Takishima
diff --git a/‎.codespell.allow
Lines changed: 1 addition & 0 deletions b/‎.codespell.allow
Lines changed: 1 addition & 0 deletions
diff --git a/‎.pre-commit-config.yaml
Lines changed: 9 additions & 37 deletions b/‎.pre-commit-config.yaml
Lines changed: 9 additions & 37 deletions
diff --git a/‎CHANGELOG.md
Lines changed: 5 additions & 8 deletions b/‎CHANGELOG.md
Lines changed: 5 additions & 8 deletions
diff --git a/‎pylint_secure_coding_standard.py
Lines changed: 55 additions & 50 deletions b/‎pylint_secure_coding_standard.py
Lines changed: 55 additions & 50 deletions
diff --git a/‎pyproject.toml
Lines changed: 64 additions & 0 deletions b/‎pyproject.toml
Lines changed: 64 additions & 0 deletions
diff --git a/‎tests/assert_test.py
Lines changed: 4 additions & 4 deletions b/‎tests/assert_test.py
Lines changed: 4 additions & 4 deletions
@@ -0,0 +1 @@
+astroid
@@ -20,7 +20,7 @@ repos:
       - id: trailing-whitespace
 
   - repo: https://github.com/Lucas-C/pre-commit-hooks
-    rev: v1.4.1
+    rev: v1.5.1
     hooks:
       - id: insert-license
         files: \.py$
@@ -37,25 +37,19 @@ repos:
         additional_dependencies: [tomli]
 
   - repo: https://github.com/codespell-project/codespell
-    rev: v2.2.2
+    rev: v2.2.4
     hooks:
       - id: codespell
         files: .*\.(py|txt|cmake|md|rst|sh|ps1|hpp|tpp|cpp|cc)$
         args: [-I, .codespell.allow]
 
   - repo: https://github.com/adrienverge/yamllint.git
-    rev: v1.29.0
+    rev: v1.32.0
     hooks:
       - id: yamllint
 
-  - repo: https://github.com/PyCQA/isort
-    rev: 5.11.4
-    hooks:
-      - id: isort
-        name: isort (python)
-
   - repo: https://github.com/psf/black
-    rev: 22.12.0
+    rev: 23.3.0
     hooks:
       - id: black
         language_version: python3
@@ -65,32 +59,10 @@ repos:
     hooks:
       - id: blacken-docs
         args: [-S, -l, '120']
-        additional_dependencies: [black==22.12.0]
-
-  - repo: https://github.com/asottile/pyupgrade
-    rev: v3.3.1
-    hooks:
-      - id: pyupgrade
-        args: [--py38-plus, --keep-mock]
-
-  - repo: https://github.com/PyCQA/flake8
-    rev: 5.0.4
-    hooks:
-      - id: flake8
-        exclude: ^(.*_test\.py)$
-        additional_dependencies: [flake8-breakpoint, flake8-comprehensions,
-                                  flake8-docstrings, flake8-eradicate,
-                                  flake8-mutable]
-
-      - id: flake8
-        name: flake8-test-files
-        additional_dependencies: [flake8-breakpoint, flake8-comprehensions,
-                                  flake8-eradicate, flake8-mutable]
-        files: ^(.*_test\.py)$
+        additional_dependencies: [black==23.3.0]
 
-  - repo: https://github.com/pre-commit/mirrors-pylint
-    rev: 'v3.0.0a5'
+  - repo: https://github.com/charliermarsh/ruff-pre-commit
+    rev: v0.0.270
     hooks:
-      - id: pylint
-        additional_dependencies: [pylint-secure-coding-standard]
-        args: [--load-plugins=pylint_secure_coding_standard]
+      - id: ruff
+        args: [--fix, --exit-non-zero-on-fix, --show-source, --show-fixes]
@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Updated
 
 -   Update GitHub release publishing workflow
+-   Replace most Python pre-commit hooks with [ruff](https://beta.ruff.rs/docs/)
 -   Added some more pre-commit hooks:
     +  doc8
     +  codespell
@@ -24,16 +25,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Repository
 
 -   Update `thomaseizinger/create-pull-request` GitHub Action to v1.3.0
--   Update `Lucas-C/pre-commit-hooks` hook to v1.4.1
--   Update `asottile/pyupgrade` to v3.2.0
--   Update `black` hook to v22.10.0
+-   Update `Lucas-C/pre-commit-hooks` hook to v1.5.1
+-   Update `black` hook to v23.3.0
 -   Update `blacken-docs` hook to v1.13.0
--   Update `flake8` hook to v5.0.4
--   Update `pre-commit/mirrors-pylint` to v3.0.0a5
 -   Update `pre-commit/pre-commit-hooks` to v4.3.0
--   Update `pyupgrade` hook to v3.3.1
--   Update `yamllint` hook to v1.29.0
--   Update `isort` hook to v5.11.4
+-   Update `yamllint` hook to v1.32.0
+-   Update `codespell` hook to v2.2.4
 
 ## [1.4.1] - 2022-05-04
 
 
@@ -146,10 +146,10 @@ def _is_builtin_open_for_writing(node):
 
         if any(m in mode for m in 'awx'):
             # Cover:
-            #  * open(..., "w")
-            #  * open(..., "wb")
-            #  * open(..., "a")
-            #  * open(..., "x")
+            #  * open(..., "w").
+            #  * open(..., "wb").
+            #  * open(..., "a").
+            #  * open(..., "x").
             return True
     return False
 
@@ -176,6 +176,7 @@ def _is_allowed_mode(node, allowed_modes, args_idx):
 
 
 def _is_shell_true_call(node):
+    _n_args_max = 8
     if not (isinstance(node.func, astroid.Attribute) and isinstance(node.func.expr, astroid.Name)):
         return False
 
@@ -191,7 +192,11 @@ def _is_shell_true_call(node):
                     ):
                         return True
 
-            if len(node.args) > 8 and isinstance(node.args[8], astroid.Const) and bool(node.args[8].value):
+            if (
+                len(node.args) > _n_args_max
+                and isinstance(node.args[_n_args_max], astroid.Const)
+                and bool(node.args[_n_args_max].value)
+            ):
                 return True
 
         if node.func.attrname in ('getoutput', 'getstatusoutput'):
@@ -207,76 +212,76 @@ def _is_shell_true_call(node):
 
 
 def _is_pdb_call(node):
-    if isinstance(node.func, astroid.Attribute):
-        if isinstance(node.func.expr, astroid.Name) and node.func.expr.name == 'pdb':
-            # Cover:
-            #  * pdb.func()
-            return True
-    if isinstance(node.func, astroid.Name):
-        if node.func.name == 'Pdb':
-            # Cover:
-            # * Pdb()
-            return True
+    if (
+        isinstance(node.func, astroid.Attribute)
+        and isinstance(node.func.expr, astroid.Name)
+        and node.func.expr.name == 'pdb'
+    ):
+        # Cover:
+        return True
+    if isinstance(node.func, astroid.Name) and node.func.name == 'Pdb':
+        # Cover:
+        return True
     return False
 
 
 def _is_mktemp_call(node):
-    if isinstance(node.func, astroid.Attribute):
-        if node.func.attrname == 'mktemp':
-            # Cover:
-            #  * tempfile.mktemp()
-            #  * xxxx.mktemp()
-            return True
-    if isinstance(node.func, astroid.Name):
-        if node.func.name == 'mktemp':
-            # Cover:
-            #  * mktemp()
-            return True
+    if isinstance(node.func, astroid.Attribute) and node.func.attrname == 'mktemp':
+        # Cover:
+        #  * pdb.func().
+        return True
+    if isinstance(node.func, astroid.Name) and node.func.name == 'mktemp':
+        # Cover:
+        # * Pdb().
+        return True
     return False
 
 
 def _is_yaml_unsafe_call(node):
+    _load_n_args_max = 2
     _safe_loaders = ('BaseLoader', 'SafeLoader')
     _unsafe_loaders = ('Loader', 'UnsafeLoader', 'FullLoader')
+
     if (
         isinstance(node.func, astroid.Attribute)
         and isinstance(node.func.expr, astroid.Name)
         and node.func.expr.name == 'yaml'
     ):
         if node.func.attrname in ('unsafe_load', 'full_load'):
             # Cover:
-            #  * yaml.full_load()
-            #  * yaml.unsafe_load()
+            #  * yaml.full_load().
+            #  * yaml.unsafe_load().
             return True
         if node.func.attrname == 'load' and node.keywords:
             for keyword in node.keywords:
                 if keyword.arg == 'Loader' and isinstance(keyword.value, astroid.Name):
                     if keyword.value.name in _unsafe_loaders:
                         # Cover:
-                        #  * yaml.load(x, Loader=Loader)
-                        #  * yaml.load(x, Loader=UnsafeLoader)
-                        #  * yaml.load(x, Loader=FullLoader)
+                        #  * yaml.load(x, Loader=Loader).
+                        #  * yaml.load(x, Loader=UnsafeLoader).
+                        #  * yaml.load(x, Loader=FullLoader).
                         return True
                     if keyword.value.name in _safe_loaders:
                         # Cover:
-                        #  * yaml.load(x, Loader=BaseLoader)
-                        #  * yaml.load(x, Loader=SafeLoader)
+                        #  * yaml.load(x, Loader=BaseLoader).
+                        #  * yaml.load(x, Loader=SafeLoader).
                         return False
-        elif node.func.attrname == 'load':
-            if len(node.args) < 2 or (isinstance(node.args[1], astroid.Name) and node.args[1].name in _unsafe_loaders):
-                # Cover:
-                #  * yaml.load(x)
-                #  * yaml.load(x, Loader)
-                #  * yaml.load(x, UnsafeLoader)
-                #  * yaml.load(x, FullLoader)
-                return True
-
-    if isinstance(node.func, astroid.Name):
-        if node.func.name in ('unsafe_load', 'full_load'):
+        elif node.func.attrname == 'load' and (
+            len(node.args) < _load_n_args_max
+            or (isinstance(node.args[1], astroid.Name) and node.args[1].name in _unsafe_loaders)
+        ):
             # Cover:
-            #  * unsafe_load(...)
-            #  * full_load(...)
+            #  * yaml.load(x).
+            #  * yaml.load(x, Loader).
+            #  * yaml.load(x, UnsafeLoader).
+            #  * yaml.load(x, FullLoader).
             return True
+
+    if isinstance(node.func, astroid.Name) and node.func.name in ('unsafe_load', 'full_load'):
+        # Cover:
+        #  * unsafe_load(...).
+        #  * full_load(...).
+        return True
     return False
 
