Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ruff] Add implementation for flake8-markupsafe via RUF035 #14224

Merged
merged 11 commits into from
Nov 11, 2024
Merged

[ruff] Add implementation for flake8-markupsafe via RUF035 #14224

merged 11 commits into from
Nov 11, 2024

Conversation

Daverball
Copy link
Contributor

Closes #14124

Summary

This adds an implementation for flake8-markupsafe, minus the questionable exception for i18n and mako support, but with the ability to specify further aliases/subclasses/functionally equivalent for markupsafe.Markup. By default flask.Markup is also detected as a commonly used alias.

Test Plan

cargo nextest run

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 9, 2024
edited
Loading

ruff-ecosystem results

Linter (stable)

✅ ecosystem check detected no linter changes.

Linter (preview)

ℹ️ ecosystem check detected linter changes. (+51 -0 violations, +0 -0 fixes in 4 projects; 50 projects unchanged)

apache/airflow (+17 -0 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --output-format concise --preview --select ALL

+ airflow/www/app.py:94:25: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:383:12: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:579:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:587:20: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:596:20: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:600:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:611:15: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:614:15: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:624:12: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:923:24: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/views.py:1079:21: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/views.py:1098:24: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/views.py:4337:20: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/views.py:4341:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/views.py:4523:20: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/widgets.py:50:16: RUF035 Unsafe use of `markupsafe.Markup` detected
... 1 additional changes omitted for project

apache/superset (+8 -0 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --output-format concise --preview --select ALL

+ superset/connectors/sqla/models.py:1305:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ superset/models/dashboard.py:225:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ superset/models/helpers.py:533:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ superset/models/helpers.py:562:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ superset/models/slice.py:335:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ superset/models/sql_lab.py:445:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ superset/utils/core.py:483:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ superset/views/database/mixins.py:249:17: RUF035 Unsafe use of `markupsafe.Markup` detected

zulip/zulip (+1 -0 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --output-format concise --preview --select ALL

+ zerver/views/documentation.py:291:35: RUF035 Unsafe use of `markupsafe.Markup` detected

indico/indico (+25 -0 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --output-format concise --preview

+ indico/modules/admin/notices.py:93:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/auth/controllers.py:351:15: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/bootstrap/controllers.py:77:15: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/bootstrap/controllers.py:98:19: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/events/agreements/placeholders.py:31:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/events/controllers/creation.py:151:27: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/events/models/events.py:818:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/events/persons/placeholders.py:71:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/events/registration/placeholders/invitations.py:50:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/events/surveys/placeholders.py:32:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/legal/forms.py:47:80: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/users/controllers.py:124:31: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/util/placeholders.py:246:12: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/flask/app.py:238:39: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/flask/app.py:251:49: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/flask/templating.py:214:21: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/flask/templating.py:39:12: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/forms/fields/protection.py:49:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/forms/widgets.py:101:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/forms/widgets.py:37:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/forms/widgets.py:47:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/menu.py:180:12: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/util.py:33:26: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/util.py:360:23: RUF035 Unsafe use of `markupsafe.Markup` detected
... 1 additional changes omitted for project

Changes by rule (1 rules affected)

code total + violation - violation + fix - fix
RUF035 51 51 0 0 0

@Daverball Daverball marked this pull request as ready for review November 9, 2024 13:01
@sbrugman
Copy link
Contributor

sbrugman commented Nov 9, 2024

Nice contribution, thanks!

@Daverball
Adds a fast path for default configurations.
3906008 
Lifts fast check out of slow path.
Adds additional test cases.
Mentions i18n deviation in docstring.
@MichaReiser MichaReiser added rule Implementing or modifying a lint rule preview Related to preview mode features labels Nov 11, 2024
MichaReiser
MichaReiser approved these changes Nov 11, 2024
View reviewed changes
Copy link
Member

@MichaReiser MichaReiser left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me. Thank you. The only change I would make is that I don't think it's worth introducing a new rule group for a single rule.

I'd also like to hear @AlexWaygood's opinion on the rule itself.

AlexWaygood
AlexWaygood reviewed Nov 11, 2024
View reviewed changes
Copy link
Member

@AlexWaygood AlexWaygood left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've never used markupsafe but it makes sense to me that this would be an important security consideration. I think it's good for linters to catch this.

Long-term, we should be able to improve the accuracy of rules like this when we switch to using red-knot as a backend (the LiteralString type is explicitly designed for this use case). But I don't think that should stop us from implementing this rule now!

@Daverball Daverball changed the title [flake8-markupsafe] Adds Implementation for MS001 [flake8-markupsafe] Adds Implementation for MS001 via RUF035 Nov 11, 2024
MichaReiser
MichaReiser approved these changes Nov 11, 2024
View reviewed changes
Copy link
Member

@MichaReiser MichaReiser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@MichaReiser MichaReiser merged commit f82ee8e into astral-sh:main Nov 11, 2024
20 checks passed
@Daverball Daverball deleted the feat/flake8-markupsafe branch November 11, 2024 18:55
@dhruvmanila dhruvmanila changed the title [flake8-markupsafe] Adds Implementation for MS001 via RUF035 [flake8-markupsafe] Add implementation for MS001 via RUF035 Nov 15, 2024
@dhruvmanila dhruvmanila changed the title [flake8-markupsafe] Add implementation for MS001 via RUF035 [ruff] Add implementation for flake8-markupsafe via RUF035 Nov 15, 2024
@BrewTestBot BrewTestBot mentioned this pull request Nov 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sbrugman sbrugman sbrugman left review comments

@AlexWaygood AlexWaygood AlexWaygood left review comments

@MichaReiser MichaReiser MichaReiser approved these changes

Assignees
No one assigned
Labels
preview Related to preview mode features rule Implementing or modifying a lint rule
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add flake8-markupsafe or broaden S308
4 participants
@Daverball @sbrugman @MichaReiser @AlexWaygood