Apply ruff format .

This is all automated except test_manage.py was manually fixed to remove
extraneous commas that ruff tried to turn into tuples.

admin/bootstrap.py

@@ -185,7 +185,6 @@ def envsetup(args: argparse.Namespace, virtualenv_dir: str = VENV_DIR) -> None:
 
     # virtualenv doesnt exist? Install dependencies and create
     if not os.path.exists(virtualenv_dir):
-
         # Technically you can create a virtualenv from within python
         # but pip can only be run over Tor on Tails, and debugging that
         # along with instaling a third-party dependency is not worth

admin/securedrop_admin/__init__.py

@@ -769,7 +769,6 @@ def wrapper(*args: Any, **kwargs: Any) -> Any:
 
             update_status, latest_tag = check_for_updates(cli_args)
             if update_status is True:
-
                 # Useful for troubleshooting
                 branch_status = get_git_branch(cli_args)
 

admin/tests/test_securedrop-admin.py

@@ -76,9 +76,7 @@ def test_update_check_decorator_when_no_update_needed(self, caplog):
             "securedrop_admin.check_for_updates", side_effect=[[False, "1.5.0"]]
         ) as mocked_check, mock.patch(
             "securedrop_admin.get_git_branch", side_effect=["develop"]
-        ), mock.patch(
-            "sys.exit"
-        ) as mocked_exit:
+        ), mock.patch("sys.exit") as mocked_exit:
             # The decorator itself interprets --force
             args = argparse.Namespace(force=False)
             rv = securedrop_admin.update_check_required("update_check_test")(lambda _: 100)(args)
@@ -101,9 +99,7 @@ def test_update_check_decorator_when_update_needed(self, caplog):
             "securedrop_admin.check_for_updates", side_effect=[[True, "1.5.0"]]
         ) as mocked_check, mock.patch(
             "securedrop_admin.get_git_branch", side_effect=["bad_branch"]
-        ), mock.patch(
-            "sys.exit"
-        ) as mocked_exit:
+        ), mock.patch("sys.exit") as mocked_exit:
             # The decorator itself interprets --force
             args = argparse.Namespace(force=False)
             securedrop_admin.update_check_required("update_check_test")(lambda _: _)(args)
@@ -125,9 +121,7 @@ def test_update_check_decorator_when_skipped(self, caplog):
             "securedrop_admin.check_for_updates", side_effect=[[True, "1.5.0"]]
         ) as mocked_check, mock.patch(
             "securedrop_admin.get_git_branch", side_effect=["develop"]
-        ), mock.patch(
-            "sys.exit"
-        ) as mocked_exit:
+        ), mock.patch("sys.exit") as mocked_exit:
             # The decorator itself interprets --force
             args = argparse.Namespace(force=True)
             rv = securedrop_admin.update_check_required("update_check_test")(lambda _: 100)(args)

install_files/ansible-base/roles/tails-config/files/securedrop_init.py

@@ -207,7 +207,6 @@
             )
 
             if "OK" in verify_proc:
-
                 # Updating the cert chain requires sudo privileges
                 os.setresgid(0, 0, -1)
                 os.setresuid(0, 0, -1)

journalist_gui/journalist_gui/SecureDropUpdater.py

@@ -17,7 +17,6 @@
 
 
 def password_is_set():
-
     pwd_flag = subprocess.check_output(["passwd", "--status"]).decode("utf-8").split()[1]
 
     if pwd_flag == "NP":
@@ -26,7 +25,6 @@ def password_is_set():
 
 
 def prevent_second_instance(app: QtWidgets.QApplication, name: str) -> None:
-
     # Null byte triggers abstract namespace
     IDENTIFIER = "\0" + name
     ALREADY_BOUND_ERRNO = 98

journalist_gui/test_gui.py

@@ -101,7 +101,6 @@ def test_default_tab(self):
         assert self.window.tabWidget.currentIndex() == 0
 
     def test_output_tab(self):
-
         tab = self.window.tabWidget.tabBar()
         QTest.mouseClick(tab, Qt.LeftButton)
         assert self.window.tabWidget.currentIndex() == self.window.tabWidget.indexOf(

molecule/testinfra/app/apache/test_apache_journalist_interface.py

@@ -111,20 +111,14 @@ def test_apache_logging_journalist_interface(host):
   AllowOverride None
   Require all denied
 </Directory>
-""".strip(
-            "\n"
-        ),
+""".strip("\n"),
         """
 <Directory {}/static>
   Require all granted
   # Cache static resources for 1 hour
   Header set Cache-Control "max-age=3600"
 </Directory>
-""".strip(
-            "\n"
-        ).format(
-            securedrop_test_vars.securedrop_code
-        ),
+""".strip("\n").format(securedrop_test_vars.securedrop_code),
         """
 <Directory {}>
   Options None
@@ -136,11 +130,7 @@ def test_apache_logging_journalist_interface(host):
     Require all denied
   </LimitExcept>
 </Directory>
-""".strip(
-            "\n"
-        ).format(
-            securedrop_test_vars.securedrop_code
-        ),
+""".strip("\n").format(securedrop_test_vars.securedrop_code),
     ],
 )
 def test_apache_config_journalist_interface_access_control(host, apache_opt):

molecule/testinfra/app/apache/test_apache_source_interface.py

@@ -79,20 +79,14 @@ def test_apache_config_source_interface_headers_per_distro(host):
   AllowOverride None
   Require all denied
 </Directory>
-""".strip(
-            "\n"
-        ),
+""".strip("\n"),
         """
 <Directory {}/static>
   Require all granted
   # Cache static resources for 1 hour
   Header set Cache-Control "max-age=3600"
 </Directory>
-""".strip(
-            "\n"
-        ).format(
-            securedrop_test_vars.securedrop_code
-        ),
+""".strip("\n").format(securedrop_test_vars.securedrop_code),
         """
 <Directory {}>
   Options None
@@ -104,11 +98,7 @@ def test_apache_config_source_interface_headers_per_distro(host):
     Require all denied
   </LimitExcept>
 </Directory>
-""".strip(
-            "\n"
-        ).format(
-            securedrop_test_vars.securedrop_code
-        ),
+""".strip("\n").format(securedrop_test_vars.securedrop_code),
     ],
 )
 def test_apache_config_source_interface_access_control(host, apache_opt):

molecule/testinfra/app/test_app_network.py

@@ -11,7 +11,6 @@
 
 @pytest.mark.skip_in_prod()
 def test_app_iptables_rules(host):
-
     local = host.get_host("local://")
 
     # Build a dict of variables to pass to jinja for iptables comparison

molecule/testinfra/app/test_appenv.py

@@ -8,8 +8,10 @@
 @pytest.mark.parametrize("exp_pip_pkg", sdvars.pip_deps)
 def test_app_pip_deps(host, exp_pip_pkg):
     """Ensure expected package versions are installed"""
-    cmd = "{}/bin/python3 -c \"from importlib.metadata import version; print(version('{}'))\"".format(  # noqa
-        sdvars.securedrop_venv, exp_pip_pkg["name"]
+    cmd = (
+        "{}/bin/python3 -c \"from importlib.metadata import version; print(version('{}'))\"".format(  # noqa
+            sdvars.securedrop_venv, exp_pip_pkg["name"]
+        )
     )
     result = host.run(cmd)
     assert result.stdout.strip() == exp_pip_pkg["version"]

molecule/testinfra/mon/test_mon_network.py

@@ -11,7 +11,6 @@
 
 @pytest.mark.skip_in_prod()
 def test_mon_iptables_rules(host):
-
     local = host.get_host("local://")
 
     # Build a dict of variables to pass to jinja for iptables comparison

molecule/testinfra/ossec/test_journalist_mail.py

@@ -99,9 +99,7 @@ def trigger(who, payload):
                 """
                 ( echo 'Subject: TEST' ; echo ; echo -e '{payload}' ) | \
                 /var/ossec/send_encrypted_alarm.sh {who}
-                """.format(
-                    who=who, payload=payload
-                ),
+                """.format(who=who, payload=payload),
             )
             assert self.wait_for_command(host, f"mailq | grep -q {who}@ossec.test")
 
@@ -121,9 +119,7 @@ def trigger(who, payload):
                 postcat -q $job | tee /dev/stderr | \
                    gpg --homedir /var/ossec/.gnupg --decrypt 2>&1 | \
                    grep -q {expected}
-                """.format(
-                    expected=expected
-                ),
+                """.format(expected=expected),
             )
         #
         # failure to encrypt must trigger an emergency mail to ossec contact

redwood/build-wheel.py

@@ -12,6 +12,7 @@
 * Copy and rename that into the Python package structure
 * Build a Python wheel using setuptools
 """
+
 import argparse
 import os
 import shutil

securedrop/journalist_app/forms.py

@@ -27,7 +27,6 @@ def __init__(
         *args: Any,
         **kwargs: Any,
     ) -> None:
-
         self.other_field_name = other_field_name
         if custom_message is not None:
             self.custom_message = custom_message

securedrop/journalist_app/main.py

@@ -168,7 +168,6 @@ def reply() -> werkzeug.Response:
                 )
             )
         else:
-
             flash(
                 Markup(
                     "<b>{}</b> {}".format(

securedrop/manage.py

@@ -414,8 +414,9 @@ def set_clean_tmp_parser(subps: _SubParsersAction, name: str) -> None:
         default=default_days,
         type=int,
         help=(
-            "remove files not modified in a given number of DAYS "
-            "(default {} days)".format(default_days)
+            "remove files not modified in a given number of DAYS " "(default {} days)".format(
+                default_days
+            )
         ),
     )
     parser.add_argument(

securedrop/models.py

@@ -426,7 +426,6 @@ def __init__(
         is_admin: bool = False,
         otp_secret: "Optional[str]" = None,
     ) -> None:
-
         self.check_username_acceptable(username)
         self.username = username
         if first_name:

securedrop/passphrases.py

@@ -18,7 +18,6 @@ class InvalidWordListError(Exception):
 
 
 class PassphraseGenerator:
-
     PASSPHRASE_WORDS_COUNT = 7
 
     # Enforce a reasonable maximum length for passphrases to avoid DoS

securedrop/pretty_bad_protocol/_meta.py

@@ -20,7 +20,6 @@
 attribute creation and handling.
 """
 
