bump ruff to 0.8.1

[manuel-sommer]

Fix for #11349

[dryrunsecurity]

DryRun Security Summary

The pull request introduces updates to various files in the DefectDojo application, focusing on dependency updates, authentication integrations, and test suite improvements, with potential security considerations around dynamic imports, input validation, and parsing external data.

Expand for full summary

Summary:

The code changes in this pull request cover a variety of updates across different files in the DefectDojo application. From an application security perspective, the changes do not appear to introduce any immediate security vulnerabilities, but there are a few areas that warrant further review and consideration:

1. Dependency Updates: The update to the ruff library in the requirements-lint.txt file is a routine maintenance task that should be thoroughly tested to ensure it does not introduce any unintended issues or regressions.

2. Dynamic Imports and Directory Traversal: The changes in the dojo/tools/factory.py file involve dynamic imports and iterating through directories, which could potentially lead to security issues if the input is not properly validated and sanitized.

3. Identity Provider Integration: The changes in the dojo/pipeline.py file related to Azure AD and Google OAuth2 integration should be reviewed to ensure that the user creation and group management processes are secure and do not introduce any vulnerabilities.

4. Input Validation and Parsing: The changes in the dojo/tools/crashtest_security/parser.py file involve parsing external data, which requires thorough input validation and error handling to prevent potential security issues.

5. Test Suite Reliability: The changes in the tests/Import_scanner_test.py and unittests/test_factory.py files are focused on improving the reliability and portability of the test suite, which indirectly contributes to the overall security of the application.

Files Changed:

1. requirements-lint.txt: The changes update the ruff library from version 0.8.0 to 0.8.1, which is a routine maintenance task.

2. dojo/tools/factory.py: The changes involve dynamic imports and iterating through directories, which should be reviewed for potential security issues.

3. dojo/pipeline.py: The changes are related to the integration of Azure AD and Google OAuth2 authentication, which should be reviewed to ensure the security of the user creation and group management processes.

4. dojo/tools/crashtest_security/parser.py: The changes update the regular expression for vulnerability ID extraction and handle parsing of external data, which requires thorough input validation and error handling.

5. tests/Import_scanner_test.py: The changes improve the reliability and portability of the test suite, which indirectly contributes to the overall security of the application.

6. unittests/test_factory.py: The changes update the way the package directory is accessed and module names are retrieved, which also improves the reliability and portability of the test suite.

Code Analysis

We ran 9 analyzers against 6 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Configured Codepaths Analyzer	1 finding

Overall Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[manuel-sommer]

Sorry for the delay, this should be fine now @mtesauro and @Maffooch

[mtesauro]

Approved