Ruff: Add and autofix PLR1714 (#13004)

kiblik · mtesauro · web-flow · commit 9dcfc93386a7 · 2025-08-21T20:18:53.000-05:00
Co-authored-by: Matt Tesauro &lt;mtesauro@gmail.com&gt;
diff --git a/dojo/api_v2/permissions.py b/dojo/api_v2/permissions.py
@@ -48,7 +48,7 @@ def check_object_permission(
 ):
     if request.method == "GET":
         return user_has_permission(request.user, obj, get_permission)
-    if request.method == "PUT" or request.method == "PATCH":
+    if request.method in {"PUT", "PATCH"}:
         return user_has_permission(request.user, obj, put_permission)
     if request.method == "DELETE":
         return user_has_permission(request.user, obj, delete_permission)
diff --git a/dojo/cred/views.py b/dojo/cred/views.py
@@ -616,7 +616,7 @@ def delete_cred_controller(request, destination_url, elem_id, ttid):
                     cred_id=cred.cred_id).exclude(finding__isnull=True)
                 message = "Credential is associated with finding(s). Remove the finding(s) before this credential can be deleted."
                 delete_cred = True
-        elif destination_url == "view_test" or destination_url == "view_finding":
+        elif destination_url in {"view_test", "view_finding"}:
             delete_cred = True
 
         # Allow deletion if no credentials are associated
diff --git a/dojo/engagement/views.py b/dojo/engagement/views.py
@@ -280,7 +280,7 @@ def edit_engagement(request, eid):
             new_status = form.cleaned_data.get("status")
             engagement.product = form.cleaned_data.get("product")
             engagement = form.save(commit=False)
-            if (new_status == "Cancelled" or new_status == "Completed"):
+            if (new_status in {"Cancelled", "Completed"}):
                 engagement.active = False
             else:
                 engagement.active = True
diff --git a/dojo/finding/views.py b/dojo/finding/views.py
@@ -3327,10 +3327,7 @@ def calculate_possible_related_actions_for_similar_finding(
             },
         )
 
-        if (
-            similar_finding.duplicate_finding == finding
-            or similar_finding.duplicate_finding == finding.duplicate_finding
-        ):
+        if similar_finding.duplicate_finding in {finding, finding.duplicate_finding}:
             # duplicate inside the same cluster
             actions.append(
                 {
diff --git a/dojo/management/commands/migrate_surveys.py b/dojo/management/commands/migrate_surveys.py
@@ -54,7 +54,7 @@ def handle(self, *args, **options):
                 copy_string = "INSERT INTO `" + new_table_name + "` SELECT * FROM `" + table + "`;"
                 cursor.execute(str(copy_string))
                 # Update polymorphic id on some tables
-                if new_table_name == "dojo_question" or new_table_name == "dojo_answer":
+                if new_table_name in {"dojo_question", "dojo_answer"}:
                     update_string = "UPDATE `" + new_table_name + "` SET polymorphic_ctype_id = " + str(ctype_id) + ";"
                     cursor.execute(str(update_string))
                 # Drop the ddse table
diff --git a/dojo/product/views.py b/dojo/product/views.py
@@ -640,7 +640,7 @@ def view_product_metrics(request, pid):
                 open_close_weekly[unix_timestamp] = {"closed": 0, "open": 1, "accepted": 0}
                 open_close_weekly[unix_timestamp]["week"] = html_date
 
-            if view == "Finding" or view == "Endpoint":
+            if view in {"Finding", "Endpoint"}:
                 severity = finding.get("severity")
 
             finding_age = calculate_finding_age(finding)
diff --git a/dojo/templatetags/display_tags.py b/dojo/templatetags/display_tags.py
@@ -706,7 +706,7 @@ def get_severity_count(elem_id, table_type):
 
     if table_type == "test":
         display_counts.append("Total: " + str(total) + " Findings")
-    elif table_type == "engagement" or table_type == "product":
+    elif table_type in {"engagement", "product"}:
         display_counts.append("Total: " + str(total) + " Active Findings")
 
     return ", ".join([str(item) for item in display_counts])
diff --git a/dojo/tools/anchore_engine/parser.py b/dojo/tools/anchore_engine/parser.py
@@ -135,7 +135,7 @@ def get_findings_without_metadata(self, data, test):
             )
 
             sev = item["severity"]
-            if sev == "Negligible" or sev == "Unknown":
+            if sev in {"Negligible", "Unknown"}:
                 sev = "Info"
 
             mitigation = (
diff --git a/dojo/tools/anchore_grype/parser.py b/dojo/tools/anchore_grype/parser.py
@@ -206,7 +206,7 @@ def get_findings(self, file, test):
         return list(dupes.values())
 
     def _convert_severity(self, val):
-        if val == "Unknown" or val == "Negligible":
+        if val in {"Unknown", "Negligible"}:
             return "Info"
         return val.title()
 
diff --git a/dojo/tools/anchorectl_vulns/parser.py b/dojo/tools/anchorectl_vulns/parser.py
@@ -51,7 +51,7 @@ def get_findings(self, filename, test):
             )
 
             sev = item["severity"]
-            if sev == "Negligible" or sev == "Unknown":
+            if sev in {"Negligible", "Unknown"}:
                 sev = "Info"
 
             if item["fix"] != "None":
diff --git a/dojo/tools/api_bugcrowd/parser.py b/dojo/tools/api_bugcrowd/parser.py
@@ -225,8 +225,7 @@ def is_active(self, bugcrowd_state):
             self.is_mitigated(bugcrowd_state)
             or self.is_false_p(bugcrowd_state)
             or self.is_out_of_scope(bugcrowd_state)
-            or bugcrowd_state == "not_reproducible"
-            or bugcrowd_state == "informational"
+            or bugcrowd_state in {"not_reproducible", "informational"}
         )
 
     # From https://docs.bugcrowd.com/customers/submission-management/submission-status/
@@ -265,5 +264,5 @@ def is_not_applicable(self, bugcrowd_state):
 
     def is_verified(self, bugcrowd_state):
         return bugcrowd_state == "triaged" or (
-            bugcrowd_state != "new" and bugcrowd_state != "triaging"
+            bugcrowd_state not in {"new", "triaging"}
         )
diff --git a/dojo/tools/api_cobalt/parser.py b/dojo/tools/api_cobalt/parser.py
@@ -178,4 +178,4 @@ def is_risk_accepted(self, cobalt_state):
         return cobalt_state == "wont_fix"
 
     def is_verified(self, cobalt_state):
-        return cobalt_state != "new" and cobalt_state != "triaging"
+        return cobalt_state not in {"new", "triaging"}
diff --git a/dojo/tools/api_sonarqube/updater_from_source.py b/dojo/tools/api_sonarqube/updater_from_source.py
@@ -46,8 +46,7 @@ def update(self, finding):
             )
 
             if (
-                current_status != "OPEN"
-                and current_finding_status != current_status
+                current_status not in {"OPEN", current_finding_status}
             ):
                 logger.info(
                     f"Original SonarQube issue '{sonarqube_issue}' has changed. Updating DefectDojo finding '{finding}'...",
diff --git a/dojo/tools/aws_prowler/parser.py b/dojo/tools/aws_prowler/parser.py
@@ -65,7 +65,7 @@ def process_csv(self, file, test):
             # title = re.sub(r"\[.*\]\s", "", result_extended)
             control = re.sub(r"\[.*\]\s", "", title_text)
             sev = self.getCriticalityRating(result, level, severity)
-            active = not (result == "INFO" or result == "PASS")
+            active = result not in {"INFO", "PASS"}
 
             # creating description early will help with duplication control
             level = "" if not level else ", " + level
@@ -212,7 +212,7 @@ def formatview(self, depth):
 
