Replace all linter and validation libraries by ruff (#1333)

tdruez · web-flow · commit 769e76f8c532 · 2024-07-22T12:47:30.000+04:00
Signed-off-by: tdruez &lt;tdruez@nexb.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -42,11 +42,10 @@ jobs:
         with:
           python-version: ${{ matrix.python-version }}
 
-      - name: Install universal ctags
-        run: sudo apt-get install -y universal-ctags
-    
-      - name: Install xgettext
-        run: sudo apt-get install -y gettext
+      - name: Install universal ctags and xgettext
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y universal-ctags gettext
 
       - name: Install dependencies
         run: make dev envfile
diff --git a/Makefile b/Makefile
@@ -25,7 +25,6 @@ PYTHON_EXE?=python3
 MANAGE=bin/python manage.py
 ACTIVATE?=. bin/activate;
 VIRTUALENV_PYZ=etc/thirdparty/virtualenv.pyz
-BLACK_ARGS=--exclude=".cache|migrations|data|lib|bin|var"
 # Do not depend on Python to generate the SECRET_KEY
 GET_SECRET_KEY=`head -c50 /dev/urandom | base64 | head -c50`
 # Customize with `$ make envfile ENV_FILE=/etc/scancodeio/.env`
@@ -63,33 +62,22 @@ envfile:
 	@mkdir -p $(shell dirname ${ENV_FILE}) && touch ${ENV_FILE}
 	@echo SECRET_KEY=\"${GET_SECRET_KEY}\" > ${ENV_FILE}
 
-isort:
-	@echo "-> Apply isort changes to ensure proper imports ordering"
-	@${ACTIVATE} isort --profile black .
-
-black:
-	@echo "-> Apply black code formatter"
-	@${ACTIVATE} black ${BLACK_ARGS} .
-
 doc8:
 	@echo "-> Run doc8 validation"
 	@${ACTIVATE} doc8 --max-line-length 100 --ignore-path docs/_build/ --quiet docs/
 
-valid: isort black doc8 check
-
-bandit:
-	@echo "-> Run source code security analyzer"
-	@${ACTIVATE} bandit -r scanpipe scancodeio --quiet --exclude test_spdx.py
+valid:
+	@echo "-> Run Ruff linter"
+	@${ACTIVATE} ruff check --fix
+	@echo "-> Run Ruff format"
+	@${ACTIVATE} ruff format
 
-check: doc8 bandit
-	@echo "-> Run flake8 (pycodestyle, pyflakes, mccabe) validation"
-	@${ACTIVATE} flake8 .
-	@echo "-> Run isort imports ordering validation"
-	@${ACTIVATE} isort --profile black --check-only .
-	@echo "-> Run black validation"
-	@${ACTIVATE} black --check ${BLACK_ARGS} .
-	@echo "-> Run docstring validation"
-	@${ACTIVATE} pydocstyle scanpipe scancodeio
+check:
+	@echo "-> Run Ruff linter validation (pycodestyle, bandit, isort, and more)"
+	@${ACTIVATE} ruff check
+	@echo "-> Run Ruff format validation"
+	@${ACTIVATE} ruff format --check
+	@$(MAKE) doc8
 
 check-deploy:
 	@echo "-> Check Django deployment settings"
@@ -163,4 +151,4 @@ offline-package: docker-images
 	@mkdir -p dist/
 	@tar -cf dist/scancodeio-offline-package-`git describe --tags`.tar build/
 
-.PHONY: virtualenv conf dev envfile install check bandit valid isort check-deploy clean migrate upgrade postgresdb sqlitedb backupdb run test docs bump docker-images offline-package
+.PHONY: virtualenv conf dev envfile install doc8 check valid check-deploy clean migrate upgrade postgresdb sqlitedb backupdb run test docs bump docker-images offline-package
diff --git a/pyproject.toml b/pyproject.toml
@@ -0,0 +1,45 @@
+[tool.ruff]
+line-length = 88
+exclude = [
+    "migrations",
+    "bin",
+    "Script",
+    "Lib",
+    "lib",
+    "lib64",
+    "local",
+    "var",
+]
+
+[tool.ruff.lint]
+# Rules: https://docs.astral.sh/ruff/rules/
+select = [
+    "E",  # pycodestyle
+    "W",  # pycodestyle warnings
+    "D",  # pydocstyle
+    "F",  # Pyflakes
+    "UP", # pyupgrade
+    "S",  # flake8-bandit
+    "I",  # isort
+    "C9", # McCabe complexity
+]
+ignore = ["D1", "D203", "D205", "D212", "D400", "D415"]
+
+[tool.ruff.lint.isort]
+force-single-line = true
+sections = { django = ["django"] }
+section-order = [
+    "future",
+    "standard-library",
+    "django",
+    "third-party",
+    "first-party",
+    "local-folder",
+]
+
+[tool.ruff.lint.mccabe]
+max-complexity = 10
+
+[tool.ruff.lint.per-file-ignores]
+# All usage of assert on the SPDX test file.
+"**/test_spdx.py*" = ["S101"]
diff --git a/scancodeio/settings.py b/scancodeio/settings.py
@@ -245,7 +245,9 @@
 
 AUTH_PASSWORD_VALIDATORS = [
     {
-        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
+        "NAME": (
+            "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"
+        ),
     },
     {
         "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
diff --git a/scanpipe/filters.py b/scanpipe/filters.py
@@ -260,7 +260,7 @@ def filter_queryset(self, queryset):
     @classmethod
     def filter_for_lookup(cls, field, lookup_type):
         """Add support for JSONField storing "list" using the JSONListFilter."""
-        if isinstance(field, models.JSONField) and field.default == list:
+        if isinstance(field, models.JSONField) and field.default is list:
             return JSONContainsFilter, {}
 
         return super().filter_for_lookup(field, lookup_type)
diff --git a/scanpipe/models.py b/scanpipe/models.py
@@ -2713,8 +2713,7 @@ def walk(self, topdown=True):
         for child in self.children().iterator():
             if topdown:
                 yield child
-            for subchild in child.walk(topdown=topdown):
-                yield subchild
+            yield from child.walk(topdown=topdown)
             if not topdown:
                 yield child
 
@@ -2739,7 +2738,7 @@ def file_content(self):
         # This workaround ensures that the entire content of map files is displayed.
         file_type = get_type(self.location)
         if file_type.is_js_map:
-            with open(self.location, "r") as file:
+            with open(self.location) as file:
                 content = json.load(file)
 
             return json.dumps(content, indent=2)
diff --git a/scanpipe/pipes/codebase.py b/scanpipe/pipes/codebase.py
@@ -138,8 +138,7 @@ def walk(self, topdown=True):
         for root_resource in self.root_resources:
             if topdown:
                 yield root_resource
-            for resource in root_resource.walk(topdown=topdown):
-                yield resource
+            yield from root_resource.walk(topdown=topdown)
             if not topdown:
                 yield root_resource
 
diff --git a/scanpipe/pipes/fetch.py b/scanpipe/pipes/fetch.py
@@ -25,7 +25,7 @@
 import logging
 import os
 import re
-import subprocess  # nosec
+import subprocess
 import tempfile
 from collections import namedtuple
 from pathlib import Path
@@ -68,7 +68,7 @@ def run_command_safely(command_args):
 
     Raise a SubprocessError if the exit code was non-zero.
     """
-    completed_process = subprocess.run(  # nosec
+    completed_process = subprocess.run(  # noqa: S603
         command_args,
         capture_output=True,
         text=True,
diff --git a/scanpipe/pipes/input.py b/scanpipe/pipes/input.py
@@ -163,9 +163,9 @@ def clean_xlsx_field_value(model_class, field_name, value):
         return [{dict_key: entry} for entry in value.splitlines()]
 
     elif isinstance(field, models.JSONField):
-        if field.default == list:
+        if field.default is list:
             return value.splitlines()
-        elif field.default == dict:
+        elif field.default is dict:
             return  # dict stored as JSON are not supported
 
     return value
diff --git a/scanpipe/pipes/js.py b/scanpipe/pipes/js.py
@@ -78,7 +78,7 @@ def sha1(content):
     # The following hash is not used in any security context. It is only used
     # to generate a value for matching purposes, collisions are acceptable and
     # "content" is not coming from user-generated input.
-    return hashlib.sha1(content.encode()).hexdigest()  # nosec
+    return hashlib.sha1(content.encode(), usedforsecurity=False).hexdigest()
 
