Ruff: Add and fix N999

[kiblik]

Add rule invalid-module-name (N999) and fix following violations:

dojo/settings/settings.dist.py:1:1: N999 Invalid module name: 'settings.dist'
tests/Import_scanner_test.py:1:1: N999 Invalid module name: 'Import_scanner_test'

This is a bit of radical change as it is renaming a globally used and known setting file. I will be happy for any feedback.

[dryrunsecurity]

DryRun Security Summary

The pull request implements comprehensive security improvements, configuration updates, and documentation changes, primarily focusing on updating file references from 'settings.dist.py' to 'settings_dist.py' while addressing various security vulnerabilities and enhancing secure coding practices across the DefectDojo application.

Expand for full summary

Summary:

The code changes in this pull request cover a wide range of updates, including documentation improvements, configuration changes, and security-related fixes. The key highlights from an application security perspective are:

1. Configuration File Updates: Several changes involve updating references to the main configuration file from settings.dist.py to settings_dist.py. This is a positive change as it helps maintain consistency and clarity in the project's configuration management.

2. Security Vulnerability Fixes: The pull request includes updates to address security vulnerabilities identified by various security scanners, such as Bandit, GitLab SAST, and Horusec. These include issues like hardcoded credentials, potential SQL injection, and XML parsing vulnerabilities. Addressing these vulnerabilities is crucial for improving the overall security of the application.

3. Documentation Improvements: Many of the changes involve updating the project's documentation, including instructions for upgrading, contributing, and running the application using Docker. These improvements help ensure that users and contributors have a clear understanding of the application's security-related configurations and best practices.

4. Secure Coding Practices: The changes demonstrate the project's commitment to secure coding practices, such as the use of the defusedxml library for XML parsing and the inclusion of security-related linting rules in the Ruff configuration.

Overall, this pull request appears to be a comprehensive effort to improve the security and maintainability of the DefectDojo application. The changes cover a wide range of areas, including configuration, documentation, and security vulnerability remediation, which is a positive sign for the project's security posture.

Files Changed:

• .github/labeler.yml: Minor update to the file path for the settings_dist.py file.
• .github/release-drafter.yml: Addition of a "Security" category to highlight security-related changes in release notes.
• .github/pull_request_template.md: Update to the label for "settings_changes" from "settings.dist.py" to "settings_dist.py".
• Dockerfile.django-alpine: Update to the environment variable reference from "settings.dist.py" to "settings_dist.py".
• docker/extra_settings/README.md: Update to the file name from "settings.dist.py" to "settings_dist.py".
• docker/entrypoint-unit-tests-devDocker.sh: Changes to the database and Celery broker configuration for the unit tests.
• Dockerfile.django-debian: Update to the environment variable reference from "settings.dist.py" to "settings_dist.py".
• docker/entrypoint-unit-tests.sh: Changes to the database and Celery broker configuration for the unit tests.
• docs/content/en/open_source/archived_docs/jira.md: Update to the configuration file reference from "settings.dist.py" to "settings_dist.py".
• docs/content/en/open_source/installation/configuration.md: Update to the configuration file reference from "settings.dist.py" to "settings_dist.py".
• docs/content/en/open_source/archived_docs/usage/features.md: Update to the configuration file reference from "settings.dist.py" to "settings_dist.py".
• docs/content/en/open_source/archived_docs/integrations/social-authentication.md: Update to the configuration file reference from "settings.dist.py" to "settings_dist.py".
• docs/content/en/open_source/contributing/how-to-write-a-parser.md: Update to the configuration file reference from "settings.dist.py" to "settings_dist.py".
• docs/content/en/open_source/upgrading/2.35.md: Update to the configuration file reference from "settings.dist.py" to "settings_dist.py".
• docs/content/en/open_source/upgrading/1.7.0.md: Update to the configuration file reference from "settings.dist.py" to "settings_dist.py".
• dojo/models.py: Updates to the deduplication functionality and the use of the settings_dist.py file.
• dojo/settings/settings.py: Update to the configuration file inclusion from "settings.dist.py" to "settings_dist.py".
• dojo/settings/template-local_settings: Update to the configuration file reference from "settings.dist.py" to "

Code Analysis

We ran 9 analyzers against 30 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

View PR in the DryRun Dashboard.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[Maffooch]

@kiblik this one feels a little too radical form my taste. I think we should ignore this rule for now, and revisit in the future, if applicable

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.