 
@@ -537,7 +542,7 @@ def __init__(self, linter):
         self._os_mknod_msg_arg = ''
         self._os_mknod_modes_allowed = []
 
-    def visit_call(self, node):  # pylint: disable=too-many-branches
+    def visit_call(self, node):  # pylint: disable=too-many-branches # noqa: PLR0912
         """Visitor method called for astroid.Call nodes."""
         if _is_pdb_call(node):
             self.add_message('avoid-debug-stmt', node=node)
@@ -597,11 +602,11 @@ def visit_call(self, node):  # pylint: disable=too-many-branches
 
     def visit_import(self, node):
         """Visitor method called for astroid.Import nodes."""
-        for (name, _) in node.names:
+        for name, _ in node.names:
             if name == 'pdb':
                 # Cover:
-                #  * import pdb
-                #  * import pdb as xxx
+                #  * import pdb.
+                #  * import pdb as xxx.
                 self.add_message('avoid-debug-stmt', node=node)
 
     def visit_importfrom(self, node):
 
@@ -2,6 +2,70 @@
 requires = ["setuptools>=43", "wheel", "setuptools_scm[toml]>=3.4"]
 build-backend = "setuptools.build_meta"
 
+# ==============================================================================
+
+[tool.ruff]
+line-length = 120
+target-version = 'py38'
+
+select = ['F',   # pyflakes
+          'E',   # pycodestyle
+          'W',   # pycodestyle
+          'I',   # isort
+          'N',   # pep8-naming
+          'D',   # pydocstyle
+          'UP',  # pyupgrade
+          'YTT', # flake-2020
+          'ANN', # flake8-annotations
+          'S',   # flake8-bandit
+          'BLE', # flake8-blind-except
+          'B',   # flake8-bugbear
+          'A',   # flake8-builtins
+          'C4',  # flake8-comprehensions
+          'T10', # flake8-debugger
+          'ISC', # flake8-implicit-str-concat
+          'ICN', # flake8-import-conventions
+          'PIE', # flake8-pie
+          'PT',  # flake8-pytest-style
+          'Q',   # flake8-quotes
+          'RSE', # flake8-raise
+          'RET', # flake8-return
+          'SLF', # flake8-self
+          'SIM', # flake8-simplify
+          'TID', # flake8-tidy-imports
+          'ARG', # flake8-unused-arguments
+          'PTH', # flake8-use-pathlib
+          'ERA', # eradicate
+          'PL',  # pylint
+          'RUF', # ruff-specific rules
+]
+ignore = ['ANN101', # missing-type-self
+          'D203',   # one-blank-line-before-class
+          'D212',   # multi-line-summary-first-line
+          'S603'    # subprocess-without-shell-equals-true
+]
+
+[tool.ruff.per-file-ignores]
+
+'tests/*.py' = ['S101', 'SLF001', 'PLR0913', 'PLR2004', 'D']
+
+
+[tool.ruff.flake8-annotations]
+allow-star-arg-any = true
+ignore-fully-untyped = true
+mypy-init-return = true
+suppress-dummy-args = true
+suppress-none-returning = true
+
+[tool.ruff.flake8-quotes]
+docstring-quotes = 'double'
+inline-quotes = 'single'
+multiline-quotes = 'single'
+
+[tool.ruff.pydocstyle]
+convention = 'google'
+
+
 # ==============================================================================
 
 [tool.black]
 
@@ -29,10 +29,10 @@ class TestSecureCodingStandardChecker(pylint.testutils.CheckerTestCase):
 
     def test_assert_ok(self):
         call_node1, call_node2 = astroid.extract_node(
-            """
+            '''
         int(0) #@
         foo() #@
-        """
+        '''
         )
 
         with self.assertNoMessages():
@@ -41,10 +41,10 @@ def test_assert_ok(self):
 
     @pytest.mark.parametrize(
         's',
-        (
+        [
             'assert len(s) > 0',
             'assert (my_set and my_list), "Some message"',
-        ),
+        ],
     )
     def test_assert_not_ok(self, s):
         node = astroid.extract_node(s + ' #@')