Pylint plugin to enforce some secure coding standards for Python.

Related tags

Linters & Style Checkerspythonpylintpylint-plugin
Overview

Pylint Secure Coding Standard Plugin

PyPI - Python Version PyPI version CI Build CodeQL pre-commit.ci status Coverage Status

pylint plugin that enforces some secure coding standards.

Installation

pip install pylint-secure-coding-standard

Pylint codes

Code Description
R8000 Use os.path.realpath() instead of os.path.abspath() and os.path.relpath()
E8001 Avoid using exec() and eval()
E8002 Avoid using os.sytem()
E8003 Avoid using shell=True in subprocess functions or using functions that internally set this
R8004 Avoid using tempfile.mktemp(), prefer tempfile.mkstemp() instead
E8005 Avoid using unsafe PyYAML loading functions
E8006 Avoid using jsonpickle.decode()
C8007 Avoid debug statement in production code
C8008 Avoid assert statements in production code
R8009 Use of builtin open for writing is discouraged in favor of os.open to allow for setting file permissions
E8010 Avoid using os.popen() as it internally uses subprocess.Popen with shell=True
E8011 Use of shlex.quote() should be avoided on non-POSIX platforms
W8012 Avoid using os.open() with unsafe permissions permissions
E8013 Avoid using pickle.load() and pickle.loads()
E8014 Avoid using marshal.load() and marshal.loads()
E8015 Avoid using shelve.open()
W8016 Avoid using os.mkdir and os.makedirs with unsafe file permissions
W8017 Avoid using os.mkfifo with unsafe file permissions
W8018 Avoid using os.mknod with unsafe file permissions
W8019 Avoid using os.chmod with unsafe permissions (W ^ X for group and others)

Plugin configuration options

This plugin supports some configuration options that may either be specified directly on the command line with a flag using the option name as --name or by specifying them in one of pylint's configuration files (ie. pyproject.toml, pylintrc, etc.).

Available options:

Option name Option type Default value Related error code
os-open-mode mode-like 0 (off) W8012
os-mkdir-mode mode-like 0 (off) E8016
os-mkfifo-mode mode-like 0 (off) E8017
os-mknod-mode mode-like 0 (off) E8018

Mode-like options

Mode-like options are configuration options for errors/warnings that relate to some function that accepts a mode parameter (or similar) that control some file or directory permissions. For those kind of options, the plugin understands a variety of values that must be specified as string. They will then be parsed into a list of allowed mode values:

  • Any positive, non-zero (octal or decimal) integer value specifies the maximum value for the mode value
  • A comma-separated list of (octal or decimal) integers indicates the list of allowed mode values
  • 'y', 'yes', 'true' (case-insensitive) will turn on the warnings using the default value of 0o755
  • 'n', 'no', 'false' (case-insensitive) will turn off the warnings

Example of values:

    [tool.pylint.plugins]
    os-open-mode = '0'            # check disabled
    os-open-mode = 'no'           # check disabled
    os-open-mode = '493'          # all modes from 0 to 493 (=0o755)
    os-open-mode = '0o755'        # all modes from 0 to 0o755
    os-open-mode = '0o755,'       # only 0o755 (notice the comma)
    os-open-mode = '0o644,0o755'  # only 0o644 and 0o755

You can also specify those options directly on the command line:

python3 -m pylint --load-plugins=pylint_secure_coding_standard --os-open-mode='0o755'

Pre-commit hook

See pre-commit for instructions

Sample .pre-commit-config.yaml:

  - repo: https://github.com/PyCQA/pylint/
    rev: pylint-2.6.0
    hooks:
    -   id: pylint
        args: [--load-plugins=pylint_secure_coding_standard]
        additional_dependencies: ['pylint-secure-coding-standard']
Comments
  • [RFC] Some additional recommendations

    [RFC] Some additional recommendations

    Hey @Takishima !

