Ruff: Add and autofix PERF401 (#12370)

Author: kiblik

dojo/api_v2/serializers.py

@@ -1125,20 +1125,16 @@ class EngagementToFilesSerializer(serializers.Serializer):
     def to_representation(self, data):
         engagement = data.get("engagement_id")
         files = data.get("files")
-        new_files = []
-        for file in files:
-            new_files.append(
-                {
-                    "id": file.id,
-                    "file": "{site_url}/{file_access_url}".format(
-                        site_url=settings.SITE_URL,
-                        file_access_url=file.get_accessible_url(
-                            engagement, engagement.id,
-                        ),
+        new_files = [{
+                "id": file.id,
+                "file": "{site_url}/{file_access_url}".format(
+                    site_url=settings.SITE_URL,
+                    file_access_url=file.get_accessible_url(
+                        engagement, engagement.id,
                     ),
-                    "title": file.title,
-                },
-            )
+                ),
+                "title": file.title,
+            } for file in files]
         return {"engagement_id": engagement.id, "files": new_files}
 
 
@@ -1497,15 +1493,11 @@ class TestToFilesSerializer(serializers.Serializer):
     def to_representation(self, data):
         test = data.get("test_id")
         files = data.get("files")
-        new_files = []
-        for file in files:
-            new_files.append(
-                {
-                    "id": file.id,
-                    "file": f"{settings.SITE_URL}/{file.get_accessible_url(test, test.id)}",
-                    "title": file.title,
-                },
-            )
+        new_files = [{
+                "id": file.id,
+                "file": f"{settings.SITE_URL}/{file.get_accessible_url(test, test.id)}",
+                "title": file.title,
+            } for file in files]
         return {"test_id": test.id, "files": new_files}
 
 
@@ -1787,10 +1779,7 @@ def update(self, instance, validated_data):
             vulnerability_id_set = validated_data.pop("vulnerability_id_set")
             vulnerability_ids = []
             if vulnerability_id_set:
-                for vulnerability_id in vulnerability_id_set:
-                    vulnerability_ids.append(
-                        vulnerability_id["vulnerability_id"],
-                    )
+                vulnerability_ids.extend(vulnerability_id["vulnerability_id"] for vulnerability_id in vulnerability_id_set)
             save_vulnerability_ids(instance, vulnerability_ids)
 
         instance = super(TaggitSerializer, self).update(
@@ -1921,8 +1910,7 @@ def create(self, validated_data):
         # Process the vulnerability IDs specially
         parsed_vulnerability_ids = []
         if (vulnerability_ids := validated_data.pop("vulnerability_id_set", None)):
-            for vulnerability_id in vulnerability_ids:
-                parsed_vulnerability_ids.append(vulnerability_id["vulnerability_id"])
+            parsed_vulnerability_ids.extend(vulnerability_id["vulnerability_id"] for vulnerability_id in vulnerability_ids)
             validated_data["cve"] = parsed_vulnerability_ids[0]
         # Create a findings in memory so that we have access to unsaved_vulnerability_ids
         new_finding = Finding(**validated_data)
@@ -2020,9 +2008,7 @@ def create(self, validated_data):
         )
 
         if vulnerability_id_set:
-            vulnerability_ids = []
-            for vulnerability_id in vulnerability_id_set:
-                vulnerability_ids.append(vulnerability_id["vulnerability_id"])
+            vulnerability_ids = [vulnerability_id["vulnerability_id"] for vulnerability_id in vulnerability_id_set]
             validated_data["cve"] = vulnerability_ids[0]
             save_vulnerability_ids_template(
                 new_finding_template, vulnerability_ids,
@@ -2040,10 +2026,7 @@ def update(self, instance, validated_data):
             )
             vulnerability_ids = []
             if vulnerability_id_set:
-                for vulnerability_id in vulnerability_id_set:
-                    vulnerability_ids.append(
-                        vulnerability_id["vulnerability_id"],
-                    )
+                vulnerability_ids.extend(vulnerability_id["vulnerability_id"] for vulnerability_id in vulnerability_id_set)
             save_vulnerability_ids_template(instance, vulnerability_ids)
 
