Ruff: Add and fix FBT002 (+ merge all FBT rules)

dojo/api_v2/serializers.py

@@ -2316,7 +2316,7 @@ def process_auto_create_create_context(
             # Raise an explicit drf exception here
             raise ValidationError(str(e))
 
-    def save(self, push_to_jira=False):
+    def save(self, *, push_to_jira=False):
         # Go through the validate method
         data = self.validated_data
         # Extract the data from the form
@@ -2458,7 +2458,7 @@ def process_scan(
         except ValueError as ve:
             raise Exception(ve)
 
-    def save(self, push_to_jira=False):
+    def save(self, *, push_to_jira=False):
         # Go through the validate method
         data = self.validated_data
         # Extract the data from the form

dojo/components/sql_group_concat.py

@@ -6,7 +6,7 @@ class Sql_GroupConcat(Aggregate):
     allow_distinct = True
 
     def __init__(
-        self, expression, separator, distinct=False, ordering=None, **extra,
+        self, expression, separator, *, distinct=False, ordering=None, **extra,
     ):
         self.separator = separator
         super().__init__(

dojo/decorators.py

@@ -144,7 +144,7 @@ def get_parameter_froms_args_kwargs(args, kwargs, parameter):
     return model_or_id
 
 
-def dojo_ratelimit(key="ip", rate=None, method=UNSAFE, block=False):
+def dojo_ratelimit(key="ip", rate=None, method=UNSAFE, *, block=False):
     def decorator(fn):
         @wraps(fn)
         def _wrapped(request, *args, **kw):

dojo/endpoint/views.py

@@ -38,7 +38,7 @@
 logger = logging.getLogger(__name__)
 
 
-def process_endpoints_view(request, host_view=False, vulnerable=False):
+def process_endpoints_view(request, *, host_view=False, vulnerable=False):
 
     if vulnerable:
         endpoints = Endpoint.objects.filter(
@@ -119,7 +119,7 @@ def vulnerable_endpoint_hosts(request):
     return process_endpoints_view(request, host_view=True, vulnerable=True)
 
 
-def process_endpoint_view(request, eid, host_view=False):
+def process_endpoint_view(request, eid, *, host_view=False):
     endpoint = get_object_or_404(Endpoint, id=eid)
 
     if host_view:

dojo/engagement/views.py

@@ -1257,7 +1257,7 @@ def edit_risk_acceptance(request, eid, raid):
 
 
 # will only be called by view_risk_acceptance and edit_risk_acceptance
-def view_edit_risk_acceptance(request, eid, raid, edit_mode=False):
+def view_edit_risk_acceptance(request, eid, raid, *, edit_mode=False):
     risk_acceptance = get_object_or_404(Risk_Acceptance, pk=raid)
     eng = get_object_or_404(Engagement, pk=eid)
 

dojo/filters.py

@@ -334,7 +334,7 @@ def get_tags_label_from_model(model):
     return "Tags (Unknown)"
 
 
-def get_finding_filterset_fields(metrics=False, similar=False, filter_string_matching=False):
+def get_finding_filterset_fields(*, metrics=False, similar=False, filter_string_matching=False):
     fields = []
 
     if similar:

dojo/finding/helper.py

@@ -302,7 +302,7 @@ def group_findings_by(finds, finding_group_by_option):
     return affected_groups, grouped, skipped, groups_created
 
 
-def add_findings_to_auto_group(name, findings, group_by, create_finding_groups_for_all_findings=True, **kwargs):
+def add_findings_to_auto_group(name, findings, group_by, *, create_finding_groups_for_all_findings=True, **kwargs):
     if name is not None and findings is not None and len(findings) > 0:
         creator = get_current_user()
         if not creator:

dojo/finding/views.py

@@ -130,7 +130,7 @@
 logger = logging.getLogger(__name__)
 
 
-def prefetch_for_findings(findings, prefetch_type="all", exclude_untouched=True):
+def prefetch_for_findings(findings, prefetch_type="all", *, exclude_untouched=True):
     prefetched_findings = findings
     if isinstance(
         findings, QuerySet,
@@ -2245,7 +2245,7 @@ def export_templates_to_json(request):
     return HttpResponse(leads_as_json, content_type="json")
 
