From 7cc7e5bfad24a2ef262280b240c1548861a58660 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Oct 2023 09:44:01 -0400 Subject: [PATCH] chore(deps-dev): Bump ruff from 0.0.254 to 0.1.1 (#352) * chore(deps-dev): Bump ruff from 0.0.254 to 0.1.1 Bumps [ruff](https://github.com/astral-sh/ruff) from 0.0.254 to 0.1.1. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.0.254...v0.1.1) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * auto-fixes from new ruff Signed-off-by: Will Murphy * chore: Disable lints for ruff upgrade We want to use latest ruff, but be selective about how much diff we introduce into vunnel at once. Therefore, bump ruff, but mostly disable new lints. Signed-off-by: Will Murphy --------- Signed-off-by: dependabot[bot] Signed-off-by: Will Murphy Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Will Murphy --- poetry.lock | 38 +++++++++---------- pyproject.toml | 2 +- src/vunnel/cli/cli.py | 2 +- src/vunnel/cli/config.py | 2 +- src/vunnel/providers/amazon/parser.py | 4 +- src/vunnel/providers/debian/parser.py | 4 +- src/vunnel/providers/github/parser.py | 11 ++---- src/vunnel/providers/mariner/__init__.py | 1 - .../providers/mariner/generate_models.py | 1 - src/vunnel/providers/mariner/parser.py | 4 +- src/vunnel/providers/wolfi/parser.py | 2 +- src/vunnel/utils/__init__.py | 3 +- 12 files changed, 35 insertions(+), 39 deletions(-) diff --git a/poetry.lock b/poetry.lock index 0f4048de..f7f5c197 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1633,28 +1633,28 @@ files = [ [[package]] name = "ruff" -version = "0.0.254" +version = "0.1.1" description = "An extremely fast Python linter, written in Rust." optional = false python-versions = ">=3.7" files = [ - {file = "ruff-0.0.254-py3-none-macosx_10_7_x86_64.whl", hash = "sha256:dd58c500d039fb381af8d861ef456c3e94fd6855c3d267d6c6718c9a9fe07be0"}, - {file = "ruff-0.0.254-py3-none-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl", hash = "sha256:688379050ae05394a6f9f9c8471587fd5dcf22149bd4304a4ede233cc4ef89a1"}, - {file = "ruff-0.0.254-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ac1429be6d8bd3db0bf5becac3a38bd56f8421447790c50599cd90fd53417ec4"}, - {file = "ruff-0.0.254-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:059a380c08e849b6f312479b18cc63bba2808cff749ad71555f61dd930e3c9a2"}, - {file = "ruff-0.0.254-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b3f15d5d033fd3dcb85d982d6828ddab94134686fac2c02c13a8822aa03e1321"}, - {file = "ruff-0.0.254-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:8deba44fd563361c488dedec90dc330763ee0c01ba54e17df54ef5820079e7e0"}, - {file = "ruff-0.0.254-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ef20bf798ffe634090ad3dc2e8aa6a055f08c448810a2f800ab716cc18b80107"}, - {file = "ruff-0.0.254-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:0deb1d7226ea9da9b18881736d2d96accfa7f328c67b7410478cc064ad1fa6aa"}, - {file = "ruff-0.0.254-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:27d39d697fdd7df1f2a32c1063756ee269ad8d5345c471ee3ca450636d56e8c6"}, - {file = "ruff-0.0.254-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:2fc21d060a3197ac463596a97d9b5db2d429395938b270ded61dd60f0e57eb21"}, - {file = "ruff-0.0.254-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:f70dc93bc9db15cccf2ed2a831938919e3e630993eeea6aba5c84bc274237885"}, - {file = "ruff-0.0.254-py3-none-musllinux_1_2_i686.whl", hash = "sha256:09c764bc2bd80c974f7ce1f73a46092c286085355a5711126af351b9ae4bea0c"}, - {file = "ruff-0.0.254-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:d4385cdd30153b7aa1d8f75dfd1ae30d49c918ead7de07e69b7eadf0d5538a1f"}, - {file = "ruff-0.0.254-py3-none-win32.whl", hash = "sha256:c38291bda4c7b40b659e8952167f386e86ec29053ad2f733968ff1d78b4c7e15"}, - {file = "ruff-0.0.254-py3-none-win_amd64.whl", hash = "sha256:e15742df0f9a3615fbdc1ee9a243467e97e75bf88f86d363eee1ed42cedab1ec"}, - {file = "ruff-0.0.254-py3-none-win_arm64.whl", hash = "sha256:b435afc4d65591399eaf4b2af86e441a71563a2091c386cadf33eaa11064dc09"}, - {file = "ruff-0.0.254.tar.gz", hash = "sha256:0eb66c9520151d3bd950ea43b3a088618a8e4e10a5014a72687881e6f3606312"}, + {file = "ruff-0.1.1-py3-none-macosx_10_7_x86_64.whl", hash = "sha256:b7cdc893aef23ccc14c54bd79a8109a82a2c527e11d030b62201d86f6c2b81c5"}, + {file = "ruff-0.1.1-py3-none-macosx_10_9_x86_64.macosx_11_0_arm64.macosx_10_9_universal2.whl", hash = "sha256:620d4b34302538dbd8bbbe8fdb8e8f98d72d29bd47e972e2b59ce6c1e8862257"}, + {file = "ruff-0.1.1-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2a909d3930afdbc2e9fd893b0034479e90e7981791879aab50ce3d9f55205bd6"}, + {file = "ruff-0.1.1-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:3305d1cb4eb8ff6d3e63a48d1659d20aab43b49fe987b3ca4900528342367145"}, + {file = "ruff-0.1.1-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c34ae501d0ec71acf19ee5d4d889e379863dcc4b796bf8ce2934a9357dc31db7"}, + {file = "ruff-0.1.1-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:6aa7e63c3852cf8fe62698aef31e563e97143a4b801b57f920012d0e07049a8d"}, + {file = "ruff-0.1.1-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:2d68367d1379a6b47e61bc9de144a47bcdb1aad7903bbf256e4c3d31f11a87ae"}, + {file = "ruff-0.1.1-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:bc11955f6ce3398d2afe81ad7e49d0ebf0a581d8bcb27b8c300281737735e3a3"}, + {file = "ruff-0.1.1-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cbbd8eead88ea83a250499074e2a8e9d80975f0b324b1e2e679e4594da318c25"}, + {file = "ruff-0.1.1-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:f4780e2bb52f3863a565ec3f699319d3493b83ff95ebbb4993e59c62aaf6e75e"}, + {file = "ruff-0.1.1-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:8f5b24daddf35b6c207619301170cae5d2699955829cda77b6ce1e5fc69340df"}, + {file = "ruff-0.1.1-py3-none-musllinux_1_2_i686.whl", hash = "sha256:d3f9ac658ba29e07b95c80fa742b059a55aefffa8b1e078bc3c08768bdd4b11a"}, + {file = "ruff-0.1.1-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:3521bf910104bf781e6753282282acc145cbe3eff79a1ce6b920404cd756075a"}, + {file = "ruff-0.1.1-py3-none-win32.whl", hash = "sha256:ba3208543ab91d3e4032db2652dcb6c22a25787b85b8dc3aeff084afdc612e5c"}, + {file = "ruff-0.1.1-py3-none-win_amd64.whl", hash = "sha256:3ff3006c97d9dc396b87fb46bb65818e614ad0181f059322df82bbfe6944e264"}, + {file = "ruff-0.1.1-py3-none-win_arm64.whl", hash = "sha256:e140bd717c49164c8feb4f65c644046fe929c46f42493672853e3213d7bdbce2"}, + {file = "ruff-0.1.1.tar.gz", hash = "sha256:c90461ae4abec261609e5ea436de4a4b5f2822921cf04c16d2cc9327182dbbcc"}, ] [[package]] @@ -2129,4 +2129,4 @@ testing = ["big-O", "jaraco.functools", "jaraco.itertools", "more-itertools", "p [metadata] lock-version = "2.0" python-versions = "^3.9" -content-hash = "7e22045902b3f4932bc804edb4dd0cf606b1a5cbdfc6969eceda446249e37738" +content-hash = "405759cf1af49f5a0400dac08eedbde5ae7dbaa3cc04b4ef5f460d3fd3df0998" diff --git a/pyproject.toml b/pyproject.toml index ea4747d5..48842959 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -77,7 +77,7 @@ types-requests = "^2.28.11.7" mypy = "^1.1" radon = ">=5.1,<7.0" dunamai = "^1.15.0" -ruff = "^0.0.254" +ruff = ">=0.0.254,<0.1.2" yardstick = {git = "https://github.com/anchore/yardstick", rev = "v0.7.0"} tabulate = "0.9.0" diff --git a/src/vunnel/cli/cli.py b/src/vunnel/cli/cli.py index 66e528d5..87638fa9 100644 --- a/src/vunnel/cli/cli.py +++ b/src/vunnel/cli/cli.py @@ -179,7 +179,7 @@ def clear_provider(cfg: config.Application, provider_names: str, _input: bool, r @click.argument("provider_names", metavar="PROVIDER", nargs=-1) @click.option("--show-empty", default=False, is_flag=True, help="show providers with no state") @click.pass_obj -def status_provider(cfg: config.Application, provider_names: str, show_empty: bool) -> None: +def status_provider(cfg: config.Application, provider_names: str, show_empty: bool) -> None: # noqa: C901 print(cfg.root) selected_names = provider_names if provider_names else providers.names() diff --git a/src/vunnel/cli/config.py b/src/vunnel/cli/config.py index 1cc1105b..a66d8c30 100644 --- a/src/vunnel/cli/config.py +++ b/src/vunnel/cli/config.py @@ -40,7 +40,7 @@ def _normalize_name(name: str) -> str: @dataclass class Log: slim: bool = os.environ.get("VUNNEL_LOG_SLIM", default="false") == "true" - level: str = os.environ.get("VUNNEL_LOG_LEVEL", default="INFO") + level: str = os.environ.get("VUNNEL_LOG_LEVEL", default="INFO") # noqa: RUF009 show_timestamp: bool = os.environ.get("VUNNEL_LOG_SHOW_TIMESTAMP", default="false") == "true" show_level: bool = os.environ.get("VUNNEL_LOG_SHOW_LEVEL", default="true") == "true" diff --git a/src/vunnel/providers/amazon/parser.py b/src/vunnel/providers/amazon/parser.py index f35204c6..69a0de0d 100644 --- a/src/vunnel/providers/amazon/parser.py +++ b/src/vunnel/providers/amazon/parser.py @@ -97,7 +97,7 @@ def _get_alas_html(self, alas_url, alas_file, skip_if_exists=True): self.logger.debug(f"loading existing ALAS from {alas_file}") with open(alas_file, encoding="utf-8") as fp: content = fp.read() - return content + return content # noqa: RET504 try: self.logger.debug(f"downloading ALAS from {alas_url}") @@ -210,7 +210,7 @@ def __init__(self): class PackagesHTMLParser(HTMLParser): _new_packages_tuple_ = ("id", "new_packages") - _arch_list_ = ["x86_64:", "noarch:", "src:"] + _arch_list_ = ["x86_64:", "noarch:", "src:"] # noqa: RUF012 def __init__(self): self.fixes = [] diff --git a/src/vunnel/providers/debian/parser.py b/src/vunnel/providers/debian/parser.py index 856d3840..5c218988 100644 --- a/src/vunnel/providers/debian/parser.py +++ b/src/vunnel/providers/debian/parser.py @@ -129,7 +129,7 @@ def _get_cve_to_dsalist(self, dsa): return ns_cve_dsalist # noqa - def _parse_dsa_record(self, dsa_lines): + def _parse_dsa_record(self, dsa_lines): # noqa: C901 """ :param dsa_lines: @@ -259,7 +259,7 @@ def _normalize_dsa_list(self): return ns_cve_dsalist - def _normalize_json(self, ns_cve_dsalist=None): # noqa: PLR0912,PLR0915 + def _normalize_json(self, ns_cve_dsalist=None): # noqa: PLR0912,PLR0915,C901 adv_mets = {} # all_matched_dsas = set() # all_dsas = set() diff --git a/src/vunnel/providers/github/parser.py b/src/vunnel/providers/github/parser.py index b3a1778e..77c7ab54 100644 --- a/src/vunnel/providers/github/parser.py +++ b/src/vunnel/providers/github/parser.py @@ -429,9 +429,9 @@ def graphql_advisories(cursor=None, timestamp=None, vuln_cursor=None): "%sclassifications: [GENERAL, MALWARE], first: 100, orderBy: {field: UPDATED_AT, direction: ASC}" % vuln_after ) - return """ + return f""" {{ - {} {{ + {caller} {{ nodes {{ ghsaId classification @@ -448,7 +448,7 @@ def graphql_advisories(cursor=None, timestamp=None, vuln_cursor=None): references {{ url }} - vulnerabilities({}) {{ + vulnerabilities({vulnerabilities}) {{ pageInfo {{ endCursor hasNextPage @@ -476,10 +476,7 @@ def graphql_advisories(cursor=None, timestamp=None, vuln_cursor=None): }} }} }} - """.format( - caller, - vulnerabilities, - ) + """ class NodeParser(dict): diff --git a/src/vunnel/providers/mariner/__init__.py b/src/vunnel/providers/mariner/__init__.py index 45f30b11..1b5a014d 100644 --- a/src/vunnel/providers/mariner/__init__.py +++ b/src/vunnel/providers/mariner/__init__.py @@ -51,5 +51,4 @@ def update(self, last_updated: datetime.datetime | None) -> tuple[list[str], int schema=self.schema, payload=record, ) - pass return self.parser.urls, len(writer) diff --git a/src/vunnel/providers/mariner/generate_models.py b/src/vunnel/providers/mariner/generate_models.py index 8fdf0d85..7ff96940 100644 --- a/src/vunnel/providers/mariner/generate_models.py +++ b/src/vunnel/providers/mariner/generate_models.py @@ -40,7 +40,6 @@ def main() -> None: stdout, stderr = process.communicate() print(stdout) print(stderr) - pass if __name__ == "__main__": diff --git a/src/vunnel/providers/mariner/parser.py b/src/vunnel/providers/mariner/parser.py index 35b301b4..5736ba42 100644 --- a/src/vunnel/providers/mariner/parser.py +++ b/src/vunnel/providers/mariner/parser.py @@ -31,7 +31,8 @@ def __init__(self, oval_file_path: str, logger: logging.Logger): fail_on_unknown_properties=False, ) xml_parser = XmlParser(config=parser_config) - root = etree.parse(oval_file_path) + # S320 disable explanation: the mariner linux vulnerability feed is not untrusted xml + root = etree.parse(oval_file_path) # noqa: S320 nsmap = etree.XPath("/*")(root)[0].nsmap default = nsmap[None] nsmap["default"] = default @@ -47,7 +48,6 @@ def __init__(self, oval_file_path: str, logger: logging.Logger): self.definitions.append(definition) except Exception as ex: self.logger.warning(f"skipping definition element in {oval_file_path} due to {ex}") - pass self.tests_by_id = {} for test_element in etree.XPath("//linux-def:rpminfo_test", namespaces=nsmap)(root): diff --git a/src/vunnel/providers/wolfi/parser.py b/src/vunnel/providers/wolfi/parser.py index 5edc294a..84d25e81 100644 --- a/src/vunnel/providers/wolfi/parser.py +++ b/src/vunnel/providers/wolfi/parser.py @@ -23,7 +23,7 @@ def __init__( # noqa: PLR0913 url: str, namespace: str, download_timeout: int = 125, - logger: logging.Logger = None, # noqa: PLR0913 + logger: logging.Logger | None = None, # noqa: PLR0913 ): self.download_timeout = download_timeout self.secdb_dir_path = os.path.join(workspace.input_path, self._secdb_dir_) diff --git a/src/vunnel/utils/__init__.py b/src/vunnel/utils/__init__.py index b73b41e9..382c8b80 100644 --- a/src/vunnel/utils/__init__.py +++ b/src/vunnel/utils/__init__.py @@ -32,7 +32,8 @@ def wrapper(*args: Any, **kwargs: Any) -> Any: logger.exception(f"failed after {retries} retries") raise - sleep = backoff_in_seconds * 2**attempt + random.uniform(0, 1) # nosec + # explanation of S311 disable: random number is not used for cryptography + sleep = backoff_in_seconds * 2**attempt + random.uniform(0, 1) # noqa: S311 logger.warning(f"{f} failed. Retrying in {int(sleep)} seconds (attempt {attempt+1} of {retries})") time.sleep(sleep) attempt += 1