Ruff: Add S324 rule (#12169)

manuel-sommer · Maffooch · web-flow · commit ceee38acf6a4 · 2025-04-10T15:40:56.000-06:00
* fix

* fix

* Update ruff.toml

---------

Co-authored-by: Cody Maffucci &lt;46459665+Maffooch@users.noreply.github.com&gt;
diff --git a/dojo/tools/blackduck/parser.py b/dojo/tools/blackduck/parser.py
@@ -46,7 +46,7 @@ def ingest_findings(self, normalized_findings, test):
             references = self.format_reference(i)
 
             dupe_key = hashlib.md5(
-                f"{title} | {i.vuln_source}".encode(),
+                f"{title} | {i.vuln_source}".encode(), usedforsecurity=False,
             ).hexdigest()
 
             if dupe_key in dupes:
diff --git a/dojo/tools/bugcrowd/parser.py b/dojo/tools/bugcrowd/parser.py
@@ -139,7 +139,7 @@ def get_findings(self, filename, test):
                     finding.description = ""
 
                 key = hashlib.md5(
-                    (finding.title + "|" + finding.description).encode("utf-8"),
+                    (finding.title + "|" + finding.description).encode("utf-8"), usedforsecurity=False,
                 ).hexdigest()
 
                 if key not in dupes:
diff --git a/dojo/tools/bundler_audit/parser.py b/dojo/tools/bundler_audit/parser.py
@@ -71,7 +71,7 @@ def get_findings(self, filename, test):
             fingerprint = (
                 "bundler-audit" + gem_name + gem_version + advisory_id + sev
             )
-            dupe_key = hashlib.md5(fingerprint.encode("utf-8")).hexdigest()
+            dupe_key = hashlib.md5(fingerprint.encode("utf-8"), usedforsecurity=False).hexdigest()
             if dupe_key in dupes:
                 find = dupes[dupe_key]
             else:
diff --git a/dojo/tools/cobalt/parser.py b/dojo/tools/cobalt/parser.py
@@ -76,7 +76,7 @@ def get_findings(self, filename, test):
                     finding.description = ""
 
                 key = hashlib.md5(
-                    (finding.title + "|" + finding.description).encode("utf-8"),
+                    (finding.title + "|" + finding.description).encode("utf-8"), usedforsecurity=False,
                 ).hexdigest()
 
                 if key not in dupes:
diff --git a/dojo/tools/ggshield/parser.py b/dojo/tools/ggshield/parser.py
@@ -107,7 +107,7 @@ def get_items(self, item, findings, dupes, test):
                 + findings["match"]
                 + str(findings["line_start"])
                 + str(findings["line_end"])
-            ).encode("utf-8"),
+            ).encode("utf-8"), usedforsecurity=False,
         ).hexdigest()
 
         if key not in dupes:
diff --git a/dojo/tools/gitleaks/parser.py b/dojo/tools/gitleaks/parser.py
@@ -186,7 +186,7 @@ def get_finding_current(self, issue, test, dupes):
         severity = "High"
 
         dupe_key = hashlib.md5(
-            (title + secret + str(line)).encode("utf-8"),
+            (title + secret + str(line)).encode("utf-8"), usedforsecurity=False,
         ).hexdigest()
 
         if dupe_key in dupes:
diff --git a/dojo/tools/h1/parser.py b/dojo/tools/h1/parser.py
@@ -67,7 +67,7 @@ def get_vulnerability_disclosure_json_findings(self, tree, test):
                 cwe = 0
 
             dupe_key = hashlib.md5(
-                str(references + title).encode("utf-8"),
+                str(references + title).encode("utf-8"), usedforsecurity=False,
             ).hexdigest()
             if dupe_key in dupes:
                 finding = dupes[dupe_key]
diff --git a/dojo/tools/huskyci/parser.py b/dojo/tools/huskyci/parser.py
@@ -53,7 +53,7 @@ def get_items(self, tree, test):
                         if vuln["severity"] not in {"High", "Medium", "Low"}:
                             continue
                         unique_key = hashlib.md5(
-                            str(vuln).encode("utf-8"),
+                            str(vuln).encode("utf-8"), usedforsecurity=False,
                         ).hexdigest()
                         item = get_item(vuln, test)
                         items[unique_key] = item
diff --git a/dojo/tools/ibm_app/parser.py b/dojo/tools/ibm_app/parser.py
@@ -83,7 +83,7 @@ def get_findings(self, file, test):
                     dupe_key = hashlib.md5(
                         str(issue_description + name + severity).encode(
                             "utf-8",
-                        ),
+                        ), usedforsecurity=False,
                     ).hexdigest()
                     # check if finding is a duplicate
                     if dupe_key in dupes:
diff --git a/dojo/tools/immuniweb/parser.py b/dojo/tools/immuniweb/parser.py
@@ -55,7 +55,7 @@ def get_findings(self, file, test):
             url = vulnerability.find("URL").text
 
             dupe_key = hashlib.md5(
-                str(description + title + severity).encode("utf-8"),
+                str(description + title + severity).encode("utf-8"), usedforsecurity=False,
             ).hexdigest()
 
             # check if finding is a duplicate
diff --git a/dojo/tools/kiuwan/parser.py b/dojo/tools/kiuwan/parser.py
@@ -123,7 +123,7 @@ def get_findings(self, filename, test):
                         + finding.description
                         + "|"
                         + str(finding.cwe)
-                    ).encode("utf-8"),
+                    ).encode("utf-8"), usedforsecurity=False,
                 ).hexdigest()
 
                 if key not in dupes:
diff --git a/dojo/tools/mend/parser.py b/dojo/tools/mend/parser.py
@@ -255,7 +255,7 @@ def create_finding_key(f: Finding) -> str:
             # """Hashes the finding's description and title to retrieve a key for deduplication."""
             return hashlib.md5(
                 f.description.encode("utf-8")
-                + f.title.encode("utf-8"),
+                + f.title.encode("utf-8"), usedforsecurity=False,
             ).hexdigest()
 
         dupes = {}
diff --git a/dojo/tools/neuvector_compliance/parser.py b/dojo/tools/neuvector_compliance/parser.py
@@ -46,7 +46,7 @@ def get_items(tree, test):
             + node.get("test_number")
             + node.get("description")
         )
-        unique_key = hashlib.md5(unique_key.encode("utf-8")).hexdigest()
+        unique_key = hashlib.md5(unique_key.encode("utf-8"), usedforsecurity=False).hexdigest()
         items[unique_key] = item
     return list(items.values())
 
diff --git a/dojo/tools/noseyparker/parser.py b/dojo/tools/noseyparker/parser.py
@@ -73,7 +73,7 @@ def version_0_16_0(self, line, test):
                 f"Line #{line_num} \n"
             )
             # Internal de-duplication
-            key = hashlib.md5((filepath + "|" + secret + "|" + str(line_num)).encode("utf-8")).hexdigest()
+            key = hashlib.md5((filepath + "|" + secret + "|" + str(line_num)).encode("utf-8"), usedforsecurity=False).hexdigest()
 
             # If secret already exists with the same filepath/secret/linenum
             if key in self.dupes:
@@ -133,7 +133,7 @@ def version_0_22_0(self, line, test):
                                 f"Line #{line_num} \n"
                 )
             # Internal de-duplication
-            key = hashlib.md5((filepath + "|" + rule_text_id + "|" + str(line_num)).encode("utf-8")).hexdigest()
+            key = hashlib.md5((filepath + "|" + rule_text_id + "|" + str(line_num)).encode("utf-8"), usedforsecurity=False).hexdigest()
 
             # If secret already exists with the same filepath/secret/linenum
             if key in self.dupes:
diff --git a/dojo/tools/ort/parser.py b/dojo/tools/ort/parser.py
@@ -56,7 +56,7 @@ def get_items(self, evaluated_model, test):
         for model in rule_violations_models:
             item = get_item(model, test)
             unique_key = hashlib.md5(
-                (item.title + item.references).encode(),
+                (item.title + item.references).encode(), usedforsecurity=False,
             ).hexdigest()
             items[unique_key] = item
 
diff --git a/dojo/tools/retirejs/parser.py b/dojo/tools/retirejs/parser.py
@@ -47,7 +47,7 @@ def get_items(self, tree, test):
                         unique_key = hashlib.md5(
                             (
                                 item.title + item.references + encrypted_file
-                            ).encode(),
+                            ).encode(), usedforsecurity=False,
                         ).hexdigest()
                         items[unique_key] = item
         return list(items.values())
diff --git a/dojo/tools/scantist/parser.py b/dojo/tools/scantist/parser.py
@@ -85,7 +85,7 @@ def get_findings(vuln, test):
             if item:
                 hash_key = hashlib.md5(
                     node.get("Public ID").encode("utf-8")
-                    + node.get("Library").encode("utf-8"),
+                    + node.get("Library").encode("utf-8"), usedforsecurity=False,
                 ).hexdigest()
 
                 items[hash_key] = get_findings(node, test)
diff --git a/dojo/tools/sslyze/parser_xml.py b/dojo/tools/sslyze/parser_xml.py
@@ -135,7 +135,7 @@ def get_findings(self, file, test):
                         )
                 if title and description is not None:
                     dupe_key = hashlib.md5(
-                        str(description + title).encode("utf-8"),
+                        str(description + title).encode("utf-8"), usedforsecurity=False,
                     ).hexdigest()
                     if dupe_key in dupes:
                         finding = dupes[dupe_key]
diff --git a/dojo/tools/talisman/parser.py b/dojo/tools/talisman/parser.py
@@ -67,7 +67,7 @@ def get_findings(self, filename, test):
                             + file_path
                             + description
                             + severity
-                        ).encode("utf-8"),
+                        ).encode("utf-8"), usedforsecurity=False,
                     ).hexdigest()
 
                     if key not in dupes:
diff --git a/dojo/tools/trufflehog/parser.py b/dojo/tools/trufflehog/parser.py
@@ -65,7 +65,7 @@ def get_findings_v2(self, data, test):
             strings_found = "".join(
                 string + "\n" for string in json_data.get("stringsFound")
             )
-            dupe_key = hashlib.md5((file + reason).encode("utf-8")).hexdigest()
+            dupe_key = hashlib.md5((file + reason).encode("utf-8"), usedforsecurity=False).hexdigest()
             description += (
                 "\n**Strings Found:**\n```" + strings_found + "```\n"
             )
@@ -167,7 +167,7 @@ def get_findings_v3(self, data, test):
                     severity = "Medium"
 
             dupe_key = hashlib.md5(
-                (file + detector_name + str(line_number) + commit + (raw + rawV2)).encode("utf-8"),
+                (file + detector_name + str(line_number) + commit + (raw + rawV2)).encode("utf-8"), usedforsecurity=False,
             ).hexdigest()
 
             if dupe_key in dupes:
diff --git a/dojo/tools/trufflehog3/parser.py b/dojo/tools/trufflehog3/parser.py
@@ -65,7 +65,7 @@ def get_finding_legacy(self, json_data, test, dupes):
         for string in json_data["stringsFound"]:
             strings_found += string + "\n"
 
-        dupe_key = hashlib.md5((file + reason).encode("utf-8")).hexdigest()
+        dupe_key = hashlib.md5((file + reason).encode("utf-8"), usedforsecurity=False).hexdigest()
         description += (
             "\n**Strings Found:**\n```\n" + strings_found + "\n```\n"
         )
@@ -139,7 +139,7 @@ def get_finding_current(self, json_data, test, dupes):
             description = description[:-1]
 
         dupe_key = hashlib.md5(
-            (title + secret + severity + str(line)).encode("utf-8"),
+            (title + secret + severity + str(line)).encode("utf-8"), usedforsecurity=False,
         ).hexdigest()
 
         if dupe_key in dupes:
diff --git a/dojo/tools/twistlock/parser.py b/dojo/tools/twistlock/parser.py
@@ -85,7 +85,7 @@ def parse(self, filename, test):
                         + finding.title
                         + "|"
                         + finding.description
-                    ).encode("utf-8"),
+                    ).encode("utf-8"), usedforsecurity=False,
                 ).hexdigest()
                 if key not in dupes:
                     dupes[key] = finding
diff --git a/dojo/tools/vcg/parser.py b/dojo/tools/vcg/parser.py
@@ -117,7 +117,7 @@ def parse(self, content, test):
                         + finding.title
                         + "|"
                         + finding.description
-                    ).encode("utf-8"),
+                    ).encode("utf-8"), usedforsecurity=False,
                 ).hexdigest()
 
                 if key not in dupes:
@@ -183,7 +183,7 @@ def parse(self, content, test):
                         + finding.title
                         + "|"
                         + finding.description
-                    ).encode("utf-8"),
+                    ).encode("utf-8"), usedforsecurity=False,
                 ).hexdigest()
 
                 if key not in dupes:
diff --git a/dojo/tools/whitehat_sentinel/parser.py b/dojo/tools/whitehat_sentinel/parser.py
@@ -234,7 +234,7 @@ def _convert_whitehat_sentinel_vulns_to_dojo_finding(
             is_mitigated = not active
 
             dupe_key = hashlib.md5(
-                whitehat_vuln["id"].encode("utf-8"),
+                whitehat_vuln["id"].encode("utf-8"), usedforsecurity=False,
             ).hexdigest()
 
             if dupe_key in dupes:
diff --git a/ruff.toml b/ruff.toml
@@ -42,7 +42,7 @@ select = [
    "UP",
    "YTT",
    "ASYNC",
-   "S1", "S2", "S302", "S303", "S304", "S305", "S306", "S307", "S31", "S321", "S323", "S401", "S402", "S406", "S407", "S408", "S409", "S41", "S5", "S601", "S602", "S604", "S605", "S606", "S607", "S609", "S61", "S7",
+   "S1", "S2", "S302", "S303", "S304", "S305", "S306", "S307", "S31", "S321", "S323", "S324", "S401", "S402", "S406", "S407", "S408", "S409", "S41", "S5", "S601", "S602", "S604", "S605", "S606", "S607", "S609", "S61", "S7",
    "FBT",
    "A",
    "COM",

Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ def get_findings(self, filename, test):`
`71`	`71`	`fingerprint = (`
`72`	`72`	`"bundler-audit" + gem_name + gem_version + advisory_id + sev`
`73`	`73`	`)`
`74`		`- dupe_key = hashlib.md5(fingerprint.encode("utf-8")).hexdigest()`
	`74`	`+ dupe_key = hashlib.md5(fingerprint.encode("utf-8"), usedforsecurity=False).hexdigest()`
`75`	`75`	`if dupe_key in dupes:`
`76`	`76`	`find = dupes[dupe_key]`
`77`	`77`	`else:`