Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add flake8 (with dlint) tests to CI #1195

Open
defnull opened this issue Jan 3, 2020 · 1 comment
Open

Add flake8 (with dlint) tests to CI #1195

defnull opened this issue Jan 3, 2020 · 1 comment
Assignees
@defnull
Labels
Change Neigher a bug nor a freature, but something that needs to be addressed. Needs tests This feature or fix needs a test-case to ensure it continues to work in the future.

Comments

@defnull
Copy link
Member

defnull commented Jan 3, 2020

#1194 showed that adopting properly configured static analysis might help prevent some serious bugs. There are lots of style warnings and false-positives currently when running flake8. Some are fixable, but some warnings could also simply be disabled.
@defnull defnull added this to the Release 0.13 milestone Jan 3, 2020
@defnull defnull self-assigned this Jan 3, 2020
@defnull defnull added Change Neigher a bug nor a freature, but something that needs to be addressed. Needs tests This feature or fix needs a test-case to ensure it continues to work in the future. labels Jan 3, 2020
@mschwager
Copy link

Hey, glad to see this change!

Regarding false-positives from flake8: if you simply want to include Dlint to search for potential security issues and bugs you can run python -m flake8 --select=DUO, to run all flake8 checks, including stylistic ones, you can omit the --select=DUO.

Generally I find running all the flake8 checks useful for conforming to a certain style (i.e. PEP8), and finding some basic issues like unused imports and unused variables. If you'd like to quickly move your codebase to flake8 conformance I'd take a look at autopep8 and autoflake.

Regarding Dlint's other findings:

$ python -m flake8 --select=DUO bottle.py 
bottle.py:160:5: DUO105 use of "exec" is insecure
bottle.py:160:10: DUO110 use of "compile" is insecure
bottle.py:2922:16: DUO130 insecure use of "hashlib" module
bottle.py:3616:12: DUO104 use of "eval" is insecure
bottle.py:3965:16: DUO110 use of "compile" is insecure
bottle.py:4007:9: DUO105 use of "exec" is insecure

If you don't believe these are security issues, then I'd ignore them inline.

Happy to help here if you'd like!

@clavedeluna clavedeluna mentioned this issue Sep 6, 2022
Closed
@defnull defnull removed this from the Release 0.13 milestone Sep 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@defnull defnull

Labels
Change Neigher a bug nor a freature, but something that needs to be addressed. Needs tests This feature or fix needs a test-case to ensure it continues to work in the future.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@defnull @mschwager