feat(rules): implement flake8-bandit S201 (flask_debug_true)
#7503
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CodSpeed Performance ReportMerging #7503 will improve performances by 2.29%Comparing Summary
Benchmarks breakdown
|
PR Check ResultsEcosystem✅ ecosystem check detected no changes. |
crates/ruff/src/codes.rs
Outdated
| @@ -573,6 +573,7 @@ pub fn code_to_rule(linter: Linter, code: &str) -> Option<(RuleGroup, Rule)> { | |||
| (Flake8Bandit, "110") => (RuleGroup::Unspecified, rules::flake8_bandit::rules::TryExceptPass), | |||
| (Flake8Bandit, "112") => (RuleGroup::Unspecified, rules::flake8_bandit::rules::TryExceptContinue), | |||
| (Flake8Bandit, "113") => (RuleGroup::Unspecified, rules::flake8_bandit::rules::RequestWithoutTimeout), | |||
| (Flake8Bandit, "201") => (RuleGroup::Unspecified, rules::flake8_bandit::rules::FlaskDebugTrue), | |||
There was a problem hiding this comment.
We're now in the habit of adding new rules under RuleGroup::Preview -- mind changing it here?
| /// Checks for uses of `debug=True` in Flask. | ||
| /// | ||
| /// ## Why is this bad? | ||
| /// Enabling debug mode shows an interactive debugger in the browser if an error occurs, and allows |
There was a problem hiding this comment.
It's annoying, but we manually format these to fit 80 characters, since they sometimes get printed to the terminal.
| return; | ||
| } | ||
|
|
||
| if let Some(debug_argument) = call.arguments.find_keyword("debug") { |
There was a problem hiding this comment.
You can reduce one level of indentation by doing:
let Some(debug_argument) = call.arguments.find_keyword("debug") else {
return;
};
...
| return; | ||
| } | ||
|
|
||
| if let Expr::Name(name) = value.as_ref() { |
There was a problem hiding this comment.
Same here: can use let-else to reduce indentation.
| def main(): | ||
| raise | ||
|
|
||
| #bad |
There was a problem hiding this comment.
For whatever reason, the comment we typically use here is # Errors and then # OK (instead of #okay).
renovate bot
referenced
this pull request
in allenporter/flux-local
Sep 24, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [ruff](https://docs.astral.sh/ruff) ([source](https://togithub.com/astral-sh/ruff), [changelog](https://togithub.com/astral-sh/ruff/releases)) | `==0.0.290` -> `==0.0.291` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>astral-sh/ruff (ruff)</summary> ### [`v0.0.291`](https://togithub.com/astral-sh/ruff/releases/tag/v0.0.291) [Compare Source](https://togithub.com/astral-sh/ruff/compare/v0.0.290...v0.0.291) <!-- Release notes generated using configuration in .github/release.yml at v0.0.291 --> #### What's Changed ##### Deprecations **The `format` command-line argument and configuration option has been renamed to `output-format`.** While Ruff will continue to respect `format` when passed as a command-line argument or configuration option, this backwards-compatible support will be dropped in a future release. See: [https://github.com/astral-sh/ruff/pull/7514](https://togithub.com/astral-sh/ruff/pull/7514). ##### Rules - \[`flake8-bandit`] Implement `S201`: `flask-debug-true` by [@​mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/astral-sh/ruff/pull/7503](https://togithub.com/astral-sh/ruff/pull/7503) - \[`flake8-bandit`] Implement `S507`: `ssh_no_host_key_verification` by [@​mkniewallner](https://togithub.com/mkniewallner) in [https://github.com/astral-sh/ruff/pull/7528](https://togithub.com/astral-sh/ruff/pull/7528) - \[`flake8-logging`] Implement `LOG002`: `invalid-get-logger-argument` by [@​dhruvmanila](https://togithub.com/dhruvmanila) in [https://github.com/astral-sh/ruff/pull/7399](https://togithub.com/astral-sh/ruff/pull/7399) - \[`flake8-logging`] Implement `LOG007`: `exception-without-exc-info` by [@​qdegraaf](https://togithub.com/qdegraaf) in [https://github.com/astral-sh/ruff/pull/7410](https://togithub.com/astral-sh/ruff/pull/7410) - \[`refurb`] Implement `FURB140`: `reimplemented-starmap` by [@​SavchenkoValeriy](https://togithub.com/SavchenkoValeriy) in [https://github.com/astral-sh/ruff/pull/7253](https://togithub.com/astral-sh/ruff/pull/7253) - \[`refurb`] Implement `FURB148`: `unnecessary-enumerate` by [@​tjkuson](https://togithub.com/tjkuson) in [https://github.com/astral-sh/ruff/pull/7454](https://togithub.com/astral-sh/ruff/pull/7454) - \[`ruff`] Detect `asyncio.get_running_loop` calls in RUF006 by [@​charliermarsh](https://togithub.com/charliermarsh) in [https://github.com/astral-sh/ruff/pull/7562](https://togithub.com/astral-sh/ruff/pull/7562) ##### Settings - Show `--no-X` variants in