RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-03-21 18:46:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #90 from pebenito/misc

Browse Source 
Various updates.
This commit is contained in:
Chris PeBenito 2023-03-30 08:51:14 -04:00 committed by GitHub
commit dee89793f8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 655 additions and 398 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.coveragerc
View File

@ -1,11 +0,0 @@
#coverage.py configuration
[run]
source = setools
plugins = Cython.Coverage
[report]
exclude_lines =
pragma: no cover
def __repr__
raise NotImplementedError
return NotImplemented

19
.mypy.ini
View File

@ -1,19 +0,0 @@
[mypy]
no_implicit_optional = True
pretty = True
# NetworkX does not have annotations
[mypy-networkx]
ignore_missing_imports = True
[mypy-networkx.*]
ignore_missing_imports = True
[mypy-PyQt5.*]
ignore_missing_imports = True
[mypy-sip]
ignore_missing_imports = True
[mypy-pkg_resources]
ignore_missing_imports = True

332
.pylintrc
View File

@ -1,332 +0,0 @@
[MASTER]
# Specify a configuration file.
#rcfile=
# Python code to execute, usually for sys.path manipulation such as
# pygtk.require().
#init-hook=
# Add files or directories to the blacklist. They should be base names, not
# paths.
ignore=CVS
# Pickle collected data for later comparisons.
persistent=yes
# List of plugins (as comma separated values of python modules names) to load,
# usually to register additional checkers.
load-plugins=
# Use multiple processes to speed up Pylint.
jobs=0
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
unsafe-load-any-extension=no
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code
extension-pkg-whitelist=setools.policyrep
[MESSAGES CONTROL]
# Only show warnings with the listed confidence levels. Leave empty to show
# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
confidence=
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option
# multiple time. See also the "--disable" option for examples.
#enable=
# Disable the message, report, category or checker with the given id(s). You
# can either give multiple identifiers separated by comma (,) or put this
# option multiple times (only on the command line, not in the configuration
# file where it should appear only once).You can also use "--disable=all" to
# disable everything first and then reenable specific checks. For example, if
# you want to run only the similarities checker, you can use "--disable=all
# --enable=similarities". If you want to run only the classes checker, but have
# no Warning level messages displayed, use"--disable=all --enable=classes
# --disable=W"
# format: enforced by pep8 tool
disable=I,logging-format-interpolation,format,similarities
[REPORTS]
# Set the output format. Available formats are text, parseable, colorized, msvs
# (visual studio) and html. You can also give a reporter class, eg
# mypackage.mymodule.MyReporterClass.
output-format=text
# Tells whether to display a full report or only the messages
reports=no
# Python expression which should return a note less than 10 (10 is the highest
# note). You have access to the variables errors warning, statement which
# respectively contain the number of errors / warnings messages and the total
# number of statements analyzed. This is used by the global evaluation report
# (RP0004).
evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
# Template used to display messages. This is a python new-style format string
# used to format the message information. See doc for all details
#msg-template=
[BASIC]
# List of builtins function names that should not be used, separated by a comma
bad-functions=map,filter
# Good variable names which should always be accepted, separated by a comma
good-names=i,j,k,s,t,ex,fs,Run,_
# Bad variable names which should always be refused, separated by a comma
bad-names=foo,bar,baz,toto,tutu,tata
# Colon-delimited sets of names that determine each other's naming style when
# the name regexes allow several styles.
name-group=
# Include a hint for the correct naming format with invalid-name
include-naming-hint=no
# Regular expression matching correct constant names
const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$
# Regular expression matching correct method names
method-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression matching correct function names
function-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression matching correct class attribute names
class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
# Naming hint for class attribute names
class-attribute-name-hint=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
# Regular expression matching correct attribute names
attr-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression matching correct class names
class-rgx=[A-Z_][a-zA-Z0-9]+$
# Regular expression matching correct module names
module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
# Regular expression matching correct inline iteration names
inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
# Regular expression matching correct argument names
argument-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression matching correct variable names
variable-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match function or class names that do
# not require a docstring.
no-docstring-rgx=^_
# Minimum line length for functions/classes that require docstrings, shorter
# ones are exempt.
docstring-min-length=-1
[ELIF]
# Maximum number of nested blocks for function / method body
max-nested-blocks=5
[LOGGING]
# Logging modules to check that the string format arguments are in logging
# function parameter format
logging-modules=logging
[MISCELLANEOUS]
# List of note tags to take in consideration, separated by a comma.
notes=FIXME,XXX,TODO
[SPELLING]
# Spelling dictionary name. Available dictionaries: none. To make it working
# install python-enchant package.
spelling-dict=
# List of comma separated words that should not be checked.
spelling-ignore-words=
# A path to a file that contains private dictionary; one word per line.
spelling-private-dict-file=
# Tells whether to store unknown words to indicated private dictionary in
# --spelling-private-dict-file option instead of raising a message.
spelling-store-unknown-words=no
[FORMAT]
# Maximum number of characters on a single line.
max-line-length=100
# Regexp for a line that is allowed to be longer than the limit.
ignore-long-lines=^\s*(# )?<?https?://\S+>?$
# Allow the body of an if to be on the same line as the test if there is no
# else.
single-line-if-stmt=no
# Maximum number of lines in a module
max-module-lines=1000
# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1
# tab).
indent-string=' '
# Number of spaces of indent required inside a hanging or continued line.
indent-after-paren=4
# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
expected-line-ending-format=
[TYPECHECK]
# Tells whether missing members accessed in mixin class should be ignored. A
# mixin class is detected if its name ends with "mixin" (case insensitive).
ignore-mixin-members=yes
# List of module names for which member attributes should not be checked
# (useful for modules/projects where namespaces are manipulated during runtime
# and thus existing member attributes cannot be deduced by static analysis. It
# supports qualified module names, as well as Unix pattern matching.
ignored-modules=
# List of classes names for which member attributes should not be checked
# (useful for classes with attributes dynamically set). This supports can work
# with qualified names.
ignored-classes=
# List of members which are set dynamically and missed by pylint inference
# system, and so shouldn't trigger E1101 when accessed. Python regular
# expressions are accepted.
generated-members=
[SIMILARITIES]
# Minimum lines number of a similarity.
min-similarity-lines=4
# Ignore comments when computing similarities.
ignore-comments=yes
# Ignore docstrings when computing similarities.
ignore-docstrings=yes
# Ignore imports when computing similarities.
ignore-imports=no
[VARIABLES]
# Tells whether we should check for unused import in __init__ files.
init-import=no
# A regular expression matching the name of dummy variables (i.e. expectedly
# not used).
dummy-variables-rgx=_$|dummy
# List of additional names supposed to be defined in builtins. Remember that
# you should avoid to define new builtins when possible.
additional-builtins=
# List of strings which can identify a callback function by name. A callback
# name must start or end with one of those strings.
callbacks=cb_,_cb
[IMPORTS]
# Deprecated modules which should not be used, separated by a comma
deprecated-modules=optparse
# Create a graph of every (i.e. internal and external) dependencies in the
# given file (report RP0402 must not be disabled)
import-graph=
# Create a graph of external dependencies in the given file (report RP0402 must
# not be disabled)
ext-import-graph=
# Create a graph of internal dependencies in the given file (report RP0402 must
# not be disabled)
int-import-graph=
[DESIGN]
# Maximum number of arguments for function / method
max-args=20
# Argument names that match this expression will be ignored. Default to name
# with leading underscore
ignored-argument-names=_.*
# Maximum number of locals for function / method body
max-locals=20
# Maximum number of return / yield for function / method body
max-returns=6
# Maximum number of branch for function / method body
max-branches=15
# Maximum number of statements in function / method body
max-statements=50
# Maximum number of parents for a class (see R0901).
max-parents=7
# Maximum number of attributes for a class (see R0902).
max-attributes=20
# Minimum number of public methods for a class (see R0903).
min-public-methods=2
# Maximum number of public methods for a class (see R0904).
max-public-methods=20
# Maximum number of boolean expressions in a if statement
max-bool-expr=5
[CLASSES]
# List of method names used to declare (i.e. assign) instance attributes.
defining-attr-methods=__init__,__new__,setUp
# List of valid names for the first argument in a class method.
valid-classmethod-first-arg=cls
# List of valid names for the first argument in a metaclass class method.
valid-metaclass-classmethod-first-arg=mcs
# List of member names, which should be excluded from the protected access
# warning.
exclude-protected=_asdict,_fields,_replace,_source,_make
[EXCEPTIONS]
# Exceptions that will emit a warning when being caught. Defaults to
# "Exception"
overgeneral-exceptions=builtins.Exception

64
README.md
View File

@ -1,5 +1,4 @@
# SETools: Policy analysis tools for SELinux
https://github.com/SELinuxProject/setools/wiki
## Overview
@ -13,6 +12,7 @@ SETools uses the Python setuptools build system to build, and install.
As such it contains a setup.py script that will install the tools.
To run SETools command line tools, the following packages are required:
* Python 3.6+
* NetworkX 2.0+ (2.6+ for Python 3.9+)
* setuptools
@ -21,17 +21,20 @@ To run SETools command line tools, the following packages are required:
* libsepol 3.2+
To run SETools graphical tools, the following packages are also required:
* PyQt5
* qt5-assistant
* qt-devel (only if rebuilding the help file)
To build SETools, the following development packages are required, in
addition to the development packages from the above list:
* gcc
* cython 0.27+ (0.29.14+ for Python 3.8+)
To run SETools unit tests, the following packages are required, in
addition to the above dependencies:
* pytest
* tox (optional)
@ -41,23 +44,25 @@ SETools is included in most Linux distributions which support
SELinux, such as Fedora, Red Hat Enterprise Linux, Gentoo,
and Debian.
Official releases of SETools may be freely downloaded from:
https://github.com/SELinuxProject/setools/releases
Official releases of SETools may be freely downloaded from the
[GitHub releases page](https://github.com/SELinuxProject/setools/releases).
SETools source code is maintained within a GitHub repository.
From the command line do:
```
```bash
$ git clone https://github.com/SELinuxProject/setools.git
```
You may also browse the GitHub repository at
https://github.com/SELinuxProject/setools. The master branch
has development code that may not be stable. Each release series
is considered stable, and has its own branch, e.g. "4.0" for all
You may also browse the [GitHub repository](https://github.com/SELinuxProject/setools).
The master branch has development code that may not be stable. Each release
series is considered stable, and has its own branch, e.g. "4.0" for all
4.0.* releases. To checkout a stable branch, do:
```
```bash
$ git checkout 4.0
```
Where `4.0` is the release series. Each release will have a tag.
### Building SETools for Local Use
@ -65,19 +70,22 @@ Where `4.0` is the release series. Each release will have a tag.
To use SETools locally, without installing it onto the system,
unpack the official distribution or check out the git repository,
and perform the following at the root:
```
```bash
$ python setup.py build_ext -i
```
This will compile the C portion of SETools locally, and then
the tools can be ran from the current directory (e.g. ```./seinfo```).
the tools can be ran from the current directory (e.g. `./seinfo`).
### Rebuilding the Apol Help File
For convenience, a prebuilt copy of the apol help data file is included.
To rebuild this file, the Qt5 development tools are required
(particularly, the ```qcollectiongenerator``` tool). At the root
(particularly, the `qcollectiongenerator` tool). At the root
of the SETools sources, perform the following:
```
```bash
$ python setup.py build_qhc
```
@ -85,38 +93,40 @@ of the SETools sources, perform the following:
Unpack the official distribution or check out the git repository,
and perform the following at the root:
```
```bash
$ python setup.py build_ext
$ python setup.py build
$ python setup.py install
```
This will put the applications in /usr/bin, data files in /usr/share/setools,
and libraries in /usr/lib/pythonX.Y/site-packages/setools.
This will put the applications in /usr/bin, data files in `/usr/share/setools`,
and libraries in `/usr/lib/pythonX.Y/site-packages/setools`.
### Building SETools with a Local Libsepol and Libselinux
At times, SETools requires a newer libsepol than is available from
distributions. To use a locally-built libsepol instead of the libsepol
provided by the Linux distribution, build the libsepol sources and then
set the USERSPACE_SRC environmental variable to the path to the root of
set the `USERSPACE_SRC` environmental variable to the path to the root of
SELinux userspace source tree. The libsepol and libselinux must already
be compiled.
```
```bash
$ export USERSPACE_SRC=/home/user/src/selinux
$ python setup.py build_ext
$ python setup.py build
$ python setup.py install
```
This feature assumes that the directory structure at $USERSPACE_SRC is the
This feature assumes that the directory structure at `$USERSPACE_SRC` is the
same as the SELinux userspace code checked out from GitHub.
Since SETools is dynamically linked to libsepol and libselinux, you must
specify the path to the libsepol/src and libselinux/src directories by
using LD_LIBRARY_PATH so that the newer versions of the libraries are used.
using `LD_LIBRARY_PATH` so that the newer versions of the libraries are used.
```
```bash
$ export LD_LIBRARY_PATH="/home/user/src/selinux/libsepol/src:/home/user/src/selinux/libselinux/src"
$ ./seinfo policy.31
$ ./sesearch -A sysadm_t policy.31
@ -133,7 +143,7 @@ One goal for SETools is to provide confidence in the validity of the
output for the tools. The unit tests for SETools can be run with
the following commands:
```
```bash
$ python setup.py build_ext -i
$ pytest tests
```
@ -169,15 +179,13 @@ do our best to maintain API stability.
### Reporting bugs
Bugs can be reported in the SETools GitHub issues tracker:
https://github.com/SELinuxProject/setools/issues
Bugs can be reported in the [SETools GitHub issues tracker](https://github.com/SELinuxProject/setools/issues).
### Copyright license
The intent is to allow free use of this source code. All programs'
source files are copyright protected and freely distributed under the
GNU General Public License (see COPYING.GPL). All library source
GNU General Public License (see `COPYING.GPL`). All library source
files are copyright under the GNU Lesser General Public License (see
COPYING.LGPL). All files distributed with this package indicate the
`COPYING.LGPL`). All files distributed with this package indicate the
appropriate license to use. Absolutely no warranty is provided or implied.

11
apol
View File

@ -7,6 +7,7 @@
import sys
import argparse
import logging
import warnings
from PyQt5.QtWidgets import QApplication
import setools
@ -30,13 +31,23 @@ if args.debug:
console_handler.setLevel(logging.DEBUG)
console_handler.setFormatter(
logging.Formatter('%(asctime)s|%(levelname)s|%(name)s|%(message)s'))
if not sys.warnoptions:
warnings.simplefilter("default")
elif args.verbose:
console_handler.setLevel(logging.INFO)
console_handler.setFormatter(logging.Formatter('%(message)s'))
if not sys.warnoptions:
warnings.simplefilter("default")
else:
console_handler.setLevel(logging.WARNING)
console_handler.setFormatter(logging.Formatter('%(message)s'))
if not sys.warnoptions:
warnings.simplefilter("ignore")
logging.getLogger().addHandler(console_handler)
try:

558
pyproject.toml
View File

@ -2,6 +2,564 @@
requires = ["setuptools", "Cython>=0.27"]
build-backend = "setuptools.build_meta"
#
# Coverage config
#
[tool.coverage.run]
source = ["setools"]
plugins = ["Cython.Coverage"]
[tool.coverage.report]
exclude_lines = ["pragma: no cover",
"def __repr__",
"raise NotImplementedError",
"return NotImplemented"]
#
# Mypy config
#
[tool.mypy]
no_implicit_optional = true
pretty = true
[[tool.mypy.overrides]]
module = ['networkx.*',
'PyQt5.*',
'sip']
ignore_missing_imports = true
#
# Pylint config
#
[tool.pylint.main]
# Analyse import fallback blocks. This can be used to support both Python 2 and 3
# compatible code, which means that the block might have code that exists only in
# one or another interpreter, leading to false positives when analysed.
# analyse-fallback-blocks =
# Always return a 0 (non-error) status code, even if lint errors are found. This
# is primarily useful in continuous integration scripts.
# exit-zero =
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code.
# extension-pkg-allow-list =
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code. (This is an alternative name to extension-pkg-allow-list
# for backward compatibility.)
extension-pkg-whitelist = ["setools.policyrep"]
# Return non-zero exit code if any of these messages/categories are detected,
# even if score is above --fail-under value. Syntax same as enable. Messages
# specified are enabled, while categories only check already-enabled messages.
# fail-on =
# Specify a score threshold to be exceeded before program exits with error.
fail-under = 10
# Interpret the stdin as a python script, whose filename needs to be passed as
# the module_or_package argument.
# from-stdin =
# Files or directories to be skipped. They should be base names, not paths.
ignore = ["CVS"]
# Add files or directories matching the regex patterns to the ignore-list. The
# regex matches against paths and can be in Posix or Windows format.
# ignore-paths =
# Files or directories matching the regex patterns are skipped. The regex matches
# against base names, not paths. The default value ignores Emacs file locks
ignore-patterns = ["^\\.#"]
# List of module names for which member attributes should not be checked (useful
# for modules/projects where namespaces are manipulated during runtime and thus
# existing member attributes cannot be deduced by static analysis). It supports
# qualified module names, as well as Unix pattern matching.
# ignored-modules =
# Python code to execute, usually for sys.path manipulation such as
# pygtk.require().
# init-hook =
# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the
# number of processors available to use, and will cap the count on Windows to
# avoid hangs.
jobs = 0
# Control the amount of potential inferred values when inferring a single object.
# This can help the performance when dealing with large functions or complex,
# nested conditions.
limit-inference-results = 100
# List of plugins (as comma separated values of python module names) to load,
# usually to register additional checkers.
# load-plugins =
# Pickle collected data for later comparisons.
persistent = true
# Minimum Python version to use for version dependent checks. Will default to the
# version used to run pylint.
# py-version =
# Discover python modules and packages in the file system subtree.
# recursive =
# When enabled, pylint would attempt to guess common misconfiguration and emit
# user-friendly hints instead of false-positive error messages.
suggestion-mode = true
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
# unsafe-load-any-extension =
[tool.pylint.basic]
# Naming style matching correct argument names.
argument-naming-style = "snake_case"
# Regular expression matching correct argument names. Overrides argument-naming-
# style. If left empty, argument names will be checked with the set naming style.
argument-rgx = "[a-z_][a-z0-9_]{2,30}$"
# Naming style matching correct attribute names.
attr-naming-style = "snake_case"
# Regular expression matching correct attribute names. Overrides attr-naming-
# style. If left empty, attribute names will be checked with the set naming
# style.
attr-rgx = "[a-z_][a-z0-9_]{2,30}$"
# Bad variable names which should always be refused, separated by a comma.
bad-names = ["foo", "bar", "baz", "toto", "tutu", "tata"]
# Bad variable names regexes, separated by a comma. If names match any regex,
# they will always be refused
# bad-names-rgxs =
# Naming style matching correct class attribute names.
class-attribute-naming-style = "any"
# Regular expression matching correct class attribute names. Overrides class-
# attribute-naming-style. If left empty, class attribute names will be checked
# with the set naming style.
class-attribute-rgx = "([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$"
# Naming style matching correct class constant names.
class-const-naming-style = "UPPER_CASE"
# Regular expression matching correct class constant names. Overrides class-
# const-naming-style. If left empty, class constant names will be checked with
# the set naming style.
# class-const-rgx =
# Naming style matching correct class names.
class-naming-style = "PascalCase"
# Regular expression matching correct class names. Overrides class-naming-style.
# If left empty, class names will be checked with the set naming style.
class-rgx = "[A-Z_][a-zA-Z0-9]+$"
# Naming style matching correct constant names.
const-naming-style = "UPPER_CASE"
# Regular expression matching correct constant names. Overrides const-naming-
# style. If left empty, constant names will be checked with the set naming style.
const-rgx = "(([A-Z_][A-Z0-9_]*)|(__.*__))$"
# Minimum line length for functions/classes that require docstrings, shorter ones
# are exempt.
docstring-min-length = -1
# Naming style matching correct function names.
function-naming-style = "snake_case"
# Regular expression matching correct function names. Overrides function-naming-
# style. If left empty, function names will be checked with the set naming style.
function-rgx = "[a-z_][a-z0-9_]{2,30}$"
# Good variable names which should always be accepted, separated by a comma.
good-names = ["i", "j", "k", "s", "t", "ex", "fs", "Run", "_"]
# Good variable names regexes, separated by a comma. If names match any regex,
# they will always be accepted
# good-names-rgxs =
# Include a hint for the correct naming format with invalid-name.
# include-naming-hint =
# Naming style matching correct inline iteration names.
inlinevar-naming-style = "any"
# Regular expression matching correct inline iteration names. Overrides
# inlinevar-naming-style. If left empty, inline iteration names will be checked
# with the set naming style.
inlinevar-rgx = "[A-Za-z_][A-Za-z0-9_]*$"
# Naming style matching correct method names.
method-naming-style = "snake_case"
# Regular expression matching correct method names. Overrides method-naming-
# style. If left empty, method names will be checked with the set naming style.
method-rgx = "[a-z_][a-z0-9_]{2,30}$"
# Naming style matching correct module names.
module-naming-style = "snake_case"
# Regular expression matching correct module names. Overrides module-naming-
# style. If left empty, module names will be checked with the set naming style.
module-rgx = "(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$"
# Colon-delimited sets of names that determine each other's naming style when the
# name regexes allow several styles.
# name-group =
# Regular expression which should only match function or class names that do not
# require a docstring.
no-docstring-rgx = "^_"
# List of decorators that produce properties, such as abc.abstractproperty. Add
# to this list to register other decorators that produce valid properties. These
# decorators are taken in consideration only for invalid-name.
property-classes = ["abc.abstractproperty"]
# Regular expression matching correct type variable names. If left empty, type
# variable names will be checked with the set naming style.
# typevar-rgx =
# Naming style matching correct variable names.
variable-naming-style = "snake_case"
# Regular expression matching correct variable names. Overrides variable-naming-
# style. If left empty, variable names will be checked with the set naming style.
variable-rgx = "[a-z_][a-z0-9_]{2,30}$"
[tool.pylint.classes]
# Warn about protected attribute access inside special methods
# check-protected-access-in-special-methods =
# List of method names used to declare (i.e. assign) instance attributes.
defining-attr-methods = ["__init__", "__new__", "setUp"]
# List of member names, which should be excluded from the protected access
# warning.
exclude-protected = ["_asdict", "_fields", "_replace", "_source", "_make"]
# List of valid names for the first argument in a class method.
valid-classmethod-first-arg = ["cls"]
# List of valid names for the first argument in a metaclass class method.
valid-metaclass-classmethod-first-arg = ["mcs"]
[tool.pylint.design]
# List of regular expressions of class ancestor names to ignore when counting
# public methods (see R0903)
# exclude-too-few-public-methods =
# List of qualified class names to ignore when counting class parents (see R0901)
# ignored-parents =
# Maximum number of arguments for function / method.
max-args = 20
# Maximum number of attributes for a class (see R0902).
max-attributes = 20
# Maximum number of boolean expressions in an if statement (see R0916).
max-bool-expr = 5
# Maximum number of branch for function / method body.
max-branches = 15
# Maximum number of locals for function / method body.
max-locals = 20
# Maximum number of parents for a class (see R0901).
max-parents = 7
# Maximum number of public methods for a class (see R0904).
max-public-methods = 20
# Maximum number of return / yield for function / method body.
max-returns = 6
# Maximum number of statements in function / method body.
max-statements = 50
# Minimum number of public methods for a class (see R0903).
min-public-methods = 2
[tool.pylint.exceptions]
# Exceptions that will emit a warning when caught.
overgeneral-exceptions = ["builtins.Exception"]
[tool.pylint.format]
# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
expected-line-ending-format = "LF"
# Regexp for a line that is allowed to be longer than the limit.
ignore-long-lines = "^\\s*(# )?<?https?://\\S+>?$"
# Number of spaces of indent required inside a hanging or continued line.
indent-after-paren = 4
# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1
# tab).
indent-string = " "
# Maximum number of characters on a single line.
max-line-length = 100
# Maximum number of lines in a module.
max-module-lines = 1000
# Allow the body of a class to be on the same line as the declaration if body
# contains single statement.
# single-line-class-stmt =
# Allow the body of an if to be on the same line as the test if there is no else.
# single-line-if-stmt =
[tool.pylint.imports]
# List of modules that can be imported at any level, not just the top level one.
# allow-any-import-level =
# Allow wildcard imports from modules that define __all__.
# allow-wildcard-with-all =
# Deprecated modules which should not be used, separated by a comma.
deprecated-modules = ["optparse"]
# Output a graph (.gv or any supported image format) of external dependencies to
# the given file (report RP0402 must not be disabled).
# ext-import-graph =
# Output a graph (.gv or any supported image format) of all (i.e. internal and
# external) dependencies to the given file (report RP0402 must not be disabled).
# import-graph =
# Output a graph (.gv or any supported image format) of internal dependencies to
# the given file (report RP0402 must not be disabled).
# int-import-graph =
# Force import order to recognize a module as part of the standard compatibility
# libraries.
# known-standard-library =
# Force import order to recognize a module as part of a third party library.
known-third-party = ["enchant"]
# Couples of modules and preferred modules, separated by a comma.
# preferred-modules =
[tool.pylint.logging]
# The type of string formatting that logging methods do. `old` means using %
# formatting, `new` is for `{}` formatting.
logging-format-style = "new"
# Logging modules to check that the string format arguments are in logging
# function parameter format.
logging-modules = ["logging"]
[tool.pylint."messages control"]
# Only show warnings with the listed confidence levels. Leave empty to show all.
# Valid levels: HIGH, CONTROL_FLOW, INFERENCE, INFERENCE_FAILURE, UNDEFINED.
confidence = ["HIGH", "CONTROL_FLOW", "INFERENCE", "INFERENCE_FAILURE", "UNDEFINED"]
# Disable the message, report, category or checker with the given id(s). You can
# either give multiple identifiers separated by comma (,) or put this option
# multiple times (only on the command line, not in the configuration file where
# it should appear only once). You can also use "--disable=all" to disable
# everything first and then re-enable specific checks. For example, if you want
# to run only the similarities checker, you can use "--disable=all
# --enable=similarities". If you want to run only the classes checker, but have
# no Warning level messages displayed, use "--disable=all --enable=classes
# --disable=W".
disable = ["raw-checker-failed", "bad-inline-option", "locally-disabled", "file-ignored", "suppressed-message", "useless-suppression", "deprecated-pragma", "use-symbolic-message-instead", "c-extension-no-member", "logging-format-interpolation", "line-too-long", "too-many-lines", "trailing-whitespace", "missing-final-newline", "trailing-newlines", "bad-indentation", "unnecessary-semicolon", "multiple-statements", "superfluous-parens", "mixed-line-endings", "unexpected-line-ending-format", "duplicate-code"]
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option
# multiple time (only on the command line, not in the configuration file where it
# should appear only once). See also the "--disable" option for examples.
# enable =
[tool.pylint.miscellaneous]
# List of note tags to take in consideration, separated by a comma.
notes = ["FIXME", "XXX", "TODO"]
# Regular expression of note tags to take in consideration.
# notes-rgx =
[tool.pylint.refactoring]
# Maximum number of nested blocks for function / method body
max-nested-blocks = 5
# Complete name of functions that never returns. When checking for inconsistent-
# return-statements if a never returning function is called then it will be
# considered as an explicit return statement and no message will be printed.
never-returning-functions = ["sys.exit", "argparse.parse_error"]
[tool.pylint.reports]
# Python expression which should return a score less than or equal to 10. You
# have access to the variables 'fatal', 'error', 'warning', 'refactor',
# 'convention', and 'info' which contain the number of messages in each category,
# as well as 'statement' which is the total number of statements analyzed. This
# score is used by the global evaluation report (RP0004).
evaluation = "10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)"
# Template used to display messages. This is a python new-style format string
# used to format the message information. See doc for all details.
# msg-template =
# Set the output format. Available formats are text, parseable, colorized, json
# and msvs (visual studio). You can also give a reporter class, e.g.
# mypackage.mymodule.MyReporterClass.
# output-format =
# Tells whether to display a full report or only the messages.
# reports =
# Activate the evaluation score.
score = true
[tool.pylint.similarities]
# Comments are removed from the similarity computation
ignore-comments = true
# Docstrings are removed from the similarity computation
ignore-docstrings = true
# Imports are removed from the similarity computation
# ignore-imports =
# Signatures are removed from the similarity computation
ignore-signatures = true
# Minimum lines number of a similarity.
min-similarity-lines = 4
[tool.pylint.spelling]
