Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add python-check-blanket-nosec #162

Closed
wants to merge 1 commit into from
Closed

add python-check-blanket-nosec #162

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .pre-commit-hooks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@
entry: '(?i)# noqa(?!: )'
language: pygrep
types: [python]
- id: python-check-blanket-nosec
name: check blanket nosec
description: 'Enforce that `nosec` annotations always occur with specific codes. Sample annotations: `# nosec assert_used`, `# nosec B602, B607`'
entry: '(?i)#\s*nosec:?\s*(?![^#])'
language: pygrep
types: [python]
- id: python-check-blanket-type-ignore
name: check blanket type ignore
description: 'Enforce that `# type: ignore` annotations always occur with specific codes. Sample annotations: `# type: ignore[attr-defined]`, `# type: ignore[attr-defined, name-defined]`'
Expand Down
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ For example, a hook which targets python will be called `python-...`.

[generated]: # (generated)
- **`python-check-blanket-noqa`**: Enforce that `noqa` annotations always occur with specific codes. Sample annotations: `# noqa: F401`, `# noqa: F401,W203`
- **`python-check-blanket-nosec`**: Enforce that `nosec` annotations always occur with specific codes. Sample annotations: `# nosec assert_used`, `# nosec B602, B607`
- **`python-check-blanket-type-ignore`**: Enforce that `# type: ignore` annotations always occur with specific codes. Sample annotations: `# type: ignore[attr-defined]`, `# type: ignore[attr-defined, name-defined]`
- **`python-check-mock-methods`**: Prevent common mistakes of `assert mck.not_called()`, `assert mck.called_once_with(...)` and `mck.assert_called`.
- **`python-no-eval`**: A quick check for the `eval()` built-in function
Expand Down
28 changes: 28 additions & 0 deletions tests/hooks_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,34 @@ def test_python_use_type_annotations_negative(s):
assert not HOOKS['python-use-type-annotations'].search(s)


@pytest.mark.parametrize(
's',
(
'# nosec',
'# NOSEC',
'# nosec: ',
'# nosec ',
),
)
def test_python_check_blanket_nosec_positive(s):
assert HOOKS['python-check-blanket-nosec'].search(s)


@pytest.mark.parametrize(
's',
(
'x = 1',
'# nosec:B401',
'# nosec:B401',
'# nosec:B401,B203',
'# nosec: B401',
'# nosec: B401, B203',
),
)
def test_python_check_blanket_nosec_negative(s):
assert not HOOKS['python-check-blanket-nosec'].search(s)


@pytest.mark.parametrize(
's',
(
Expand Down