Ruff: Enable and fix RUF010

[kiblik]

Remove "RUF010" from ignored and fix it.
https://docs.astral.sh/ruff/rules/explicit-f-string-type-conversion/

I see no reason to use str(...) in combination with f"{...}.

Ruff recommended f{...!s} but I believe this is easier and sufficient.

[dryrunsecurity]

DryRun Security Summary

The pull request covers a wide range of functionality improvements in the DefectDojo application, including logging, error handling, parsing and importing of findings, and updates to deduplication and false positive history logic, with a focus on ensuring secure handling of user input, sensitive information, and ongoing monitoring and maintenance of the application's security.

Expand for full summary

Summary:

The code changes in this pull request cover a wide range of functionality within the DefectDojo application, including improvements to logging and error handling, enhancements to the parsing and importing of findings from various security tools, and updates to the deduplication and false positive history logic.

From an application security perspective, the changes generally do not introduce any significant security vulnerabilities. However, there are a few areas that warrant further review and consideration:

1. Handling of User Input: The code changes include several instances of parsing user-provided data, such as from file uploads or API requests. It's important to ensure that all user input is properly sanitized and validated to prevent potential security issues like injection attacks.

2. Deduplication and False Positive Logic: The changes related to deduplication and false positive history are crucial for maintaining the integrity of the vulnerability data. It's important to thoroughly test these features to ensure they are functioning as expected and do not introduce any unintended consequences.

3. Secure Handling of Sensitive Information: The code changes include handling of sensitive information, such as API keys and credentials. It's important to ensure that these are properly secured and that any logging or error reporting does not inadvertently expose sensitive data.

4. Ongoing Monitoring and Maintenance: As the application continues to evolve, it's essential to maintain a strong focus on security and regularly review the codebase for potential vulnerabilities or security issues, especially in areas that handle user input, external integrations, and security-critical functionality.

Files Changed:

• dojo/endpoint/utils.py: Minor changes to improve the formatting and readability of log messages.
• dojo/jira_link/views.py: Changes to enhance the security and robustness of the JIRA integration functionality.
• dojo/models.py: Cosmetic change to the string representation of the Endpoint_Status model.
• dojo/endpoint/views.py: Changes to improve error handling and logging, as well as potential security considerations around the endpoint metadata import functionality.
• dojo/tools/api_bugcrowd/importer.py: Minor change to the logging statement, reducing the potential for sensitive information disclosure.
• dojo/tools/api_bugcrowd/parser.py: Change to the error message formatting, also reducing the potential for sensitive information disclosure.
• dojo/reports/views.py: Changes to improve the formatting and readability of the generated reports.
• dojo/product/helpers.py: Minor change to the logging statement, without any significant security implications.
• dojo/tools/blackduck/parser.py: Refactoring of the format_description method, with no apparent security concerns.
• dojo/tools/sarif/parser.py: Minor optimization to the get_codeFlowsDescription() function, without any security implications.
• dojo/tools/blackduck_binary_analysis/parser.py: Changes focused on improving the formatting and presentation of the vulnerability information.
• dojo/tools/tenable/xml_format.py: Minor change to the plugin output formatting, without any security concerns.
• dojo/tools/veracode/json_parser.py: Changes to improve the handling of CVSS information and license data.
• dojo/tools/gosec/parser.py: Minor improvement to the formatting of the findingdetail string.
• dojo/user/views.py: Minor change to the logging of exception messages, without any security implications.
• tests/base_test_class.py: Changes related to the block_execution flag, which could have implications for the application's security features and performance.
• ruff.toml: Changes to the Ruff linter configuration, potentially indicating a focus on improving security-related aspects of the codebase.
• unittests/test_deduplication_logic.py: Changes to the deduplication logic tests, which are crucial for maintaining the integrity of the security data.
• unittests/test_rest_framework.py: Minor change to a file path used in a unit test, without any security implications.
• unittests/test_false_positive_history_logic.py: Changes related to the testing of the false positive history logic, which is an important security feature.

Code Analysis

We ran 9 analyzers against 21 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[mtesauro]

Approved