From 878059debff7f426be4a0e1a0bbc12c9e074dffb Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mon, 27 Mar 2023 09:16:53 -0400 Subject: [PATCH 1/6] README: Minor formatting refinements. Signed-off-by: Chris PeBenito --- README.md | 64 +++++++++++++++++++++++++++++++------------------------ 1 file changed, 36 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index d9b3352..0a5d39d 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,4 @@ # SETools: Policy analysis tools for SELinux -https://github.com/SELinuxProject/setools/wiki ## Overview @@ -13,6 +12,7 @@ SETools uses the Python setuptools build system to build, and install. As such it contains a setup.py script that will install the tools. To run SETools command line tools, the following packages are required: + * Python 3.6+ * NetworkX 2.0+ (2.6+ for Python 3.9+) * setuptools @@ -21,17 +21,20 @@ To run SETools command line tools, the following packages are required: * libsepol 3.2+ To run SETools graphical tools, the following packages are also required: + * PyQt5 * qt5-assistant * qt-devel (only if rebuilding the help file) To build SETools, the following development packages are required, in addition to the development packages from the above list: + * gcc * cython 0.27+ (0.29.14+ for Python 3.8+) To run SETools unit tests, the following packages are required, in addition to the above dependencies: + * pytest * tox (optional) @@ -41,23 +44,25 @@ SETools is included in most Linux distributions which support SELinux, such as Fedora, Red Hat Enterprise Linux, Gentoo, and Debian. -Official releases of SETools may be freely downloaded from: - -https://github.com/SELinuxProject/setools/releases +Official releases of SETools may be freely downloaded from the +[GitHub releases page](https://github.com/SELinuxProject/setools/releases). SETools source code is maintained within a GitHub repository. From the command line do: -``` + +```bash $ git clone https://github.com/SELinuxProject/setools.git ``` -You may also browse the GitHub repository at -https://github.com/SELinuxProject/setools. The master branch -has development code that may not be stable. Each release series -is considered stable, and has its own branch, e.g. "4.0" for all + +You may also browse the [GitHub repository](https://github.com/SELinuxProject/setools). +The master branch has development code that may not be stable. Each release +series is considered stable, and has its own branch, e.g. "4.0" for all 4.0.* releases. To checkout a stable branch, do: -``` + +```bash $ git checkout 4.0 ``` + Where `4.0` is the release series. Each release will have a tag. ### Building SETools for Local Use @@ -65,19 +70,22 @@ Where `4.0` is the release series. Each release will have a tag. To use SETools locally, without installing it onto the system, unpack the official distribution or check out the git repository, and perform the following at the root: -``` + +```bash $ python setup.py build_ext -i ``` + This will compile the C portion of SETools locally, and then -the tools can be ran from the current directory (e.g. ```./seinfo```). +the tools can be ran from the current directory (e.g. `./seinfo`). ### Rebuilding the Apol Help File For convenience, a prebuilt copy of the apol help data file is included. To rebuild this file, the Qt5 development tools are required -(particularly, the ```qcollectiongenerator``` tool). At the root +(particularly, the `qcollectiongenerator` tool). At the root of the SETools sources, perform the following: -``` + +```bash $ python setup.py build_qhc ``` @@ -85,38 +93,40 @@ of the SETools sources, perform the following: Unpack the official distribution or check out the git repository, and perform the following at the root: -``` + +```bash $ python setup.py build_ext $ python setup.py build $ python setup.py install ``` -This will put the applications in /usr/bin, data files in /usr/share/setools, -and libraries in /usr/lib/pythonX.Y/site-packages/setools. + +This will put the applications in /usr/bin, data files in `/usr/share/setools`, +and libraries in `/usr/lib/pythonX.Y/site-packages/setools`. ### Building SETools with a Local Libsepol and Libselinux At times, SETools requires a newer libsepol than is available from distributions. To use a locally-built libsepol instead of the libsepol provided by the Linux distribution, build the libsepol sources and then -set the USERSPACE_SRC environmental variable to the path to the root of +set the `USERSPACE_SRC` environmental variable to the path to the root of SELinux userspace source tree. The libsepol and libselinux must already be compiled. -``` +```bash $ export USERSPACE_SRC=/home/user/src/selinux $ python setup.py build_ext $ python setup.py build $ python setup.py install ``` -This feature assumes that the directory structure at $USERSPACE_SRC is the +This feature assumes that the directory structure at `$USERSPACE_SRC` is the same as the SELinux userspace code checked out from GitHub. Since SETools is dynamically linked to libsepol and libselinux, you must specify the path to the libsepol/src and libselinux/src directories by -using LD_LIBRARY_PATH so that the newer versions of the libraries are used. +using `LD_LIBRARY_PATH` so that the newer versions of the libraries are used. -``` +```bash $ export LD_LIBRARY_PATH="/home/user/src/selinux/libsepol/src:/home/user/src/selinux/libselinux/src" $ ./seinfo policy.31 $ ./sesearch -A sysadm_t policy.31 @@ -133,7 +143,7 @@ One goal for SETools is to provide confidence in the validity of the output for the tools. The unit tests for SETools can be run with the following commands: -``` +```bash $ python setup.py build_ext -i $ pytest tests ``` @@ -169,15 +179,13 @@ do our best to maintain API stability. ### Reporting bugs -Bugs can be reported in the SETools GitHub issues tracker: - -https://github.com/SELinuxProject/setools/issues +Bugs can be reported in the [SETools GitHub issues tracker](https://github.com/SELinuxProject/setools/issues). ### Copyright license The intent is to allow free use of this source code. All programs' source files are copyright protected and freely distributed under the -GNU