 
-def apply_cwe_mitigation(apply_to_findings, template, update=True):
+def apply_cwe_mitigation(apply_to_findings, template, *, update=True):
     count = 0
     if apply_to_findings and template.template_match and template.cwe is not None:
         # Update active, verified findings with the CWE template

dojo/forms.py

@@ -154,7 +154,7 @@ class MonthYearWidget(Widget):
     month_field = "%s_month"
     year_field = "%s_year"
 
-    def __init__(self, attrs=None, years=None, required=True):
+    def __init__(self, attrs=None, years=None, *, required=True):
         # years is an optional list/tuple of years to use in the
         # "year" select box.
         self.attrs = attrs or {}

dojo/jira_link/helper.py

@@ -178,7 +178,7 @@ def can_be_pushed_to_jira(obj, form=None):
 
 
 # use_inheritance=True means get jira_project config from product if engagement itself has none
-def get_jira_project(obj, use_inheritance=True):
+def get_jira_project(obj, *, use_inheritance=True):
     if not is_jira_enabled():
         return None
 
@@ -678,7 +678,7 @@ def push_to_jira(obj, *args, **kwargs):
     return None
 
 
-def add_issues_to_epic(jira, obj, epic_id, issue_keys, ignore_epics=True):
+def add_issues_to_epic(jira, obj, epic_id, issue_keys, *, ignore_epics=True):
     try:
         return jira.add_issues_to_epic(epic_id=epic_id, issue_keys=issue_keys, ignore_epics=ignore_epics)
     except JIRAError as e:
@@ -1078,7 +1078,7 @@ def issue_from_jira_is_active(issue_from_jira):
     return False
 
 
-def push_status_to_jira(obj, jira_instance, jira, issue, save=False):
+def push_status_to_jira(obj, jira_instance, jira, issue, *, save=False):
     status_list = obj.status()
     issue_closed = False
     # check RESOLVED_STATUS first to avoid corner cases with findings that are Inactive, but verified
@@ -1392,7 +1392,7 @@ def jira_get_issue(jira_project, issue_key):
 @app.task
 @dojo_model_from_id(model=Notes, parameter=1)
 @dojo_model_from_id
-def add_comment(obj, note, force_push=False, **kwargs):
+def add_comment(obj, note, *, force_push=False, **kwargs):
     if not is_jira_configured_and_enabled(obj):
         return False
 

dojo/models.py

@@ -135,7 +135,7 @@ class UniqueUploadNameProvider:
     the filename extension will be dropped.
     """
 
-    def __init__(self, directory=None, keep_basename=False, keep_ext=True):
+    def __init__(self, directory=None, *, keep_basename=False, keep_ext=True):
         self.directory = directory
         self.keep_basename = keep_basename
         self.keep_ext = keep_ext

dojo/product/views.py

@@ -1057,7 +1057,7 @@ def delete_product(request, pid):
 
 
 @user_is_authorized(Product, Permissions.Engagement_Add, "pid")
-def new_eng_for_app(request, pid, cicd=False):
+def new_eng_for_app(request, pid, *, cicd=False):
     jira_project_form = None
     jira_epic_form = None
 

dojo/remote_user.py

@@ -50,7 +50,7 @@ class PersistentRemoteUserMiddleware(RemoteUserMiddleware):
 
 
 class RemoteUserBackend(OriginalRemoteUserBackend):
-    def configure_user(self, request, user, created=True):
+    def configure_user(self, request, user, *, created=True):
         changed = False
 
         if settings.AUTH_REMOTEUSER_EMAIL_HEADER and \

dojo/reports/views.py

@@ -328,7 +328,7 @@ def product_endpoint_report(request, pid):
                    })
 
 
-def generate_report(request, obj, host_view=False):
+def generate_report(request, obj, *, host_view=False):
     user = Dojo_User.objects.get(id=request.user.id)
     product_type = None
     product = None

dojo/reports/widgets.py

@@ -363,7 +363,7 @@ def get_option_form(self):
         return mark_safe(html)
 
 
-def report_widget_factory(json_data=None, request=None, user=None, finding_notes=False, finding_images=False,
+def report_widget_factory(json_data=None, request=None, user=None, *, finding_notes=False, finding_images=False,
                           host=None):
     selected_widgets = OrderedDict()
     widgets = json.loads(json_data)

dojo/risk_acceptance/helper.py

@@ -296,7 +296,7 @@ def prefetch_for_expiration(risk_acceptances):
                                              )
 
