Ruff: Enable and fix RUF027

[kiblik]

Remove "RUF027" from ignored and fix it.
https://docs.astral.sh/ruff/rules/missing-f-string-syntax/

[dryrunsecurity]

DryRun Security Summary

The provided code changes focus on improving code quality, maintainability, and security, including updates to the Ruff linter configuration and changes to the "Finding Bulk Update" feature in the dojo/finding/views.py file, which handles the bulk update and deletion of findings with various security measures.

Expand for full summary

Summary:

The provided code changes are primarily focused on improving code quality, maintainability, and compatibility with the latest Python version. The changes to the ruff.toml configuration file suggest that the team is actively addressing security concerns in their codebase by enabling various security-related linting rules.

The changes to the dojo/finding/views.py file are related to the "Finding Bulk Update" feature, which allows users to update and delete multiple findings at once. This functionality includes important security measures, such as authorization checks, JIRA integration, false positive history handling, and deduplication logic. While these features are crucial for maintaining the application's security posture, it's important to ensure that the bulk update and deletion functionality is properly controlled and monitored to prevent any potential misuse or security incidents.

Files Changed:

1. ruff.toml:

   • Removed the RUF027 rule from the ignore list, indicating a decision to start enforcing this specific rule.
   • Set the target-version to "py311", ensuring compatibility with Python 3.11.
   • Configured the line-length to 120 characters, matching the Black code formatter's default.
   • The Ruff linter includes several security-related rules, suggesting a focus on addressing security concerns in the codebase.

2. dojo/finding/views.py:

   • Handles the bulk update and deletion of findings based on user permissions and selections.
   • Allows users to update various attributes of the selected findings, such as severity, status, date, planned remediation date, and planned remediation version.
   • Provides the ability to create, add, or remove findings from finding groups, as well as push the findings to JIRA.
   • Ensures that the user is authorized to perform the requested actions and handles any errors or skipped updates.
   • Includes logic to handle false positive history and JIRA integration, including pushing updates to JIRA and adding comments.
   • Includes a function to calculate the possible related actions for similar or duplicate findings.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved