Ruff: Add and fix SIM117

[kiblik]

Add rule multiple-with-statements (SIM117) and fix it.

[dryrunsecurity]

DryRun Security Summary

The pull request enhances unit tests for multiple security report parsers by improving their ability to handle various input scenarios, including invalid data and edge cases, while ensuring accurate extraction of security findings and protection of sensitive information across 16 different parser files.

Expand for full summary

Summary:

The code changes in this pull request focus on improving the unit tests for various security report parsers used in the application. These parsers are responsible for processing the output of different security scanning tools and extracting relevant security findings. The changes aim to enhance the robustness and reliability of these parsers by ensuring they can handle a wide range of input scenarios, including empty reports, reports with errors, and reports with complex or unexpected data structures.

The key security-related aspects of these changes include:

1. Handling of Invalid or Unexpected Input: The updated tests ensure that the parsers can gracefully handle empty reports, reports with invalid JSON/CSV format, and reports with missing or null data fields. This helps prevent potential security vulnerabilities that could arise from the application crashing or behaving unexpectedly when faced with malformed input.

2. Parsing of Security Findings: The tests cover scenarios with single, multiple, and complex security findings (e.g., findings with multiple CVEs or CWEs). This helps ensure the parsers can accurately extract and represent the relevant security information, which is crucial for effective vulnerability management.

3. Handling of Known Issues: Some of the changes address specific issues or edge cases that have been identified in the parsers, such as handling the "deprecation" finding for the "@babel/plugin-proposal-class-properties" component. This demonstrates a proactive approach to addressing potential security-related problems.

4. Censoring of Sensitive Information: One of the changes includes a test case for the "censor_path_hashes" function, which helps protect sensitive information (e.g., file paths) that may be present in the security reports.

Overall, the code changes in this pull request focus on improving the quality, reliability, and security of the application's security report parsing functionality, which is an essential component of the overall application security infrastructure.

Files Changed:

The changes in this pull request span multiple files, each containing unit tests for a specific security report parser:

1. unittests/tools/test_aws_inspector2_parser.py: Tests for the AWSInspector2Parser class.
2. unittests/tools/test_anchore_enterprise_parser.py: Tests for the AnchoreEnterpriseParser class.
3. unittests/tools/test_auditjs_parser.py: Tests for the AuditJSParser class.
4. unittests/tools/test_coverity_api_parser.py: Tests for the CoverityApiParser class.
5. unittests/tools/test_burp_graphql_parser.py: Tests for the BurpGraphQLParser class.
6. unittests/tools/test_gitlab_api_fuzzing_parser.py: Tests for the GitlabAPIFuzzingParser class.
7. unittests/tools/test_intsights_parser.py: Tests for the IntSightsParser class.
8. unittests/tools/test_kubehunter_parser.py: Tests for the KubeHunterParser class.
9. unittests/tools/test_meterian_parser.py: Tests for the MeterianParser class.
10. unittests/tools/test_noseyparker_parser.py: Tests for the NoseyParkerParser class.
11. unittests/tools/test_npm_audit_parser.py: Tests for the NpmAuditParser class.
12. unittests/tools/test_risk_recon_parser.py: Tests for the RiskReconParser class.
13. unittests/tools/test_sysdig_reports_parser.py: Tests for the SysdigReportsParser class.
14. unittests/tools/test_threat_composer_parser.py: Tests for the ThreatComposerParser class.
15. unittests/tools/test_whitehat_sentinel_parser.py: Tests for the WhiteHatSentinelParser class.
16. unittests/tools/test_yarn_audit_parser.py: Tests for the YarnAuditParser class.

The changes in these files demonstrate a comprehensive approach to testing the security report parsing functionality, which is crucial for maintaining the overall security and reliability of the application.

Code Analysis

We ran 9 analyzers against 18 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[mtesauro]

Approved