 
 def source_content_sha1_list(map_file):
diff --git a/scanpipe/pipes/rootfs.py b/scanpipe/pipes/rootfs.py
@@ -345,7 +345,7 @@ def flag_uninteresting_codebase_resources(project):
     - Log file of sorts (such as var) using few heuristics
     """
     uninteresting_and_transient = (
-        "/tmp/",  # nosec
+        "/tmp/",  # noqa: S108
         "/etc/",
         "/proc/",
         "/dev/",
diff --git a/scanpipe/tests/__init__.py b/scanpipe/tests/__init__.py
@@ -52,7 +52,7 @@ def make_resource_file(project, path, **extra):
         type=CodebaseResource.Type.FILE,
         is_text=True,
         tag=path.split("/")[0],
-        **extra
+        **extra,
     )
 
 
@@ -63,7 +63,7 @@ def make_resource_directory(project, path, **extra):
         name=path.split("/")[-1],
         type=CodebaseResource.Type.DIRECTORY,
         tag=path.split("/")[0],
-        **extra
+        **extra,
     )
 
 
diff --git a/scanpipe/tests/pipes/test_docker.py b/scanpipe/tests/pipes/test_docker.py
@@ -41,9 +41,7 @@ class ScanPipeDockerPipesTest(TestCase):
     maxDiff = None
 
     def assertResultsEqual(self, expected_file, results, regen=FIXTURES_REGEN):
-        """
-        Set `regen` to True to regenerate the expected results.
-        """
+        """Set `regen` to True to regenerate the expected results."""
         if regen:
             expected_file.write_text(results)
 
diff --git a/scanpipe/tests/pipes/test_js.py b/scanpipe/tests/pipes/test_js.py
@@ -135,7 +135,7 @@ def test_scanpipe_pipes_js_get_map_sources_content(self):
             )
         )
 
-        with open(expected_location, "r") as f:
+        with open(expected_location) as f:
             expected = f.read()
 
         result = js.get_map_sources_content(to_resource)
diff --git a/scanpipe/tests/pipes/test_matchcode.py b/scanpipe/tests/pipes/test_matchcode.py
@@ -71,7 +71,7 @@ def mock_request_post_return(url, files, timeout):
                 / "match_to_matchcode"
                 / "request_post_response.json"
             )
-            with open(request_post_response_loc, "r") as f:
+            with open(request_post_response_loc) as f:
                 return json.load(f)
 
         mock_request_post.side_effect = mock_request_post_return
@@ -95,7 +95,7 @@ def test_scanpipe_pipes_matchcode_get_run_url_status(
             / "match_to_matchcode"
             / "request_get_check_response.json"
         )
-        with open(request_get_check_response_loc, "r") as f:
+        with open(request_get_check_response_loc) as f:
             mock_request_get_check_return = json.load(f)
 
         mock_request_get.side_effect = [
@@ -233,7 +233,7 @@ def test_scanpipe_pipes_matchcode_map_match_results(self):
             / "match_to_matchcode"
             / "request_get_results_response.json"
         )
-        with open(request_post_response_loc, "r") as f:
+        with open(request_post_response_loc) as f:
             match_results = json.load(f)
 
         resource_paths_by_package_uids = matchcode.map_match_results(match_results)
@@ -265,7 +265,7 @@ def test_scanpipe_pipes_matchcode_create_packages_from_match_results(self):
             / "match_to_matchcode"
             / "request_get_results_response.json"
         )
-        with open(request_get_results_response_loc, "r") as f:
+        with open(request_get_results_response_loc) as f:
             match_results = json.load(f)
 
         self.assertEqual(0, self.project1.discoveredpackages.all().count())
@@ -293,7 +293,7 @@ def test_scanpipe_pipes_matchcode_get_match_results(
             / "match_to_matchcode"
             / "request_get_check_response.json"
         )
-        with open(request_get_check_response_loc, "r") as f:
+        with open(request_get_check_response_loc) as f:
             mock_request_get_check_return = json.load(f)
 
