Ruff: add and fix Q (except Q000)

[kiblik]

Fix easier part of Q rules

https://docs.astral.sh/ruff/rules/#flake8-quotes-q

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Sensitive Files Analyzer	❕	1 finding
SQL Injection Analyzer	✅	0 findings
Authn/Authz Analyzer	❕	9 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request address various updates and improvements to the Defect Dojo application, with a focus on enhancing the security and reliability of the application. The changes span multiple files and components, including updates to the permissions system, filtering capabilities, JIRA integration, and the handling of findings and survey responses.

The changes demonstrate a strong emphasis on security best practices, such as implementing comprehensive permissions checks, validating user input, and improving the handling of sensitive data. Additionally, the changes include performance optimizations, error handling improvements, and updates to the documentation and test suite, all of which contribute to the overall security and maintainability of the application.

Files Changed:

1. dojo/api_v2/permissions.py: The changes introduce a robust permissions system that covers a wide range of actions and objects, ensuring that users can only perform authorized actions. The implementation of object-level permissions, auto-create permissions, and superuser permissions are positive security enhancements.

2. dojo/filters.py: The changes expand the filtering capabilities of the application, allowing security teams to more effectively search and analyze findings based on various attributes, such as EPSS score, vulnerability ID, and risk acceptance status. These improvements can help improve the overall security posture of the application.

3. dojo/importers/base_importer.py: The changes in the sanitize_severity function ensure that the severity of findings is properly validated and sanitized before being processed, which is an important security practice.

4. dojo/models.py: The changes include updates to the password complexity requirements, JIRA custom field mapping, and the handling of engagement auto-close and finding SLA's, all of which have security implications that should be carefully reviewed.

5. dojo/user/validators.py: The changes to the password validation rules, including the addition of a special character requirement, are positive security enhancements that help improve the overall security of user accounts.

6. unittests/test_finding_model.py: The changes in this file focus on improving the handling of user-provided input and the generation of HTML links, which helps prevent potential security vulnerabilities, such as cross-site scripting (XSS) attacks.

Overall, the code changes in this pull request demonstrate a strong focus on application security and the implementation of best practices to enhance the security and reliability of the Defect Dojo application.

Powered by DryRun Security

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[mtesauro]

Approved

[mtesauro]

@kiblik We're ready to merge this once the merge conflict is sorted out. 👍

[mtesauro]

Going to go ahead and merge this since it's a MySQL test that is failing.