Ruff: Add and fix PTH112

[manuel-sommer]

add PTH112

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on improving the test suite and refactoring utility functions in the DefectDojo application, which requires careful consideration of security implications, such as input validation, least privilege, secure configuration, and proper logging and monitoring, to maintain the application's overall security posture.

Expand for full summary

Summary:

The code changes in this pull request primarily focus on improving the test suite and refactoring some utility functions in the DefectDojo application. While these changes do not directly introduce any obvious security vulnerabilities, it's important to consider the potential security implications of the underlying functionality and ensure that the application's overall security posture is maintained.

The key changes include:

1. Updating the way directory existence is checked in the test suites, moving from os.path.isdir() to the more robust Path().is_dir() approach.
2. Refactoring the dynamic parser loading and registration functionality in the dojo/tools/factory.py file, which requires careful consideration of input validation, least privilege, secure configuration, and proper logging and monitoring.
3. Handling the upload of threat files in the dojo/utils.py file, which should be reviewed for potential path traversal, file size limits, file type validation, and the need for encryption or hashing of sensitive data.

While these changes do not directly introduce security vulnerabilities, it's important for the application security engineer to review the overall security controls and best practices to ensure that the application remains secure. This includes regular security audits, vulnerability assessments, and keeping the application and its dependencies up-to-date with the latest security patches.

Files Changed:

1. tests/Import_scanner_test.py: The changes in this file are focused on improving the test suite and do not introduce any significant security concerns.
2. ruff.toml: The changes in this file update the configuration for the Ruff linter, which can help identify potential security vulnerabilities in the codebase.
3. dojo/tools/factory.py: The changes in this file refactor the dynamic parser loading and registration functionality, which requires careful consideration of input validation, least privilege, secure configuration, and proper logging and monitoring.
4. dojo/utils.py: The changes in this file handle the upload of threat files, which should be reviewed for potential path traversal, file size limits, file type validation, and the need for encryption or hashing of sensitive data.
5. unittests/test_parsers.py and unittests/test_factory.py: The changes in these files are focused on improving the unit tests and do not directly impact the application's security.

Code Analysis

We ran 9 analyzers against 6 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Configured Codepaths Analyzer	1 finding

Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

[mtesauro]

Approved