chore(deps-dev): Bump ruff from 0.0.254 to 0.1.1 (#352)

* chore(deps-dev): Bump ruff from 0.0.254 to 0.1.1 Bumps [ruff](https://github.com/astral-sh/ruff) from 0.0.254 to 0.1.1. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@v0.0.254...v0.1.1) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * auto-fixes from new ruff Signed-off-by: Will Murphy <[email protected]> * chore: Disable lints for ruff upgrade We want to use latest ruff, but be selective about how much diff we introduce into vunnel at once. Therefore, bump ruff, but mostly disable new lints. Signed-off-by: Will Murphy <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Will Murphy <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Will Murphy <[email protected]>
anchore · Oct 23, 2023 · 7cc7e5b · 7cc7e5b
1 parent ec10925
commit 7cc7e5b
Show file tree

Hide file tree

Showing 12 changed files with 35 additions and 39 deletions.
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -77,7 +77,7 @@ types-requests = "^2.28.11.7"
 mypy = "^1.1"
 radon = ">=5.1,<7.0"
 dunamai = "^1.15.0"
-ruff = "^0.0.254"
+ruff = ">=0.0.254,<0.1.2"
 yardstick = {git = "https://github.com/anchore/yardstick", rev = "v0.7.0"}
 tabulate = "0.9.0"
 

diff --git a/src/vunnel/cli/cli.py b/src/vunnel/cli/cli.py
@@ -179,7 +179,7 @@ def clear_provider(cfg: config.Application, provider_names: str, _input: bool, r
 @click.argument("provider_names", metavar="PROVIDER", nargs=-1)
 @click.option("--show-empty", default=False, is_flag=True, help="show providers with no state")
 @click.pass_obj
-def status_provider(cfg: config.Application, provider_names: str, show_empty: bool) -> None:
+def status_provider(cfg: config.Application, provider_names: str, show_empty: bool) -> None:  # noqa: C901
     print(cfg.root)
     selected_names = provider_names if provider_names else providers.names()
 

diff --git a/src/vunnel/cli/config.py b/src/vunnel/cli/config.py
@@ -40,7 +40,7 @@ def _normalize_name(name: str) -> str:
 @dataclass
 class Log:
     slim: bool = os.environ.get("VUNNEL_LOG_SLIM", default="false") == "true"
-    level: str = os.environ.get("VUNNEL_LOG_LEVEL", default="INFO")
+    level: str = os.environ.get("VUNNEL_LOG_LEVEL", default="INFO")  # noqa: RUF009
     show_timestamp: bool = os.environ.get("VUNNEL_LOG_SHOW_TIMESTAMP", default="false") == "true"
     show_level: bool = os.environ.get("VUNNEL_LOG_SHOW_LEVEL", default="true") == "true"
 

diff --git a/src/vunnel/providers/amazon/parser.py b/src/vunnel/providers/amazon/parser.py
@@ -97,7 +97,7 @@ def _get_alas_html(self, alas_url, alas_file, skip_if_exists=True):
             self.logger.debug(f"loading existing ALAS from {alas_file}")
             with open(alas_file, encoding="utf-8") as fp:
                 content = fp.read()
-            return content
+            return content  # noqa: RET504
 
         try:
             self.logger.debug(f"downloading ALAS from {alas_url}")
@@ -210,7 +210,7 @@ def __init__(self):
 
 class PackagesHTMLParser(HTMLParser):
     _new_packages_tuple_ = ("id", "new_packages")
-    _arch_list_ = ["x86_64:", "noarch:", "src:"]
+    _arch_list_ = ["x86_64:", "noarch:", "src:"]  # noqa: RUF012
 
     def __init__(self):
         self.fixes = []

diff --git a/src/vunnel/providers/debian/parser.py b/src/vunnel/providers/debian/parser.py
@@ -129,7 +129,7 @@ def _get_cve_to_dsalist(self, dsa):
         return ns_cve_dsalist
 
     # noqa
-    def _parse_dsa_record(self, dsa_lines):
+    def _parse_dsa_record(self, dsa_lines):  # noqa: C901
         """
 
