Ruff: Add and fix PLR6104

[kiblik]

Add and fix non-augmented-assignment (PLR6104)

[dryrunsecurity]

DryRun Security Summary

The pull request implements various code optimizations and improvements across multiple files in the Defect Dojo application security tool, focusing on enhancing efficiency, readability, and maintainability without introducing security vulnerabilities.

Expand for full summary

Summary:

The code changes in this pull request cover a wide range of files and functionality within the Defect Dojo application security tool. The changes are primarily focused on improving the efficiency, readability, and maintainability of the codebase, without introducing any significant security concerns.

The changes include optimizations to string concatenation, simplification of variable assignments, and improvements to the handling of duplicate findings and vulnerability details. These changes are aimed at enhancing the overall performance and usability of the tool, which is an important aspect of maintaining a robust and effective application security program.

While the changes do not directly address any security vulnerabilities, the attention to code quality and best practices is a positive sign. Maintaining a well-structured and well-documented codebase is crucial for ensuring the long-term security and reliability of the application security tool.

Files Changed:

1. dojo/benchmark/views.py: The changes simplify the calculation of the ASVS level 1 benchmark, improving the code's readability without introducing any security concerns.
2. dojo/metrics/utils.py: The changes optimize the handling of the start_date calculation, using the augmented assignment operator (+=) instead of the addition operator (+).
3. dojo/filters.py: The changes focus on improving the handling of tag options for form fields, without introducing any security vulnerabilities.
4. dojo/survey/views.py: The changes optimize the update of the num_responses field for surveys, reducing the number of database queries required.
5. dojo/settings/settings.dist.py: The changes simplify the addition of the WhiteNoise middleware to the MIDDLEWARE list, improving the readability of the code.
6. dojo/finding/views.py: The changes cover a wide range of functionality related to the management of findings, including integration with external systems like JIRA and GitHub.
7. dojo/templatetags/announcement_banner_tags.py: The changes expand the allowed attributes for the <a> tag in the announcement banner, which should be reviewed to ensure that the changes do not introduce any security vulnerabilities.
8. dojo/tools/api_bugcrowd/api_client.py: The changes simplify the concatenation of the submissions list, without introducing any security concerns.
9. dojo/tools/arachni/parser.py: The changes optimize the handling of duplicate findings, reducing the amount of code required.
10. dojo/models.py: The changes improve the efficiency of the calc_health() method and make the compute_hash_code() method more configurable, which can have a positive impact on the deduplication functionality.
11. dojo/templatetags/get_banner.py: The changes expand the allowed attributes for the <a> tag in the announcement banner, similar to the changes in the announcement_banner_tags.py file.
12. dojo/tools/burp/parser.py: The changes simplify the handling of duplicate findings in the Burp parser, without introducing any security vulnerabilities.
13. dojo/tools/burp_graphql/parser.py: The changes ensure that the "Evidence" field in the findings is properly appended, preserving the relevant information.
14. dojo/tools/cyclonedx/json_parser.py: The changes simplify the mitigation message assignment, without introducing any security concerns.
15. dojo/tools/checkmarx/parser.py: The changes optimize the handling of duplicate findings in the Checkmarx parser, improving the presentation of the aggregated findings.
16. dojo/tools/cyclonedx/xml_parser.py: The changes remove the additional text that was being appended to the mitigation field, without introducing any security issues.
17. dojo/tools/hcl_asoc_sast/parser.py: The changes improve the formatting of the recommendations in the parser, without affecting the security-related functionality.
18. dojo/tools/dependency_track/parser.py: The changes refactor the code to use more concise string concatenation operations, without introducing any security concerns.
19. dojo/tools/dependency_check/parser.py: The changes improve the handling of suppressed vulnerabilities, ensuring that the suppression is properly documented.
20. dojo/tools/jfrog_xray_on_demand_binary_scan/parser.py: The code appears to be a well-designed parser for the

Code Analysis

We ran 9 analyzers against 30 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.