-
 import atexit
 import codecs
 import encodings

securedrop/pretty_bad_protocol/_parsers.py

@@ -20,7 +20,6 @@
 options.
 """
 
-
 import re
 from collections import OrderedDict
 

securedrop/pretty_bad_protocol/_trust.py

@@ -22,7 +22,6 @@
 a suitable subclass as their first argument.
 """
 
-
 import os
 
 from . import _util

securedrop/pretty_bad_protocol/gnupg.py

@@ -553,7 +553,6 @@ def check_sigs(self, *keyids):  # type: ignore[no-untyped-def]
         return self._process_keys(keyids, check_sig=True)
 
     def _process_keys(self, keyids, check_sig=False):  # type: ignore[no-untyped-def]
-
         if len(keyids) > self._batch_limit:
             raise ValueError(
                 "List signatures is limited to %d keyids simultaneously" % self._batch_limit
@@ -963,9 +962,7 @@ def gen_key_input(self, separate_keyring=False, save_batchfile=False, testing=Fa
 This directory was created by python-gnupg, on {}, and
 it contains saved batch files, which can be given to GnuPG to automatically
 generate keys. Please see
-{}""".format(
-                    _util.now(), links
-                )  # sometimes python is awesome.
+{}""".format(_util.now(), links)  # sometimes python is awesome.
 
                 with open(readme, "a+") as fh:
                     [fh.write(line) for line in explain]

securedrop/scripts/shredder

@@ -22,7 +22,10 @@ def parse_args():
         description="Utility for clearing deleted content in the SecureDrop store.",
     )
     parser.add_argument(
-        "-i", "--interval", type=int, help="Keep running every 'interval' seconds.",
+        "-i",
+        "--interval",
+        type=int,
+        help="Keep running every 'interval' seconds.",
     )
 
     return parser.parse_args()
@@ -37,9 +40,7 @@ def clear_shredder():
 
 def main():
     args = parse_args()
-    logging.basicConfig(
-        format="%(asctime)s %(levelname)s %(message)s", level=logging.INFO
-    )
+    logging.basicConfig(format="%(asctime)s %(levelname)s %(message)s", level=logging.INFO)
     if args.interval:
         logging.info(f"Clearing shredder every {args.interval} seconds.")
         while 1:

securedrop/scripts/source_deleter

@@ -21,7 +21,10 @@ def parse_args():
         description="Utility for asynchronous deletion of SecureDrop sources and their data.",
     )
     parser.add_argument(
-        "-i", "--interval", type=int, help="Keep running every 'interval' seconds.",
+        "-i",
+        "--interval",
+        type=int,
+        help="Keep running every 'interval' seconds.",
     )
 
     return parser.parse_args()
@@ -36,9 +39,7 @@ def purge_deleted_sources():
 
 def main():
     args = parse_args()
-    logging.basicConfig(
-        format="%(asctime)s %(levelname)s %(message)s", level=logging.INFO
-    )
+    logging.basicConfig(format="%(asctime)s %(levelname)s %(message)s", level=logging.INFO)
     if args.interval:
         logging.info(f"Purging deleted sources every {args.interval} seconds.")
         while 1:

securedrop/source_app/forms.py

@@ -10,7 +10,6 @@
 
 
 class LoginForm(FlaskForm):
-
     codename = PasswordField(
         "codename",
         validators=[

securedrop/store.py

@@ -303,7 +303,6 @@ def save_file_submission(
         filename: Optional[str],
         stream: BinaryIO,
     ) -> str:
-
         if filename is not None:
             sanitized_filename = secure_filename(filename)
         else:

securedrop/tests/functional/app_navigators/journalist_app_nav.py

@@ -111,7 +111,7 @@ def journalist_downloads_first_message(self) -> str:
         # using requests, but we need to pass the cookies for logged in user
         # for Flask to allow this.
         def cookie_string_from_selenium_cookies(
-            cookies: Iterable[Dict[str, str]]
+            cookies: Iterable[Dict[str, str]],
         ) -> Dict[str, str]:
             result = {}
             for cookie in cookies:

securedrop/tests/functional/pageslayout/test_source_layout_torbrowser.py

@@ -31,7 +31,6 @@ def test_index_and_logout(self, locale, sd_servers):
             source_app_base_url=sd_servers.source_app_base_url,
             accept_languages=locale_with_commas,
         ) as navigator:
-
             # And they have disabled JS in their browser
             disable_js(navigator.driver)
 

securedrop/tests/migrations/migration_15ac9509fc68.py

@@ -33,7 +33,6 @@ def check_upgrade(self):
 
 
 class DowngradeTester:
-
     JOURNO_NUM = 200
     SOURCE_NUM = 200