Ruff: Add more PLW

[kiblik]

Add more PLW rules + Fix PLW2901: https://docs.astral.sh/ruff/rules/redefined-loop-name/

[dryrunsecurity]

DryRun Security Summary

The provided code changes cover a wide range of improvements and bug fixes across various components of the DefectDojo application, focusing on enhancing the security, reliability, and maintainability of the application's functionality, particularly in the areas of metadata management, finding import and processing, search functionality, and API response handling.

Expand for full summary

Summary:

The provided code changes cover a wide range of improvements and bug fixes across various components of the DefectDojo application. The changes focus on enhancing the security, reliability, and maintainability of the application's functionality, particularly in the areas of metadata management, finding import and processing, search functionality, and API response handling.

Key security-related changes include:

• Handling of sensitive data, such as passwords and API keys, to ensure they are not exposed in API responses
• Improvements to the deduplication and status management of security findings during the import process
• Enhancements to the search functionality, including better handling of tag filters
• Robustness improvements to the parsers for various security scanning tools, such as HCL AppScan and Qualys Web Application Scanning

Additionally, the changes include updates to the unit tests, which help ensure the overall integrity and security of the application's functionality. The introduction of the SchemaChecker class, in particular, is a valuable addition, as it helps validate the API responses against the expected schema, reducing the risk of data validation issues and potential security vulnerabilities.

Files Changed:

1. dojo/endpoint/views.py: The changes in this file focus on improving the metadata management functionality for endpoints, including sanitizing user input and handling updates and deletions of metadata.
2. dojo/importers/default_reimporter.py: The changes in this file enhance the security and reliability of the security finding import process, with improvements to the deduplication algorithm, severity handling, and status management of findings.
3. dojo/forms.py: The changes in this file improve the functionality of the JIRA issue template directory selection, ensuring that the correct directories are displayed to the user.
4. dojo/importers/default_importer.py: The changes in this file focus on improving the handling and processing of security findings during the import process, including sanitizing severities, managing mitigated findings, and overriding active and verified states.
5. dojo/product/views.py: The changes in this file enhance the metadata management functionality for products, ensuring that the original metadata values are preserved and leading/trailing whitespace is removed.
6. dojo/tools/hcl_appscan/parser.py: The changes in this file improve the robustness of the HCL AppScan parser, handling cases where the input data is incomplete or malformed.
7. dojo/search/views.py: The changes in this file improve the handling of tag filters in the search functionality, ensuring that the original filter is preserved and properly applied.
8. dojo/tools/intsights/parser.py: The changes in this file enhance the handling of duplicate alerts in the IntSights Threat Intelligence parser, improving the overall reliability of the security alert processing.
9. dojo/tools/jfrog_xray_on_demand_binary_scan/parser.py: The changes in this file ensure that the correct component name and version are extracted from the JFrog Xray vulnerability data, improving the accuracy of the generated findings.
10. dojo/tools/mobsf/parser.py: The changes in this file refine the URL extraction and formatting in the MobSF parser, ensuring that the test descriptions are correctly populated.
11. dojo/tools/qualys_webapp/parser.py: The changes in this file enhance the handling of findings in the Qualys Web Application Scanner parser, incorporating additional information from the Qualys glossary and "info gathered" sections.
12. unittests/test_apiv2_scan_import_options.py: The changes in this file improve the test coverage for the API v2 endpoint related to importing scan results, including handling the case of an empty ZAP scan.
13. ruff.toml: The changes in this file update the configuration for the Ruff linter, which can help identify and prevent certain types of security vulnerabilities.
14. unittests/test_rest_framework.py: The changes in this file enhance the security and reliability of the REST API tests, including the handling of sensitive data and the introduction of a schema validation mechanism.

Code Analysis

We ran 9 analyzers against 14 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[mtesauro]

Closing to reopen and hopefully get the ruff lint test unstuck.

[mtesauro]

Approved

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.