-
Notifications
You must be signed in to change notification settings - Fork 40
/
pyproject.toml
129 lines (122 loc) · 2.88 KB
/
pyproject.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
[project]
requires-python = ">=3.11"
[tool.poetry]
name = "client-tools"
version = "0.0.0"
description = ""
authors = ["SecureDrop Team"]
license = "AGPLv3+"
[tool.poetry.dependencies]
python = "^3.11"
[tool.poetry.group.dev.dependencies]
ruff = "^0.6.4"
safety = "*"
shellcheck-py = "*"
[tool.ruff]
line-length = 100
extend-include = ["log/securedrop-{log,log-saver,redis-log}"]
[tool.ruff.lint]
select = [
# pycodestyle errors
"E",
# pyflakes
"F",
# isort
"I",
# flake8-gettext
"INT",
# flake8-pie
"PIE",
# pylint
"PL",
# flake8-pytest-style
"PT",
# flake8-pyi
"PYI",
# flake8-return
"RET",
# flake8-bandit
"S",
# flake8-simplify
"SIM",
# pyupgrade
"UP",
# pycodestyle warnings
"W",
# Unused noqa directive
"RUF100",
]
ignore = [
# code complexity checks that we fail
"PLR0912", "PLR0913", "PLR0915",
# magic-value-comparison, too many violations for now
"PLR2004",
# loop assignment target being overwritten, not a big deal
"PLW2901",
# too broad exception type
"PT011",
# usefixtures() isn't as user-friendly
"PT019",
# superflous-else- rules, find they hurt readability
"RET505", "RET506", "RET507", "RET508",
# hardcoded passwords, lots of false positives
"S105",
# we intentionally don't log stuff sometimes
"S110",
# flags every instance of subprocess
"S603",
# we trust $PATH isn't hijacked
"S607",
# Find contextlib.suppress() is harder to read
"SIM105",
# Find ternary statements harder to read
"SIM108",
# Using any()/all() can be harder to read
"SIM110",
]
[tool.ruff.lint.isort]
# because we're running from the root, isort doesn't know that these
# are our packages, so tell it explicitly.
known-first-party = [
"securedrop_client",
"securedrop_export",
"securedrop_log",
"securedrop_proxy",
"tests",
]
# gets confused by our debian/ folder and the python-debian module
known-third-party = [
"debian",
]
[tool.ruff.lint.per-file-ignores]
"client/securedrop_client/sdk/__init__.py" = [
# significant assert use for mypy
"S101",
# a number of unchecked "We should never reach here" `return false` that
# need to be refactored away
"SIM103",
]
"client/securedrop_client/gui/widgets.py" = [
# FIXME: shouldn't be using assert
"S101",
# Switching Optional[X] hints to X | None
"UP007",
]
"log/tests/**.py" = [
# TODO: switch to pytest
"PT009", "PT027"
]
"**/test**.py" = [
# use of `assert`
"S101",
# insecure temporary file/directory
"S108",
# we use global variables for some tests, sorry
"PLW0603",
# TODO: switch to typing.NamedTuple
"PYI024",
# fine to skip context handler for files in tests
"SIM115",
# TODO: rename fixtures to start with leading _ if they don't return anything
"PT004",
]