates in the finding deduplication process.
9. dojo/engagement/views.py: The changes in this file enhance the handling of the import of scan results, including validation, engagement creation, and finding import.
10. dojo/importers/auto_create_context.py: The changes in this file improve the validation and processing of various resources (Product Types, Products, Engagements, and Tests) during the import and reimport processes.
11. dojo/forms.py: The changes in this file are purely cosmetic, adding empty lines for better readability.
12. dojo/importers/default_reimporter.py: The changes in this file improve the handling of the reimport process, including deduplication, mitigation, and endpoint management.
13. dojo/importers/options.py: The changes in this file enhance the validation and type checking of the ImporterOptions class, ensuring data integrity.
14. dojo/importers/endpoint_manager.py: The changes in this file introduce asynchronous processing of endpoints and improve the management of endpoint statuses.
15. dojo/importers/default_importer.py: The changes in this file focus on improving the handling of dynamic test types and the parsing and saving of findings.
16. dojo/management/commands/import_github_languages.py: The changes in this file update the docstrings and improve the error handling of the import_github_languages management command.
17. dojo/jira_link/helper.py: The changes in this file ensure that the findings in DefectDojo are accurately reflected based on the resolution status in the linked JIRA issues.
18. dojo/management/commands/dedupe.py: The changes in this file enhance the deduplication functionality, including the ability to update hash codes and run deduplication.
19. dojo/jira_link/views.py: The changes in this file improve the handling of JIRA webhooks and the management of JIRA configurations.
20. `dojo

Code Analysis

We ran 9 analyzers against 30 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Authn/Authz Analyzer	9 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[mtesauro]

Approved

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.