         return super(TaggitSerializer, self).update(instance, validated_data)
@@ -2710,20 +2693,16 @@ class FindingToFilesSerializer(serializers.Serializer):
     def to_representation(self, data):
         finding = data.get("finding_id")
         files = data.get("files")
-        new_files = []
-        for file in files:
-            new_files.append(
-                {
-                    "id": file.id,
-                    "file": "{site_url}/{file_access_url}".format(
-                        site_url=settings.SITE_URL,
-                        file_access_url=file.get_accessible_url(
-                            finding, finding.id,
-                        ),
+        new_files = [{
+                "id": file.id,
+                "file": "{site_url}/{file_access_url}".format(
+                    site_url=settings.SITE_URL,
+                    file_access_url=file.get_accessible_url(
+                        finding, finding.id,
                     ),
-                    "title": file.title,
-                },
-            )
+                ),
+                "title": file.title,
+            } for file in files]
         return {"finding_id": finding.id, "files": new_files}
 
 

dojo/checks.py

@@ -5,14 +5,11 @@
 def check_configuration_deduplication(app_configs, **kwargs):
     errors = []
     for scanner in settings.HASHCODE_FIELDS_PER_SCANNER:
-        for field in settings.HASHCODE_FIELDS_PER_SCANNER.get(scanner):
-            if field not in settings.HASHCODE_ALLOWED_FIELDS:
-                errors.append(
-                    Error(
-                        f"Configuration error in HASHCODE_FIELDS_PER_SCANNER: Element {field} is not in the allowed list HASHCODE_ALLOWED_FIELDS for {scanner}.",
-                        hint=f'Check configuration ["HASHCODE_FIELDS_PER_SCANNER"]["{scanner}"] value',
-                        obj=settings.HASHCODE_FIELDS_PER_SCANNER[scanner],
-                        id="dojo.E001",
-                    ),
-                )
+        errors.extend(Error(
+                f"Configuration error in HASHCODE_FIELDS_PER_SCANNER: Element {field} is not in the allowed list HASHCODE_ALLOWED_FIELDS for {scanner}.",
+                hint=f'Check configuration ["HASHCODE_FIELDS_PER_SCANNER"]["{scanner}"] value',
+                obj=settings.HASHCODE_FIELDS_PER_SCANNER[scanner],
+                id="dojo.E001",
+            ) for field in settings.HASHCODE_FIELDS_PER_SCANNER.get(scanner)
+                if field not in settings.HASHCODE_ALLOWED_FIELDS)
     return errors

dojo/endpoint/utils.py

@@ -269,10 +269,7 @@ def validate_endpoints_to_add(endpoints_to_add):
                 endpoint_ins.fragment,
             ])
         except ValidationError as ves:
-            for ve in ves:
-                errors.append(
-                    ValidationError(f"Invalid endpoint {endpoint}: {ve}"),
-                )
+            errors.extend(ValidationError(f"Invalid endpoint {endpoint}: {ve}") for ve in ves)
     return endpoint_list, errors
 
 
@@ -316,7 +313,6 @@ def endpoint_meta_import(file, product, create_endpoints, create_tags, create_me
     keys = [key for key in reader.fieldnames if key != "hostname"]
 
     for row in reader:
-        meta = []
         endpoint = None
         host = row.get("hostname", None)
 
