Ruff: Add and fix ISC003

dojo/forms.py

@@ -328,8 +328,10 @@ def __init__(self, *args, **kwargs):
         # if this product has findings being asynchronously updated, disable the sla config field
         if self.instance.async_updating:
             self.fields["sla_configuration"].disabled = True
-            self.fields["sla_configuration"].widget.attrs["message"] = "Finding SLA expiration dates are currently being recalculated. " + \
-                                                                       "This field cannot be changed until the calculation is complete."
+            self.fields["sla_configuration"].widget.attrs["message"] = (
+                "Finding SLA expiration dates are currently being recalculated. "
+                "This field cannot be changed until the calculation is complete."
+            )
 
     class Meta:
         model = Product
@@ -954,8 +956,10 @@ class Meta:
 class EngForm(forms.ModelForm):
     name = forms.CharField(
         max_length=300, required=False,
-        help_text="Add a descriptive name to identify this engagement. "
-                  + "Without a name the target start date will be set.")
+        help_text=(
+            "Add a descriptive name to identify this engagement. "
+            "Without a name the target start date will be set."
+        ))
     description = forms.CharField(widget=forms.Textarea(attrs={}),
                                   required=False, help_text="Description of the engagement and details regarding the engagement.")
     product = forms.ModelChoiceField(label="Product",
@@ -2640,8 +2644,10 @@ def __init__(self, *args, **kwargs):
 
         # if this sla config has findings being asynchronously updated, disable the days by severity fields
         if self.instance.async_updating:
-            msg = "Finding SLA expiration dates are currently being recalculated. " + \
-                  "This field cannot be changed until the calculation is complete."
+            msg = (
+                "Finding SLA expiration dates are currently being recalculated. "
+                "This field cannot be changed until the calculation is complete."
+            )
             self.fields["critical"].disabled = True
             self.fields["enforce_critical"].disabled = True
             self.fields["critical"].widget.attrs["message"] = msg

dojo/management/commands/jira_refactor_data_migration.py

@@ -10,8 +10,10 @@
 
 class Command(BaseCommand):
 
-    help = "Command to move data from some tables to other tables as part of https://github.com/DefectDojo/django-DefectDojo/pull/3200" + \
+    help = (
+        "Command to move data from some tables to other tables as part of https://github.com/DefectDojo/django-DefectDojo/pull/3200"
         "Should normally be handled by the migration in that PR, but if that causes errors, this command can help to get the data migrated anyway."
+    )
 
     def move_jira_creation_changed(self):
         logger.info("migrating finding.jira_creation and jira_change fields to JIRA_Issue model")

dojo/tools/gitleaks/parser.py

@@ -128,7 +128,7 @@ def get_finding_current(self, issue, test, dupes):
             if len(message.split("\n")) > 1:
                 description += (
                     "**Commit message:**"
-                    + "\n```\n"
+                    "\n```\n"
                     + message.replace("```", "\\`\\`\\`")
                     + "\n```\n"
                 )

dojo/tools/sslscan/parser.py

@@ -41,8 +41,8 @@ def get_findings(self, file, test):
                     title = "heartbleed" + " | " + target.attrib["sslversion"]
                     description = (
                         "**heartbleed** :"
-                        + "\n\n"
-                        + "**sslversion** : "
+                        "\n\n"
+                        "**sslversion** : "
                         + target.attrib["sslversion"]
                         + "\n"
                     )

dojo/tools/sslyze/parser_xml.py

@@ -77,8 +77,8 @@ def get_findings(self, file, test):
                             title = element.attrib["title"] + " | " + host
                             description = (
                                 "**heartbleed** : Vulnerable"
-                                + "\n\n"
-                                + "**title** : "
+                                "\n\n"
+                                "**title** : "
                                 + element.attrib["title"]
                             )
                 if element.tag == "openssl_ccs":
@@ -91,8 +91,8 @@ def get_findings(self, file, test):
                             title = element.attrib["title"] + " | " + host
                             description = (
                                 "**openssl_ccs** : Vulnerable"
-                                + "\n\n"
-                                + "**title** : "
+                                "\n\n"
+                                "**title** : "
                                 + element.attrib["title"]
                             )
                 if element.tag == "reneg":
@@ -102,9 +102,9 @@ def get_findings(self, file, test):
                             title = element.attrib["title"] + " | " + host
                             description = (
                                 "**Session Renegotiation** : Vulnerable"
-                                + "\n\n"
-                                + "**title** : "
-                                + element.attrib["title"]
+                                "\n\n"
+                                "**title** : "
+                                f"{element.attrib["title"]}"
                             )
                 if (
                     element.tag in PROTOCOLS