General Public License (see COPYING.GPL). All library source +GNU General Public License (see `COPYING.GPL`). All library source files are copyright under the GNU Lesser General Public License (see -COPYING.LGPL). All files distributed with this package indicate the +`COPYING.LGPL`). All files distributed with this package indicate the appropriate license to use. Absolutely no warranty is provided or implied. From 5943451017c1131dbf00e453532933c88c0b930b Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mon, 27 Mar 2023 09:18:01 -0400 Subject: [PATCH 2/6] mypy: Add types-setuptools in tox.ini. Remove extra ignores in .mypy.ini. Signed-off-by: Chris PeBenito --- .mypy.ini | 6 ------ tox.ini | 1 + 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/.mypy.ini b/.mypy.ini index b45560b..b8ca9fa 100644 --- a/.mypy.ini +++ b/.mypy.ini @@ -3,9 +3,6 @@ no_implicit_optional = True pretty = True # NetworkX does not have annotations -[mypy-networkx] -ignore_missing_imports = True - [mypy-networkx.*] ignore_missing_imports = True @@ -14,6 +11,3 @@ ignore_missing_imports = True [mypy-sip] ignore_missing_imports = True - -[mypy-pkg_resources] -ignore_missing_imports = True diff --git a/tox.ini b/tox.ini index 737ab61..e1649fb 100644 --- a/tox.ini +++ b/tox.ini @@ -32,6 +32,7 @@ commands = pylint -E --rcfile .pylintrc setools tests seinfo seinfoflow s [testenv:mypy] deps = {[testenv]deps} + types-setuptools mypy commands_pre = mypy --version commands = mypy -p setools From 865f523b1fdf0eb934e1f85a263ed52017eec243 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mon, 27 Mar 2023 09:30:26 -0400 Subject: [PATCH 3/6] Set warnings filter on CLI programs. Signed-off-by: Chris PeBenito --- apol | 11 +++++++++++ sechecker | 7 +++++++ sediff | 7 +++++++ sedta | 7 +++++++ seinfo | 7 +++++++ seinfoflow | 7 +++++++ sesearch | 7 +++++++ 7 files changed, 53 insertions(+) diff --git a/apol b/apol index 4008321..12daf24 100755 --- a/apol +++ b/apol @@ -7,6 +7,7 @@ import sys import argparse import logging +import warnings from PyQt5.QtWidgets import QApplication import setools @@ -30,13 +31,23 @@ if args.debug: console_handler.setLevel(logging.DEBUG) console_handler.setFormatter( logging.Formatter('%(asctime)s|%(levelname)s|%(name)s|%(message)s')) + + if not sys.warnoptions: + warnings.simplefilter("default") + elif args.verbose: console_handler.setLevel(logging.INFO) console_handler.setFormatter(logging.Formatter('%(message)s')) + + if not sys.warnoptions: + warnings.simplefilter("default") else: console_handler.setLevel(logging.WARNING) console_handler.setFormatter(logging.Formatter('%(message)s')) + if not sys.warnoptions: + warnings.simplefilter("ignore") + logging.getLogger().addHandler(console_handler) try: diff --git a/sechecker b/sechecker index f5da803..60bdace 100755 --- a/sechecker +++ b/sechecker @@ -9,6 +9,7 @@ import argparse import sys import logging import signal +import warnings signal.signal(signal.SIGPIPE, signal.SIG_DFL) @@ -26,10 +27,16 @@ args = parser.parse_args() if args.debug: logging.basicConfig(level=logging.DEBUG, format='%(asctime)s|%(levelname)s|%(name)s|%(message)s') + if not sys.warnoptions: + warnings.simplefilter("default") elif args.verbose: logging.basicConfig(level=logging.INFO, format='%(message)s') + if not sys.warnoptions: + warnings.simplefilter("default") else: logging.basicConfig(level=logging.WARNING, format='%(message)s') + if not sys.warnoptions: + warnings.simplefilter("ignore") try: p = setools.SELinuxPolicy(args.policy) diff --git a/sediff b/sediff index fb0d9a4..dfaa319 100755 --- a/sediff +++ b/sediff @@ -9,6 +9,7 @@ import argparse import sys import logging import signal +import warnings from itertools import chain from contextlib import suppress from typing import List @@ -115,10 +116,16 @@ all_differences = not any((args.class_, args.common, args.type_, args.attribute, if args.debug: logging.basicConfig(level=logging.DEBUG, format='%(asctime)s|%(levelname)s|%(name)s|%(message)s') + if not sys.warnoptions: + warnings.simplefilter("default") elif args.verbose: logging.basicConfig(level=logging.INFO, format='%(message)s') + if not sys.warnoptions: + warnings.simplefilter("default") else: logging.basicConfig(level=logging.WARNING, format='%(message)s') + if not sys.warnoptions: + warnings.simplefilter("ignore") try: p1 = setools.SELinuxPolicy(args.POLICY1[0]) diff --git a/sedta b/sedta index ffd9ede..97658fb 100755 --- a/sedta +++ b/sedta @@ -8,6 +8,7 @@ import sys import argparse import logging import signal +import warnings import setools @@ -97,10 +98,16 @@ if args.target and not (args.shortest_path or args.all_paths): if args.debug: logging.basicConfig(level=logging.DEBUG, format='%(asctime)s|%(levelname)s|%(name)s|%(message)s') + if not sys.warnoptions: + warnings.simplefilter("default") elif args.verbose: logging.basicConfig(level=logging.INFO, format='%(message)s') + if not sys.warnoptions: + warnings.simplefilter("default") else: logging.basicConfig(level=logging.WARNING, format='%(message)s') + if not sys.warnoptions: + warnings.simplefilter("ignore") try: p = setools.SELinuxPolicy(args.policy) diff --git a/seinfo b/seinfo index cecc9f0..6d551e2 100755 --- a/seinfo +++ b/seinfo @@ -11,6 +11,7 @@ import sys import logging import signal import ipaddress +import warnings from typing import Callable, List, Tuple @@ -102,10 +103,16 @@ args = parser.parse_args() if args.debug: logging.basicConfig(level=logging.DEBUG, format='%(asctime)s|%(levelname)s|%(name)s|%(message)s') + if not sys.warnoptions: + warnings.simplefilter("default") elif args.verbose: logging.basicConfig(level=logging.INFO, format='%(message)s') + if not sys.warnoptions: + warnings.simplefilter("default") else: logging.basicConfig(level=logging.WARNING, format='%(message)s') + if not sys.warnoptions: + warnings.simplefilter("ignore") try: p = setools.SELinuxPolicy(args.policy) diff --git a/seinfoflow b/seinfoflow index 5f4e764..7dfec4a 100755 --- a/seinfoflow +++ b/seinfoflow @@ -9,6 +9,7 @@ import argparse import sys import logging import signal +import warnings from typing import Dict, Optional signal.signal(signal.SIGPIPE, signal.SIG_DFL) @@ -66,10 +67,16 @@ if args.limit_flows < 0: if args.debug: logging.basicConfig(level=logging.DEBUG, format='%(asctime)s|%(levelname)s|%(name)s|%(message)s') + if not sys.warnoptions: + warnings.simplefilter("default") elif args.verbose: logging.basicConfig(level=logging.INFO, format='%(message)s') + if not sys.warnoptions: + warnings.simplefilter("default") else: logging.basicConfig(level=logging.WARNING, format='%(message)s') + if not sys.warnoptions: + warnings.simplefilter("ignore") booleans: Optional[Dict[str, bool]] = None if args.booleans == 'default': diff --git a/sesearch b/sesearch index f2df629..ba6a727 100755 --- a/sesearch +++ b/sesearch @@ -9,6 +9,7 @@ import argparse import sys import logging import signal +import warnings signal.signal(signal.SIGPIPE, signal.SIG_DFL) @@ -125,10 +126,16 @@ if not args.tertypes and not args.mlsrtypes and not args.rbacrtypes: if args.debug: logging.basicConfig(level=logging.DEBUG, format='%(asctime)s|%(levelname)s|%(name)s|%(message)s') + if not sys.warnoptions: + warnings.simplefilter("default") elif args.verbose: logging.basicConfig(level=logging.INFO, format='%(message)s') + if not sys.warnoptions: + warnings.simplefilter("default") else: logging.basicConfig(level=logging.WARNING, format='%(message)s') + if not sys.warnoptions: + warnings.simplefilter("ignore") try: p = setools.SELinuxPolicy(args.policy) From 3bfffa7df2b4fe3feca46e17008617088fc2e93c Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mon, 27 Mar 2023 13:46:22 -0400 Subject: [PATCH 4/6] Move coverage config to pyproject.toml. Signed-off-by: Chris PeBenito --- .coveragerc | 11 ----------- pyproject.toml | 18 ++++++++++++++++++ tox.ini | 11 +++++------ 3 files changed, 23 insertions(+), 17 deletions(-) delete mode 100644 .coveragerc diff --git a/.coveragerc b/.coveragerc deleted file mode 100644 index 3a8f735..0000000 --- a/.coveragerc +++ /dev/null @@ -1,11 +0,0 @@ -#coverage.py configuration -[run] -source = setools -plugins = Cython.Coverage - -[report] -exclude_lines = - pragma: no cover - def __repr__ - raise NotImplementedError - return NotImplemented diff --git a/pyproject.toml b/pyproject.toml index d4f6b47..faab338 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -2,6 +2,24 @@ requires = ["setuptools", "Cython>=0.27"] build-backend = "setuptools.build_meta" + +# +# Coverage config +# +[tool.coverage.run] +source = ["setools"] +plugins = ["Cython.Coverage"] + +[tool.coverage.report] +exclude_lines = ["pragma: no cover", + "def __repr__", + "raise NotImplementedError", + "return NotImplemented"] + + +# +# Pytest config +# [tool.pytest.ini_options] addopts = ["--import-mode=importlib",] pythonpath = "." diff --git a/tox.ini b/tox.ini index e1649fb..01d9587 100644 --- a/tox.ini +++ b/tox.ini @@ -1,5 +1,5 @@ [tox] -minversion = 1.4 +minversion = 2.4 envlist = py3, pep8, lint, mypy [pycodestyle] @@ -14,7 +14,8 @@ commands = pycodestyle setools/ setoolsgui/ tests/ seinfo seinfoflow sedt [testenv:coverage] setenv = SETOOLS_COVERAGE = 1 deps = {[testenv]deps} - coverage>=4.0 + coverage>=5.0 +extras = toml commands_pre = coverage --version coverage erase {envpython} setup.py build_ext -i @@ -48,11 +49,9 @@ commands = mypy -p setools [testenv] passenv = USERSPACE_SRC deps = networkx>=2.0 - cython>=0.27 - pytest + cython>=0.29.14 + pytest>=6.0 py36: dataclasses - py38: cython>=0.29.14 py39: networkx>=2.6 - py39: cython>=0.29.14 commands_pre = {envpython} setup.py build_ext -i commands = pytest tests From 9d45d1e3c2ae3f47c30b1ce6f95980102e592b41 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mon, 27 Mar 2023 14:28:41 -0400 Subject: [PATCH 5/6] Move mypy configuration to pyproject.toml. Signed-off-by: Chris PeBenito --- .mypy.ini | 13 ------------- pyproject.toml | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 13 deletions(-) delete mode 100644 .mypy.ini diff --git a/.mypy.ini b/.mypy.ini deleted file mode 100644 index b8ca9fa..0000000 --- a/.mypy.ini +++ /dev/null @@ -1,13 +0,0 @@ -[mypy] -no_implicit_optional = True -pretty = True - -# NetworkX does not have annotations -[mypy-networkx.*] -ignore_missing_imports = True - -[mypy-PyQt5.*] -ignore_missing_imports = True - -[mypy-sip] -ignore_missing_imports = True diff --git a/pyproject.toml b/pyproject.toml index faab338..2c2050a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -17,6 +17,20 @@ exclude_lines = ["pragma: no cover", "return NotImplemented"] +# +# Mypy config +# +[tool.mypy] +no_implicit_optional = true +pretty = true + +[[tool.mypy.overrides]] +module = ['networkx.*', + 'PyQt5.*', + 'sip'] +ignore_missing_imports = true + + # # Pytest config # From 6df34dc44d3a7ff92f90991ed6320a65decb0bc2 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mon, 27 Mar 2023 15:51:04 -0400 Subject: [PATCH 6/6] Move pylint config to pyproject.toml. Signed-off-by: Chris PeBenito --- .pylintrc | 332 ------------------------------- pyproject.toml | 526 +++++++++++++++++++++++++++++++++++++++++++++++++ tox.ini | 4 +- 3 files changed, 528 insertions(+), 334 deletions(-) delete mode 100644 .pylintrc diff --git a/.pylintrc b/.pylintrc deleted file mode 100644 index f8b1302..0000000 --- a/.pylintrc +++ /dev/null @@ -1,332 +0,0 @@ -[MASTER] - -# Specify a configuration file. -#rcfile= - -# Python code to execute, usually for sys.path manipulation such as -# pygtk.require(). -#init-hook= - -# Add files or directories to the blacklist. They should be base names, not -# paths. -ignore=CVS - -# Pickle collected data for later comparisons. -persistent=yes - -# List of plugins (as comma separated values of python modules names) to load, -# usually to register additional checkers. -load-plugins= - -# Use multiple processes to speed up Pylint. -jobs=0 - -# Allow loading of arbitrary C extensions. Extensions are imported into the -# active Python interpreter and may run arbitrary code. -unsafe-load-any-extension=no - -# A comma-separated list of package or module names from where C extensions may -# be loaded. Extensions are loading into the active Python interpreter and may -# run arbitrary code -extension-pkg-whitelist=setools.policyrep - - -[MESSAGES CONTROL] - -# Only