-
Notifications
You must be signed in to change notification settings - Fork 42
/
pyproject.toml
130 lines (123 loc) · 2.89 KB
/
pyproject.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
[project]
requires-python = ">=3.11"
[tool.poetry]
name = "client-tools"
version = "0.0.0"
description = ""
authors = ["SecureDrop Team"]
license = "AGPLv3+"
[tool.poetry.dependencies]
python = "^3.11"
[tool.poetry.group.dev.dependencies]
ruff = "^0.8.4"
safety = "*"
shellcheck-py = "*"
zizmor = "*"
[tool.ruff]
line-length = 100
extend-include = ["log/securedrop-{log,log-saver,redis-log}"]
[tool.ruff.lint]
select = [
# pycodestyle errors
"E",
# pyflakes
"F",
# isort
"I",
# flake8-gettext
"INT",
# flake8-pie
"PIE",
# pylint
"PL",
# flake8-pytest-style
"PT",
# flake8-pyi
"PYI",
# flake8-return
"RET",
# flake8-bandit
"S",
# flake8-simplify
"SIM",
# pyupgrade
"UP",
# pycodestyle warnings
"W",
# Unused noqa directive
"RUF100",
]
ignore = [
# code complexity checks that we fail
"PLR0912", "PLR0913", "PLR0915",
# magic-value-comparison, too many violations for now
"PLR2004",
# loop assignment target being overwritten, not a big deal
"PLW2901",
# too broad exception type
"PT011",
# usefixtures() isn't as user-friendly
"PT019",
# superflous-else- rules, find they hurt readability
"RET505", "RET506", "RET507", "RET508",
# hardcoded passwords, lots of false positives
"S105",
# we intentionally don't log stuff sometimes
"S110",
# flags every instance of subprocess
"S603",
# we trust $PATH isn't hijacked
"S607",
# Find contextlib.suppress() is harder to read
"SIM105",
# Find ternary statements harder to read
"SIM108",
# Using any()/all() can be harder to read
"SIM110",
]
[tool.ruff.lint.isort]
# because we're running from the root, isort doesn't know that these
# are our packages, so tell it explicitly.
known-first-party = [
"securedrop_client",
"securedrop_export",
"securedrop_log",
"securedrop_proxy",
"tests",
]
# gets confused by our debian/ folder and the python-debian module
known-third-party = [
"debian",
]
[tool.ruff.lint.per-file-ignores]
"client/securedrop_client/sdk/__init__.py" = [
# significant assert use for mypy
"S101",
# a number of unchecked "We should never reach here" `return false` that
# need to be refactored away
"SIM103",
]
"client/securedrop_client/gui/widgets.py" = [
# FIXME: shouldn't be using assert
"S101",
# Switching Optional[X] hints to X | None
"UP007",
]
"log/tests/**.py" = [
# TODO: switch to pytest
"PT009", "PT027"
]
"**/test**.py" = [
# use of `assert`
"S101",
# insecure temporary file/directory
"S108",
# we use global variables for some tests, sorry
"PLW0603",
# TODO: switch to typing.NamedTuple
"PYI024",
# fine to skip context handler for files in tests
"SIM115",
# TODO: rename fixtures to start with leading _ if they don't return anything
"PT004",
]