Ruff: Add and fix A002

[kiblik]

Add rule builtin-argument-shadowing (A002) and fix it.

[dryrunsecurity]

DryRun Security Summary

The code changes in Defect Dojo focus on enhancing application security and reliability by improving credential management, benchmark tracking, permission systems, note handling, and security tool integrations across multiple components.

Expand for full summary

Summary:

The provided code changes cover a wide range of updates across various components of the Defect Dojo application. The changes focus on improving the security and reliability of the application's functionality, including the management of credentials, benchmarks, permissions, notes, and the integration with various security tools such as Kubescape, HCL AppScan, and Microsoft Defender.

Key security-related improvements include:

1. Enhanced credential management, ensuring that credentials are not deleted if they are still in use by other components.
2. Improved benchmark requirement handling and ASVS score calculation to strengthen the application's compliance tracking capabilities.
3. Refined permission system, with the introduction of more granular permission classes and centralized permission checking logic.
4. Secure handling of notes, including proper authorization checks and note history tracking.
5. Robust parsing and processing of security findings from various tools, ensuring accurate representation of security risks.

Overall, the changes demonstrate a strong focus on application security and the implementation of secure coding practices throughout the Defect Dojo codebase.

Files Changed:

1. dojo/cred/views.py: Updates to the delete_cred_controller function to improve credential deletion handling and prevent the deletion of credentials that are still in use.
2. dojo/benchmark/views.py: Changes to the benchmark_view and delete functions to manage benchmark requirements, product summaries, and ASVS score calculations.
3. dojo/api_v2/views.py: Minor change to the UserProfileView class to accept an additional parameter.
4. dojo/api_v2/permissions.py: Significant changes to the permission system, including the introduction of new permission classes and centralized permission checking logic.
5. dojo/engagement/views.py: Update to the get_list_index function to safely retrieve elements from a list.
6. dojo/jira_link/helper.py: Minor change to the failure_to_add_message function.
7. dojo/notes/views.py: Updates to the delete_note, edit_note, and note_history functions to improve note management and access control.
8. dojo/reports/views.py: Minor change to the get_list_index function.
9. dojo/management/commands/test_celery_decorator.py: Changes to a test script related to Celery decorators and asynchronous tasks.
10. dojo/tools/ directory: Multiple changes to the parsers for various security tools, such as Deepfence ThreatMapper, HCL AppScan, Microsoft Defender, Kubescape, and more.
11. dojo/settings/settings.dist.py: Minor change to the saml2_attrib_map_format function.
12. dojo/utils.py: Significant changes to the async_delete functionality, improving the performance and scalability of object deletion.
13. ruff.toml: Updates to the Ruff linter configuration, including the addition of security-related rules.
14. tests/base_test_class.py: Changes to the is_element_by_id_present and change_system_setting methods in the BaseTestCase class.
15. tests/announcement_banner_test.py: Changes to the AnnouncementBannerTest class, including tests for HTML handling and announcement dismissal behavior.

Code Analysis

We ran 9 analyzers against 30 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Authn/Authz Analyzer	2 findings

View PR in the DryRun Dashboard.