Ruff: Add and fix Q000

[kiblik]

PEP8 was fixed last year but there was not linter checking new findings.
This should fix and help for the future.

https://docs.astral.sh/ruff/rules/#flake8-quotes-q

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
Sensitive Files Analyzer	❕	5 findings
AppSec Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	❕	47 findings

Note

🟡 Please give this pull request extra attention during review.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request cover a wide range of functionality related to the management of security findings, engagements, and other security-related data within the Defect Dojo application. The changes demonstrate a strong focus on improving the security and reliability of the application, with a particular emphasis on the following areas:

1. Authorization and Access Control: The code includes numerous updates to the authorization and access control mechanisms, ensuring that users can only access and perform actions on the resources they are explicitly permitted to. This includes granular checks based on user roles, group memberships, and global permissions.

2. Data Integrity and Consistency: The changes address various aspects of data management, such as handling duplicate findings, managing endpoint and vulnerability associations, and ensuring the proper updating of finding statuses. These improvements help maintain the overall integrity and consistency of the security data.

3. Integration with External Systems: The code includes updates to the integration with JIRA, allowing for the seamless tracking and management of security findings across different systems. This helps to improve the overall visibility and coordination of security efforts.

4. Logging and Auditing: The changes incorporate more robust logging and auditing functionality, which can be valuable for security incident investigation, compliance, and overall system monitoring.

5. Performance and Optimization: Several of the changes focus on improving the performance and efficiency of the application, particularly in areas related to database queries and data retrieval. This helps to ensure the scalability and responsiveness of the security management system.

Files Changed:

• dojo/__init__.py: Updates the version number, GitHub repository URL, and documentation URL.
• .github/workflows/release-1-create-pr.yml: Automates the process of creating a pull request to merge a new release branch into the master branch.
• dojo/admin.py: Updates the admin interface for the survey application.
• .github/workflows/release-3-master-into-dev.yml: Manages the process of merging the master branch into the dev and bugfix branches after a new release.
• dojo/api_v2/prefetch/schema.py: Improves the accuracy and consistency of the API documentation, particularly around the prefetch functionality.
• dojo/apps.py: Updates the configuration and setup of the Defect Dojo application.
• dojo/api_v2/views.py: Optimizes the rendering of the OpenAPI JSON response.
• dojo/api_v2/serializers.py: Enhances the validation and input handling of various data fields, including the "push to JIRA" functionality and SLA configuration.
• dojo/celery.py: Sets up the Celery application and configures the logging settings.
• dojo/components/views.py: Improves the functionality and performance of the components feature.
• dojo/cred/queries.py: Refactors the code to simplify and optimize the retrieval of authorized credential mappings.
• dojo/cred/urls.py: Updates the URL patterns for the credential-related functionality.
• dojo/decorators.py: Implements asynchronous task handling and rate limiting functionality.
• dojo/endpoint/queries.py: Enhances the authorization and access control mechanisms for endpoints.
• dojo/endpoint/urls.py: Updates the URL patterns for the endpoint-related functionality.
• dojo/endpoint/signals.py: Adds audit logging and notification functionality for endpoint deletions.
• dojo/endpoint/views.py: Improves the functionality and security of the endpoint management features.
• dojo/endpoint/utils.py: Refactors and enhances the endpoint data handling and migration functionality.
• dojo/engagement/queries.py: Optimizes the retrieval of authorized engagements based on user permissions.
• dojo/engagement/services.py: Handles the closing and reopening of engagements, including integration with JIRA.
• dojo/engagement/signals.py: Manages notifications for engagement-related events.
• dojo/engagement/urls.py: Updates the URL patterns for the engagement-related functionality.
• dojo/finding/queries.py: Improves the authorization and access control mechanisms for findings.
• dojo/engagement/views.py: Significantly expands the engagement management functionality, including the ability to import scan results, manage risk acceptance, and work with threat models.
• dojo/finding/urls.py: Defines the URL patterns for finding-related functionality, including

Powered by DryRun Security

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.