Ruff: Fix for version 0.7.4

[kiblik]

Fix #11266

[dryrunsecurity]

DryRun Security Summary

The pull request includes various updates and improvements across different components of the DefectDojo application, focusing on enhancing logging practices, improving JIRA integration functionality, handling NULL characters in the Endpoint model, and updating dependencies for the linting process, all of which contribute to the overall security and robustness of the application.

Expand for full summary

Summary:

The code changes in this pull request cover various updates and improvements across different components of the DefectDojo application. The changes focus on enhancing logging practices, improving JIRA integration functionality, handling NULL characters in the Endpoint model, and updating dependencies for the linting process.

From an application security perspective, the changes do not introduce any obvious security vulnerabilities. The logging updates, JIRA integration improvements, and NULL character handling are all positive security enhancements that help improve the overall security and robustness of the application.

However, it's important to consider the broader context of the application and ensure that proper security practices are followed throughout the codebase. This includes reviewing the handling of sensitive information, input validation, access control, and the overall security posture of the application's integration points, such as the JIRA and SonarQube integrations.

Files Changed:

1. dojo/management/commands/print_settings.py: The changes replace logging.info() with logger.info(), which is a minor improvement to the logging functionality.
2. dojo/notes/helper.py: The changes update the logging statement from logging.debug() to logger.debug(), which is a similar logging improvement.
3. dojo/models.py: The changes introduce handling for NULL characters in the Endpoint model, which is an important security enhancement to prevent potential issues related to NULL characters.
4. dojo/jira_link/views.py: The changes focus on improving the JIRA integration functionality, including webhook handling, JIRA issue updates, and JIRA comment processing. The changes include security-related aspects, such as webhook authentication and input validation.
5. dojo/notes/signals.py: The changes update the logging statement from logging.debug() to logger.debug(), which is a minor improvement to the logging consistency.
6. requirements-lint.txt: The changes update the version of the ruff dependency, which is a routine maintenance update and does not introduce any immediate security concerns.
7. dojo/tools/api_sonarqube/importer.py: The changes replace logging.info() with logger.info(), which is a minor logging improvement. The code also handles the integration with the SonarQube API, which is a common practice in application security management.

Code Analysis

We ran 9 analyzers against 7 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved