Ruff: Fix PTH118, merge PTH11

[kiblik]

Fix PTH118, merge PTH11* rules

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on improving the DefectDojo application's testing infrastructure by updating file path handling, enhancing test case coverage, and strengthening security-focused testing using the pathlib module and more comprehensive test scenarios.

Expand for full summary

Summary:

The code changes in this pull request cover various updates and improvements to the testing infrastructure of the DefectDojo application. The changes focus on enhancing the reliability, maintainability, and security of the application by improving the way file paths are handled, updating test cases to cover a wider range of scenarios, and ensuring comprehensive test coverage for critical components.

The key areas addressed in these changes include:

1. File Path Handling: The code has been updated to use the pathlib module for constructing file paths, which provides a more modern and cross-platform approach compared to the previous use of os.path.join().

2. Test Case Improvements: The test suites have been updated to cover a broader range of scenarios, including handling of various scan types, parsing of different file formats, and edge cases related to security findings.

3. Security-Focused Testing: The changes demonstrate a strong focus on testing security-critical components, such as the parsing of security scan results, the handling of sensitive data, and the enforcement of security controls (e.g., minimum severity filtering, verified status enforcement).

4. Maintainability and Portability: The use of helper functions like get_unit_tests_path() and get_unit_tests_scans_path() improves the maintainability and portability of the test suite, making it easier to manage and run the tests in different environments.

Overall, the changes in this pull request are focused on improving the quality, reliability, and security of the DefectDojo application by enhancing the testing infrastructure. This is a positive development, as thorough testing is a crucial aspect of secure software development.

Files Changed:

1. dojo/jira_link/helper.py: The changes replace os.path.join() with Path().joinpath() for constructing file paths, which is a more modern and Pythonic approach.
2. dojo/models.py: The changes remove an unused import os statement and update the __call__ method of the UniqueUploadNameProvider class to use the pathlib.Path module instead of os.path.join().
3. dojo/forms.py: The changes update the get_jira_issue_template_dir_choices() function to use the Path class from the pathlib module to construct the path for the template directory, making the code more readable and maintainable.
4. dojo/views.py: The changes focus on improving the file management functionality, including the deletion of files, the purging of orphan files, and the enforcement of user permissions.
5. dojo/settings/settings.dist.py: The changes update various security-related settings, authentication and authorization configurations, logging and monitoring settings, and other miscellaneous configurations.
6. dojo/tools/factory.py: The changes replace os.path.join() with a more concise (Path(package_dir) / module_name).is_dir() expression for constructing file paths.
7. ruff.toml: The changes remove several lint rules from the select list and add the PTH11 lint rule.
8. tests/file_test.py: The changes update the file path construction to use the Path class and highlight potential security concerns, such as lack of file upload validation and sensitive information exposure.
9. tests/finding_test.py: The changes update the file path construction to use the Path class and demonstrate a focus on testing the functionality related to managing findings.
10. tests/ibm_appscan_test.py: The changes update the file path construction to use the Path class and test the functionality of importing IBM AppScan DAST scan results.
11. unittests/test_endpoint_meta_import.py: The changes update the file path construction to use the get_unit_tests_path() function.
12. unittests/dojo_test_case.py: The changes remove the os module import and update the file path handling to use the Path object.
13. unittests/test_factory.py: The tests cover the functionality of the get_parser function, including handling of active/inactive parsers and ensuring consistency between parser class names and module names.
14. unittests/test_jira_config_engagement_epic.py: The changes update the VCR configuration to use the correct file path for the Jira-related VCR cassettes.
15. `un

Code Analysis

We ran 9 analyzers against 30 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.