Commit d14f0222 authored by Vincent Pelletier's avatar Vincent Pelletier

all: Make modern pylint happier.

python2.7 with pylint 1.9.5
python3.9 with pylint 2.6.0
Also, reduce the script of unused argument silencing.
parent e8fa4135
...@@ -7,14 +7,19 @@ max-nested-blocks=6 ...@@ -7,14 +7,19 @@ max-nested-blocks=6
max-module-lines=1500 max-module-lines=1500
[MESSAGES CONTROL] [MESSAGES CONTROL]
disable=C0103,C0330,R0903,R0914,R0912,R0915,R0902 disable=
# C0103 "Invalid name "%s" (should match %s)" invalid-name,
# C0330 bad-continuation bad-continuation,
# R0903 too-few-public-methods bad-whitespace,
# R0914 too-many-locals too-few-public-methods,
# R0912 too-many-branches too-many-locals,
# R0915 too-many-statements too-many-branches,
# R0902 too-many-instance-attributes too-many-statements,
too-many-instance-attributes,
useless-object-inheritance,
unnecessary-pass,
raise-missing-from,
super-with-arguments
[FORMAT] [FORMAT]
indent-string=" " indent-string=" "
...@@ -48,7 +48,6 @@ _AUTO_SIGNED_NO = 0 ...@@ -48,7 +48,6 @@ _AUTO_SIGNED_NO = 0
_AUTO_SIGNED_YES = 1 _AUTO_SIGNED_YES = 1
_AUTO_SIGNED_PASSTHROUGH = 2 _AUTO_SIGNED_PASSTHROUGH = 2
_SUBJECT_OID_DICT = { _SUBJECT_OID_DICT = {
# pylint: disable=bad-whitespace
'C' : x509.oid.NameOID.COUNTRY_NAME, 'C' : x509.oid.NameOID.COUNTRY_NAME,
'O' : x509.oid.NameOID.ORGANIZATION_NAME, 'O' : x509.oid.NameOID.ORGANIZATION_NAME,
'OU': x509.oid.NameOID.ORGANIZATIONAL_UNIT_NAME, 'OU': x509.oid.NameOID.ORGANIZATIONAL_UNIT_NAME,
...@@ -57,7 +56,6 @@ _SUBJECT_OID_DICT = { ...@@ -57,7 +56,6 @@ _SUBJECT_OID_DICT = {
'L' : x509.oid.NameOID.LOCALITY_NAME, 'L' : x509.oid.NameOID.LOCALITY_NAME,
'SN': x509.oid.NameOID.SURNAME, 'SN': x509.oid.NameOID.SURNAME,
'GN': x509.oid.NameOID.GIVEN_NAME, 'GN': x509.oid.NameOID.GIVEN_NAME,
# pylint: enable=bad-whitespace
} }
_BACKUP_MAGIC = b'caucase\0' _BACKUP_MAGIC = b'caucase\0'
_CONFIG_NAME_AUTO_SIGN_CSR_AMOUNT = 'auto_sign_csr_amount' _CONFIG_NAME_AUTO_SIGN_CSR_AMOUNT = 'auto_sign_csr_amount'
...@@ -203,7 +201,6 @@ class CertificateAuthority(object): ...@@ -203,7 +201,6 @@ class CertificateAuthority(object):
digest = self._digest_list[0] digest = self._digest_list[0]
ca_key_pair_list = [] ca_key_pair_list = []
ca_certificate_chain = [] ca_certificate_chain = []
previous_crt = None
previous_crt_pem = None previous_crt_pem = None
previous_key = None previous_key = None
for pem_key_pair in self._storage.getCAKeyPairList(): for pem_key_pair in self._storage.getCAKeyPairList():
...@@ -212,10 +209,9 @@ class CertificateAuthority(object): ...@@ -212,10 +209,9 @@ class CertificateAuthority(object):
pem_key_pair['key_pem'], pem_key_pair['key_pem'],
) )
crt_pem = pem_key_pair['crt_pem'] crt_pem = pem_key_pair['crt_pem']
crt = utils.load_ca_certificate(pem_key_pair['crt_pem'])
key = utils.load_privatekey(pem_key_pair['key_pem']) key = utils.load_privatekey(pem_key_pair['key_pem'])
ca_key_pair_list.append({ ca_key_pair_list.append({