     # Criticality rating
     def getCriticalityRating(self, result, level, severity):
-        if result == "INFO" or result == "PASS":
+        if result in {"INFO", "PASS"}:
             return "Info"
         if result == "FAIL":
             if severity:
diff --git a/dojo/tools/bugcrowd/parser.py b/dojo/tools/bugcrowd/parser.py
@@ -213,7 +213,7 @@ def split_description(self, description):
                     ret["impact"] = item
                 elif first == "Steps to reproduce":
                     ret["steps_to_reproduce"] = item
-                elif first == "How to fix" or first == "Fix":
+                elif first in {"How to fix", "Fix"}:
                     ret["mitigation"] = item
                 elif first == "PoC code":
                     ret["poc"] = item
diff --git a/dojo/tools/burp_suite_dast/parser.py b/dojo/tools/burp_suite_dast/parser.py
@@ -120,7 +120,7 @@ def _get_content(self, container: etree.Element):
                             value += stripped_text + "\n"
                     elif stripped_text.isspace():
                         value = list(elem.itertext())[0]
-                    elif elem.tag == "div" or elem.tag == "span":
+                    elif elem.tag in {"div", "span"}:
                         value = elem.text_content().strip().replace("\n", "") + "\n"
                     else:
                         continue
diff --git a/dojo/tools/checkmarx_osa/parser.py b/dojo/tools/checkmarx_osa/parser.py
@@ -82,9 +82,7 @@ def get_findings(self, filehandle, test):
                 else None,
                 active=status != "NOT_EXPLOITABLE",
                 false_p=status == "NOT_EXPLOITABLE",
-                verified=status != "TO_VERIFY"
-                and status != "NOT_EXPLOITABLE"
-                and status != "PROPOSED_NOT_EXPLOITABLE",
+                verified=status not in {"TO_VERIFY", "NOT_EXPLOITABLE", "PROPOSED_NOT_EXPLOITABLE"},
                 test=test,
             )
             if vulnerability_id != "NC":
diff --git a/dojo/tools/cyclonedx/helpers.py b/dojo/tools/cyclonedx/helpers.py
@@ -34,6 +34,6 @@ def fix_severity(self, severity):
         severity = severity.capitalize()
         if severity is None:
             severity = "Medium"
-        elif severity == "Unknown" or severity == "None":
+        elif severity in {"Unknown", "None"}:
             severity = "Info"
         return severity
diff --git a/dojo/tools/cyclonedx/json_parser.py b/dojo/tools/cyclonedx/json_parser.py
@@ -114,11 +114,7 @@ def _get_findings_json(self, file, test):
                 if analysis:
                     state = analysis.get("state")
                     if state:
-                        if (
-                            state == "resolved"
-                            or state == "resolved_with_pedigree"
-                            or state == "not_affected"
-                        ):
+                        if state in {"resolved", "resolved_with_pedigree", "not_affected"}:
                             finding.is_mitigated = True
                             finding.active = False
                         elif state == "false_positive":
diff --git a/dojo/tools/cyclonedx/xml_parser.py b/dojo/tools/cyclonedx/xml_parser.py
@@ -249,7 +249,7 @@ def _manage_vulnerability_xml(
                 "b:ratings/b:rating", namespaces=ns,
             ):
                 method = rating.findtext("b:method", namespaces=ns)
-                if method == "CVSSv3" or method == "CVSSv31":
+                if method in {"CVSSv3", "CVSSv31"}:
                     raw_vector = rating.findtext("b:vector", namespaces=ns)
                     severity = rating.findtext("b:severity", namespaces=ns)
                     cvssv3 = Cyclonedxhelper()._get_cvssv3(raw_vector)
@@ -275,11 +275,7 @@ def _manage_vulnerability_xml(
             if analysis and len(analysis) == 1:
                 state = analysis[0].findtext("b:state", namespaces=ns)
                 if state:
-                    if (
-                        state == "resolved"
-                        or state == "resolved_with_pedigree"
-                        or state == "not_affected"
-                    ):
+                    if state in {"resolved", "resolved_with_pedigree", "not_affected"}:
                         finding.is_mitigated = True
                         finding.active = False
                     elif state == "false_positive":
diff --git a/dojo/tools/deepfence_threatmapper/compliance.py b/dojo/tools/deepfence_threatmapper/compliance.py
@@ -42,7 +42,7 @@ def get_findings(self, row, headers, test):
         )
 
     def compliance_severity(self, severity_input):
-        if severity_input == "pass" or severity_input == "info":
+        if severity_input in {"pass", "info"}:
             output = "Info"
         elif severity_input == "warn":
             output = "Medium"
diff --git a/dojo/tools/gitlab_sast/parser.py b/dojo/tools/gitlab_sast/parser.py
@@ -114,7 +114,7 @@ def get_item(self, vuln, scanner):
             line = location["end_line"]
 
         severity = vuln.get("severity")
-        if severity is None or severity == "Undefined" or severity == "Unknown":
+        if severity is None or severity in {"Undefined", "Unknown"}:
             # Severity can be "Undefined" or "Unknown" in SAST report
             # In that case we set it as Info and specify the initial severity in the title
             title = f"[{severity} severity] {title}"
diff --git a/dojo/tools/kubehunter/parser.py b/dojo/tools/kubehunter/parser.py
@@ -53,7 +53,7 @@ def get_findings(self, file, test):
 