# Limits count of emitted suggestions for spelling mistakes.
max-spelling-suggestions = 4
# Spelling dictionary name. Available dictionaries: none. To make it work,
# install the 'python-enchant' package.
# spelling-dict =
# List of comma separated words that should be considered directives if they
# appear at the beginning of a comment and should not be checked.
spelling-ignore-comment-directives = "fmt: on,fmt: off,noqa:,noqa,nosec,isort:skip,mypy:"
# List of comma separated words that should not be checked.
# spelling-ignore-words =
# A path to a file that contains the private dictionary; one word per line.
# spelling-private-dict-file =
# Tells whether to store unknown words to the private dictionary (see the
# --spelling-private-dict-file option) instead of raising a message.
# spelling-store-unknown-words =
[tool.pylint.string]
# This flag controls whether inconsistent-quotes generates a warning when the
# character used as a quote delimiter is used inconsistently within a module.
# check-quote-consistency =
# This flag controls whether the implicit-str-concat should generate a warning on
# implicit string concatenation in sequences defined over several lines.
# check-str-concat-over-line-jumps =
[tool.pylint.typecheck]
# List of decorators that produce context managers, such as
# contextlib.contextmanager. Add to this list to register other decorators that
# produce valid context managers.
contextmanager-decorators = ["contextlib.contextmanager"]
# List of members which are set dynamically and missed by pylint inference
# system, and so shouldn't trigger E1101 when accessed. Python regular
# expressions are accepted.
# generated-members =
# Tells whether missing members accessed in mixin class should be ignored. A
# class is considered mixin if its name matches the mixin-class-rgx option.
# Tells whether to warn about missing members when the owner of the attribute is
# inferred to be None.
ignore-none = true
# This flag controls whether pylint should warn about no-member and similar
# checks whenever an opaque object is returned when inferring. The inference can
# return multiple potential results while evaluating a Python object, but some
# branches might not be evaluated, which results in partial inference. In that
# case, it might be useful to still emit no-member and other checks for the rest
# of the inferred objects.
ignore-on-opaque-inference = true
# List of symbolic message names to ignore for Mixin members.
ignored-checks-for-mixins = ["no-member", "not-async-context-manager", "not-context-manager", "attribute-defined-outside-init"]
# List of class names for which member attributes should not be checked (useful
# for classes with dynamically set attributes). This supports the use of
# qualified names.
# ignored-classes =
# Show a hint with possible names when a member name was not found. The aspect of
# finding the hint is based on edit distance.
missing-member-hint = true
# The minimum edit distance a name should have in order to be considered a
# similar match for a missing member name.
missing-member-hint-distance = 1
# The total number of similar names that should be taken in consideration when
# showing a hint for a missing member.
missing-member-max-choices = 1
# Regex pattern to define which classes are considered mixins.
mixin-class-rgx = ".*[Mm]ixin"
# List of decorators that change the signature of a decorated function.
# signature-mutators =
[tool.pylint.variables]
# List of additional names supposed to be defined in builtins. Remember that you
# should avoid defining new builtins when possible.
# additional-builtins =
# Tells whether unused global variables should be treated as a violation.
allow-global-unused-variables = true
# List of names allowed to shadow builtins
# allowed-redefined-builtins =
# List of strings which can identify a callback function by name. A callback name
# must start or end with one of those strings.
callbacks = ["cb_", "_cb"]
# A regular expression matching the name of dummy variables (i.e. expected to not
# be used).
dummy-variables-rgx = "_$|dummy"
# Argument names that match this expression will be ignored. Default to name with
# leading underscore.
ignored-argument-names = "_.*"
# Tells whether we should check for unused import in __init__ files.
# init-import =
# List of qualified module names which can have objects that can redefine
# builtins.
redefining-builtins-modules = ["six.moves", "past.builtins", "future.builtins", "builtins", "io"]
#
# Pytest config
#
[tool.pytest.ini_options]
addopts = ["--import-mode=importlib",]
pythonpath = "."

