Ruff: Add and fix DTZ002 & DTZ011 + reorg some timezone components

dojo/forms.py

@@ -3,7 +3,7 @@
 import pickle
 import re
 import warnings
-from datetime import date, datetime
+from datetime import datetime
 from pathlib import Path
 
 import tagulous
@@ -188,7 +188,7 @@ def __init__(self, attrs=None, years=None, *, required=True):
         if years:
             self.years = years
         else:
-            this_year = date.today().year
+            this_year = timezone.now().year
             self.years = list(range(this_year - 10, this_year + 1))
 
     def render(self, name, value, attrs=None, renderer=None):
@@ -642,7 +642,7 @@ def clean_tags(self):
     # date can only be today or in the past, not the future
     def clean_scan_date(self):
         date = self.cleaned_data.get("scan_date", None)
-        if date and date.date() > datetime.today().date():
+        if date and date.date() > timezone.now().date():
             msg = "The date cannot be in the future!"
             raise forms.ValidationError(msg)
         return date
@@ -3582,7 +3582,7 @@ class Meta:
     def clean_expiration(self):
         expiration = self.cleaned_data.get("expiration", None)
         if expiration:
-            today = datetime.today().date()
+            today = timezone.now().date()
             if expiration < today:
                 msg = "The expiration cannot be in the past"
                 raise forms.ValidationError(msg)

dojo/metrics/views.py

@@ -3,7 +3,7 @@
 import logging
 import operator
 from calendar import monthrange
-from datetime import date, datetime, timedelta
+from datetime import datetime, timedelta
 
 from dateutil.relativedelta import relativedelta
 from django.contrib import messages
@@ -776,7 +776,7 @@ def view_engineer(request, eid):
                 f.test.engagement.product.name,
                 f.severity,
                 f.title,
-                (date.today() - f.date).days,
+                (timezone.now().date() - f.date).days,
                 "Accepted" if f.risk_accepted else "Active",
                 f.reporter,
             ]
@@ -850,7 +850,7 @@ def view_engineer(request, eid):
 
 def _age_buckets(qs):
     """Return aged high/critical finding counts in one SQL round-trip."""
-    today = date.today()
+    today = timezone.now().date()
     return qs.aggregate(
         lt=Count("id", filter=Q(date__gte=today - timedelta(days=30))),
         ls=Count("id", filter=Q(date__lte=today - timedelta(days=30), date__gt=today - timedelta(days=60))),

dojo/survey/views.py

@@ -1,5 +1,5 @@
 import pickle
-from datetime import date, timedelta
+from datetime import timedelta
 
 from django.contrib import messages
 from django.contrib.admin.utils import NestedObjects
@@ -136,7 +136,7 @@ def answer_questionnaire(request, eid, sid):
         if questions_are_valid:
             survey.completed = True
             survey.responder = request.user
-            survey.answered_on = date.today()
+            survey.answered_on = tz.now().date()
             survey.save()
             messages.add_message(
                 request,
@@ -788,7 +788,7 @@ def answer_empty_survey(request, esid):
         if questions_are_valid:
             survey.completed = True
             survey.responder = request.user if not request.user.is_anonymous else None
-            survey.answered_on = date.today()
+            survey.answered_on = tz.now().date()
             survey.save()
             general_survey.num_responses += 1
             general_survey.save()

dojo/tasks.py

@@ -1,5 +1,5 @@
 import logging
-from datetime import date, timedelta
+from datetime import timedelta
 
 from auditlog.models import LogEntry
 from celery.utils.log import get_task_logger
@@ -98,7 +98,7 @@ def flush_auditlog(*args, **kwargs):
         return
 
     logger.info("Running Cleanup Task for Logentries with %d Months retention", retention_period)
-    retention_date = date.today() - relativedelta(months=retention_period)
+    retention_date = timezone.now().date() - relativedelta(months=retention_period)
     subset = LogEntry.objects.filter(timestamp__date__lt=retention_date)
     event_count = subset.count()
     logger.debug("Initially received %d Logentries", event_count)

dojo/test/views.py

@@ -692,7 +692,7 @@ def add_temp_finding(request, tid, fid):
 
             new_finding.tags = form.cleaned_data["tags"]
             new_finding.cvssv3 = finding.cvssv3
-            new_finding.date = form.cleaned_data["date"] or datetime.today()
+            new_finding.date = form.cleaned_data["date"] or timezone.now().date()
 
             finding_helper.update_finding_status(new_finding, request.user)
 

dojo/tools/hydra/parser.py

@@ -1,7 +1,7 @@
 import json
 import logging
-from datetime import date
 
+from django.utils import timezone
 from django.utils.dateparse import parse_datetime
 
 from dojo.models import Endpoint, Finding
@@ -78,7 +78,7 @@ def __extract_finding(
             title="Weak username / password combination found for " + host,
             date=parse_datetime(metadata.date)
             if metadata.date
-            else date.today(),
+            else timezone.now().date(),
             severity="High",
             description=host
             + " on port "

dojo/tools/noseyparker/parser.py

@@ -1,6 +1,7 @@
 import hashlib
 import json
-from datetime import datetime
+
+from django.utils import timezone
 
