diff --git a/pyproject.toml b/pyproject.toml index 0b06e6316..976f773ac 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -311,15 +311,7 @@ ignore = [ 'RET505', # Unnecessary `else` after `return` statement 'RUF005', # [*] Consider `[self._name, *shlex.split(self._interaction.action.match.groupdict()["params"] or "")]` instead of concatenation 'RUF012', # Mutable class attributes should be annotated with `typing.ClassVar` - 'S101', # Use of `assert` detected - 'S103', # `os.chmod` setting a permissive mask `0o777` on file or directory 'S108', # Probable insecure usage of temporary file or directory: "/tmp" - 'S311', # Standard pseudo-random generators are not suitable for cryptographic purposes - 'S602', # `subprocess` call with `shell=True` identified, security issue - 'S603', # `subprocess` call: check for execution of untrusted input - 'S605', # Starting a process with a shell, possible injection detected - 'S607', # Starting a process with a partial executable path - 'SLF001', # Private member accessed: `_ui` 'T201' # `print` found ] select = ["ALL"] @@ -333,6 +325,9 @@ known-first-party = ["ansible_navigator"] lines-after-imports = 2 # Ensures consistency for cases when there's variable vs function/class definitions after imports lines-between-types = 1 # Separate import/from with 1 line +[tool.ruff.lint.per-file-ignores] +"tests/**" = ["SLF001", "S101", "S602"] + [tool.ruff.lint.pydocstyle] convention = "pep257" diff --git a/src/ansible_navigator/action_runner.py b/src/ansible_navigator/action_runner.py index a3c401669..9f5413c77 100644 --- a/src/ansible_navigator/action_runner.py +++ b/src/ansible_navigator/action_runner.py @@ -96,7 +96,7 @@ def run(self, _screen: Window) -> None: action=action, menu=None, content=None, - ui=self._ui._ui, + ui=self._ui._ui, # noqa: SLF001 ) self._run_app(interaction) diff --git a/src/ansible_navigator/actions/open_file.py b/src/ansible_navigator/actions/open_file.py index 9ace742e5..5e2083b73 100644 --- a/src/ansible_navigator/actions/open_file.py +++ b/src/ansible_navigator/actions/open_file.py @@ -143,9 +143,9 @@ def _open_a_file( if isinstance(command, str): if editor_console: with SuspendCurses(): - os.system(command) + os.system(command) # noqa:S605 else: - os.system(command) + os.system(command) # noqa:S605 @staticmethod def _persist_content(content: ContentType, content_format: ContentFormat) -> Path: diff --git a/src/ansible_navigator/actions/run.py b/src/ansible_navigator/actions/run.py index f6345a9a6..c1246f028 100644 --- a/src/ansible_navigator/actions/run.py +++ b/src/ansible_navigator/actions/run.py @@ -686,8 +686,8 @@ def _handle_message(self, message: dict[str, Any]) -> None: # Only runner on_* events are relevant now try: prefix, runner_event = event.rsplit("_", 1) - assert prefix == "runner_on" - assert runner_event in ("ok", "skipped", "start", "unreachable", "failed") + assert prefix == "runner_on" # noqa:S101 + assert runner_event in ("ok", "skipped", "start", "unreachable", "failed") # noqa:S101 except (AssertionError, ValueError): return diff --git a/src/ansible_navigator/command_runner/command_runner.py b/src/ansible_navigator/command_runner/command_runner.py index 8daed6d24..e0a70bc63 100644 --- a/src/ansible_navigator/command_runner/command_runner.py +++ b/src/ansible_navigator/command_runner/command_runner.py @@ -68,7 +68,7 @@ def run_command(command: Command) -> None: capture_output=True, check=True, text=True, - shell=True, + shell=True, # noqa:S602 ) command.return_code = proc_out.returncode command.stdout = proc_out.stdout diff --git a/src/ansible_navigator/configuration_subsystem/definitions.py b/src/ansible_navigator/configuration_subsystem/definitions.py index 87f7fa3e8..77b7f3bb0 100644 --- a/src/ansible_navigator/configuration_subsystem/definitions.py +++ b/src/ansible_navigator/configuration_subsystem/definitions.py @@ -33,7 +33,9 @@ def version_added_sanity_check(version: str) -> None: :raises AssertionError: If the version string is invalid """ re_version = re.compile(r"^v\d+\.