             # Finding evidence
             evidence = item.get("evidence")
-            if evidence and evidence != "" and evidence != "none":
+            if evidence and evidence not in {"", "none"}:
                 steps_to_reproduce = "**Evidence**: " + item.get("evidence")
             else:
                 steps_to_reproduce = None
diff --git a/dojo/tools/mayhem/parser.py b/dojo/tools/mayhem/parser.py
@@ -84,7 +84,7 @@ def get_finding_description(self, result, rule, location):
                 fullDescription = self._get_message_from_multiformatMessageString(
                     rule["fullDescription"], rule,
                 )
-                if (fullDescription != message) and (fullDescription != shortDescription):
+                if fullDescription not in {message, shortDescription}:
                     description += f"**{_('Rule full description')}:** {fullDescription}\n"
         if "markdown" in result["message"]:
             markdown = self._get_message_from_multiformatMessageString(
diff --git a/dojo/tools/qualys/parser.py b/dojo/tools/qualys/parser.py
@@ -241,7 +241,7 @@ def parse_finding(host, tree):
 
         # Vuln_status
         status = vuln_details.findtext("VULN_STATUS")
-        if status == "Active" or status == "Re-Opened" or status == "New":
+        if status in {"Active", "Re-Opened", "New"}:
             temp["active"] = True
             temp["mitigated"] = False
             temp["mitigation_date"] = None
diff --git a/dojo/tools/sarif/parser.py b/dojo/tools/sarif/parser.py
@@ -360,10 +360,7 @@ def get_finding_description(self, result, rule, location):
                 fullDescription = get_message_from_multiformatMessageString(
                     rule["fullDescription"], rule,
                 )
-                if (
-                    fullDescription != message
-                    and fullDescription != shortDescription
-                ):
+                if fullDescription not in {message, shortDescription}:
                     description += f"**{_('Rule full description')}:** {fullDescription}\n"
 
         if len(result.get("codeFlows", [])) > 0:
diff --git a/dojo/tools/sslyze/parser_xml.py b/dojo/tools/sslyze/parser_xml.py
@@ -112,10 +112,7 @@ def get_findings(self, file, test):
                 ):
                     weak_cipher[element.tag] = []
                     for ciphers in element:
-                        if (
-                            ciphers.tag == "preferredCipherSuite"
-                            or ciphers.tag == "acceptedCipherSuites"
-                        ):
+                        if ciphers.tag in {"preferredCipherSuite", "acceptedCipherSuites"}:
                             for cipher in ciphers:
                                 if cipher.attrib["name"] in WEAK_CIPHER_LIST:
                                     if cipher.attrib["name"] not in weak_cipher[element.tag]:
diff --git a/dojo/tools/testssl/parser.py b/dojo/tools/testssl/parser.py
@@ -46,7 +46,7 @@ def get_findings(self, filename, test):
                 continue
             # convert severity
             severity = row["severity"].lower().capitalize()
-            if severity == "Warn" or severity == "Fatal":
+            if severity in {"Warn", "Fatal"}:
                 severity = "Info"
             # detect CVEs
             cves = row["cve"].split(" ")
diff --git a/dojo/tools/trivy/parser.py b/dojo/tools/trivy/parser.py
@@ -275,7 +275,7 @@ def get_result_items(self, test, results, service_name=None, artifact_name=""):
                             severity = self.convert_cvss_score(None)
                     else:
                         severity = TRIVY_SEVERITIES[vuln["Severity"]]
-                    if target_class == "os-pkgs" or target_class == "lang-pkgs":
+                    if target_class in {"os-pkgs", "lang-pkgs"}:
                         file_path = vuln.get("PkgPath")
                         if file_path is None:
                             file_path = target_target
diff --git a/dojo/tools/trivy_operator/vulnerability_handler.py b/dojo/tools/trivy_operator/vulnerability_handler.py
@@ -51,7 +51,7 @@ def handle_vulns(self, labels, vulnerabilities, test):
             if vulnerability.get("target"):
                 target_target = vulnerability.get("target")
 
-            if target_class == "os-pkgs" or target_class == "lang-pkgs":
+            if target_class in {"os-pkgs", "lang-pkgs"}:
                 if package_path:
                     file_path = package_path
                 elif target_target:
diff --git a/dojo/tools/veracode_sca/parser.py b/dojo/tools/veracode_sca/parser.py
@@ -229,7 +229,7 @@ def fix_severity(self, severity):
         severity = severity.capitalize()
         if severity is None:
             severity = "Medium"
-        elif severity == "Unknown" or severity == "None":
+        elif severity in {"Unknown", "None"}:
             severity = "Info"
         return severity
 
diff --git a/ruff.toml b/ruff.toml
@@ -84,7 +84,7 @@ select = [
    "PGH",
    "PLC01", "PLC02", "PLC0414", "PLC18", "PLC24", "PLC28", "PLC3",
    "PLE",
-   "PLR01", "PLR02", "PLR04", "PLR0915", "PLR1711", "PLR1716", "PLR172", "PLR173", "PLR2044", "PLR5", "PLR6104", "PLR6201", #"PLR",
+   "PLR01", "PLR02", "PLR04", "PLR0915", "PLR1711", "PLR1714", "PLR1716", "PLR172", "PLR173", "PLR2044", "PLR5", "PLR6104", "PLR6201",
    "PLW01", "PLW02", "PLW04", "PLW0602", "PLW0604", "PLW07", "PLW1", "PLW2", "PLW3",
    "UP",
    "FURB",
diff --git a/unittests/test_parsers.py b/unittests/test_parsers.py
@@ -85,7 +85,7 @@ def test_file_existence(self):
                             f"Unittest of importer '{importer_test_file}' is missing or using different name",
                         )
             for file in os.scandir(Path(basedir) / "dojo" / "tools" / parser_dir.name):
-                if file.is_file() and file.name != "__pycache__" and file.name != "__init__.py":
+                if file.is_file() and file.name not in {"__pycache__", "__init__.py"}:
                     f_path = Path(basedir) / "dojo" / "tools" / parser_dir.name / file.name
                     read_true = False
                     with f_path.open(encoding="utf-8") as f:

Original file line number	Diff line number	Diff line change
`@@ -3327,10 +3327,7 @@ def calculate_possible_related_actions_for_similar_finding(`
`3327`	`3327`	`},`
`3328`	`3328`	`)`
`3329`	`3329`
`3330`		`- if (`
`3331`		`- similar_finding.duplicate_finding == finding`
`3332`		`- or similar_finding.duplicate_finding == finding.duplicate_finding`
`3333`		`- ):`
	`3330`	`+ if similar_finding.duplicate_finding in {finding, finding.duplicate_finding}:`
`3334`	`3331`	`# duplicate inside the same cluster`
`3335`	`3332`	`actions.append(`
`3336`	`3333`	`{`
Original file line number	Diff line number	Diff line change
`@@ -135,7 +135,7 @@ def get_findings_without_metadata(self, data, test):`
`135`	`135`	`)`
`136`	`136`
`137`	`137`	`sev = item["severity"]`
`138`		`- if sev == "Negligible" or sev == "Unknown":`
	`138`	`+ if sev in {"Negligible", "Unknown"}:`
`139`	`139`	`sev = "Info"`
`140`	`140`
`141`	`141`	`mitigation = (`
Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ def get_findings(self, filename, test):`
`51`	`51`	`)`
`52`	`52`
`53`	`53`	`sev = item["severity"]`
`54`		`- if sev == "Negligible" or sev == "Unknown":`
	`54`	`+ if sev in {"Negligible", "Unknown"}:`
`55`	`55`	`sev = "Info"`
`56`	`56`
`57`	`57`	`if item["fix"] != "None":`