         :param dsa_lines:
@@ -259,7 +259,7 @@ def _normalize_dsa_list(self):
 
         return ns_cve_dsalist
 
-    def _normalize_json(self, ns_cve_dsalist=None):  # noqa: PLR0912,PLR0915
+    def _normalize_json(self, ns_cve_dsalist=None):  # noqa: PLR0912,PLR0915,C901
         adv_mets = {}
         # all_matched_dsas = set()
         # all_dsas = set()

diff --git a/src/vunnel/providers/github/parser.py b/src/vunnel/providers/github/parser.py
@@ -429,9 +429,9 @@ def graphql_advisories(cursor=None, timestamp=None, vuln_cursor=None):
         "%sclassifications: [GENERAL, MALWARE], first: 100, orderBy: {field: UPDATED_AT, direction: ASC}" % vuln_after
     )
 
-    return """
+    return f"""
     {{
-      {} {{
+      {caller} {{
         nodes {{
           ghsaId
           classification
@@ -448,7 +448,7 @@ def graphql_advisories(cursor=None, timestamp=None, vuln_cursor=None):
           references {{
             url
           }}
-          vulnerabilities({}) {{
+          vulnerabilities({vulnerabilities}) {{
             pageInfo {{
               endCursor
               hasNextPage
@@ -476,10 +476,7 @@ def graphql_advisories(cursor=None, timestamp=None, vuln_cursor=None):
         }}
       }}
     }}
-    """.format(
-        caller,
-        vulnerabilities,
-    )
+    """
 
 
 class NodeParser(dict):

diff --git a/src/vunnel/providers/mariner/__init__.py b/src/vunnel/providers/mariner/__init__.py
@@ -51,5 +51,4 @@ def update(self, last_updated: datetime.datetime | None) -> tuple[list[str], int
                     schema=self.schema,
                     payload=record,
                 )
-                pass
         return self.parser.urls, len(writer)
diff --git a/src/vunnel/providers/mariner/generate_models.py b/src/vunnel/providers/mariner/generate_models.py
@@ -40,7 +40,6 @@ def main() -> None:
     stdout, stderr = process.communicate()
     print(stdout)
     print(stderr)
-    pass
 
 
 if __name__ == "__main__":

diff --git a/src/vunnel/providers/mariner/parser.py b/src/vunnel/providers/mariner/parser.py
@@ -31,7 +31,8 @@ def __init__(self, oval_file_path: str, logger: logging.Logger):
             fail_on_unknown_properties=False,
         )
         xml_parser = XmlParser(config=parser_config)
-        root = etree.parse(oval_file_path)
+        # S320 disable explanation: the mariner linux vulnerability feed is not untrusted xml
+        root = etree.parse(oval_file_path)  # noqa: S320
         nsmap = etree.XPath("/*")(root)[0].nsmap
         default = nsmap[None]
         nsmap["default"] = default
@@ -47,7 +48,6 @@ def __init__(self, oval_file_path: str, logger: logging.Logger):
                 self.definitions.append(definition)
             except Exception as ex:
                 self.logger.warning(f"skipping definition element in {oval_file_path} due to {ex}")
-                pass
 
         self.tests_by_id = {}
         for test_element in etree.XPath("//linux-def:rpminfo_test", namespaces=nsmap)(root):

diff --git a/src/vunnel/providers/wolfi/parser.py b/src/vunnel/providers/wolfi/parser.py
@@ -23,7 +23,7 @@ def __init__(  # noqa: PLR0913
         url: str,
         namespace: str,
         download_timeout: int = 125,
-        logger: logging.Logger = None,  # noqa: PLR0913
+        logger: logging.Logger | None = None,  # noqa: PLR0913
     ):
         self.download_timeout = download_timeout
         self.secdb_dir_path = os.path.join(workspace.input_path, self._secdb_dir_)

diff --git a/src/vunnel/utils/__init__.py b/src/vunnel/utils/__init__.py
@@ -32,7 +32,8 @@ def wrapper(*args: Any, **kwargs: Any) -> Any:
                         logger.exception(f"failed after {retries} retries")
                         raise
 
-                sleep = backoff_in_seconds * 2**attempt + random.uniform(0, 1)  # nosec
+                # explanation of S311 disable: random number is not used for cryptography
+                sleep = backoff_in_seconds * 2**attempt + random.uniform(0, 1)  # noqa: S311
                 logger.warning(f"{f} failed. Retrying in {int(sleep)} seconds (attempt {attempt+1} of {retries})")
                 time.sleep(sleep)
                 attempt += 1