 from dojo.models import Finding
 
@@ -90,7 +91,7 @@ def version_0_16_0(self, line, test):
                     description=description,
                     severity="High",
                     mitigation="Reset the account/token and remove from source code. Store secrets/tokens/passwords in secret managers or secure vaults.",
-                    date=datetime.today().strftime("%Y-%m-%d"),
+                    date=timezone.now().strftime("%Y-%m-%d"),
                     verified=False,
                     active=True,
                     is_mitigated=False,
@@ -150,7 +151,7 @@ def version_0_22_0(self, line, test):
                     description=description,
                     severity="High",
                     mitigation="Reset the account/token and remove from source code. Store secrets/tokens/passwords in secret managers or secure vaults.",
-                    date=datetime.today().strftime("%Y-%m-%d"),
+                    date=timezone.now().strftime("%Y-%m-%d"),
                     verified=False,
                     active=True,
                     is_mitigated=False,

ruff.toml

@@ -42,7 +42,7 @@ select = [
    "A",
    "COM",
    "C4",
-   "DTZ003", "DTZ004", "DTZ012", "DTZ901",
+   "DTZ002", "DTZ003", "DTZ004", "DTZ01", "DTZ901",
    "T10",
    "DJ003", "DJ01",
    "EM",

unittests/test_flush_auditlog.py

@@ -1,9 +1,10 @@
 import logging
-from datetime import UTC, date, datetime
+from datetime import UTC, datetime
 
 from auditlog.models import LogEntry
 from dateutil.relativedelta import relativedelta
 from django.test import override_settings
+from django.utils import timezone
 
 from dojo.models import Finding
 from dojo.tasks import flush_auditlog
@@ -25,9 +26,9 @@ def test_flush_auditlog_disabled(self):
 
     @override_settings(AUDITLOG_FLUSH_RETENTION_PERIOD=0)
     def test_delete_all_entries(self):
-        entries_before = LogEntry.objects.filter(timestamp__date__lt=date.today()).count()
+        entries_before = LogEntry.objects.filter(timestamp__date__lt=timezone.now().date()).count()
         flush_auditlog()
-        entries_after = LogEntry.objects.filter(timestamp__date__lt=date.today()).count()
+        entries_after = LogEntry.objects.filter(timestamp__date__lt=timezone.now().date()).count()
         # we have three old log entries in our testdata
         self.assertEqual(entries_before - 3, entries_after)
 

unittests/tools/test_hydra_parser.py

@@ -1,4 +1,6 @@
-from datetime import date, datetime
+from datetime import datetime
+
+from django.utils import timezone
 
 from dojo.models import Finding, Test
 from dojo.tools.hydra.parser import HydraParser
@@ -55,7 +57,7 @@ def test_hydra_parser_with_one_finding_and_missing_date_has_one_finding(self):
 
             self.__assertFindingEquals(
                 finding,
-                date.today(),
+                timezone.now().date(),
                 "127.0.0.1",
                 "9999",
                 "bill@example.com",

unittests/tools/test_veracode_parser.py

@@ -1,6 +1,7 @@
 import datetime
 
 from django.test import override_settings
+from django.utils import timezone
 
 from dojo.models import Endpoint, Engagement, Product, Product_Type, Test
 from dojo.tools.veracode.parser import VeracodeParser
@@ -110,7 +111,7 @@ def test_parse_file_with_multiple_finding2_first_seen(self):
 
     def test_parse_file_with_multiple_finding2(self):
         finding = self.parse_file_with_multiple_finding2()
-        self.assertEqual(datetime.datetime.today().date(), finding.date)
+        self.assertEqual(timezone.now().date(), finding.date)
 
     def parse_file_with_multiple_finding2(self):
         with (get_unit_tests_scans_path("veracode") / "veracode_scan.xml").open(encoding="utf-8") as testfile:
@@ -199,7 +200,7 @@ def test_parse_file_with_dynamic_finding_first_seen(self):
 
     def test_parse_file_with_dynamic_finding(self):
         finding = self.parse_file_with_dynamic_finding()
-        self.assertEqual(datetime.datetime.today().date(), finding.date)
+        self.assertEqual(timezone.now().date(), finding.date)
 
     def parse_file_with_dynamic_finding(self):
         with (get_unit_tests_scans_path("veracode") / "dynamic_finding.xml").open(encoding="utf-8") as testfile:

unittests/tools/test_veracode_sca_parser.py

@@ -2,6 +2,7 @@
 
 from dateutil.tz import UTC
 from django.test import override_settings
+from django.utils import timezone
 
 from dojo.models import Test
 from dojo.tools.veracode_sca.parser import VeracodeScaParser
@@ -108,4 +109,4 @@ def parse_json_fixed(self):
             self.assertEqual("CVE-2022-31159", finding.unsaved_vulnerability_ids[0])
             self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", finding.cvssv3)
             self.assertEqual(22, finding.cwe)
-            self.assertEqual(datetime.date.today(), finding.mitigated.date())
+            self.assertEqual(timezone.now().date(), finding.mitigated.date())