    Many thanks for this plugin ; I was about to start working on something similar yesterday, just before I came across yours.

    Please find below some additional recommendations/rules I was thinking about :

    • [x] Avoid using os.popen as well (as it internally uses subprocess.Popen with shell=True) (see #6)
    • [x] If the current platform is Windows, avoid using shlex.quote (see python/cpython#21502). Of course, the development platform could be different from the production one, but it could be a good start (see #7)
    • [x] When using os.open, maybe enforce some additional recommendations on mode attribute :
      1. ~~Encouraging octal format (?)~~
      2. Discouraging setuid, setgid and sticky bit
      3. Discouraging any mode offering W ^ X (at least for group and other)

    EDIT

    • [x] #14
    • [x] #15
    • [x] #9
      • loop.subprocess_shell (asyncio)
      • subprocess.getstatusoutput & subprocess.getoutput

    EDIT 2

    • [x] Avoid using pickle.load & pickle.loads
    • [x] Avoid using marshal.load & marshal.loads
    • [x] Avoid using shelve.open

    Of course, I can contribute (and will if needed), but I wanted first to ask what would you think about that.

    Bye 👋

    opened by HorlogeSkynet 8
  • Bump thomaseizinger/create-pull-request from 1.2.2 to 1.3.0

    Bump thomaseizinger/create-pull-request from 1.2.2 to 1.3.0

    Bumps thomaseizinger/create-pull-request from 1.2.2 to 1.3.0.

    Changelog

    Sourced from thomaseizinger/create-pull-request's changelog.

    1.3.0 - 2022-12-12

    Added

    • Support for adding team reviewers by setting team_reviewers
    • Support for adding assignees by setting assignees

    Changed

    • Execute action using node16 instead of node12 which is now deprecated.

    1.2.0 - 2021-07-26

    Added

    • Support for adding labels by setting labels
    • Check for existing pull request and created action output

    1.1.0 - 2021-06-16

    Added

    • Git hook to make sure we always run yarn build before committing any Typescript changes. This should prevent dist/index.js from getting out of date.
    • Support for setting a proxy using the HTTPS_PROXY environment variable
    • Support for GitHub Enterprise by reading process.env.GITHUB_REPOSITORY

    Fixed

    • action.yml suggested to use github-token as the input where as in reality, we are looking for an input github_token (note the underscore!)

    1.0.0 - 2020-02-15

    Added

    • Initial release!
    Commits
    • e397221 Bump nodejs to 16
    • 321712c Merge pull request #235 from thomaseizinger/dependabot/npm_and_yarn/minimatch...
    • 030f6ac Update changelog
    • 7cc0778 Rebuild action
    • 41ea577 Bump minimatch from 3.0.4 to 3.1.2
    • 335eb12 Merge pull request #223 from thomaseizinger/dependabot/npm_and_yarn/decode-ur...
    • 32a080b Merge pull request #224 from thomaseizinger/dependabot/npm_and_yarn/qs-6.5.3
    • 16cf612 Bump qs from 6.5.2 to 6.5.3
    • 5f467bf Bump decode-uri-component from 0.2.0 to 0.2.2
    • 08c462e Merge pull request #215 from thomaseizinger/dependabot/npm_and_yarn/actions/c...
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • [pre-commit.ci] pre-commit autoupdate

    [pre-commit.ci] pre-commit autoupdate

    opened by pre-commit-ci[bot] 1
  • Release version 1.4.1

    Release version 1.4.1

    Hi @Takishima! This PR was created in response to a manual trigger of the release workflow here: https://github.com/Takishima/pylint-secure-coding-standard/actions/runs/2268422485. I've updated the changelog and bumped the versions in the manifest files in this commit: e31000ab17088b2eb6d394a1922265f002e3f745. Merging this PR will create a GitHub release and upload any assets that are created as part of the release build.

    opened by github-actions[bot] 1
  • Bump github/codeql-action from 1 to 2

    Bump github/codeql-action from 1 to 2

    Bumps github/codeql-action from 1 to 2.

    Changelog

    Sourced from github/codeql-action's changelog.

    2.1.9 - 27 Apr 2022

    • Add working-directory input to the autobuild action. #1024
    • The analyze and upload-sarif actions will now wait up to 2 minutes for processing to complete after they have uploaded the results so they can report any processing errors that occurred. This behavior can be disabled by setting the wait-for-processing action input to "false". #1007
    • Update default CodeQL bundle version to 2.9.0.
    • Fix a bug where status reporting fails on Windows. #1042

    2.1.8 - 08 Apr 2022

    • Update default CodeQL bundle version to 2.8.5. #1014
    • Fix error where the init action would fail due to a GitHub API request that was taking too long to complete #1025

    2.1.7 - 05 Apr 2022

    • A bug where additional queries specified in the workflow file would sometimes not be respected has been fixed. #1018

    2.1.6 - 30 Mar 2022

    • [v2+ only] The CodeQL Action now runs on Node.js v16. #1000
    • Update default CodeQL bundle version to 2.8.4. #990
    • Fix a bug where an invalid commit_oid was being sent to code scanning when a custom checkout path was being used. #956
    Commits
    • 3962f1b Bump glob from 7.1.7 to 8.0.1
    • 9daf1de Update references to release branches
    • bce749b Improve consistency of variable references in Bash
    • fce4a01 Update the major version tag within the release process
    • bac9320 Update description of "Tag release and merge back" workflow
    • b3bf557 Merge branch 'main' into henrymercer/handle-merge-conflicts-in-releases
    • f6312f1 Commit any conflicts during v1 backport to simplify release process
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • [pre-commit.ci] pre-commit autoupdate

    [pre-commit.ci] pre-commit autoupdate

    opened by pre-commit-ci[bot] 1
  • [pre-commit.ci] pre-commit autoupdate

    [pre-commit.ci] pre-commit autoupdate

    opened by pre-commit-ci[bot] 1
  • Bump dangoslen/changelog-enforcer from 2 to 3

    Bump dangoslen/changelog-enforcer from 2 to 3

    Bumps dangoslen/changelog-enforcer from 2 to 3.

    Release notes

    Sourced from dangoslen/changelog-enforcer's releases.

    Changelog Enforcer 3.0.0

    :rocket: The 3.0.0 release of the Changelog Enforcer is here! This release relies soley on the GitHub API instead of local git commands from a cloned repository. This means, for example, that actions/checkout does not need to be run before running the enforcer.

    Fixes

    Dependencies

    • Bumps @vercel/ncc from 0.28.6 to 0.31.1
    • Bumps @actions/core from 1.4.0 to 1.6.0
    • Bumps jest from 27.0.5 to 27.3.1
    • Bumps actions/checkout from 2.3.4 to 2.4.0
    • Bumps uglify-js from 3.13.9 to 3.14.3
    • Bumps eslint from 7.28.0 to 8.2.0

    Changelog Enforcer 2.3.1

    Changed

    • Only runs on pull_request and pull_request_target events. This is to address issue #140

    Changelog Enforcer 2.3.0

    Dependencies

    • Bumps lodash from 4.17.19 to 4.17.21
    • Bumps stefanzweifel/git-auto-commit-action from 4 to 4.11.0
    • Bumps actions/checkout from 2 to 2.3.4
    • Bumps actions/create-release from 1 to 1.1.4
    • Bumps uglify-js from 3.13.3 to 3.13.9
    • Bumps eslint from 7.25.0 to 7.28.0
    • Bumps @vercel/ncc from 0.28.2 to 0.28.6
    • Bumps @actions/github from 4.0.0 to 5.0.0
    • Bumps dangoslen/dependabot-changelog-helper from 0.3.2 to 1
    • Bumps @actions/exec from 1.0.4 to 1.1.0
    • Bumps @actions/core from 1.2.7 to 1.4.0
    • Bumps jest from 26.6.3 to 27.0.5
    • Bumps ws from 7.4.0 to 7.5.3

