Skip to content

[ruff] Add implementation for flake8-markupsafe via RUF035#14224

Merged
MichaReiser merged 11 commits intoastral-sh:mainfrom
Daverball:feat/flake8-markupsafe
Nov 11, 2024
Merged

[ruff] Add implementation for flake8-markupsafe via RUF035#14224
MichaReiser merged 11 commits intoastral-sh:mainfrom
Daverball:feat/flake8-markupsafe

Conversation

@Daverball
Copy link
Copy Markdown
Contributor

@Daverball Daverball commented Nov 9, 2024

Closes #14124

Summary

This adds an implementation for flake8-markupsafe, minus the questionable exception for i18n and mako support, but with the ability to specify further aliases/subclasses/functionally equivalent for markupsafe.Markup. By default flask.Markup is also detected as a commonly used alias.

Test Plan

cargo nextest run

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Nov 9, 2024
edited
Loading

ruff-ecosystem results

Linter (stable)

✅ ecosystem check detected no linter changes.

Linter (preview)

ℹ️ ecosystem check detected linter changes. (+51 -0 violations, +0 -0 fixes in 4 projects; 50 projects unchanged)

apache/airflow (+17 -0 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --output-format concise --preview --select ALL

+ airflow/www/app.py:94:25: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:383:12: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:579:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:587:20: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:596:20: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:600:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:611:15: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:614:15: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:624:12: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/utils.py:923:24: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/views.py:1079:21: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/views.py:1098:24: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/views.py:4337:20: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/views.py:4341:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/views.py:4523:20: RUF035 Unsafe use of `markupsafe.Markup` detected
+ airflow/www/widgets.py:50:16: RUF035 Unsafe use of `markupsafe.Markup` detected
... 1 additional changes omitted for project

apache/superset (+8 -0 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --output-format concise --preview --select ALL

+ superset/connectors/sqla/models.py:1305:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ superset/models/dashboard.py:225:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ superset/models/helpers.py:533:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ superset/models/helpers.py:562:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ superset/models/slice.py:335:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ superset/models/sql_lab.py:445:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ superset/utils/core.py:483:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ superset/views/database/mixins.py:249:17: RUF035 Unsafe use of `markupsafe.Markup` detected

zulip/zulip (+1 -0 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --output-format concise --preview --select ALL

+ zerver/views/documentation.py:291:35: RUF035 Unsafe use of `markupsafe.Markup` detected

indico/indico (+25 -0 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --output-format concise --preview

+ indico/modules/admin/notices.py:93:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/auth/controllers.py:351:15: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/bootstrap/controllers.py:77:15: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/bootstrap/controllers.py:98:19: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/events/agreements/placeholders.py:31:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/events/controllers/creation.py:151:27: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/events/models/events.py:818:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/events/persons/placeholders.py:71:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/events/registration/placeholders/invitations.py:50:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/events/surveys/placeholders.py:32:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/legal/forms.py:47:80: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/modules/users/controllers.py:124:31: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/util/placeholders.py:246:12: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/flask/app.py:238:39: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/flask/app.py:251:49: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/flask/templating.py:214:21: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/flask/templating.py:39:12: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/forms/fields/protection.py:49:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/forms/widgets.py:101:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/forms/widgets.py:37:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/forms/widgets.py:47:16: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/menu.py:180:12: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/util.py:33:26: RUF035 Unsafe use of `markupsafe.Markup` detected
+ indico/web/util.py:360:23: RUF035 Unsafe use of `markupsafe.Markup` detected
... 1 additional changes omitted for project

Changes by rule (1 rules affected)

code total + violation - violation + fix - fix
RUF035 51 51 0 0 0

@Daverball Daverball marked this pull request as ready for review November 9, 2024 13:01
@sbrugman
Copy link
Copy Markdown
Contributor

sbrugman commented Nov 9, 2024

Nice contribution, thanks!

@Daverball
Adds a fast path for default configurations.
3906008 
Lifts fast check out of slow path.
Adds additional test cases.
Mentions i18n deviation in docstring.
@MichaReiser MichaReiser added rule Implementing or modifying a lint rule preview Related to preview mode features labels Nov 11, 2024
MichaReiser
MichaReiser approved these changes Nov 11, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@MichaReiser MichaReiser left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me. Thank you. The only change I would make is that I don't think it's worth introducing a new rule group for a single rule.

I'd also like to hear @AlexWaygood's opinion on the rule itself.

Daverball and others added 2 commits November 11, 2024 12:19
AlexWaygood
AlexWaygood reviewed Nov 11, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@AlexWaygood AlexWaygood left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've never used markupsafe but it makes sense to me that this would be an important security consideration. I think it's good for linters to catch this.

Long-term, we should be able to improve the accuracy of rules like this when we switch to using red-knot as a backend (the LiteralString type is explicitly designed for this use case). But I don't think that should stop us from implementing this rule now!

@Daverball Daverball changed the title [flake8-markupsafe] Adds Implementation for MS001 [flake8-markupsafe] Adds Implementation for MS001 via RUF035 Nov 11, 2024
MichaReiser
MichaReiser approved these changes Nov 11, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@MichaReiser MichaReiser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@MichaReiser MichaReiser merged commit f82ee8e into astral-sh:main Nov 11, 2024
@Daverball Daverball deleted the feat/flake8-markupsafe branch November 11, 2024 18:55
@dhruvmanila dhruvmanila changed the title [flake8-markupsafe] Adds Implementation for MS001 via RUF035 [flake8-markupsafe] Add implementation for MS001 via RUF035 Nov 15, 2024
@dhruvmanila dhruvmanila changed the title [flake8-markupsafe] Add implementation for MS001 via RUF035 [ruff] Add implementation for flake8-markupsafe via RUF035 Nov 15, 2024
@BrewTestBot BrewTestBot mentioned this pull request Nov 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AlexWaygood AlexWaygood AlexWaygood left review comments

@MichaReiser MichaReiser MichaReiser approved these changes

+1 more reviewer

@sbrugman sbrugman sbrugman left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

preview Related to preview mode features rule Implementing or modifying a lint rule

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add flake8-markupsafe or broaden S308

4 participants

@Daverball @sbrugman @MichaReiser @AlexWaygood