Commit d14f0222 authored by Vincent Pelletier's avatar Vincent Pelletier

all: Make modern pylint happier.

python2.7 with pylint 1.9.5
python3.9 with pylint 2.6.0
Also, reduce the script of unused argument silencing.
parent e8fa4135
......@@ -7,14 +7,19 @@ max-nested-blocks=6
max-module-lines=1500
[MESSAGES CONTROL]
disable=C0103,C0330,R0903,R0914,R0912,R0915,R0902
# C0103 "Invalid name "%s" (should match %s)"
# C0330 bad-continuation
# R0903 too-few-public-methods
# R0914 too-many-locals
# R0912 too-many-branches
# R0915 too-many-statements
# R0902 too-many-instance-attributes
disable=
invalid-name,
bad-continuation,
bad-whitespace,
too-few-public-methods,
too-many-locals,
too-many-branches,
too-many-statements,
too-many-instance-attributes,
useless-object-inheritance,
unnecessary-pass,
raise-missing-from,
super-with-arguments
[FORMAT]
indent-string=" "
......@@ -48,7 +48,6 @@ _AUTO_SIGNED_NO = 0
_AUTO_SIGNED_YES = 1
_AUTO_SIGNED_PASSTHROUGH = 2
_SUBJECT_OID_DICT = {
# pylint: disable=bad-whitespace
'C' : x509.oid.NameOID.COUNTRY_NAME,
'O' : x509.oid.NameOID.ORGANIZATION_NAME,
'OU': x509.oid.NameOID.ORGANIZATIONAL_UNIT_NAME,
......@@ -57,7 +56,6 @@ _SUBJECT_OID_DICT = {
'L' : x509.oid.NameOID.LOCALITY_NAME,
'SN': x509.oid.NameOID.SURNAME,
'GN': x509.oid.NameOID.GIVEN_NAME,
# pylint: enable=bad-whitespace
}
_BACKUP_MAGIC = b'caucase\0'
_CONFIG_NAME_AUTO_SIGN_CSR_AMOUNT = 'auto_sign_csr_amount'
......@@ -203,7 +201,6 @@ class CertificateAuthority(object):
digest = self._digest_list[0]
ca_key_pair_list = []
ca_certificate_chain = []
previous_crt = None
previous_crt_pem = None
previous_key = None
for pem_key_pair in self._storage.getCAKeyPairList():
......@@ -212,10 +209,9 @@ class CertificateAuthority(object):
pem_key_pair['key_pem'],
)
crt_pem = pem_key_pair['crt_pem']
crt = utils.load_ca_certificate(pem_key_pair['crt_pem'])
key = utils.load_privatekey(pem_key_pair['key_pem'])
ca_key_pair_list.append({
'crt': crt,
'crt': utils.load_ca_certificate(pem_key_pair['crt_pem']),
'key': key,
})
if previous_key is not None:
......@@ -227,7 +223,6 @@ class CertificateAuthority(object):
previous_key,
digest,
))
previous_crt = crt
previous_crt_pem = crt_pem
previous_key = key
self._ca_key_pairs_list = ca_key_pair_list
......@@ -384,7 +379,6 @@ class CertificateAuthority(object):
encipher_only = decipher_only = False
builder = builder.add_extension(
x509.KeyUsage(
# pylint: disable=bad-whitespace
digital_signature =key_usage.digital_signature,
content_commitment=key_usage.content_commitment,
key_encipherment =key_usage.key_encipherment,
......@@ -394,7 +388,6 @@ class CertificateAuthority(object):
crl_sign =False,
encipher_only =encipher_only,
decipher_only =decipher_only,
# pylint: enable=bad-whitespace
),
# "SHOULD mark this extension critical"
critical=key_usage_extension.critical,
......@@ -532,7 +525,6 @@ class CertificateAuthority(object):
),
Extension(
x509.KeyUsage(
# pylint: disable=bad-whitespace
digital_signature =False,
content_commitment=False,
key_encipherment =False,
......@@ -542,7 +534,6 @@ class CertificateAuthority(object):
crl_sign =True,
encipher_only =False,
decipher_only =False,
# pylint: enable=bad-whitespace
),
critical=True, # "SHOULD mark this extension critical"
),
......
