mirror of
https://github.com/certbot/certbot.git
synced 2026-01-26 07:41:33 +03:00
c07b5efb7f
`lock_test.py` is a weird, heavily customized, standalone testing relic that's giving me trouble because the name currently conflicts with `certbot/tests/lock_test.py`. Moving `certbot/tests` inside the Certbot package as discussed at https://github.com/certbot/certbot/issues/7909#issuecomment-1448675456 would avoid this, however, this is at least somewhat blocked on getting that test code passing lint and mypy checks again because we run those checks on the entirety of the Certbot package 🙃 Since `lock_test.py` could probably stand to be rewritten/refactored anyway, I took this approach. What I did is I rewrote something largely equivalent to `lock_test.py` inside Certbot's unit tests. I chose not to do this in `certbot-ci` because its not necessary to have an ACME server available. We're no longer explicitly testing things with the nginx plugin here like we were in `lock_test.py`, however, we are checking that `prepare` is called on the plugin at the right time and I added comments about the importance of checking that we lock the directory during the call to `prepare` in the Apache and nginx test code. As a bonus, this fixes https://github.com/certbot/certbot/issues/8121.
60 lines
2.1 KiB
Python
60 lines
2.1 KiB
Python
"""
|
|
Certbot PyLint plugin.
|
|
|
|
The built-in ImportChecker of Pylint does a similar job to ForbidStandardOsModule to detect
|
|
deprecated modules. You can check its behavior as a reference to what is coded here.
|
|
See https://github.com/PyCQA/pylint/blob/b20a2984c94e2946669d727dbda78735882bf50a/pylint/checkers/imports.py#L287
|
|
See https://docs.pytest.org/en/latest/writing_plugins.html
|
|
"""
|
|
import os.path
|
|
import re
|
|
|
|
from pylint.checkers import BaseChecker
|
|
from pylint.interfaces import IAstroidChecker
|
|
|
|
# Modules whose file is matching one of these paths can import the os module.
|
|
WHITELIST_PATHS = [
|
|
'/acme/acme/',
|
|
'/certbot-ci/',
|
|
'/certbot-compatibility-test/',
|
|
]
|
|
|
|
|
|
class ForbidStandardOsModule(BaseChecker):
|
|
"""
|
|
This checker ensures that standard os module (and submodules) is not imported by certbot
|
|
modules. Otherwise an 'os-module-forbidden' error will be registered for the faulty lines.
|
|
"""
|
|
__implements__ = IAstroidChecker
|
|
|
|
name = 'forbid-os-module'
|
|
msgs = {
|
|
'E5001': (
|
|
'Forbidden use of os module, certbot.compat.os must be used instead',
|
|
'os-module-forbidden',
|
|
'Some methods from the standard os module cannot be used for security reasons on '
|
|
'Windows: the safe wrapper certbot.compat.os must be used instead in Certbot.'
|
|
)
|
|
}
|
|
priority = -1
|
|
|
|
def visit_import(self, node):
|
|
os_used = any(name for name in node.names if name[0] == 'os' or name[0].startswith('os.'))
|
|
if os_used and not _check_disabled(node):
|
|
self.add_message('os-module-forbidden', node=node)
|
|
|
|
def visit_importfrom(self, node):
|
|
if node.modname == 'os' or node.modname.startswith('os.') and not _check_disabled(node):
|
|
self.add_message('os-module-forbidden', node=node)
|
|
|
|
|
|
def register(linter):
|
|
"""Pylint hook to auto-register this linter"""
|
|
linter.register_checker(ForbidStandardOsModule(linter))
|
|
|
|
|
|
def _check_disabled(node):
|
|
module = node.root()
|
|
return any(path for path in WHITELIST_PATHS
|
|
if os.path.normpath(path) in os.path.normpath(module.file))
|