7
sechecker
View File

@ -9,6 +9,7 @@ import argparse
import sys
import logging
import signal
import warnings
signal.signal(signal.SIGPIPE, signal.SIG_DFL)
@ -26,10 +27,16 @@ args = parser.parse_args()
if args.debug:
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')
if not sys.warnoptions:
warnings.simplefilter("default")
elif args.verbose:
logging.basicConfig(level=logging.INFO, format='%(message)s')
if not sys.warnoptions:
warnings.simplefilter("default")
else:
logging.basicConfig(level=logging.WARNING, format='%(message)s')
if not sys.warnoptions:
warnings.simplefilter("ignore")
try:
p = setools.SELinuxPolicy(args.policy)

7
sediff
View File

@ -9,6 +9,7 @@ import argparse
import sys
import logging
import signal
import warnings
from itertools import chain
from contextlib import suppress
from typing import List
@ -115,10 +116,16 @@ all_differences = not any((args.class_, args.common, args.type_, args.attribute,
if args.debug:
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')
if not sys.warnoptions:
warnings.simplefilter("default")
elif args.verbose:
logging.basicConfig(level=logging.INFO, format='%(message)s')
if not sys.warnoptions:
warnings.simplefilter("default")
else:
logging.basicConfig(level=logging.WARNING, format='%(message)s')
if not sys.warnoptions:
warnings.simplefilter("ignore")
try:
p1 = setools.SELinuxPolicy(args.POLICY1[0])

7
sedta
View File

@ -8,6 +8,7 @@ import sys
import argparse
import logging
import signal
import warnings
import setools
@ -97,10 +98,16 @@ if args.target and not (args.shortest_path or args.all_paths):
if args.debug:
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')
if not sys.warnoptions:
warnings.simplefilter("default")
elif args.verbose:
logging.basicConfig(level=logging.INFO, format='%(message)s')
if not sys.warnoptions:
warnings.simplefilter("default")
else:
logging.basicConfig(level=logging.WARNING, format='%(message)s')
if not sys.warnoptions:
warnings.simplefilter("ignore")
try:
p = setools.SELinuxPolicy(args.policy)

7
seinfo
View File

@ -11,6 +11,7 @@ import sys
import logging
import signal
import ipaddress
import warnings
from typing import Callable, List, Tuple
@ -102,10 +103,16 @@ args = parser.parse_args()
if args.debug:
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')
if not sys.warnoptions:
warnings.simplefilter("default")
elif args.verbose:
logging.basicConfig(level=logging.INFO, format='%(message)s')
if not sys.warnoptions:
warnings.simplefilter("default")
else:
logging.basicConfig(level=logging.WARNING, format='%(message)s')
if not sys.warnoptions:
warnings.simplefilter("ignore")
try:
p = setools.SELinuxPolicy(args.policy)

7
seinfoflow
View File

@ -9,6 +9,7 @@ import argparse
import sys
import logging
import signal
import warnings
from typing import Dict, Optional
signal.signal(signal.SIGPIPE, signal.SIG_DFL)
@ -66,10 +67,16 @@ if args.limit_flows < 0:
if args.debug:
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')
if not sys.warnoptions:
warnings.simplefilter("default")
elif args.verbose:
logging.basicConfig(level=logging.INFO, format='%(message)s')
if not sys.warnoptions:
warnings.simplefilter("default")
else:
logging.basicConfig(level=logging.WARNING, format='%(message)s')
if not sys.warnoptions:
warnings.simplefilter("ignore")
booleans: Optional[Dict[str, bool]] = None
if args.booleans == 'default':

7
sesearch
View File

@ -9,6 +9,7 @@ import argparse
import sys
import logging
import signal
import warnings
signal.signal(signal.SIGPIPE, signal.SIG_DFL)
@ -125,10 +126,16 @@ if not args.tertypes and not args.mlsrtypes and not args.rbacrtypes:
if args.debug:
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')
if not sys.warnoptions:
warnings.simplefilter("default")
elif args.verbose:
logging.basicConfig(level=logging.INFO, format='%(message)s')
if not sys.warnoptions:
warnings.simplefilter("default")
else:
logging.basicConfig(level=logging.WARNING, format='%(message)s')
if not sys.warnoptions:
warnings.simplefilter("ignore")
try:
p = setools.SELinuxPolicy(args.policy)

16
tox.ini
View File

@ -1,5 +1,5 @@
[tox]
minversion = 1.4
minversion = 2.4
envlist = py3, pep8, lint, mypy
[pycodestyle]
@ -14,7 +14,8 @@ commands = pycodestyle setools/ setoolsgui/ tests/ seinfo seinfoflow sedt
[testenv:coverage]
setenv = SETOOLS_COVERAGE = 1
deps = {[testenv]deps}
coverage>=4.0
coverage>=5.0
extras = toml
commands_pre = coverage --version
coverage erase
{envpython} setup.py build_ext -i
@ -26,12 +27,13 @@ deps = {[testenv]deps}
pylint>=2.8.0
commands_pre = pylint --version
{envpython} setup.py build_ext -i
commands = pylint -E --rcfile .pylintrc setools tests seinfo seinfoflow sedta sesearch sediff sechecker
commands = pylint -E setools tests seinfo seinfoflow sedta sesearch sediff sechecker
# pylint can't see all members introduced by PyQt uic
pylint -E --rcfile .pylintrc --disable=no-member,import-error setoolsgui apol
pylint -E --disable=no-member,import-error setoolsgui apol
[testenv:mypy]
deps = {[testenv]deps}
types-setuptools
mypy
commands_pre = mypy --version
commands = mypy -p setools
@ -47,11 +49,9 @@ commands = mypy -p setools
[testenv]
passenv = USERSPACE_SRC
deps = networkx>=2.0
cython>=0.27
pytest
cython>=0.29.14
pytest>=6.0
py36: dataclasses
py38: cython>=0.29.14
py39: networkx>=2.6
py39: cython>=0.29.14
commands_pre = {envpython} setup.py build_ext -i
commands = pytest tests