\d+$") - assert re_version.match(version) is not None, "Version must be in the form of v{major}.{minor}" + assert ( # noqa:S101 + re_version.match(version) is not None + ), "Version must be in the form of v{major}.{minor}" class Constants(Enum): diff --git a/src/ansible_navigator/configuration_subsystem/navigator_post_processor.py b/src/ansible_navigator/configuration_subsystem/navigator_post_processor.py index 7de7ca2bd..7b74135bc 100644 --- a/src/ansible_navigator/configuration_subsystem/navigator_post_processor.py +++ b/src/ansible_navigator/configuration_subsystem/navigator_post_processor.py @@ -672,7 +672,11 @@ def lintables( ) else: try: - subprocess.run("ansible-lint --version", shell=True, check=True) + subprocess.run( + "ansible-lint --version", # noqa:S607 + shell=True, # noqa:S602 + check=True, + ) except subprocess.CalledProcessError: exit_messages.append( ExitMessage( diff --git a/src/ansible_navigator/data/catalog_collections.py b/src/ansible_navigator/data/catalog_collections.py index b91daa19e..c15d87a0f 100644 --- a/src/ansible_navigator/data/catalog_collections.py +++ b/src/ansible_navigator/data/catalog_collections.py @@ -586,7 +586,7 @@ def run_command(cmd: list[str]) -> dict[str, str]: capture_output=True, check=True, text=True, - shell=True, + shell=True, # noqa:S602 ) except subprocess.CalledProcessError as exc: return {"error": str(exc)} @@ -631,7 +631,7 @@ def main() -> dict[Any, Any]: "collections": collections, "errors": errors, "stats": stats, - "messages": cc_obj._messages, + "messages": cc_obj._messages, # noqa: SLF001 } diff --git a/src/ansible_navigator/data/image_introspect.py b/src/ansible_navigator/data/image_introspect.py index 444b7cb59..692cee056 100644 --- a/src/ansible_navigator/data/image_introspect.py +++ b/src/ansible_navigator/data/image_introspect.py @@ -46,7 +46,7 @@ def run_command(command: Command) -> None: capture_output=True, check=True, text=True, - shell=True, + shell=True, # noqa:S602 ) command.stdout = proc_out.stdout except subprocess.CalledProcessError as exc: diff --git a/src/ansible_navigator/image_manager/puller.py b/src/ansible_navigator/image_manager/puller.py index 4fe5d3d76..17b508168 100644 --- a/src/ansible_navigator/image_manager/puller.py +++ b/src/ansible_navigator/image_manager/puller.py @@ -103,7 +103,7 @@ def _check_for_image(self) -> None: cmd_parts = [self._container_engine, "image", "inspect", self._image] self._log_message(level=logging.DEBUG, message=f"Command: {shlex_join(cmd_parts)}") subprocess.run( - cmd_parts, + cmd_parts, # noqa:S603 check=True, capture_output=True, ) @@ -219,7 +219,7 @@ def pull_stdout(self) -> None: cmd_to_run, check=True, stderr=stderr_pipe, - shell=True, + shell=True, # noqa:S602 env=os.environ, ) self._log_message(level=logging.INFO, message="Execution environment updated") diff --git a/src/ansible_navigator/tm_tokenize/compiler.py b/src/ansible_navigator/tm_tokenize/compiler.py index f22ed4928..2dec6beff 100644 --- a/src/ansible_navigator/tm_tokenize/compiler.py +++ b/src/ansible_navigator/tm_tokenize/compiler.py @@ -98,7 +98,7 @@ def _compile_root(self, grammar: Grammar) -> PatternRule: return PatternRule((grammar.scope_name,), make_regset(*regs), rules) def _compile_rule(self, grammar: Grammar, rule: _Rule) -> CompiledRule: - assert rule.include is None, rule + assert rule.include is None, rule # noqa:S101 if rule.match is not None: captures_ref = self._captures_ref(grammar, rule.captures) return MatchRule(rule.name, captures_ref) diff --git a/src/ansible_navigator/ui_framework/form_utils.py b/src/ansible_navigator/ui_framework/form_utils.py index 13a923006..4e0d971fe 100644 --- a/src/ansible_navigator/ui_framework/form_utils.py +++ b/src/ansible_navigator/ui_framework/form_utils.py @@ -42,7 +42,7 @@ def dict_to_form(form_data: dict[str, Any]) -> Form: else: form = Form(type_=FormType.FORM) - form._dict = form_data # pylint: disable=protected-access + form._dict = form_data # pylint: disable=protected-access # noqa: SLF001 form.title = form_data["title"] form.title_color = form_data.get("title_color", 0) @@ -104,7 +104,7 @@ def form_to_dict(form: Form, key_on_name: bool = False) -> dict[str, Any]: :param key_on_name: Bool used to filter via name :returns: form as type dict """ - res = form._dict # pylint: disable=protected-access + res = form._dict # pylint: disable=protected-access # noqa: SLF001 res["cancelled"] = form.cancelled res["submitted"] = form.submitted for field_idx, field in enumerate(form.fields): diff --git a/src/ansible_navigator/ui_framework/validators.py b/src/ansible_navigator/ui_framework/validators.py index 6bcb6d4b6..4dc906bfe 100644 --- a/src/ansible_navigator/ui_framework/validators.py +++ b/src/ansible_navigator/ui_framework/validators.py @@ -56,7 +56,7 @@ def masked_or_none(text: str = "", hint: bool = False) -> Validation | str: """ if hint: return "Please provide a value (optional)" - value = "*" * randrange(15, 20) if text else "" + value = "*" * randrange(15, 20) if text else "" # noqa:S311 return Validation(value=value, error_msg="") @staticmethod diff --git a/tests/conftest.py b/tests/conftest.py index 3a2bff629..8deb7e9df 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -60,7 +60,7 @@ def valid_ce() -> str: # the habit of getting stuck. try: cmd = [engine, "info"] - subprocess.check_output(cmd, stderr=subprocess.STDOUT, timeout=6) + subprocess.check_output(cmd, stderr=subprocess.STDOUT, timeout=6) # noqa:S603 except (subprocess.CalledProcessError, subprocess.TimeoutExpired) as exc: msg = f"Container engine is broken, fail to run: {' '.join(cmd)}: {exc}" continue @@ -133,7 +133,7 @@ def pullable_image(valid_container_engine: str) -> Generator[str, None, None]: """ image = ImageEntry.PULLABLE_IMAGE.get(app_name=APP_NAME) yield image - subprocess.run([valid_container_engine, "image", "rm", image], check=True) + subprocess.run([valid_container_engine, "image", "rm", image], check=True) # noqa:S603 @pytest.fixture() diff --git a/tests/integration/diagnostics/test_from_cli.py b/tests/integration/diagnostics/test_from_cli.py index d8efaf6ca..ee7552c9e 100644 --- a/tests/integration/diagnostics/test_from_cli.py +++ b/tests/integration/diagnostics/test_from_cli.py @@ -35,7 +35,7 @@ def test( settings_path, settings_file = settings_env_var_to_full proc_out = subprocess.run( - "ansible-navigator --diagnostics", + "ansible-navigator --diagnostics", # noqa:S607 check=False, shell=True, capture_output=True, diff --git a/tests/unit/test_circular_imports.py b/tests/unit/test_circular_imports.py index 7f702ebbb..f8cbe36c9 100644 --- a/tests/unit/test_circular_imports.py +++ b/tests/unit/test_circular_imports.py @@ -112,4 +112,4 @@ def test_no_warnings(import_path: str) -> None: f"import {import_path!s}", ) - subprocess.check_call(imp_cmd) # Input is trusted, generated above, not external + subprocess.check_call(imp_cmd) # Input is trusted, generated above, not external # noqa:S603