CLI help by [@​charliermarsh](https://togithub.com/charliermarsh) in [https://github.com/astral-sh/ruff/pull/7504](https://togithub.com/astral-sh/ruff/pull/7504) - Rename `format` option to `output-format` by [@​MichaReiser](https://togithub.com/MichaReiser) in [https://github.com/astral-sh/ruff/pull/7514](https://togithub.com/astral-sh/ruff/pull/7514) - Enable tab completion for `ruff rule` by [@​charliermarsh](https://togithub.com/charliermarsh) in [https://github.com/astral-sh/ruff/pull/7560](https://togithub.com/astral-sh/ruff/pull/7560) ##### Bug Fixes - Add padding to prevent some autofix errors by [@​charliermarsh](https://togithub.com/charliermarsh) in [https://github.com/astral-sh/ruff/pull/7461](https://togithub.com/astral-sh/ruff/pull/7461) - Remove parentheses when rewriting assert calls to statements by [@​charliermarsh](https://togithub.com/charliermarsh) in [https://github.com/astral-sh/ruff/pull/7464](https://togithub.com/astral-sh/ruff/pull/7464) - Avoid flagging starred elements in C402 by [@​charliermarsh](https://togithub.com/charliermarsh) in [https://github.com/astral-sh/ruff/pull/7466](https://togithub.com/astral-sh/ruff/pull/7466) - Extend `bad-dunder-method-name` to permit `attrs` dunders by [@​tjkuson](https://togithub.com/tjkuson) in [https://github.com/astral-sh/ruff/pull/7472](https://togithub.com/astral-sh/ruff/pull/7472) - Avoid N802 violations for [@​overload](https://togithub.com/overload) methods by [@​JonathanPlasse](https://togithub.com/JonathanPlasse) in [https://github.com/astral-sh/ruff/pull/7498](https://togithub.com/astral-sh/ruff/pull/7498) - Avoid flagging starred expressions in UP007 by [@​charliermarsh](https://togithub.com/charliermarsh) in [https://github.com/astral-sh/ruff/pull/7505](https://togithub.com/astral-sh/ruff/pull/7505) - Ensure that LOG007 only triggers on `.exception()` calls by [@​charliermarsh](https://togithub.com/charliermarsh) in [https://github.com/astral-sh/ruff/pull/7524](https://togithub.com/astral-sh/ruff/pull/7524) - Use strict sorted and union for NoQA mapping insertion by [@​dhruvmanila](https://togithub.com/dhruvmanila) in [https://github.com/astral-sh/ruff/pull/7531](https://togithub.com/astral-sh/ruff/pull/7531) - Avoid inserting imports directly after continuation by [@​charliermarsh](https://togithub.com/charliermarsh) in [https://github.com/astral-sh/ruff/pull/7553](https://togithub.com/astral-sh/ruff/pull/7553) - Add padding in `PERF102` fixes by [@​charliermarsh](https://togithub.com/charliermarsh) in [https://github.com/astral-sh/ruff/pull/7554](https://togithub.com/astral-sh/ruff/pull/7554) - Avoid invalid fix for parenthesized values in F601 by [@​charliermarsh](https://togithub.com/charliermarsh) in [https://github.com/astral-sh/ruff/pull/7559](https://togithub.com/astral-sh/ruff/pull/7559) - Treat `os.error` as an `OSError` alias by [@​charliermarsh](https://togithub.com/charliermarsh) in [https://github.com/astral-sh/ruff/pull/7582](https://togithub.com/astral-sh/ruff/pull/7582) - Extend `bad-dunder-method-name` to permit `__html__` by [@​jaap3](https://togithub.com/jaap3) in [https://github.com/astral-sh/ruff/pull/7492](https://togithub.com/astral-sh/ruff/pull/7492) - Fix stylist indentation with a formfeed by [@​konstin](https://togithub.com/konstin) in [https://github.com/astral-sh/ruff/pull/7489](https://togithub.com/astral-sh/ruff/pull/7489) #### New Contributors - [@​MicaelJarniac](https://togithub.com/MicaelJarniac) made their first contribution in [https://github.com/astral-sh/ruff/pull/5498](https://togithub.com/astral-sh/ruff/pull/5498) - [@​maheshsaripalli9](https://togithub.com/maheshsaripalli9) made their first contribution in [https://github.com/astral-sh/ruff/pull/7552](https://togithub.com/astral-sh/ruff/pull/7552) - [@​T-256](https://togithub.com/T-256) made their first contribution in [https://github.com/astral-sh/ruff/pull/7585](https://togithub.com/astral-sh/ruff/pull/7585) **Full Changelog**: astral-sh/ruff@v0.0.290...v0.0.291 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/allenporter/flux-local). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi45Ny4xIiwidXBkYXRlZEluVmVyIjoiMzYuOTcuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Part of #1646.
Summary
Implement
S201(flask_debug_true) rule frombandit.I am fairly new to Rust and Ruff's codebase, so there might be better ways to implement the rule or write the code.
Test Plan
Snapshot test from https://github.com/PyCQA/bandit/blob/1.7.5/examples/flask_debug.py, with a few additions in the "unrelated" part to test a bit more cases.