    Changelog Enforcer 2.2.0

    Internal Changes

    • The pull_request workflow now executes as a pull_request_target workflow to handle incoming pull requests from forked repos.
      • This is needed because Dependabot now works as a forked branch. The reasoning and ways to accomodate are listed in a GitHub Security article
      • The verified label is needed to allow the workflow to execute

    Dependencies

    • Bumps uglify-js from 3.13.2 to 3.13.3
    • Bumps y18n from 4.0.1 to 5.0.8
    • Bumps @vercel/ncc from 0.27.0 to 0.28.2
    • Bumps @actions/core from 1.2.6 to 1.2.7
    • Bumps eslint from 7.23.0 to 7.25.0

    Changelog Enforcer 2.1.0

    Deprecated

    • The input versionPattern is now deprecated. Starting in v3.0.0 the Changelog Enforcer will only work with Keep a Changelog for verifying the latest expected version.

    Dependencies

    • Bumps eslint from 7.21.0 to 7.23.0
    • Bumps uglify-js from 3.13.0 3.13.2

    ... (truncated)

    Changelog

    Sourced from dangoslen/changelog-enforcer's changelog.

    CHANGELOG

    Inspired from Keep a Changelog

    [v3.0.0]

    :rocket: The 3.0.0 release of the Changelog Enforcer is here! This release relies soley on the GitHub API instead of local git commands from a cloned repository. This means, for example, that actions/checkout does not need to be run before running the enforcer.

    Fixes

    Dependencies

    • Bumps @vercel/ncc from 0.28.6 to 0.31.1
    • Bumps @actions/core from 1.4.0 to 1.6.0
    • Bumps jest from 27.0.5 to 27.3.1
    • Bumps actions/checkout from 2.3.4 to 2.4.0
    • Bumps uglify-js from 3.13.9 to 3.14.3
    • Bumps eslint from 7.28.0 to 8.2.0

    [v2.3.1]

    Changed

    • Only runs on pull_request and pull_request_target events. This is to address issue #140

    [v2.3.0]

    Dependencies

    • Bumps lodash from 4.17.19 to 4.17.21
    • Bumps stefanzweifel/git-auto-commit-action from 4 to 4.11.0
    • Bumps actions/checkout from 2 to 2.3.4
    • Bumps actions/create-release from 1 to 1.1.4
    • Bumps uglify-js from 3.13.3 to 3.13.9
    • Bumps eslint from 7.25.0 to 7.28.0
    • Bumps @vercel/ncc from 0.28.2 to 0.28.6
    • Bumps @actions/github from 4.0.0 to 5.0.0
    • Bumps dangoslen/dependabot-changelog-helper from 0.3.2 to 1
    • Bumps @actions/exec from 1.0.4 to 1.1.0
    • Bumps @actions/core from 1.2.7 to 1.4.0
    • Bumps jest from 26.6.3 to 27.0.5
    • Bumps ws from 7.4.0 to 7.5.3

    [v2.2.0]

    Changed

    • The pull_request workflow now executes as a pull_request_target workflow to handle incoming pull requests from forked repos.
      • This is needed because Dependabot now works as a forked branch. The reasoning and ways to accommodate are listed in a GitHub Security article
      • The verified label is needed to allow the workflow to execute

    Dependencies

    • Bumps uglify-js from 3.13.2 to 3.13.3
    • Bumps y18n from 4.0.1 to 5.0.8
    • Bumps @vercel/ncc from 0.27.0 to 0.28.2
    • Bumps @actions/core from 1.2.6 to 1.2.7
    • Bumps eslint from 7.23.0 to 7.25.0
    • Bumps hosted-git-info from 2.8.8 to 2.8.9

    [v2.1.0]

    Deprecated

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump thomaseizinger/create-pull-request from 1.2.1 to 1.2.2

    Bump thomaseizinger/create-pull-request from 1.2.1 to 1.2.2

    Bumps thomaseizinger/create-pull-request from 1.2.1 to 1.2.2.

    Commits
    • ed928d9 Merge pull request #174 from uluzox/master
    • c12554b add input 'repository'
    • 843eecc Merge pull request #164 from thomaseizinger/dependabot/npm_and_yarn/tar-4.4.19
    • 96bcc57 Bump tar from 4.4.15 to 4.4.19
    • 330dc75 Merge pull request #157 from thomaseizinger/dependabot/npm_and_yarn/path-pars...
    • 6e35354 Bump path-parse from 1.0.6 to 1.0.7
    • 133e95e Merge pull request #151 from thomaseizinger/dependabot/npm_and_yarn/node-fetc...
    • 900803c Bump node-fetch from 2.6.0 to 2.6.1
    • 56ebc60 Merge pull request #145 from thomaseizinger/remove-eslint
    • 4a98166 Run build script
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump thomaseizinger/keep-a-changelog-new-release from 1.2.1 to 1.3.0

    Bump thomaseizinger/keep-a-changelog-new-release from 1.2.1 to 1.3.0

    Bumps thomaseizinger/keep-a-changelog-new-release from 1.2.1 to 1.3.0.

    Release notes

    Sourced from thomaseizinger/keep-a-changelog-new-release's releases.

    1.3.0

    Added

    • New optional tag argument allowing v-prefixed versions

    Changed

    • The version argument is no longer required

    Deprecated

    • The version argument will be replaced in favor of the tag argument
    Changelog

    Sourced from thomaseizinger/keep-a-changelog-new-release's changelog.

    [1.3.0] - 2021-10-12

    Added

    • New optional tag argument allowing v-prefixed versions

    Changed

    • The version argument is no longer required

    Deprecated

    • The version argument will be replaced in favor of the tag argument
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump thomaseizinger/create-pull-request from 1.2.0 to 1.2.1

    Bump thomaseizinger/create-pull-request from 1.2.0 to 1.2.1

    Bumps thomaseizinger/create-pull-request from 1.2.0 to 1.2.1.

    Changelog

    Sourced from thomaseizinger/create-pull-request's changelog.

    Changelog

    All notable changes to this project will be documented in this file.

    The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

    [Unreleased]

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • [pre-commit.ci] pre-commit autoupdate

    [pre-commit.ci] pre-commit autoupdate

    opened by pre-commit-ci[bot] 1
Releases(v1.4.1)
Owner
Nguyen Damien
Quantum Algorithm/Software Researcher and Engineer
Nguyen Damien
GitHub Repository
Flake8 plugin for managing type-checking imports & forward references

flake8-type-checking Lets you know which imports to put in type-checking blocks. For the imports you've already defined inside type-checking blocks, i

snok 67 Dec 16, 2022
A framework for detecting, highlighting and correcting grammatical errors on natural language text.

Gramformer Human and machine generated text often suffer from grammatical and/or typographical errors. It can be spelling, punctuation, grammatical or

Prithivida 1.3k Jan 08, 2023
Reference implementation of sentinels for the Python stdlib

Sentinels This is a reference implementation of a utility for the definition of sentinel values in Python. This also includes a draft PEP for the incl

Tal Einat 22 Aug 27, 2022
Pylint plugin for improving code analysis for when using Django

pylint-django About pylint-django is a Pylint plugin for improving code analysis when analysing code using Django. It is also used by the Prospector t

Python Code Quality Authority 544 Jan 06, 2023
🦆 Better duck-typing with mypy-compatible extensions to Protocol

🦆 Quacks If it walks like a duck and it quacks like a duck, then it must be a duck Thanks to PEP544, Python now has protocols: a way to define duck t

Arie Bovenberg 9 Nov 14, 2022
An open-source, mini imitation of GitHub Copilot for Emacs.

Second Mate An open-source, mini imitation of GitHub Copilot using EleutherAI GPT-Neo-2.7B (via Huggingface Model Hub) for Emacs. This is a much small

Sam Rawal 238 Dec 27, 2022
Custom Python linting through AST expressions

bellybutton bellybutton is a customizable, easy-to-configure linting engine for Python. What is this good for? Tools like pylint and flake8 provide, o

H. Chase Stevens 249 Dec 31, 2022
An enhanced version of the Python typing library.

typingplus An enhanced version of the Python typing library that always uses the latest version of typing available, regardless of which version of Py

Contains 6 Mar 26, 2021
Flake8 extension to provide force-check option

flake8-force Flake8 extension to provide force-check option. When this option is enabled, flake8 performs all checks even if the target file cannot be

Kenichi Maehashi 9 Oct 29, 2022
PEP-484 typing stubs for SQLAlchemy 1.4 and SQLAlchemy 2.0

SQLAlchemy 2 Stubs These are PEP-484 typing stubs for SQLAlchemy 1.4 and 2.0. They are released concurrently along with a Mypy extension which is desi

SQLAlchemy 139 Dec 30, 2022
A plugin for Flake8 finding likely bugs and design problems in your program. Contains warnings that don't belong in pyflakes and pycodestyle.

flake8-bugbear A plugin for Flake8 finding likely bugs and design problems in your program. Contains warnings that don't belong in pyflakes and pycode

Python Code Quality Authority 869 Dec 30, 2022
❄️ A flake8 plugin to help you write better list/set/dict comprehensions.

flake8-comprehensions A flake8 plugin that helps you write better list/set/dict comprehensions. Requirements Python 3.6 to 3.9 supported. Installation

Adam Johnson 398 Dec 23, 2022
A simple program which checks Python source files for errors

Pyflakes A simple program which checks Python source files for errors. Pyflakes analyzes programs and detects various errors. It works by parsing the

Python Code Quality Authority 1.2k Dec 30, 2022
Pyright extension for coc.nvim

coc-pyright Pyright extension for coc.nvim Install :CocInstall coc-pyright Note: Pyright may not work as expected if can't detect project root correct

Heyward Fann 1.1k Jan 02, 2023
Check for python builtins being used as variables or parameters

Flake8 Builtins plugin Check for python builtins being used as variables or parameters. Imagine some code like this: def max_values(list, list2):

Gil Forcada Codinachs 98 Jan 08, 2023
Utilities for refactoring imports in python-like syntax.

aspy.refactor_imports Utilities for refactoring imports in python-like syntax. Installation pip install aspy.refactor_imports Examples aspy.refactor_i

Anthony Sottile 20 Nov 01, 2022
Run isort, pyupgrade, mypy, pylint, flake8, and more on Jupyter Notebooks

Run isort, pyupgrade, mypy, pylint, flake8, mdformat, black, blacken-docs, and more on Jupyter Notebooks ✅ handles IPython magics robustly ✅ respects

663 Jan 08, 2023
docstring style checker

pydocstyle - docstring style checker pydocstyle is a static analysis tool for checking compliance with Python docstring conventions. pydocstyle suppor

Python Code Quality Authority 982 Jan 03, 2023
Code audit tool for python.

Pylama Code audit tool for Python and JavaScript. Pylama wraps these tools: pycodestyle (formerly pep8) © 2012-2013, Florent Xicluna; pydocstyle (form

Kirill Klenov 967 Jan 07, 2023
Unbearably fast O(1) runtime type-checking in pure Python.

Look for the bare necessities, the simple bare necessities. Forget about your worries and your strife. — The Jungle Book.

beartype 1.4k Jan 01, 2023