 
-def simple_risk_accept(user: Dojo_User, finding: Finding, perform_save=True) -> None:
+def simple_risk_accept(user: Dojo_User, finding: Finding, *, perform_save=True) -> None:
     if not finding.test.engagement.product.enable_simple_risk_acceptance:
         raise PermissionDenied
 
@@ -319,7 +319,7 @@ def simple_risk_accept(user: Dojo_User, finding: Finding, perform_save=True) ->
         ))
 
 
-def risk_unaccept(user: Dojo_User, finding: Finding, perform_save=True) -> None:
+def risk_unaccept(user: Dojo_User, finding: Finding, *, perform_save=True) -> None:
     logger.debug("unaccepting finding %i:%s if it is currently risk accepted", finding.id, finding)
     if finding.risk_accepted:
         logger.debug("unaccepting finding %i:%s", finding.id, finding)

dojo/search/views.py

@@ -450,7 +450,7 @@ def vulnerability_id_fix(keyword):
     return keyword
 
 
-def apply_tag_filters(qs, operators, skip_relations=False):
+def apply_tag_filters(qs, operators, *, skip_relations=False):
     tag_filters = {"tag": ""}
 
     if qs.model == Finding:

dojo/survey/views.py

@@ -200,7 +200,7 @@ def view_questionnaire(request, eid, sid):
     })
 
 
-def get_answered_questions(survey=None, read_only=False):
+def get_answered_questions(survey=None, *, read_only=False):
     if survey is None:
         return None
 

dojo/templatetags/display_tags.py

@@ -828,7 +828,7 @@ def jiraencode_component(value):
 
 
 @register.filter
-def jira_project(obj, use_inheritance=True):
+def jira_project(obj, *, use_inheritance=True):
     return jira_helper.get_jira_project(obj, use_inheritance)
 
 
@@ -906,7 +906,7 @@ def class_name(value):
 
 
 @register.filter(needs_autoescape=True)
-def jira_project_tag(product_or_engagement, autoescape=True):
+def jira_project_tag(product_or_engagement, *, autoescape=True):
     if autoescape:
         esc = conditional_escape
     else:
@@ -961,7 +961,7 @@ def full_name(user):
 
 
 @register.filter(needs_autoescape=True)
-def import_settings_tag(test_import, autoescape=True):
+def import_settings_tag(test_import, *, autoescape=True):
     if not test_import or not test_import.import_settings:
         return ""
 
@@ -1003,7 +1003,7 @@ def esc(x):
 
 
 @register.filter(needs_autoescape=True)
-def import_history(finding, autoescape=True):
+def import_history(finding, *, autoescape=True):
     if not finding or not settings.TRACK_IMPORT_HISTORY:
         return ""
 

dojo/templatetags/event_tags.py

@@ -14,7 +14,7 @@ def _process_field_attributes(field, attr, process):
     # decorate field.as_widget method with updated attributes
     old_as_widget = field.as_widget
 
-    def as_widget(self, widget=None, attrs=None, only_initial=False):
+    def as_widget(self, widget=None, attrs=None, *, only_initial=False):
         attrs = attrs or {}
         process(widget or self.field.widget, attrs, attribute, value)
         return old_as_widget(widget, attrs, only_initial)

dojo/templatetags/navigation_tags.py

@@ -69,7 +69,7 @@ def dojo_sort(request, display="Name", value="title", default=None):
 
 
 class PaginationNav:
-    def __init__(self, page_number=None, display=None, is_current=False):
+    def __init__(self, page_number=None, display=None, *, is_current=False):
         self.page_number = page_number
         self.is_current = is_current
         self.display = display or page_number or ""

dojo/tools/blackduck_component_risk/parser.py

@@ -175,7 +175,7 @@ def license_description(self, component, source):
             desc += "**Scan:** Unable to find scan in source data."
         return desc
 
-    def license_mitigation(self, component, violation=True):
+    def license_mitigation(self, component, *, violation=True):
         """
         Uses Component name and Component version name to display the package.
         :param component: Dictionary containing all components.

dojo/tools/qualys_webapp/parser.py

@@ -186,7 +186,7 @@ def get_request_response(payloads):
 
 
 def get_unique_vulnerabilities(
-    vulnerabilities, test, is_info=False, is_app_report=False,
+    vulnerabilities, test, *, is_info=False, is_app_report=False,
 ):
     findings = {}
     # Iterate through all vulnerabilites to pull necessary info
@@ -253,7 +253,7 @@ def get_unique_vulnerabilities(
 # Traverse and retreive any information in the VULNERABILITY_LIST
 # section of the report. This includes all endpoints and request/response pairs
 def get_vulnerabilities(
-    vulnerabilities, test, is_info=False, is_app_report=False,
+    vulnerabilities, test, *, is_info=False, is_app_report=False,
 ):
     findings = {}
     # Iterate through all vulnerabilites to pull necessary info
@@ -301,7 +301,7 @@ def get_vulnerabilities(
 
 # Retrieve information from a single glossary entry such as description,
 # severity, title, impact, mitigation, and CWE
-def get_glossary_item(glossary, finding, is_info=False, enable_weakness=False):
+def get_glossary_item(glossary, finding, *, is_info=False, enable_weakness=False):
     title = glossary.findtext("TITLE")
     if title is not None:
         finding.title = str(title)
@@ -343,6 +343,7 @@ def get_unique_items(
     glossary,
     is_app_report,
     test,
+    *,
     enable_weakness=False,
 ):
     ig_qid_list = [int(ig.findtext("QID")) for ig in info_gathered]
@@ -383,6 +384,7 @@ def get_items(
     glossary,
     is_app_report,
     test,
+    *,
     enable_weakness=False,
 ):
     ig_qid_list = [int(ig.findtext("QID")) for ig in info_gathered]
@@ -416,7 +418,7 @@ def get_items(
     return findings
 
 
-def qualys_webapp_parser(qualys_xml_file, test, unique, enable_weakness=False):
+def qualys_webapp_parser(qualys_xml_file, test, unique, *, enable_weakness=False):
     if qualys_xml_file is None:
         return []
 

dojo/utils.py

@@ -712,6 +712,7 @@ def findings_this_period(findings, period_type, stuff, o_stuff, a_stuff):
 
 def add_breadcrumb(parent=None,
                    title=None,
+                   *,
                    top_level=True,
                    url=None,
                    request=None,
@@ -1361,7 +1362,7 @@ def get_page_items(request, items, page_size, prefix=""):
     return get_page_items_and_count(request, items, page_size, prefix=prefix, do_count=False)
 
 
-def get_page_items_and_count(request, items, page_size, prefix="", do_count=True):
+def get_page_items_and_count(request, items, page_size, prefix="", *, do_count=True):
     page_param = prefix + "page"
     page_size_param = prefix + "page_size"
 
@@ -1758,7 +1759,7 @@ def add_language(product, language, files=1, code=1):
 
 
 # Apply finding template data by matching CWE + Title or CWE
-def apply_cwe_to_template(finding, override=False):
+def apply_cwe_to_template(finding, *, override=False):
     if System_Settings.objects.get().enable_template_match or override:
         # Attempt to match on CWE and Title First
         template = Finding_Template.objects.filter(
@@ -1909,7 +1910,7 @@ def sla_compute_and_notify(*args, **kwargs):
     import dojo.jira_link.helper as jira_helper
 
     class NotificationEntry:
-        def __init__(self, finding=None, jira_issue=None, do_jira_sla_comment=False):
+        def __init__(self, finding=None, jira_issue=None, *, do_jira_sla_comment=False):
             self.finding = finding
             self.jira_issue = jira_issue
             self.do_jira_sla_comment = do_jira_sla_comment
@@ -2325,7 +2326,7 @@ def prod_name(obj):
 
 # Returns image locations by default (i.e. uploaded_files/09577eb1-6ccb-430b-bc82-0742d4c97a09.png)
 # if return_objects=True, return the FileUPload object instead of just the file location
-def get_file_images(obj, return_objects=False):
+def get_file_images(obj, *, return_objects=False):
     logger.debug("getting images for %s:%s", type(obj), obj)
     files = None
     if not obj: