Ruff: Add and fix FBT002 (+ merge all FBT rules)

[kiblik]

Add rule https://docs.astral.sh/ruff/rules/boolean-default-value-positional-argument/ and fix it. + merge FBT rules.

[dryrunsecurity]

DryRun Security Summary

The pull request implements comprehensive improvements across DefectDojo, including enhanced notification management, strengthened security practices, better endpoint and finding management, improved reporting capabilities, and enhanced test suite functionality, along with various code optimizations and security-related enhancements across multiple application components.

Expand for full summary

Summary:

The code changes in this pull request cover a wide range of functionality improvements and security-related enhancements across the DefectDojo application. The changes focus on areas such as:

1. Improved Notification Management: The application now has dedicated notification managers for handling various types of notifications (email, Slack, Microsoft Teams, webhooks, alerts) in an asynchronous and more secure manner.

2. Enhanced Endpoint and Finding Management: The code changes include improvements to the handling of endpoints and findings, including better deduplication, risk acceptance, and integration with external systems like JIRA.

3. Strengthened Security Practices: The changes incorporate more secure coding practices, such as using keyword-only arguments, proper input validation and sanitization, and robust permission checks to prevent unauthorized access.

4. Reporting and Analysis Enhancements: The code includes improvements to the report generation functionality, including the ability to customize the inclusion of finding notes and images, as well as better integration with tools like Blackduck and Qualys.

5. Improved Test Suite and Debugging: The test suite has been enhanced with better exception handling and logging capabilities, which can aid in identifying and resolving issues during the development and testing process.

Files Changed:

1. dojo/components/sql_group_concat.py: Improvements to a custom Django Aggregate function, with a focus on secure SQL query handling.
2. dojo/decorators.py: Enhancements to the rate limiting functionality, including the ability to configure rate limiter settings and account lockout.
3. dojo/api_v2/serializers.py: Changes to the serializer classes, primarily focused on code structure and maintainability.
4. dojo/endpoint/views.py: Improvements to the endpoint management functionality, including better filtering, permissions, and bulk operations.
5. dojo/finding/helper.py: Minor changes to the finding management helper functions, with a focus on keyword-only arguments.
6. dojo/engagement/views.py: Updates to the engagement view functions, including the ability to view and edit risk acceptance.
7. dojo/filters.py: Enhancements to the filtering functionality, including support for negative tag searches.
8. dojo/finding/views.py: Improvements to the finding management views, including optimizations and new functionality for closing, promoting, and merging findings.
9. dojo/forms.py: Minor change to the MonthYearWidget class to use a keyword-only argument.
10. dojo/jira_link/helper.py: Changes to make several function parameters keyword-only arguments.
11. dojo/models.py: Improvements to the UniqueUploadNameProvider class for secure file naming.
12. dojo/middleware.py: Changes to the System_Settings_Manager class to allow bypassing the cache when loading system settings.
13. dojo/remote_user.py: Updates to the remote user authentication middleware, including improved trusted proxy validation and user configuration handling.
14. dojo/product/views.py: Addition of a new parameter to allow creating engagements with a "CI/CD" type.
15. dojo/reports/views.py: Changes to the report generation functionality, including the addition of a host_view parameter.
16. dojo/notifications/helper.py: Significant improvements to the notification management functionality, including the addition of new notification managers.
17. dojo/survey/views.py: Minor change to the get_answered_questions function to add a read_only parameter.
18. dojo/reports/widgets.py: Updates to the report widget factory to include finding notes and images.
19. dojo/search/views.py: Improvements to the search functionality, including support for negative tag searches.
20. dojo/risk_acceptance/helper.py: Enhancements to the risk acceptance management functionality, including better integration with JIRA.
21. dojo/templatetags/event_tags.py: Minor change to the as_widget method in the template tags.
22. dojo/templatetags/navigation_tags.py: Update to the PaginationNav class to use a keyword-only argument.
23. dojo/templatetags/display_tags.py: Improvements to the JIRA project and import settings display in the templates.
24. `dojo/tools/blackduck_component_risk/parser.py

Code Analysis

We ran 9 analyzers against 30 files and 2 analyzers had findings. 7 analyzers had no findings.

Analyzer	Findings
IDOR Analyzer	3 findings
Authn/Authz Analyzer	5 findings

Overall Riskiness

🟡 Please give this pull request extra attention during review.

View PR in the DryRun Dashboard.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[mtesauro]

Approved

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.