'crt': crt, 'crt': utils.load_ca_certificate(pem_key_pair['crt_pem']),
'key': key, 'key': key,
}) })
if previous_key is not None: if previous_key is not None:
...@@ -227,7 +223,6 @@ class CertificateAuthority(object): ...@@ -227,7 +223,6 @@ class CertificateAuthority(object):
previous_key, previous_key,
digest, digest,
)) ))
previous_crt = crt
previous_crt_pem = crt_pem previous_crt_pem = crt_pem
previous_key = key previous_key = key
self._ca_key_pairs_list = ca_key_pair_list self._ca_key_pairs_list = ca_key_pair_list
...@@ -384,7 +379,6 @@ class CertificateAuthority(object): ...@@ -384,7 +379,6 @@ class CertificateAuthority(object):
encipher_only = decipher_only = False encipher_only = decipher_only = False
builder = builder.add_extension( builder = builder.add_extension(
x509.KeyUsage( x509.KeyUsage(
# pylint: disable=bad-whitespace
digital_signature =key_usage.digital_signature, digital_signature =key_usage.digital_signature,
content_commitment=key_usage.content_commitment, content_commitment=key_usage.content_commitment,
key_encipherment =key_usage.key_encipherment, key_encipherment =key_usage.key_encipherment,
...@@ -394,7 +388,6 @@ class CertificateAuthority(object): ...@@ -394,7 +388,6 @@ class CertificateAuthority(object):
crl_sign =False, crl_sign =False,
encipher_only =encipher_only, encipher_only =encipher_only,
decipher_only =decipher_only, decipher_only =decipher_only,
# pylint: enable=bad-whitespace
), ),
# "SHOULD mark this extension critical" # "SHOULD mark this extension critical"
critical=key_usage_extension.critical, critical=key_usage_extension.critical,
...@@ -532,7 +525,6 @@ class CertificateAuthority(object): ...@@ -532,7 +525,6 @@ class CertificateAuthority(object):
), ),
Extension( Extension(
x509.KeyUsage( x509.KeyUsage(
# pylint: disable=bad-whitespace
digital_signature =False, digital_signature =False,
content_commitment=False, content_commitment=False,
key_encipherment =False, key_encipherment =False,
...@@ -542,7 +534,6 @@ class CertificateAuthority(object): ...@@ -542,7 +534,6 @@ class CertificateAuthority(object):
crl_sign =True, crl_sign =True,
encipher_only =False, encipher_only =False,
decipher_only =False, decipher_only =False,
# pylint: enable=bad-whitespace
), ),
critical=True, # "SHOULD mark this extension critical" critical=True, # "SHOULD mark this extension critical"
), ),
......
...@@ -366,7 +366,6 @@ def getSSLContext( ...@@ -366,7 +366,6 @@ def getSSLContext(
extensions=[ extensions=[
Extension( Extension(
x509.KeyUsage( x509.KeyUsage(
# pylint: disable=bad-whitespace
digital_signature =True, digital_signature =True,
content_commitment=False, content_commitment=False,
key_encipherment =True, key_encipherment =True,
...@@ -376,7 +375,6 @@ def getSSLContext( ...@@ -376,7 +375,6 @@ def getSSLContext(
crl_sign =False, crl_sign =False,
encipher_only =False, encipher_only =False,
decipher_only =False, decipher_only =False,
# pylint: enable=bad-whitespace
), ),
critical=True, critical=True,
), ),
......
...@@ -336,23 +336,19 @@ class CaucaseTest(unittest.TestCase): ...@@ -336,23 +336,19 @@ class CaucaseTest(unittest.TestCase):
self._client_dir = client_dir = os.path.join(data_dir, 'client') self._client_dir = client_dir = os.path.join(data_dir, 'client')
os.mkdir(client_dir) os.mkdir(client_dir)
# pylint: disable=bad-whitespace
self._client_ca_crt = os.path.join(client_dir, 'cas.crt.pem') self._client_ca_crt = os.path.join(client_dir, 'cas.crt.pem')
self._client_ca_dir = os.path.join(client_dir, 'cas_crt') self._client_ca_dir = os.path.join(client_dir, 'cas_crt')
self._client_user_ca_crt = os.path.join(client_dir, 'cau.crt.pem') self._client_user_ca_crt = os.path.join(client_dir, 'cau.crt.pem')
self._client_crl = os.path.join(client_dir, 'cas.crl.pem') self._client_crl = os.path.join(client_dir, 'cas.crl.pem')
self._client_user_crl = os.path.join(client_dir, 'cau.crl.pem') self._client_user_crl = os.path.join(client_dir, 'cau.crl.pem')
# pylint: enable=bad-whitespace
self._server_event = threading.Event() self._server_event = threading.Event()
self._server_dir = server_dir = os.path.join(data_dir, 'server') self._server_dir = server_dir = os.path.join(data_dir, 'server')
os.mkdir(server_dir) os.mkdir(server_dir)
# pylint: disable=bad-whitespace
self._server_db = os.path.join(server_dir, 'caucase.sqlite') self._server_db = os.path.join(server_dir, 'caucase.sqlite')
self._server_key = os.path.join(server_dir, 'server.key.pem') self._server_key = os.path.join(server_dir, 'server.key.pem')
self._server_backup_path = os.path.join(server_dir, 'backup') self._server_backup_path = os.path.join(server_dir, 'backup')
self._server_cors_store = os.path.join(server_dir, 'cors.key') self._server_cors_store = os.path.join(server_dir, 'cors.key')
# pylint: enable=bad-whitespace
# Using a BytesIO for caucased output here, because stdout/stderr do not # Using a BytesIO for caucased output here, because stdout/stderr do not
# necessarily have a known encoding, for example when output is a pipe # necessarily have a known encoding, for example when output is a pipe
# (to a file, ...). caucased must deal with this. # (to a file, ...). caucased must deal with this.
...@@ -447,7 +443,6 @@ class CaucaseTest(unittest.TestCase): ...@@ -447,7 +443,6 @@ class CaucaseTest(unittest.TestCase):
), ),
Extension( Extension(
x509.KeyUsage( x509.KeyUsage(
# pylint: disable=bad-whitespace
digital_signature =False, digital_signature =False,
content_commitment=False, content_commitment=False,
key_encipherment =False, key_encipherment =False,
...@@ -457,7 +452,6 @@ class CaucaseTest(unittest.TestCase): ...@@ -457,7 +452,6 @@ class CaucaseTest(unittest.TestCase):
crl_sign =True, crl_sign =True,
encipher_only =False, encipher_only =False,
decipher_only =False, decipher_only =False,
# pylint: enable=bad-whitespace
), ),
critical=True, # "SHOULD mark this extension critical" critical=True, # "SHOULD mark this extension critical"
), ),
...@@ -499,7 +493,6 @@ class CaucaseTest(unittest.TestCase): ...@@ -499,7 +493,6 @@ class CaucaseTest(unittest.TestCase):
extensions=[ extensions=[
Extension( Extension(
x509.KeyUsage( x509.KeyUsage(
# pylint: disable=bad-whitespace
digital_signature =True, digital_signature =True,
content_commitment=False, content_commitment=False,
key_encipherment =True, key_encipherment =True,
...@@ -509,7 +502,6 @@ class CaucaseTest(unittest.TestCase): ...@@ -509,7 +502,6 @@ class CaucaseTest(unittest.TestCase):
crl_sign =False, crl_sign =False,
encipher_only =False, encipher_only =False,
decipher_only =False, decipher_only =False,
# pylint: enable=bad-whitespace
), ),
critical=True, critical=True,
), ),
...@@ -1305,7 +1297,6 @@ class CaucaseTest(unittest.TestCase): ...@@ -1305,7 +1297,6 @@ class CaucaseTest(unittest.TestCase):
) )
self.assertTrue(extension.critical) self.assertTrue(extension.critical)
requested_key_usage = x509.KeyUsage( requested_key_usage = x509.KeyUsage(
# pylint: disable=bad-whitespace
digital_signature =True, digital_signature =True,
content_commitment=True, content_commitment=True,
key_encipherment =True, key_encipherment =True,
...@@ -1315,10 +1306,8 @@ class CaucaseTest(unittest.TestCase): ...@@ -1315,10 +1306,8 @@ class CaucaseTest(unittest.TestCase):
crl_sign =True, crl_sign =True,
encipher_only =True, encipher_only =True,
decipher_only =False, decipher_only =False,
# pylint: enable=bad-whitespace
) )
expected_key_usage = x509.KeyUsage( expected_key_usage = x509.KeyUsage(
# pylint: disable=bad-whitespace
digital_signature =True, digital_signature =True,
content_commitment=True, content_commitment=True,
key_encipherment =True, key_encipherment =True,
...@@ -1328,7 +1317,6 @@ class CaucaseTest(unittest.TestCase): ...@@ -1328,7 +1317,6 @@ class CaucaseTest(unittest.TestCase):
crl_sign =False, crl_sign =False,
encipher_only =True, encipher_only =True,
decipher_only =False, decipher_only =False,
# pylint: enable=bad-whitespace
) )
requested_extended_usage = x509.ExtendedKeyUsage([ requested_extended_usage = x509.ExtendedKeyUsage([
x509.oid.ExtendedKeyUsageOID.OCSP_SIGNING, x509.oid.ExtendedKeyUsageOID.OCSP_SIGNING,
......
...@@ -349,7 +349,11 @@ def _verifyCertificateChain(cert, trusted_cert_list, crl): ...@@ -349,7 +349,11 @@ def _verifyCertificateChain(cert, trusted_cert_list, crl):
# seems to be a rare implementation of it, so we keep using this module. # seems to be a rare implementation of it, so we keep using this module.
# BUT it MUST NOT be used anywhere outside this function (hence the # BUT it MUST NOT be used anywhere outside this function (hence the
# bad-style local import). Use "cryptography". # bad-style local import). Use "cryptography".
# Also, older pylint (last version suppoting 2.7 ?) does not support
# import-outside-toplevel but does not detect anything wrong here.
# pylint: disable=bad-option-value, import-outside-toplevel
from OpenSSL import crypto from OpenSSL import crypto
# pylint: enable=import-outside-toplevel, bad-option-value
store = crypto.X509Store() store = crypto.X509Store()
assert trusted_cert_list assert trusted_cert_list
for trusted_cert in trusted_cert_list: for trusted_cert in trusted_cert_list:
......
...@@ -36,12 +36,12 @@ import jwt ...@@ -36,12 +36,12 @@ import jwt
from . import utils from . import utils
from . import exceptions from . import exceptions
# pylint: disable=import-error # pylint: disable=import-error,no-name-in-module
if sys.version_info >= (3, ): # pragma: no cover if sys.version_info >= (3, ): # pragma: no cover
from html import escape from html import escape
else: # pragma: no cover else: # pragma: no cover
from cgi import escape from cgi import escape
# pylint: enable=import-error # pylint: enable=import-error,no-name-in-module
__all__ = ('Application', 'CORSTokenManager') __all__ = ('Application', 'CORSTokenManager')
...@@ -172,9 +172,16 @@ class InsufficientStorage(ApplicationError): ...@@ -172,9 +172,16 @@ class InsufficientStorage(ApplicationError):
""" """
No storage slot available (not necessarily out of disk space) No storage slot available (not necessarily out of disk space)
""" """
# httplib lacks the textual description for 507, although it has the # python2.7's httplib lacks the textual description for 507, although it
