Ruff: Add and fix A001

[kiblik]

Add rule builtin-variable-shadowing (A001) and fix it.

[dryrunsecurity]

DryRun Security Summary

The code changes encompass multiple security-focused updates across the Dojo application platform, including improvements to data parsing from security tools, enhanced permission management, secure data handling, and configuration updates, while maintaining robust security measures and data integrity throughout the codebase.

Expand for full summary

Summary:

The code changes in this pull request cover a wide range of updates across multiple files in the Dojo application security platform. The changes focus on improving the parsing and processing of security-related data from various sources, such as Blackduck, Codechecker, Vulners, and Yarn Audit. The changes also include updates to the permission management system, the handling of delete previews, and the configuration of the Ruff linter.

From an application security perspective, the changes demonstrate a strong focus on maintaining the security and integrity of the Dojo platform. The code updates include measures to ensure proper input validation, secure data handling, and the implementation of robust permission controls. Additionally, the improvements to the parsing and processing of security findings from various tools will help enhance the overall security posture of the application.

However, it's important to review the changes in the context of the entire codebase and the application's security requirements to ensure that there are no unintended consequences or hidden security vulnerabilities. Aspects such as error handling, logging, and the handling of sensitive information should be carefully reviewed to maintain the application's security.

Files Changed:

1. dojo/decorators.py: The changes simplify the dojo_model_to_id decorator, which is responsible for converting Django model instances to their corresponding IDs. The changes do not introduce any obvious security concerns.
2. dojo/api_v2/permissions.py: The changes demonstrate a robust and security-focused approach to permissions management, with granular permissions, object-level checks, and validation logic to ensure that users can only perform actions they are authorized to perform.
3. dojo/api_v2/mixins.py: The changes in the DeletePreviewModelMixin class focus on providing a preview of the objects that will be deleted, with measures to hide sensitive data and paginate the response.
4. dojo/filters.py: The changes in the custom_filter() and custom_vulnerability_id_filter() functions do not introduce any obvious security concerns.
5. dojo/object/views.py: The changes improve the consistency and readability of the edit_object and delete_object functions, which handle the update and deletion of Objects_Product instances.
6. dojo/models.py: The changes in the DojoMeta model's clean() method ensure that each metadata entry is associated with only one object, which helps maintain data integrity.
7. dojo/notes/views.py: The changes in the delete_note, edit_note, and note_history functions focus on improving the handling of user permissions and note management.
8. dojo/jira_link/helper.py: The changes in the get_labels() function do not introduce any significant security concerns, but the overall JIRA integration should be reviewed for potential security implications.
9. dojo/tools/*/parser.py: The changes in the various tool parsers, such as Blackduck, Codechecker, Vulners, and Yarn Audit, demonstrate a focus on improving the parsing and processing of security-related data, with measures to ensure data integrity and security.
10. dojo/utils.py: The changes in the delete_chunk function are minor and do not introduce any security concerns.
11. ruff.toml: The changes in the Ruff linter configuration, including the addition of the A001 rule and the exclusion of certain security-related rules, should be reviewed to ensure that they do not compromise the overall security of the application.

Code Analysis

We ran 9 analyzers against 29 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Authn/Authz Analyzer	7 findings

View PR in the DryRun Dashboard.

[mtesauro]

Approved

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.