         request_get_results_response_loc = (
@@ -302,7 +302,7 @@ def test_scanpipe_pipes_matchcode_get_match_results(
             / "match_to_matchcode"
             / "request_get_results_response.json"
         )
-        with open(request_get_results_response_loc, "r") as f:
+        with open(request_get_results_response_loc) as f:
             mock_request_get_results_return = json.load(f)
         mock_request_get.side_effect = [
             mock_request_get_check_return,
diff --git a/scanpipe/tests/pipes/test_output.py b/scanpipe/tests/pipes/test_output.py
@@ -35,7 +35,7 @@
 
 import xlsxwriter
 from licensedcode.cache import get_licensing
-from lxml import etree  # nosec
+from lxml import etree
 from scancode_config import __version__ as scancode_toolkit_version
 
 from scanpipe import pipes
@@ -51,9 +51,7 @@
 
 
 def make_config_directory(project):
-    """
-    Make and return the `project` config directory.
-    """
+    """Make and return the `project` config directory."""
     config_directory = project.codebase_path / settings.SCANCODEIO_CONFIG_DIR
     config_directory.mkdir(exist_ok=True)
     return config_directory
@@ -63,9 +61,7 @@ class ScanPipeOutputPipesTest(TestCase):
     data = Path(__file__).parent.parent / "data"
 
     def assertResultsEqual(self, expected_file, results, regen=FIXTURES_REGEN):
-        """
-        Set `regen` to True to regenerate the expected results.
-        """
+        """Set `regen` to True to regenerate the expected results."""
         if regen:
             expected_file.write_text(results)
 
@@ -711,9 +707,7 @@ def get_cell_texts(original_text, test_dir, workbook_name):
     """
 
     class Row:
-        """
-        A mock Row with a single attribute storing a long string
-        """
+        """A mock Row with a single attribute storing a long string"""
 
         def __init__(self, foo):
             self.foo = foo
@@ -748,7 +742,7 @@ def __init__(self, foo):
     # Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable
     # to XML attacks. This is not an issue here as we are parsing a properly crafted
     # test file, not a maliciously crafted one.
-    sstet = etree.parse(str(shared_strings))  # nosec
+    sstet = etree.parse(str(shared_strings))  # noqa: S320
     # in our special case the text we care is the last element of the XML
 
     return [t.text for t in sstet.getroot().iter()]
diff --git a/scanpipe/tests/pipes/test_resolve.py b/scanpipe/tests/pipes/test_resolve.py
@@ -21,11 +21,10 @@
 # Visit https://github.com/nexB/scancode.io for support and download.
 
 from pathlib import Path
+from unittest import mock
 
 from django.test import TestCase
 
-import mock
-
 from scanpipe import pipes
 from scanpipe.models import Project
 from scanpipe.pipes import resolve
diff --git a/scanpipe/tests/test_models.py b/scanpipe/tests/test_models.py
@@ -381,9 +381,9 @@ def test_scanpipe_project_model_get_inputs_with_source(self):
         self.project1.copy_input_from(self.data / "aboutcode" / "notice.NOTICE")
         self.project1.add_input_source(filename="missing.zip", is_uploaded=True)
 
-        uuid1, uuid2 = [
+        uuid1, uuid2 = (
             str(input_source.uuid) for input_source in self.project1.inputsources.all()
-        ]
+        )
 
         expected = [
             {
@@ -1376,7 +1376,7 @@ def test_scanpipe_codebase_resource_model_file_content_for_map(self):
         copy_input(map_file_path, self.project1.codebase_path)
         resource = self.project1.codebaseresources.create(path="main.js.map")
 
-        with open(map_file_path, "r") as file:
+        with open(map_file_path) as file:
             expected = json.load(file)
 
         result = json.loads(resource.file_content)
diff --git a/scanpipe/tests/test_pipelines.py b/scanpipe/tests/test_pipelines.py
diff --git a/scanpipe/views.py b/scanpipe/views.py
diff --git a/setup.cfg b/setup.cfg
diff --git a/setup.py b/setup.py

Original file line number	Diff line number	Diff line change
`@@ -245,7 +245,9 @@`
`245`	`245`
`246`	`246`	`AUTH_PASSWORD_VALIDATORS = [`
`247`	`247`	`{`
`248`		`- "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",`
	`248`	`+ "NAME": (`
	`249`	`+ "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"`
	`250`	`+ ),`
`249`	`251`	`},`
`250`	`252`	`{`
`251`	`253`	`"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",`