@@ -326,8 +322,7 @@ def endpoint_meta_import(file, product, create_endpoints, create_tags, create_me
         endpoints = Endpoint.objects.filter(host=host, product=product)
         if not endpoints.count() and create_endpoints:
             endpoints = [Endpoint.objects.create(host=host, product=product)]
-        for key in keys:
-            meta.append((key, row.get(key)))
+        meta = [(key, row.get(key)) for key in keys]
 
         for endpoint in endpoints:
             existing_tags = [tag.name for tag in endpoint.tags.all()]

dojo/engagement/views.py

@@ -1597,10 +1597,8 @@ def csv_export(request):
     first_row = True
     for engagement in engagements:
         if first_row:
-            fields = []
-            for key in dir(engagement):
-                if key not in get_excludes() and not callable(getattr(engagement, key)) and not key.startswith("_"):
-                    fields.append(key)
+            fields = [key for key in dir(engagement)
+                if key not in get_excludes() and not callable(getattr(engagement, key)) and not key.startswith("_")]
             fields.append("tests")
 
             writer.writerow(fields)

dojo/finding/helper.py

@@ -629,9 +629,7 @@ def removeLoop(finding_id, counter):
 
 def add_endpoints(new_finding, form):
     added_endpoints = save_endpoints_to_add(form.endpoints_to_add_list, new_finding.test.engagement.product)
-    endpoint_ids = []
-    for endpoint in added_endpoints:
-        endpoint_ids.append(endpoint.id)
+    endpoint_ids = [endpoint.id for endpoint in added_endpoints]
 
     new_finding.endpoints.set(form.cleaned_data["endpoints"] | Endpoint.objects.filter(id__in=endpoint_ids))
 

dojo/jira_link/helper.py

@@ -605,8 +605,7 @@ def get_tags(obj):
     if isinstance(obj, Finding | Engagement):
         obj_tags = obj.tags.all()
         if obj_tags:
-            for tag in obj_tags:
-                tags.append(str(tag.name.replace(" ", "-")))
+            tags.extend(str(tag.name.replace(" ", "-")) for tag in obj_tags)
     if isinstance(obj, Finding_Group):
         for finding in obj.findings.all():
             obj_tags = finding.tags.all()

dojo/metrics/views.py

@@ -287,10 +287,8 @@ def product_type_counts(request):
             oip = opened_in_period(start_date, end_date, test__engagement__product__prod_type=pt)
 
             # trending data - 12 months
-            for x in range(12, 0, -1):
-                opened_in_period_list.append(
-                    opened_in_period(start_date + relativedelta(months=-x), end_of_month + relativedelta(months=-x),
-                                     test__engagement__product__prod_type=pt))
+            opened_in_period_list.extend(opened_in_period(start_date + relativedelta(months=-x), end_of_month + relativedelta(months=-x),
+                                     test__engagement__product__prod_type=pt) for x in range(12, 0, -1))
 
             opened_in_period_list.append(oip)
 
@@ -486,10 +484,8 @@ def product_tag_counts(request):
                 test__engagement__product__in=prods)
 
             # trending data - 12 months
-            for x in range(12, 0, -1):
-                opened_in_period_list.append(
-                    opened_in_period(start_date + relativedelta(months=-x), end_of_month + relativedelta(months=-x),
-                                     test__engagement__product__tags__name=pt, test__engagement__product__in=prods))
+            opened_in_period_list.extend(opened_in_period(start_date + relativedelta(months=-x), end_of_month + relativedelta(months=-x),
+                                     test__engagement__product__tags__name=pt, test__engagement__product__in=prods) for x in range(12, 0, -1))
 
             opened_in_period_list.append(oip)
 
@@ -704,10 +700,8 @@ def view_engineer(request, eid):
                                  tzinfo=timezone.get_current_timezone())],
         owner=user)
                       for finding in ra.accepted_findings.all()]
-    closed_month = []
-    for f in closed_findings:
-        if f.mitigated and f.mitigated.year == now.year and f.mitigated.month == now.month:
-            closed_month.append(f)
+    closed_month = [f for f in closed_findings
+                        if f.mitigated and f.mitigated.year == now.year and f.mitigated.month == now.month]
 
     o_dict, open_count = count_findings(open_month)
     c_dict, closed_count = count_findings(closed_month)
@@ -721,7 +715,6 @@ def view_engineer(request, eid):
     day_list.append(now)
 