dojo/tools/trufflehog3/parser.py

@@ -125,7 +125,7 @@ def get_finding_current(self, json_data, test, dupes):
             if len(commit_message.split("\n")) > 1:
                 description += (
                     "**Commit message:** "
-                    + "\n```\n"
+                    "\n```\n"
                     + commit_message.replace("```", "\\`\\`\\`")
                     + "\n```\n"
                 )

dojo/user/validators.py

@@ -77,8 +77,10 @@ def validate(self, password, user=None):
         return
 
     def get_help_text(self):
-        return gettext("The password must contain at least 1 special character, "
-            + """()[]{}|`~!@#$%^&*_-+=;:'",<>./?.""")
+        return gettext(
+            "The password must contain at least 1 special character, "
+            """()[]{}|`~!@#$%^&*_-+=;:'",<>./?.""",
+        )
 
 
 class DojoCommonPasswordValidator(CommonPasswordValidator):

dojo/utils.py

@@ -101,8 +101,10 @@ def do_false_positive_history(finding, *args, **kwargs):
 
     existing_fp_findings = existing_findings.filter(false_p=True)
     deduplicationLogger.debug(
-        "FALSE_POSITIVE_HISTORY: Found %i existing findings in the same product "
-        + "that were previously marked as false positive",
+        (
+            "FALSE_POSITIVE_HISTORY: Found %i existing findings in the same product "
+            "that were previously marked as false positive"
+        ),
         len(existing_fp_findings),
     )
 

ruff.toml

@@ -52,7 +52,7 @@ select = [
    "EM",
    "EXE",
    "FA",
-   "ISC001",
+   "ISC001", "ISC003",
    "ICN",
    "LOG",
    "G001", "G002", "G01", "G1", "G2",

tests/close_old_findings_dedupe_test.py

@@ -80,8 +80,7 @@ def test_delete_findings(self):
         driver.find_element(By.CSS_SELECTOR, "i.fa-solid.fa-trash").click()
         try:
             WebDriverWait(driver, 1).until(EC.alert_is_present(),
-                                        "Timed out waiting for finding delete "
-                                        + "confirmation popup to appear.")
+                "Timed out waiting for finding delete confirmation popup to appear.")
             driver.switch_to.alert.accept()
         except TimeoutException:
             self.fail("Confirmation dialogue not shown, cannot delete previous findings")

tests/close_old_findings_test.py

@@ -40,8 +40,7 @@ def test_delete_findings(self):
         driver.find_element(By.CSS_SELECTOR, "i.fa-solid.fa-trash").click()
         try:
             WebDriverWait(driver, 1).until(EC.alert_is_present(),
-                                        "Timed out waiting for finding delete "
-                                        + "confirmation popup to appear.")
+                "Timed out waiting for finding delete confirmation popup to appear.")
             driver.switch_to.alert.accept()
         except TimeoutException:
             self.fail("Confirmation dialogue not shown, cannot delete previous findings")

tests/dedupe_test.py

@@ -78,8 +78,7 @@ def test_delete_findings(self):
         driver.find_element(By.CSS_SELECTOR, "i.fa-solid.fa-trash").click()
         try:
             WebDriverWait(driver, 1).until(EC.alert_is_present(),
-                                        "Timed out waiting for finding delete "
-                                        + "confirmation popup to appear.")
+                "Timed out waiting for finding delete confirmation popup to appear.")
             driver.switch_to.alert.accept()
         except TimeoutException:
             self.fail("Confirmation dialogue not shown, cannot delete previous findings")

unittests/tools/test_jfrog_xray_api_summary_artifact_parser.py

@@ -43,9 +43,9 @@ def test_parse_file_with_one_vuln(self):
         result = hashlib.sha256()
         unique_id = (
             "eaab06c0a28618bfb65481bf31bce7d6dd3a15dac528297690111c202a1cd468"
-            + "3.12:openssl"
-            + "1.1.1k-r0"
-            + "XRAY-124116"
+            "3.12:openssl"
+            "1.1.1k-r0"
+            "XRAY-124116"
         )
         result.update(unique_id.encode())
         self.assertEqual(result.hexdigest(), item.unique_id_from_tool)