# constant... # has the constant.
# And modern pylint on python3 complain that
# http.client.INSUFFICIENT_STORAGE, an enum item, is not suitable for %i
# (spoiler: it is suitable).
# Also, older pylint (last version suppoting 2.7 ?) does not support
# bad-string-format-type but does not detect anything wrong here.
# pylint: disable=bad-option-value, bad-string-format-type
status = '%i Insufficient Storage' % (httplib.INSUFFICIENT_STORAGE, ) status = '%i Insufficient Storage' % (httplib.INSUFFICIENT_STORAGE, )
# pylint: enable=bad-string-format-type, bad-option-value
STATUS_OK = _getStatus(httplib.OK) STATUS_OK = _getStatus(httplib.OK)
STATUS_CREATED = _getStatus(httplib.CREATED) STATUS_CREATED = _getStatus(httplib.CREATED)
...@@ -876,10 +883,11 @@ class Application(object): ...@@ -876,10 +883,11 @@ class Application(object):
'application/hal+json', 'application/hal+json',
) )
def getCORSForm(self, context, environ): # pylint: disable=unused-argument def getCORSForm(self, context, environ):
""" """
Handle GET /cors . Handle GET /cors .
""" """
_ = context # Silence pylint
if environ['wsgi.url_scheme'] != 'https': if environ['wsgi.url_scheme'] != 'https':
return ( return (
STATUS_FOUND, STATUS_FOUND,
...@@ -910,10 +918,11 @@ class Application(object): ...@@ -910,10 +918,11 @@ class Application(object):
], ],
) )
def postCORSForm(self, context, environ): # pylint: disable=unused-argument def postCORSForm(self, context, environ):
""" """
Handle POST /cors . Handle POST /cors .
""" """
_ = context # Silence pylint
if environ['wsgi.url_scheme'] != 'https': if environ['wsgi.url_scheme'] != 'https':
raise NotFound raise NotFound
if environ.get('CONTENT_TYPE') != 'application/x-www-form-urlencoded': if environ.get('CONTENT_TYPE') != 'application/x-www-form-urlencoded':
...@@ -1009,41 +1018,31 @@ class Application(object): ...@@ -1009,41 +1018,31 @@ class Application(object):
raise NotFound raise NotFound
return (STATUS_NO_CONTENT, header_list, []) return (STATUS_NO_CONTENT, header_list, [])
def getCACertificate( def getCACertificate(self, context, environ):
self,
context,
environ,
): # pylint: disable=unused-argument
""" """
Handle GET /{context}/crt/ca.crt.pem urls. Handle GET /{context}/crt/ca.crt.pem urls.
""" """
_ = environ # Silence pylint
return self._returnFile( return self._returnFile(
context.getCACertificate(), context.getCACertificate(),
'application/x-x509-ca-cert', 'application/x-x509-ca-cert',
) )
def getCACertificateChain( def getCACertificateChain(self, context, environ):
self,
context,
environ,
): # pylint: disable=unused-argument
""" """
Handle GET /{context}/crt/ca.crt.json urls. Handle GET /{context}/crt/ca.crt.json urls.
""" """
_ = environ # Silence pylint
return self._returnFile( return self._returnFile(
json.dumps(context.getValidCACertificateChain()).encode('utf-8'), json.dumps(context.getValidCACertificateChain()).encode('utf-8'),
'application/json', 'application/json',
) )
def getCertificate( def getCertificate(self, context, environ, subpath):
self,
context,
environ,
subpath,
): # pylint: disable=unused-argument
""" """
Handle GET /{context}/crt/{crt_id} urls. Handle GET /{context}/crt/{crt_id} urls.
""" """
_ = environ # Silence pylint
return self._returnFile( return self._returnFile(
context.getCertificate(self._getCSRID(subpath)), context.getCertificate(self._getCSRID(subpath)),
'application/pkix-cert', 'application/pkix-cert',
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment