Ruff: Add and fix PLW0108

[kiblik]

Add PLW0108 rule and fix it.

[dryrunsecurity]

DryRun Security Summary

The pull request introduces improvements to the Dojo application's management commands, helper functions, and configuration files, focusing on data management efficiency, user authentication, and code quality while maintaining a generally secure approach to application development.

Expand for full summary

Summary:

The changes in this pull request cover various aspects of the Dojo application, including management commands, helper functions, and configuration files. While the changes do not introduce any obvious security vulnerabilities, there are a few areas that require careful consideration from an application security perspective.

The changes to the migrate_cve.py, helper.py, and dedupe.py management commands focus on improving the efficiency and consistency of data management operations, such as creating vulnerability IDs, handling duplicate findings, and computing hash codes. These changes are generally positive, as they help maintain the integrity of the application's security data.

The changes to the pipeline.py file address user authentication, authorization, and project management features. These changes include sanitizing user input, handling Azure AD group synchronization, and managing the automatic import of GitLab projects. It's important to ensure that these features are implemented securely and do not introduce any unintended access control or privilege escalation issues.

Finally, the changes to the ruff.toml configuration file for the Ruff linter indicate the team's commitment to code quality and security best practices. While these changes do not directly impact the application's security, they suggest that the team is proactively addressing potential security-related issues through code linting and style enforcement.

Files Changed:

1. dojo/management/commands/migrate_cve.py: The changes in this file simplify the create_vulnerability_id and create_vulnerability_id_template functions by removing lambda functions and passing the functions directly as arguments to the mass_model_updater function. This refactoring does not introduce any major security concerns.

2. dojo/finding/helper.py: The changes in this file focus on maintaining the integrity of the finding data during the deletion process. The reset_duplicates_before_delete and reconfigure_duplicate_cluster functions ensure that the relationships between original and duplicate findings are properly managed, preventing potential data inconsistencies or orphaned records.

3. dojo/management/commands/dedupe.py: The changes in this file update the hash code computation and deduplication logic, using the mass_model_updater function to efficiently process the findings. While there are no obvious security concerns, the application should have appropriate access controls and input validation to prevent unauthorized access or manipulation of the findings data.

4. dojo/pipeline.py: The changes in this file address user authentication, authorization, and project management features. Key security considerations include sanitizing user input, ensuring secure group membership synchronization, and carefully reviewing the logic for automatically importing GitLab projects to prevent potential access control issues.

5. ruff.toml: The changes in this file update the configuration for the Ruff linter, including the addition of new rules and the exclusion of certain rules. While these changes do not directly impact the application's security, they suggest the team's commitment to code quality and security best practices.

Code Analysis

We ran 9 analyzers against 5 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.