Ruff: add and fix some SIM rules

[kiblik]

There are many SIM rules, it was easier to exclude some specific

https://docs.astral.sh/ruff/rules/#flake8-simplify-sim

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
AppSec Analyzer	✅	0 findings
Authn/Authz Analyzer	❕	20 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request cover a wide range of functionality within the Defect Dojo application, with a focus on improving security, performance, and maintainability. The changes include updates to authorization and access control logic, JIRA integration, finding and endpoint management, and various other optimizations and bug fixes.

From an application security perspective, the changes generally seem to be positive, with the code introducing measures to enhance input validation, data handling, and access control. However, it's important to review the broader context and ensure that the application's overall security posture is maintained, as some of the changes may have indirect security implications.

Key areas that require close attention include the JIRA integration, handling of sensitive data, and the implementation of authorization and access control mechanisms. It's crucial to thoroughly review these aspects to identify and address any potential security vulnerabilities or concerns.

Files Changed:

1. dojo/authorization/authorization.py: The changes simplify the conditional checks and introduce caching to improve the performance of the user_has_permission() function, which is responsible for managing user permissions and access control.

2. dojo/api_v2/views.py: The changes update the FindingViewSet class to handle both PUT and PATCH HTTP methods for editing metadata, improving the API's functionality and usability.

3. dojo/api_v2/prefetch/schema.py: The changes focus on improving the handling of the prefetch parameter in the API requests, ensuring that the prefetched data is properly validated and access-controlled.

4. dojo/api_v2/serializers.py: The changes introduce various validation and sanitization measures in the serializers, enhancing the security and robustness of the API.

5. dojo/benchmark/views.py: The changes simplify the exception handling in the delete function, improving the code's maintainability without introducing any obvious security concerns.

6. dojo/cred/queries.py: The changes optimize the get_authorized_cred_mappings function, ensuring that the access control rules are properly enforced.

7. dojo/endpoint/queries.py: The changes simplify the code and remove unnecessary duplication, without introducing any obvious security vulnerabilities.

8. dojo/cred/views.py: The changes improve the exception handling in the delete_cred_controller function, enhancing the application's stability.

9. dojo/endpoint/utils.py: The changes focus on improving the reliability and maintainability of the endpoint management functionality, including the handling of invalid host formats and the validation of endpoints being added.

10. dojo/engagement/views.py: The changes simplify the code in the edit_engagement and ViewEngagement functions, without introducing any obvious security concerns.

Powered by DryRun Security

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.