Ruff: Add and fix TRY300

[kiblik]

Add rule TRY300 and fix it. The original recommendation is to put it to else but in my opinion, in all these cases, it might go outside of the try part at all.

There were also 2 ruff-autofixes in dojo/jira_link/helper.py (because of "RET505: Unnecessary else after return statement")

[dryrunsecurity]

DryRun Security Summary

The pull request implements comprehensive security improvements and optimizations across DefectDojo's codebase, including enhanced JIRA integration, better exception handling, content sanitization, and new security monitoring features, while maintaining code stability and reliability.

Expand for full summary

Summary:

The code changes in this pull request cover a wide range of updates and improvements across various components of the DefectDojo application. The changes focus on enhancing the security integration, improving the handling of exceptions and error conditions, optimizing performance, and refining the overall functionality of the application.

Some of the key security-related changes include:

1. Improvements to the JIRA integration, such as better error handling, asynchronous processing, and synchronization of finding statuses.
2. Enhancements to the handling of user-provided content, including the sanitization of banner messages to prevent potential XSS vulnerabilities.
3. Optimizations to the exception handling and return value logic in various parser and utility functions, which can help improve the overall reliability and robustness of the application.
4. Introduction of new features, such as SLA breach notifications and burndown charts, which can provide valuable security-related insights and monitoring capabilities.

Overall, the changes in this pull request demonstrate a focus on improving the security, stability, and functionality of the DefectDojo application. While there are no obvious security vulnerabilities introduced, it is important to thoroughly review the changes and their potential impact on the application's security posture.

Files Changed:

1. dojo/authorization/roles_permissions.py: The changes simplify the implementation of the has_value method in the Roles and Permissions classes, without introducing any significant security concerns.
2. dojo/context_processors.py: The changes improve the exception handling and performance of the bind_announcement() function, which is a positive security-related enhancement.
3. dojo/api_v2/views.py: The changes in the update_jira_epic method enhance the error handling and response handling, improving the overall security and reliability of the Jira integration.
4. dojo/jira_link/helper.py: The extensive changes in this file focus on improving the JIRA integration, including better connection handling, issue management, epic management, attachment handling, and asynchronous processing.
5. dojo/templatetags/get_banner.py: The changes demonstrate a good practice of sanitizing user-provided content before rendering it, which helps to prevent potential XSS vulnerabilities.
6. dojo/tools/anchore_enterprise/parser.py, dojo/tools/anchorectl_policies/parser.py, dojo/tools/kubescape/parser.py, dojo/tools/ptart/ptart_parser_tools.py, and dojo/tools/api_sonarqube/importer.py: These changes focus on improving the handling of various security tool integrations, enhancing the overall security capabilities of the DefectDojo application.
7. dojo/models.py and dojo/utils.py: The changes in these files address minor improvements to the codebase, such as more accurate handling of GitHub issue associations and optimizations to various utility functions.
8. ruff.toml: The addition of the "TRY300" rule suggests a focus on improving exception handling in the codebase, which can contribute to overall application security.
9. tests/base_test_class.py: The changes to the is_element_by_id_present() method should be reviewed carefully to ensure that they do not introduce any unintended consequences or break existing tests.

Code Analysis

We ran 9 analyzers against 14 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[mtesauro]

Approved

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.