     q_objects = (Q(date=d) for d in day_list)
-    closed_week = []
     open_week = findings.filter(reduce(operator.or_, q_objects))
 
     accepted_week = [finding for ra in Risk_Acceptance.objects.filter(
@@ -730,9 +723,7 @@ def view_engineer(request, eid):
 
     q_objects = (Q(mitigated=d) for d in day_list)
     # closed_week= findings.filter(reduce(operator.or_, q_objects))
-    for f in closed_findings:
-        if f.mitigated and f.mitigated >= day_list[0]:
-            closed_week.append(f)
+    closed_week = [f for f in closed_findings if f.mitigated and f.mitigated >= day_list[0]]
 
     o_week_dict, open_week_count = count_findings(open_week)
     c_week_dict, closed_week_count = count_findings(closed_week)

dojo/models.py

@@ -1306,10 +1306,7 @@ def get_product_type(self):
     def open_findings_list(self):
         findings = Finding.objects.filter(test__engagement__product=self,
                                           active=True)
-        findings_list = []
-        for i in findings:
-            findings_list.append(i.id)
-        return findings_list
+        return [i.id for i in findings]
 
     @property
     def has_jira_configured(self):
@@ -3347,9 +3344,7 @@ def get_references_with_links(self):
     def vulnerability_ids(self):
         # Get vulnerability ids from database and convert to list of strings
         vulnerability_ids_model = self.vulnerability_id_set.all()
-        vulnerability_ids = []
-        for vulnerability_id in vulnerability_ids_model:
-            vulnerability_ids.append(vulnerability_id.vulnerability_id)
+        vulnerability_ids = [vulnerability_id.vulnerability_id for vulnerability_id in vulnerability_ids_model]
 
         # Synchronize the cve field with the unsaved_vulnerability_ids
         # We do this to be as flexible as possible to handle the fields until
@@ -3556,9 +3551,7 @@ def get_breadcrumbs(self):
     def vulnerability_ids(self):
         # Get vulnerability ids from database and convert to list of strings
         vulnerability_ids_model = self.vulnerability_id_template_set.all()
-        vulnerability_ids = []
-        for vulnerability_id in vulnerability_ids_model:
-            vulnerability_ids.append(vulnerability_id.vulnerability_id)
+        vulnerability_ids = [vulnerability_id.vulnerability_id for vulnerability_id in vulnerability_ids_model]
 
         # Synchronize the cve field with the unsaved_vulnerability_ids
         # We do this to be as flexible as possible to handle the fields until

dojo/search/views.py

@@ -439,11 +439,9 @@ def vulnerability_id_fix(keyword):
     # - https://github.com/DefectDojo/django-DefectDojo/issues/1092
     # - https://github.com/DefectDojo/django-DefectDojo/issues/2081
 
-    vulnerability_ids = []
     keyword_parts = keyword.split(",")
-    for keyword_part in keyword_parts:
-        if bool(vulnerability_id_pattern.match(keyword_part)):
-            vulnerability_ids.append("'" + keyword_part + "'")
+    vulnerability_ids = [f"'{keyword_part}'" for keyword_part in keyword_parts
+                            if bool(vulnerability_id_pattern.match(keyword_part))]
 
     if vulnerability_ids:
         return " ".join(vulnerability_ids)

dojo/tools/anchore_grype/parser.py

@@ -207,9 +207,8 @@ def get_vulnerability_ids(self, vuln_id, related_vulnerabilities):
         if vuln_id:
             vulnerability_ids.append(vuln_id)
         if related_vulnerabilities:
-            for related_vulnerability in related_vulnerabilities:
-                if related_vulnerability.get("id"):
-                    vulnerability_ids.append(related_vulnerability.get("id"))
+            vulnerability_ids.extend(related_vulnerability_id for related_vulnerability in related_vulnerabilities
+                if (related_vulnerability_id := related_vulnerability.get("id")))
         if vulnerability_ids:
             return vulnerability_ids
         return None