unittests/tools/test_meterian_parser.py

@@ -42,12 +42,19 @@ def test_meterianParser_finding_has_fields(self):
             self.assertEqual("date-and-time:0.6.3", finding.title)
             self.assertEqual("2021-06-02", finding.date)
             self.assertEqual("High", finding.severity)
-            self.assertEqual("Issue severity of: **High** from a base "
-                + "CVSS score of: **7.5**", finding.severity_justification)
-            self.assertEqual("date-and-time is an npm package for manipulating "
-                + "date and time. In date-and-time before version 0.14.2, there a regular "
-                + "expression involved in parsing which can be exploited to to cause a denial "
-                + "of service. This is fixed in version 0.14.2.", finding.description)
+            self.assertEqual(
+                "Issue severity of: **High** from a base CVSS score of: **7.5**",
+                finding.severity_justification,
+            )
+            self.assertEqual(
+                (
+                    "date-and-time is an npm package for manipulating "
+                    "date and time. In date-and-time before version 0.14.2, there a regular "
+                    "expression involved in parsing which can be exploited to to cause a denial "
+                    "of service. This is fixed in version 0.14.2."
+                ),
+                finding.description,
+            )
             self.assertEqual("7be36211-b569-30c0-8851-26b4bb8740ca", finding.unique_id_from_tool)
             self.assertEqual(1, len(finding.unsaved_vulnerability_ids))
             self.assertEqual("CVE-2020-26289", finding.unsaved_vulnerability_ids[0])
@@ -69,8 +76,13 @@ def test_meterianParser_finding_has_no_remediation(self):
 
             finding = findings[0]
             self.assertTrue(finding.mitigation.startswith("We were not able to provide a safe version for this library."), finding.mitigation)
-            self.assertIn("You should consider replacing this component as it could be an "
-                + "issue for the safety of your application.", finding.mitigation)
+            self.assertIn(
+                (
+                    "You should consider replacing this component as it could be an "
+                    "issue for the safety of your application."
+                ),
+                finding.mitigation,
+            )
 
     def test_meterianParser_dual_language_report_has_two_findins(self):
         with open(get_unit_tests_scans_path("meterian") / "report_multi_language.json", encoding="utf-8") as testfile:

unittests/tools/test_snyk_parser.py

@@ -70,18 +70,22 @@ def test_snykParser_finding_has_fields(self):
         self.assertEqual(611, finding.cwe)
         self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", finding.cvssv3)
         self.assertEqual(
-            "## Remediation\nUpgrade `org.apache.santuario:xmlsec` to version 2.1.4 or higher.\n\n"
-            + "Upgrade Location: pom.xml\n"
-            + "Upgrade from org.apache.santuario:xmlsec@2.1.1 to org.apache.santuario:xmlsec@2.1.4 to fix this issue, as well as updating the following:\n - org.apache.santuario:xmlsec@2.1.1",
+            (
+                "## Remediation\nUpgrade `org.apache.santuario:xmlsec` to version 2.1.4 or higher.\n\n"
+                "Upgrade Location: pom.xml\n"
+                "Upgrade from org.apache.santuario:xmlsec@2.1.1 to org.apache.santuario:xmlsec@2.1.4 to fix this issue, as well as updating the following:\n - org.apache.santuario:xmlsec@2.1.1"
+            ),
             finding.mitigation,
         )
         self.assertEqual(
-            "**SNYK ID**: https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHESANTUARIO-460281\n\n**GitHub "
-            + "Commit**: https://github.com/apache/santuario-java/commit/52ae824cf5f5c873a0e37bb33fedcc3b387"
-            + "cdba6\n**GitHub Commit**: https://github.com/apache/santuario-java/commit/c5210f77a77105fba81"
-            + "311d16c07ceacc21f39d5\n**Possible Jira Issue**: https://issues.apache.org/jira/browse/SANTUARIO-"
-            + "504?jql=project%20%3D%20SANTUARIO\n**Security Release**: http://santuario.apache.org/secadv.data/"
-            + "CVE-2019-12400.asc?version=1&modificationDate=1566573083000&api=v2\n",
+            (
+                "**SNYK ID**: https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHESANTUARIO-460281\n\n**GitHub "
+                "Commit**: https://github.com/apache/santuario-java/commit/52ae824cf5f5c873a0e37bb33fedcc3b387"
+                "cdba6\n**GitHub Commit**: https://github.com/apache/santuario-java/commit/c5210f77a77105fba81"
+                "311d16c07ceacc21f39d5\n**Possible Jira Issue**: https://issues.apache.org/jira/browse/SANTUARIO-"
+                "504?jql=project%20%3D%20SANTUARIO\n**Security Release**: http://santuario.apache.org/secadv.data/"
+                "CVE-2019-12400.asc?version=1&modificationDate=1566573083000&api=v2\n"
+            ),
             finding.references,
         )
         self.assertEqual(

unittests/tools/test_stackhawk_parser.py

@@ -147,9 +147,11 @@ def test_that_a_scan_import_updates_the_test_description(self):
             parser.get_findings(testfile, test)
             self.assertEqual(
                 test.description,
-                "View scan details here: "
-                + "[https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27]"
-                + "(https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27)",
+                (
+                    "View scan details here: "
+                    "[https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27]"
+                    "(https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27)"
+                ),
             )
 
     def test_that_a_scan_with_all_false_positive_endpoints_on_a_finding_marks_as_false_positive(self):