Ruff: add and fix RET

[kiblik]

New Ruff rule: RET

https://docs.astral.sh/ruff/rules/#flake8-return-ret

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Authn/Authz Analyzer	❕	62 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request focus on improving various security-related aspects of the DefectDojo application, including authorization and access control, input validation, error handling, and integration with external systems like JIRA and GitHub.

The changes involve refactoring and simplifying existing functions, enhancing the handling of user permissions and roles, improving the management of findings and endpoints, and strengthening the integration with issue tracking systems. These improvements help to ensure that the application is more secure, reliable, and maintainable.

While the changes do not introduce any obvious security vulnerabilities, it is important to continue reviewing the entire codebase and considering the broader context of the application to identify and address any potential security issues. This includes ensuring that input validation is robust, that sensitive data is properly protected, and that the application's security posture is regularly assessed and improved.

Files Changed:

1. dojo/announcement/views.py: The changes focus on improving the user experience when dismissing an announcement, without introducing any apparent security concerns.
2. dojo/api_v2/mixins.py: The changes simplify the delete_preview method, which does not seem to have any significant security implications.
3. dojo/api_v2/permissions.py: The changes demonstrate a well-designed and comprehensive approach to implementing role-based access control, which is a crucial aspect of application security.
4. dojo/apps.py: The changes are focused on improving the code quality and maintainability of the filtering functionality, which is an important aspect to review for potential security issues.
5. dojo/api_v2/serializers.py: The changes include various validation checks, permissions management, and other security-related features that help to ensure the security and integrity of the API.
6. dojo/cred/queries.py: The changes simplify the get_authorized_cred_mappings function, which is responsible for retrieving authorized credential mappings based on user permissions and roles.
7. dojo/api_v2/views.py: The changes focus on improving the functionality and usability of the API, while also considering security-related aspects such as access control and data management.
8. dojo/cred/views.py: The changes are aimed at improving the deletion process of credentials, ensuring that credentials are only deleted when they are not associated with any products, engagements, tests, or findings.
9. dojo/authorization/authorization.py: The changes simplify the user_has_permission function, which is responsible for determining whether a user has the necessary permissions to perform a specific action on an object.
10. dojo/decorators.py: The changes simplify the logic in the dojo_async_task, dojo_model_to_id, and dojo_model_from_id decorators, without introducing any obvious security concerns.
11. dojo/endpoint/queries.py: The changes focus on improving the authorization logic for accessing authorized endpoints and endpoint statuses, which is a crucial aspect of application security.
12. dojo/endpoint/utils.py: The changes address several improvements and bug fixes related to the handling of Endpoint objects, including the cleanup and migration of invalid or conflicting endpoint data.
13. dojo/endpoint/views.py: The changes are focused on improving the functionality and user experience around endpoint management, without introducing any obvious security concerns.
14. dojo/engagement/queries.py: The changes simplify the get_authorized_engagements function, which is responsible for retrieving a list of authorized engagements based on the user's permissions.
15. dojo/finding/queries.py: The changes demonstrate a well-designed and secure approach to authorization management for findings, stub findings, and vulnerability IDs.
16. dojo/filters.py: The changes improve the code quality and maintainability of the filtering functionality, which is an important aspect to review for potential security issues.
17. dojo/engagement/views.py: The changes include the introduction of the ImportScanResultsView class, which is responsible for handling the import of scan results into the application. This is an area that requires careful review to ensure that it is properly secured.
18. dojo/finding_group/queries.py: The changes simplify the get_authorized_finding_groups function, which is responsible for retrieving a queryset of Finding_Group objects that the current user is authorized to access.
19. dojo/github_issue_link/views.py: The changes handle the creation of a new GitHub

Powered by DryRun Security

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[mtesauro]

@kiblik Starting to look good. Thanks for those other 2 PRs related to this one.

Once the Ruff stuff is fixed, I'm ready to approve and I suspect the other reviewers as well 👍

[mtesauro]

Approved

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[mtesauro]

Closing to reopen - GHA are being weird today.