......@@ -366,7 +366,6 @@ def getSSLContext(
extensions=[
Extension(
x509.KeyUsage(
# pylint: disable=bad-whitespace
digital_signature =True,
content_commitment=False,
key_encipherment =True,
......@@ -376,7 +375,6 @@ def getSSLContext(
crl_sign =False,
encipher_only =False,
decipher_only =False,
# pylint: enable=bad-whitespace
),
critical=True,
),
......
......@@ -336,23 +336,19 @@ class CaucaseTest(unittest.TestCase):
self._client_dir = client_dir = os.path.join(data_dir, 'client')
os.mkdir(client_dir)
# pylint: disable=bad-whitespace
self._client_ca_crt = os.path.join(client_dir, 'cas.crt.pem')
self._client_ca_dir = os.path.join(client_dir, 'cas_crt')
self._client_user_ca_crt = os.path.join(client_dir, 'cau.crt.pem')
self._client_crl = os.path.join(client_dir, 'cas.crl.pem')
self._client_user_crl = os.path.join(client_dir, 'cau.crl.pem')
# pylint: enable=bad-whitespace
self._server_event = threading.Event()
self._server_dir = server_dir = os.path.join(data_dir, 'server')
os.mkdir(server_dir)
# pylint: disable=bad-whitespace
self._server_db = os.path.join(server_dir, 'caucase.sqlite')
self._server_key = os.path.join(server_dir, 'server.key.pem')
self._server_backup_path = os.path.join(server_dir, 'backup')
self._server_cors_store = os.path.join(server_dir, 'cors.key')
# pylint: enable=bad-whitespace
# Using a BytesIO for caucased output here, because stdout/stderr do not
# necessarily have a known encoding, for example when output is a pipe
# (to a file, ...). caucased must deal with this.
......@@ -447,7 +443,6 @@ class CaucaseTest(unittest.TestCase):
),
Extension(
x509.KeyUsage(
# pylint: disable=bad-whitespace
digital_signature =False,
content_commitment=False,
key_encipherment =False,
......@@ -457,7 +452,6 @@ class CaucaseTest(unittest.TestCase):
crl_sign =True,
encipher_only =False,
decipher_only =False,
# pylint: enable=bad-whitespace
),
critical=True, # "SHOULD mark this extension critical"
),
......@@ -499,7 +493,6 @@ class CaucaseTest(unittest.TestCase):
extensions=[
Extension(
x509.KeyUsage(
# pylint: disable=bad-whitespace
digital_signature =True,
content_commitment=False,
key_encipherment =True,
......@@ -509,7 +502,6 @@ class CaucaseTest(unittest.TestCase):
crl_sign =False,
encipher_only =False,
decipher_only =False,
# pylint: enable=bad-whitespace
),
critical=True,
),
......@@ -1305,7 +1297,6 @@ class CaucaseTest(unittest.TestCase):
)
self.assertTrue(extension.critical)
requested_key_usage = x509.KeyUsage(
# pylint: disable=bad-whitespace
digital_signature =True,
content_commitment=True,
key_encipherment =True,
......@@ -1315,10 +1306,8 @@ class CaucaseTest(unittest.TestCase):
crl_sign =True,
encipher_only =True,
decipher_only =False,
# pylint: enable=bad-whitespace
)
expected_key_usage = x509.KeyUsage(
# pylint: disable=bad-whitespace
digital_signature =True,
content_commitment=True,
key_encipherment =True,
......@@ -1328,7 +1317,6 @@ class CaucaseTest(unittest.TestCase):
crl_sign =False,
encipher_only =True,
decipher_only =False,
# pylint: enable=bad-whitespace
)
requested_extended_usage = x509.ExtendedKeyUsage([
x509.oid.ExtendedKeyUsageOID.OCSP_SIGNING,
......
