forked from certbot/certbot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
linter_plugin.py
52 lines (41 loc) · 1.99 KB
/
linter_plugin.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
"""
Certbot PyLint plugin.
The built-in ImportChecker of Pylint does a similar job to ForbidStandardOsModule to detect
deprecated modules. You can check its behavior as a reference to what is coded here.
See https://github.com/PyCQA/pylint/blob/b20a2984c94e2946669d727dbda78735882bf50a/pylint/checkers/imports.py#L287
See http://docs.pylint.org/plugins.html
"""
from pylint.checkers import BaseChecker
from pylint.interfaces import IAstroidChecker
# Modules in theses packages can import the os module.
WHITELIST_PACKAGES = ['acme', 'certbot_compatibility_test', 'lock_test']
class ForbidStandardOsModule(BaseChecker):
"""
This checker ensures that standard os module (and submodules) is not imported by certbot
modules. Otherwise an 'os-module-forbidden' error will be registered for the faulty lines.
"""
__implements__ = IAstroidChecker
name = 'forbid-os-module'
msgs = {
'E5001': (
'Forbidden use of os module, certbot.compat.os must be used instead',
'os-module-forbidden',
'Some methods from the standard os module cannot be used for security reasons on Windows: '
'the safe wrapper certbot.compat.os must be used instead in Certbot.'
)
}
priority = -1
def visit_import(self, node):
os_used = any(name for name in node.names if name[0] == 'os' or name[0].startswith('os.'))
if os_used and not _check_disabled(node):
self.add_message('os-module-forbidden', node=node)
def visit_importfrom(self, node):
if node.modname == 'os' or node.modname.startswith('os.') and not _check_disabled(node):
self.add_message('os-module-forbidden', node=node)
def register(linter):
"""Pylint hook to auto-register this linter"""
linter.register_checker(ForbidStandardOsModule(linter))
def _check_disabled(node):
module = node.root()
return any(package for package in WHITELIST_PACKAGES
if module.name.startswith(package + '.') or module.name == package)