show warnings with the listed confidence levels. Leave empty to show -# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED -confidence= - -# Enable the message, report, category or checker with the given id(s). You can -# either give multiple identifier separated by comma (,) or put this option -# multiple time. See also the "--disable" option for examples. -#enable= - -# Disable the message, report, category or checker with the given id(s). You -# can either give multiple identifiers separated by comma (,) or put this -# option multiple times (only on the command line, not in the configuration -# file where it should appear only once).You can also use "--disable=all" to -# disable everything first and then reenable specific checks. For example, if -# you want to run only the similarities checker, you can use "--disable=all -# --enable=similarities". If you want to run only the classes checker, but have -# no Warning level messages displayed, use"--disable=all --enable=classes -# --disable=W" -# format: enforced by pep8 tool -disable=I,logging-format-interpolation,format,similarities - -[REPORTS] - -# Set the output format. Available formats are text, parseable, colorized, msvs -# (visual studio) and html. You can also give a reporter class, eg -# mypackage.mymodule.MyReporterClass. -output-format=text - -# Tells whether to display a full report or only the messages -reports=no - -# Python expression which should return a note less than 10 (10 is the highest -# note). You have access to the variables errors warning, statement which -# respectively contain the number of errors / warnings messages and the total -# number of statements analyzed. This is used by the global evaluation report -# (RP0004). -evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10) - -# Template used to display messages. This is a python new-style format string -# used to format the message information. See doc for all details -#msg-template= - - -[BASIC] - -# List of builtins function names that should not be used, separated by a comma -bad-functions=map,filter - -# Good variable names which should always be accepted, separated by a comma -good-names=i,j,k,s,t,ex,fs,Run,_ - -# Bad variable names which should always be refused, separated by a comma -bad-names=foo,bar,baz,toto,tutu,tata - -# Colon-delimited sets of names that determine each other's naming style when -# the name regexes allow several styles. -name-group= - -# Include a hint for the correct naming format with invalid-name -include-naming-hint=no - -# Regular expression matching correct constant names -const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$ - -# Regular expression matching correct method names -method-rgx=[a-z_][a-z0-9_]{2,30}$ - -# Regular expression matching correct function names -function-rgx=[a-z_][a-z0-9_]{2,30}$ - -# Regular expression matching correct class attribute names -class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$ - -# Naming hint for class attribute names -class-attribute-name-hint=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$ - -# Regular expression matching correct attribute names -attr-rgx=[a-z_][a-z0-9_]{2,30}$ - -# Regular expression matching correct class names -class-rgx=[A-Z_][a-zA-Z0-9]+$ - -# Regular expression matching correct module names -module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ - -# Regular expression matching correct inline iteration names -inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$ - -# Regular expression matching correct argument names -argument-rgx=[a-z_][a-z0-9_]{2,30}$ - -# Regular expression matching correct variable names -variable-rgx=[a-z_][a-z0-9_]{2,30}$ - -# Regular expression which should only match function or class names that do -# not require a docstring. -no-docstring-rgx=^_ - -# Minimum line length for functions/classes that require docstrings, shorter -# ones are exempt. -docstring-min-length=-1 - - -[ELIF] - -# Maximum number of nested blocks for function / method body -max-nested-blocks=5 - - -[LOGGING] - -# Logging modules to check that the string format arguments are in logging -# function parameter format -logging-modules=logging - - -[MISCELLANEOUS] - -# List of note tags to take in consideration, separated by a comma. -notes=FIXME,XXX,TODO - - -[SPELLING] - -# Spelling dictionary name. Available dictionaries: none. To make it working -# install python-enchant package. -spelling-dict= - -# List of comma separated words that should not be checked. -spelling-ignore-words= - -# A path to a file that contains private dictionary; one word per line. -spelling-private-dict-file= - -# Tells whether to store unknown words to indicated private dictionary in -# --spelling-private-dict-file option instead of raising a message. -spelling-store-unknown-words=no - - -[FORMAT] - -# Maximum number of characters on a single line. -max-line-length=100 - -# Regexp for a line that is allowed to be longer than the limit. -ignore-long-lines=^\s*(# )??$ - -# Allow the body of an if to be on the same line as the test if there is no -# else. -single-line-if-stmt=no - -# Maximum number of lines in a module -max-module-lines=1000 - -# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 -# tab). -indent-string=' ' - -# Number of spaces of indent required inside a hanging or continued line. -indent-after-paren=4 - -# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. -expected-line-ending-format= - - -[TYPECHECK] - -# Tells whether missing members accessed in mixin class should be ignored. A -# mixin class is detected if its name ends with "mixin" (case insensitive). -ignore-mixin-members=yes - -# List of module names for which member attributes should not be checked -# (useful for modules/projects where namespaces are manipulated during runtime -# and thus existing member attributes cannot be deduced by static analysis. It -# supports qualified module names, as well as Unix pattern matching. -ignored-modules= - -# List of classes names for which member attributes should not be checked -# (useful for classes with attributes dynamically set). This supports can work -# with qualified names. -ignored-classes= - -# List of members which are set dynamically and missed by pylint inference -# system, and so shouldn't trigger E1101 when accessed. Python regular -# expressions are accepted. -generated-members= - - -[SIMILARITIES] - -# Minimum lines number of a similarity. -min-similarity-lines=4 - -# Ignore comments when computing similarities. -ignore-comments=yes - -# Ignore docstrings when computing similarities. -ignore-docstrings=yes - -# Ignore imports when computing similarities. -ignore-imports=no - - -[VARIABLES] - -# Tells whether we should check for unused import in __init__ files. -init-import=no - -# A regular expression matching the name of dummy variables (i.e. expectedly -# not used). -dummy-variables-rgx=_$|dummy - -# List of additional names supposed to be defined in builtins. Remember that -# you should avoid to define new builtins when possible. -additional-builtins= - -# List of strings which can identify a callback function by name. A callback -# name must start or end with one of those strings. -callbacks=cb_,_cb - - -[IMPORTS] - -# Deprecated modules which should not be used, separated by a comma -deprecated-modules=optparse - -# Create a graph of every (i.e. internal and external) dependencies in the -# given file (report RP0402 must not be disabled) -import-graph= - -# Create a graph of external dependencies in the given file (report RP0402 must -# not be disabled) -ext-import-graph= - -# Create a graph of internal dependencies in the given file (report RP0402 must -# not be disabled) -int-import-graph= - - -[DESIGN] - -# Maximum number of arguments for function / method -max-args=20 - -# Argument names that match this expression will be ignored. Default to name -# with leading underscore -ignored-argument-names=_.* - -# Maximum number of locals for function / method body -max-locals=20 - -# Maximum number of return / yield for function / method body -max-returns=6 - -# Maximum number of branch for function / method body -max-branches=15 - -# Maximum number of statements in function / method body -max-statements=50 - -# Maximum number of parents for a class (see R0901). -max-parents=7 - -# Maximum number of attributes for a class (see R0902). -max-attributes=20 - -# Minimum number of public methods for a class (see R0903). -min-public-methods=2 - -# Maximum number of public methods for a class (see R0904). -max-public-methods=20 - -# Maximum number of boolean expressions in a if statement -max-bool-expr=5 - - -[CLASSES] - -# List of method names used to declare (i.e. assign) instance attributes. -defining-attr-methods=__init__,__new__,setUp - -# List of valid names for the first argument in a class method. -valid-classmethod-first-arg=cls - -# List of valid names for the first argument in a metaclass class method. -valid-metaclass-classmethod-first-arg=mcs - -# List of member names, which should be excluded from the protected access -# warning. -exclude-protected=_asdict,_fields,_replace,_source,_make - - -[EXCEPTIONS] - -# Exceptions that will emit a warning when being caught. Defaults to -# "Exception" -overgeneral-exceptions=builtins.Exception diff --git a/pyproject.toml b/pyproject.toml index 2c2050a..09fe908 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -31,6 +31,532 @@ module = ['networkx.*', ignore_missing_imports = true +# +# Pylint config +# +[tool.pylint.main] +# Analyse import fallback blocks. This can be used to support both Python 2 and 3 +# compatible code, which means that the block might have code that exists only in +# one or another interpreter, leading to false positives when analysed. +# analyse-fallback-blocks = + +# Always return a 0 (non-error) status code, even if lint errors are found. This +# is primarily useful in continuous integration scripts. +# exit-zero = + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code. +# extension-pkg-allow-list = + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code. (This is an alternative name to extension-pkg-allow-list +# for backward compatibility.) +extension-pkg-whitelist = ["setools.policyrep"] + +# Return non-zero exit code if any of these messages/categories are detected, +# even if score is above --fail-under value. Syntax same as enable. Messages +# specified are enabled, while categories only check already-enabled messages. +# fail-on = + +# Specify a score threshold to be exceeded before program exits with error. +fail-under = 10 + +# Interpret the stdin as a python script, whose filename needs to be passed as +# the module_or_package argument. +# from-stdin = + +# Files or directories to be skipped. They should be base names, not paths. +ignore = ["CVS"] + +# Add files or directories matching the regex patterns to the ignore-list. The +# regex matches against paths and can be in Posix or Windows format. +# ignore-paths = + +# Files or directories matching the regex patterns are skipped. The regex matches +# against base names, not paths. The default value ignores Emacs file locks +ignore-patterns = ["^\\.#"] + +# List of module names for which member attributes should not be checked (useful +# for modules/projects where namespaces are manipulated during runtime and thus +# existing member attributes cannot be deduced by static analysis). It supports +# qualified module names, as well as Unix pattern matching. +# ignored-modules = + +# Python code to execute, usually for sys.path manipulation such as +# pygtk.require(). +# init-hook = + +# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the +# number of processors available to use, and will cap the count on Windows to +# avoid hangs. +jobs = 0 + +# Control the amount of potential inferred values when inferring a single object. +# This can help the performance when dealing with large functions or complex, +# nested conditions. +limit-inference-results = 100 + +# List of plugins (as comma separated values of python module names) to load, +# usually to register additional checkers. +# load-plugins = + +# Pickle collected data for later comparisons. +persistent = true + +# Minimum Python version to use for version dependent checks. Will default to the +# version used to run pylint. +# py-version = + +# Discover python modules and packages in the file system subtree. +# recursive = + +# When enabled, pylint would attempt to guess common misconfiguration and emit +# user-friendly hints instead of false-positive error messages. +suggestion-mode = true + +# Allow loading of arbitrary C extensions. Extensions are imported into the +# active Python interpreter and may run arbitrary code. +# unsafe-load-any-extension = + +[tool.pylint.basic] +# Naming style matching correct argument names. +argument-naming-style = "snake_case" + +# Regular expression matching correct argument names. Overrides argument-naming- +# style. If left empty, argument names will be checked with the set naming style. +argument-rgx = "[a-z_][a-z0-9_]{2,30}$" + +# Naming style matching correct attribute names. +attr-naming-style = "snake_case" + +# Regular expression matching correct attribute names. Overrides attr-naming- +# style. If left empty, attribute names will be checked with the set naming +# style. +attr-rgx = "[a-z_][a-z0-9_]{2,30}$" + +# Bad variable names which should always be refused, separated by a comma. +bad-names = ["foo", "bar", "baz", "toto", "tutu", "tata"] + +# Bad variable names regexes, separated by a comma. If names match any regex, +# they will always be refused +# bad-names-rgxs = + +# Naming style matching correct class attribute names. +class-attribute-naming-style = "any" + +# Regular expression matching correct class attribute names. Overrides class- +# attribute-naming-style. If left empty, class attribute names will be checked +# with the set naming style. +class-attribute-rgx = "([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$" + +# Naming style matching correct class constant names. +class-const-naming-style = "UPPER_CASE" + +# Regular expression matching correct class constant names. Overrides class- +# const-naming-style. If left empty, class constant names will be checked with +# the set naming style. +# class-const-rgx = + +# Naming style matching correct class names. +class-naming-style = "PascalCase" + +# Regular expression matching correct class names. Overrides class-naming-style. +# If left empty, class names will be checked with the set naming style. +class-rgx = "[A-Z_][a-zA-Z0-9]+$" + +# Naming style matching correct constant names. +const-naming-style = "UPPER_CASE" + +# Regular expression matching correct constant names. Overrides const-naming- +# style. If left empty, constant names will be checked with the set naming style. +const-rgx = "(([A-Z_][A-Z0-9_]*)|(__.*__))$" + +# Minimum line length for functions/classes that require docstrings, shorter ones +# are exempt. +docstring-min-length = -1 + +# Naming style matching correct function names. +function-naming-style = "snake_case" + +# Regular expression matching correct function names. Overrides function-naming- +# style. If left empty, function names will be checked with the set naming style. +function-rgx = "[a-z_][a-z0-9_]{2,30}$" + +# Good variable names which should always be accepted, separated by a comma. +good-names = ["i", "j", "k", "s", "t", "ex", "fs", "Run", "_"] + +# Good variable names regexes, separated by a comma. If names match any regex, +# they will always be accepted +# good-names-rgxs = + +# Include a hint for the correct naming format with invalid-name. +# include-naming-hint = + +# Naming style matching correct inline iteration names. +inlinevar-naming-style = "any" + +# Regular expression matching correct inline iteration names. Overrides +# inlinevar-naming-style. If left empty, inline iteration names will be checked +# with the set naming style. +inlinevar-rgx = "[A-Za-z_][A-Za-z0-9_]*$" + +# Naming style matching correct method names. +method-naming-style = "snake_case" + +# Regular expression matching correct method names. Overrides method-naming- +# style. If left empty, method names will be checked with the set naming style. +method-rgx = "[a-z_][a-z0-9_]{2,30}$" + +# Naming style matching correct module names. +module-naming-style = "snake_case" + +# Regular expression matching correct module names. Overrides module-naming- +# style. If left empty, module names will be checked with the set naming style. +module-rgx = "(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$" + +# Colon-delimited sets of names that determine each other's naming style when the +# name regexes allow several styles. +# name-group = + +# Regular expression which should only match function or class names that do not +# require a docstring. +no-docstring-rgx = "^_" + +# List of decorators that produce properties, such as abc.abstractproperty. Add +# to this list to register other decorators that produce valid properties. These +# decorators are taken in consideration only for invalid-name. +property-classes = ["abc.abstractproperty"] + +# Regular expression matching correct type variable names. If left empty, type +# variable names will be checked with the set naming style. +# typevar-rgx = + +# Naming style matching correct variable names. +variable-naming-style = "snake_case" + +# Regular expression matching correct variable names. Overrides variable-naming- +# style. If left empty, variable names will be checked with the set naming style. +variable-rgx = "[a-z_][a-z0-9_]{2,30}$" + +[tool.pylint.classes] +# Warn about protected attribute access inside special methods +# check-protected-access-in-special-methods = + +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods = ["__init__", "__new__", "setUp"] + +# List of member names, which should be excluded from the protected access +# warning. +exclude-protected = ["_asdict", "_fields", "_replace", "_source", "_make"] + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg = ["cls"] + +# List of valid names for the first argument in a metaclass class method. +valid-metaclass-classmethod-first-arg = ["mcs"] + +[tool.pylint.design] +# List of regular expressions of class ancestor names to ignore when counting +# public methods (see R0903) +# exclude-too-few-public-methods = + +# List of qualified class names to ignore when counting class parents (see R0901) +# ignored-parents = + +# Maximum number of arguments for function / method. +max-args = 20 + +# Maximum number of attributes for a class (see R0902). +max-attributes = 20 + +# Maximum number of boolean expressions in an if statement (see R0916). +max-bool-expr = 5 + +# Maximum number of branch for function / method body. +max-branches = 15 + +# Maximum number of locals for function / method body. +max-locals = 20 + +# Maximum number of parents for a class (see R0901). +max-parents = 7 + +# Maximum number of public methods for a class (see R0904). +max-public-methods = 20 + +# Maximum number of return / yield for function / method body. +max-returns = 6 + +# Maximum number of statements in function / method body. +max-statements = 50 + +# Minimum number of public methods for a class (see R0903). +min-public-methods = 2 + +[tool.pylint.exceptions] +# Exceptions that will emit a warning when caught. +overgeneral-exceptions = ["builtins.Exception"] + +[tool.pylint.format] +# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. +expected-line-ending-format = "LF" + +# Regexp for a line that is allowed to be longer than the limit. +ignore-long-lines = "^\\s*(# )??$" + +# Number of spaces of indent required inside a hanging or continued line. +indent-after-paren = 4 + +# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 +# tab). +indent-string = " " + +# Maximum number of characters on a single line. +max-line-length = 100 + +# Maximum number of lines in a module. +max-module-lines = 1000 + +# Allow the body of a class to be on the same line as the declaration if body +# contains single statement. +# single-line-class-stmt = + +# Allow the body of an if to be on the same line as the test if there is no else. +# single-line-if-stmt = + +[tool.pylint.imports] +# List of modules that can be imported at any level, not just the top level one. +# allow-any-import-level = + +# Allow wildcard imports from modules that define __all__. +# allow-wildcard-with-all = + +# Deprecated modules which should not be used, separated by a comma. +deprecated-modules = ["optparse"] + +# Output a graph (.gv or any supported image format) of external dependencies to +# the given file (report RP0402 must not be disabled). +# ext-import-graph = + +# Output a graph (.gv or any supported image format) of all (i.e. internal and +# external) dependencies to the given file (report RP0402 must not be disabled). +# import-graph = + +# Output a graph (.gv or any supported image format) of internal dependencies to +# the given file (report RP0402 must not be disabled). +# int-import-graph = + +# Force import order to recognize a module as part of the standard compatibility +# libraries. +# known-standard-library = + +# Force import order to recognize a module as part of a third party library. +known-third-party = ["enchant"] + +# Couples of modules and preferred modules, separated by a comma. +# preferred-modules = + +[tool.pylint.logging] +# The type of string formatting that logging methods do. `old` means using % +# formatting, `new` is for `{}` formatting. +logging-format-style = "new" + +# Logging modules to check that the string format arguments are in logging +# function parameter format. +logging-modules = ["logging"] + +[tool.pylint."messages control"] +# Only show warnings with the listed confidence levels. Leave empty to show all. +# Valid levels: HIGH, CONTROL_FLOW, INFERENCE, INFERENCE_FAILURE, UNDEFINED. +confidence = ["HIGH", "CONTROL_FLOW", "INFERENCE", "INFERENCE_FAILURE", "UNDEFINED"] + +# Disable the message, report, category or checker with the given id(s). You can +# either give multiple identifiers separated by comma (,) or put this option +# multiple times (only on the command line, not in the configuration file where +# it should appear only once). You can also use "--disable=all" to disable +# everything first and then re-enable specific checks. For example, if you want +# to run only the similarities checker, you can use "--disable=all +# --enable=similarities". If you want to run only the classes checker, but have +# no Warning level messages displayed, use "--disable=all --enable=classes +# --disable=W". +disable = ["raw-checker-failed", "bad-inline-option", "locally-disabled", "file-ignored", "suppressed-message", "useless-suppression", "deprecated-pragma", "use-symbolic-message-instead", "c-extension-no-member", "logging-format-interpolation", "line-too-long", "too-many-lines", "trailing-whitespace", "missing-final-newline", "trailing-newlines", "bad-indentation", "unnecessary-semicolon", "multiple-statements", "superfluous-parens", "mixed-line-endings", "unexpected-line-ending-format", "duplicate-code"] + +# Enable the message, report, category or checker with the given id(s). You can +# either give multiple identifier separated by comma (,) or put this option +# multiple time (only on the command line, not in the configuration file where it +# should appear only once). See also the "--disable" option for examples. +# enable = + +[tool.pylint.miscellaneous] +# List of note tags to take in consideration, separated by a comma. +notes = ["FIXME", "XXX", "TODO"] + +# Regular expression of note tags to take in consideration. +# notes-rgx = + +[tool.pylint.refactoring] +# Maximum number of nested blocks for function / method body +max-nested-blocks = 5 + +# Complete name of functions that never returns. When checking for inconsistent- +# return-statements if a never returning function is called then it will be +# considered as an explicit return statement and no message will be printed. +never-returning-functions = ["sys.exit", "argparse.parse_error"] + +[tool.pylint.reports] +# Python expression which should return a score less than or equal to 10. You +# have access to the variables 'fatal', 'error', 'warning', 'refactor', +# 'convention', and 'info' which contain the number of messages in each category, +# as well as 'statement' which is the total number of statements analyzed. This +# score is used by the global evaluation report (RP0004). +evaluation = "10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)" + +# Template used to display messages. This is a python new-style format string +# used to format the message information. See doc for all details. +# msg-template = + +# Set the output format. Available formats are text, parseable, colorized, json +# and msvs (visual studio). You can also give a reporter class, e.g. +# mypackage.mymodule.MyReporterClass. +# output-format = + +# Tells whether to display a full report or only the messages. +# reports = + +# Activate the evaluation score. +score = true + +[tool.pylint.similarities] +# Comments are removed from the similarity computation +ignore-comments = true + +# Docstrings are removed from the similarity computation +ignore-docstrings = true + +# Imports are removed from the similarity computation +# ignore-imports = + +# Signatures are removed from the similarity computation +ignore-signatures = true + +# Minimum lines number of a similarity. +min-similarity-lines = 4 + +[tool.pylint.spelling] +# Limits count of emitted suggestions for spelling mistakes. +max-spelling-suggestions = 4 + +# Spelling dictionary name. Available dictionaries: none. To make it work, +# install the 'python-enchant' package. +# spelling-dict = + +# List of comma separated words that should be considered directives if they +# appear at the beginning of a comment and should not be checked. +spelling-ignore-comment-directives = "fmt: on,fmt: off,noqa:,noqa,nosec,isort:skip,mypy:" + +# List of comma separated words that should not be checked. +# spelling-ignore-words = + +# A path to a file that contains the private dictionary; one word per line. +# spelling-private-dict-file = + +# Tells whether to store unknown words to the private dictionary (see the +# --spelling-private-dict-file option) instead of raising a message. +# spelling-store-unknown-words = + +[tool.pylint.string] +# This flag controls whether inconsistent-quotes generates a warning when the +# character used as a quote delimiter is used inconsistently within a module. +# check-quote-consistency = + +# This flag controls whether the implicit-str-concat should generate a warning on +# implicit string concatenation in sequences defined over several lines. +# check-str-concat-over-line-jumps = + +[tool.pylint.typecheck] +# List of decorators that produce context managers, such as +# contextlib.contextmanager. Add to this list to register other decorators that +# produce valid context managers. +contextmanager-decorators = ["contextlib.contextmanager"] + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E1101 when accessed. Python regular +# expressions are accepted. +# generated-members = + +# Tells whether missing members accessed in mixin class should be ignored. A +# class is considered mixin if its name matches the mixin-class-rgx option. +# Tells whether to warn about missing members when the owner of the attribute is +# inferred to be None. +ignore-none = true + +# This flag controls whether pylint should warn about no-member and similar +# checks whenever an opaque object is returned when inferring. The inference can +# return multiple potential results while evaluating a Python object, but some +# branches might not be evaluated, which results in partial inference. In that +# case, it might be useful to still emit no-member and other checks for the rest +# of the inferred objects. +ignore-on-opaque-inference = true + +# List of symbolic message names to ignore for Mixin members. +ignored-checks-for-mixins = ["no-member", "not-async-context-manager", "not-context-manager", "attribute-defined-outside-init"] + +# List of class names for which member attributes should not be checked (useful +# for classes with dynamically set attributes). This supports the use of +# qualified names. +# ignored-classes = + +# Show a hint with possible names when a member name was not found. The aspect of +# finding the hint is based on edit distance. +missing-member-hint = true + +# The minimum edit distance a name should have in order to be considered a +# similar match for a missing member name. +missing-member-hint-distance = 1 + +# The total number of similar names that should be taken in consideration when +# showing a hint for a missing member. +missing-member-max-choices = 1 + +# Regex pattern to define which classes are considered mixins. +mixin-class-rgx = ".*[Mm]ixin" + +# List of decorators that change the signature of a decorated function. +# signature-mutators = + +[tool.pylint.variables] +# List of additional names supposed to be defined in builtins. Remember that you +# should avoid defining new builtins when possible. +# additional-builtins = + +# Tells whether unused global variables should be treated as a violation. +allow-global-unused-variables = true + +# List of names allowed to shadow builtins +# allowed-redefined-builtins = + +# List of strings which can identify a callback function by name. A callback name +# must start or end with one of those strings. +callbacks = ["cb_", "_cb"] + +# A regular expression matching the name of dummy variables (i.e. expected to not +# be used). +dummy-variables-rgx = "_$|dummy" + +# Argument names that match this expression will be ignored. Default to name with +# leading underscore. +ignored-argument-names = "_.*" + +# Tells whether we should check for unused import in __init__ files. +# init-import = + +# List of qualified module names which can have objects that can redefine +# builtins. +redefining-builtins-modules = ["six.moves", "past.builtins", "future.builtins", "builtins", "io"] + + # # Pytest config # diff --git a/tox.ini b/tox.ini index 01d9587..a512e8a 100644 --- a/tox.ini +++ b/tox.ini @@ -27,9 +27,9 @@ deps = {[testenv]deps} pylint>=2.8.0 commands_pre = pylint --version {envpython} setup.py build_ext -i -commands = pylint -E --rcfile .pylintrc setools tests seinfo seinfoflow sedta sesearch sediff sechecker +commands = pylint -E setools tests seinfo seinfoflow sedta sesearch sediff sechecker # pylint can't see all members introduced by PyQt uic - pylint -E --rcfile .pylintrc --disable=no-member,import-error setoolsgui apol + pylint -E --disable=no-member,import-error setoolsgui apol [testenv:mypy] deps = {[testenv]deps}