upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-19 21:49:03 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
certbot/linter_plugin.py
ohemorange 16f858547f
Add --use-pep517 flag to pip to silence warning in tools/venv.py, and switch codebase to src-layout (#10249) 
Fixes #10252.

See further discussion here: https://github.com/pypa/pip/issues/11457

We are doing option:

> Alternatively, enable the --use-pep517 pip option, possibly with
--no-build-isolation. The --use-pip517 flag will force pip to use the
modern mechanism for editable installs. --no-build-isolation may be
needed if your project has build-time requirements beyond setuptools and
wheel. By passing this flag, you are responsible for making sure your
environment already has the required dependencies to build your package.
Once the legacy mechanism is removed, --use-pep517 will have no effect
and will essentially be enabled by default in this context.

Major changes made here include:
- Add `--use-pep517` to use the modern mechanism, which will be the only
mechanism in future pip releases
- Change to `/src` layout to appease mypy, and because for editable
installs that really is the normal way these days.
  - `cd acme && mkdir src && mv acme src/` etc.
- add `where='src'` argument to `find_packages` and add
`package_dir={'': 'src'},` in `setup.py`s
  - update `MANIFEST.in` files with new path locations 
- Update our many hardcoded filepaths
- Update `importlib-metadata` requirement to fix
double-plugin-entry-point problem in oldest tests
2025-04-11 19:30:33 +00:00

57 lines
2 KiB
Python
Raw Blame History

"""
Certbot PyLint plugin.
The built-in ImportChecker of Pylint does a similar job to ForbidStandardOsModule to detect
deprecated modules. You can check its behavior as a reference to what is coded here.
See https://github.com/PyCQA/pylint/blob/b20a2984c94e2946669d727dbda78735882bf50a/pylint/checkers/imports.py#L287
See https://docs.pytest.org/en/latest/writing_plugins.html
"""
import os.path
import re
from pylint.checkers import BaseChecker
# Modules whose file is matching one of these paths can import the os module.
ALLOWLIST_PATHS = [
'/acme/src/acme/',
'/certbot-ci/',
'/certbot-compatibility-test/',
]
class ForbidStandardOsModule(BaseChecker):
"""
This checker ensures that standard os module (and submodules) is not imported by certbot
modules. Otherwise an 'os-module-forbidden' error will be registered for the faulty lines.
"""
name = 'forbid-os-module'
msgs = {
'E5001': (
'Forbidden use of os module, certbot.compat.os must be used instead',
'os-module-forbidden',
'Some methods from the standard os module cannot be used for security reasons on '
'Windows: the safe wrapper certbot.compat.os must be used instead in Certbot.'
)
}
priority = -1
def visit_import(self, node):
os_used = any(name for name in node.names if name[0] == 'os' or name[0].startswith('os.'))
if os_used and not _check_disabled(node):
self.add_message('os-module-forbidden', node=node)
def visit_importfrom(self, node):
if node.modname == 'os' or node.modname.startswith('os.') and not _check_disabled(node):
self.add_message('os-module-forbidden', node=node)
def register(linter):
"""Pylint hook to auto-register this linter"""
linter.register_checker(ForbidStandardOsModule(linter))
def _check_disabled(node):
module = node.root()
return any(path for path in ALLOWLIST_PATHS
if os.path.normpath(path) in os.path.normpath(module.file))
Reference in a new issue View git blame Copy permalink