......@@ -349,7 +349,11 @@ def _verifyCertificateChain(cert, trusted_cert_list, crl):
# seems to be a rare implementation of it, so we keep using this module.
# BUT it MUST NOT be used anywhere outside this function (hence the
# bad-style local import). Use "cryptography".
# Also, older pylint (last version suppoting 2.7 ?) does not support
# import-outside-toplevel but does not detect anything wrong here.
# pylint: disable=bad-option-value, import-outside-toplevel
from OpenSSL import crypto
# pylint: enable=import-outside-toplevel, bad-option-value
store = crypto.X509Store()
assert trusted_cert_list
for trusted_cert in trusted_cert_list:
......
......@@ -36,12 +36,12 @@ import jwt
from . import utils
from . import exceptions
# pylint: disable=import-error
# pylint: disable=import-error,no-name-in-module
if sys.version_info >= (3, ): # pragma: no cover
from html import escape
else: # pragma: no cover
from cgi import escape
# pylint: enable=import-error
# pylint: enable=import-error,no-name-in-module
__all__ = ('Application', 'CORSTokenManager')
......@@ -172,9 +172,16 @@ class InsufficientStorage(ApplicationError):
"""
No storage slot available (not necessarily out of disk space)
"""
# httplib lacks the textual description for 507, although it has the
# constant...
# python2.7's httplib lacks the textual description for 507, although it
# has the constant.
# And modern pylint on python3 complain that
# http.client.INSUFFICIENT_STORAGE, an enum item, is not suitable for %i
# (spoiler: it is suitable).
# Also, older pylint (last version suppoting 2.7 ?) does not support
# bad-string-format-type but does not detect anything wrong here.
# pylint: disable=bad-option-value, bad-string-format-type
status = '%i Insufficient Storage' % (httplib.INSUFFICIENT_STORAGE, )
# pylint: enable=bad-string-format-type, bad-option-value
STATUS_OK = _getStatus(httplib.OK)
STATUS_CREATED = _getStatus(httplib.CREATED)
......@@ -876,10 +883,11 @@ class Application(object):
'application/hal+json',
)
def getCORSForm(self, context, environ): # pylint: disable=unused-argument
def getCORSForm(self, context, environ):
"""
Handle GET /cors .
"""
_ = context # Silence pylint
if environ['wsgi.url_scheme'] != 'https':
return (
STATUS_FOUND,
......@@ -910,10 +918,11 @@ class Application(object):
],
)
def postCORSForm(self, context, environ): # pylint: disable=unused-argument
def postCORSForm(self, context, environ):
"""
Handle POST /cors .
"""
_ = context # Silence pylint
if environ['wsgi.url_scheme'] != 'https':
raise NotFound
if environ.get('CONTENT_TYPE') != 'application/x-www-form-urlencoded':
......@@ -1009,41 +1018,31 @@ class Application(object):
raise NotFound
return (STATUS_NO_CONTENT, header_list, [])
def getCACertificate(
self,
context,
environ,
): # pylint: disable=unused-argument
def getCACertificate(self, context, environ):
"""
Handle GET /{context}/crt/ca.crt.pem urls.
"""
_ = environ # Silence pylint
return self._returnFile(
context.getCACertificate(),
'application/x-x509-ca-cert',
)
def getCACertificateChain(
self,
context,
environ,
): # pylint: disable=unused-argument
def getCACertificateChain(self, context, environ):
"""
Handle GET /{context}/crt/ca.crt.json urls.
"""
_ = environ # Silence pylint
return self._returnFile(
json.dumps(context.getValidCACertificateChain()).encode('utf-8'),
'application/json',
)
def getCertificate(
self,
context,
environ,
subpath,
): # pylint: disable=unused-argument
def getCertificate(self, context, environ, subpath):
"""
Handle GET /{context}/crt/{crt_id} urls.
"""
_ = environ # Silence pylint
return self._returnFile(
context.getCertificate(self._getCSRID(subpath)),
'application/pkix-cert',
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment