Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[flake8-bandit] Mark str and list[str] literals as trusted input (S603) #17136

Merged
merged 4 commits into from
Apr 2, 2025
Merged

[flake8-bandit] Mark str and list[str] literals as trusted input (S603) #17136

merged 4 commits into from
Apr 2, 2025

Conversation

trag1c
Copy link
Contributor

@trag1c trag1c commented Apr 1, 2025
edited
Loading

Summary

Closes #17112. Allows passing in string and list-of-strings literals into subprocess.run (and related) calls without marking them as untrusted input:

import subprocess

subprocess.run("true")

# "instant" named expressions are also allowed
subprocess.run(c := "ls")

Test Plan

Added test cases covering new behavior, passed with cargo nextest run.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 1, 2025
edited
Loading

ruff-ecosystem results

Linter (stable)

✅ ecosystem check detected no linter changes.

Linter (preview)

ℹ️ ecosystem check detected linter changes. (+4 -78 violations, +0 -0 fixes in 5 projects; 50 projects unchanged)

apache/airflow (+0 -59 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --no-fix --output-format concise --preview --select ALL

- airflow-core/src/airflow/cli/commands/dag_command.py:269:14: S603 `subprocess` call: check for execution of untrusted input
- airflow-core/tests/unit/utils/test_process_utils.py:146:30: S603 `subprocess` call: check for execution of untrusted input
- airflow-core/tests/unit/utils/test_process_utils.py:152:23: S603 `subprocess` call: check for execution of untrusted input
- airflow-core/tests/unit/utils/test_process_utils.py:157:23: S603 `subprocess` call: check for execution of untrusted input
- airflow-core/tests/unit/utils/test_process_utils.py:165:25: S603 `subprocess` call: check for execution of untrusted input
- airflow-core/tests/unit/utils/test_process_utils.py:173:25: S603 `subprocess` call: check for execution of untrusted input
- dev/breeze/src/airflow_breeze/commands/main_command.py:138:26: S603 `subprocess` call: check for execution of untrusted input
- dev/breeze/src/airflow_breeze/commands/main_command.py:184:27: S603 `subprocess` call: check for execution of untrusted input
- dev/breeze/src/airflow_breeze/commands/setup_commands.py:151:13: S603 `subprocess` call: check for execution of untrusted input
- dev/breeze/src/airflow_breeze/commands/setup_commands.py:153:17: S603 `subprocess` call: check for execution of untrusted input
- dev/breeze/src/airflow_breeze/utils/reinstall.py:43:21: S603 `subprocess` call: check for execution of untrusted input
- dev/breeze/src/airflow_breeze/utils/reinstall.py:50:23: S603 `subprocess` call: check for execution of untrusted input
- kubernetes-tests/tests/kubernetes_tests/test_base.py:124:19: S603 `subprocess` call: check for execution of untrusted input
- kubernetes-tests/tests/kubernetes_tests/test_base.py:239:21: S603 `subprocess` call: check for execution of untrusted input
- providers/google/tests/unit/google/cloud/log/test_gcs_task_handler_system.py:78:20: S603 `subprocess` call: check for execution of untrusted input
- providers/google/tests/unit/google/cloud/log/test_gcs_task_handler_system.py:79:20: S603 `subprocess` call: check for execution of untrusted input
- providers/google/tests/unit/google/cloud/log/test_stackdriver_task_handler_system.py:67:20: S603 `subprocess` call: check for execution of untrusted input
- providers/google/tests/unit/google/cloud/log/test_stackdriver_task_handler_system.py:68:20: S603 `subprocess` call: check for execution of untrusted input
- providers/google/tests/unit/google/cloud/log/test_stackdriver_task_handler_system.py:83:20: S603 `subprocess` call: check for execution of untrusted input
- providers/google/tests/unit/google/cloud/log/test_stackdriver_task_handler_system.py:84:20: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/breeze_cmd_line.py:63:14: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/breeze_cmd_line.py:79:11: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/breeze_cmd_line.py:88:7: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/check_kubeconform.py:30:13: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/check_kubeconform.py:43:10: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/check_min_python_version.py:34:9: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_fab_assets.py:76:18: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_fab_assets.py:88:5: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_lint_ui.py:35:5: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_lint_ui.py:36:5: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_lint_ui.py:39:5: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_lint_ui.py:40:5: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_lint_ui.py:41:5: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_lint_ui.py:44:5: S603 `subprocess` call: check for execution of untrusted input
- scripts/ci/pre_commit/compile_lint_ui.py:46:5: S603 `subprocess` call: check for execution of untrusted input
... 24 additional changes omitted for project

apache/superset (+3 -1 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --no-fix --output-format concise --preview --select ALL

+ scripts/change_detector.py:103:5: DOC501 Raised exception `ValueError` missing from docstring
- scripts/change_detector.py:103:5: DOC501 Raised exception `ValueError` missing from docstring
+ scripts/change_detector.py:142:65: RUF100 [*] Unused `noqa` directive (unused: `S603`)
+ setup.py:33:73: RUF100 [*] Unused `noqa` directive (unused: `S603`)

bokeh/bokeh (+0 -8 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --no-fix --output-format concise --preview --select ALL

- examples/output/apis/server_document/flask_server.py:45:17: S603 `subprocess` call: check for execution of untrusted input
- scripts/hooks/protect_branches.py:10:22: S603 `subprocess` call: check for execution of untrusted input
- setup.py:52:16: S603 `subprocess` call: check for execution of untrusted input
- tests/codebase/test_code_quality.py:118:13: S603 `subprocess` call: check for execution of untrusted input
- tests/codebase/test_eslint.py:37:12: S603 `subprocess` call: check for execution of untrusted input
- tests/codebase/test_no_request_host.py:50:13: S603 `subprocess` call: check for execution of untrusted input
- tests/codebase/test_ruff.py:33:12: S603 `subprocess` call: check for execution of untrusted input
- tests/test_bokehjs.py:34:16: S603 `subprocess` call: check for execution of untrusted input

rotki/rotki (+1 -0 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --no-fix --output-format concise --preview

+ rotkehlchen/tests/unit/test_search.py:60:40: RUF100 [*] Unused `noqa` directive (unused: `S603`)

zulip/zulip (+0 -10 violations, +0 -0 fixes) 

ruff check --no-cache --exit-zero --ignore RUF9 --no-fix --output-format concise --preview --select ALL

- scripts/lib/check_rabbitmq_queue.py:146:26: S603 `subprocess` call: check for execution of untrusted input
- scripts/lib/puppet_cache.py:25:30: S603 `subprocess` call: check for execution of untrusted input
- tools/lib/provision.py:271:16: S603 `subprocess` call: check for execution of untrusted input
- tools/lib/provision_inner.py:109:14: S603 `subprocess` call: check for execution of untrusted input
- tools/lib/test_script.py:125:5: S603 `subprocess` call: check for execution of untrusted input
- zerver/data_import/mattermost.py:443:19: S603 `subprocess` call: check for execution of untrusted input
- zerver/lib/test_fixtures.py:344:5: S603 `subprocess` call: check for execution of untrusted input
- zerver/logging_handlers.py:8:16: S603 `subprocess` call: check for execution of untrusted input
- zerver/management/commands/compilemessages.py:76:18: S603 `subprocess` call: check for execution of untrusted input
- zerver/management/commands/makemessages.py:207:21: S603 `subprocess` call: check for execution of untrusted input

Changes by rule (3 rules affected)

code total + violation - violation + fix - fix
S603 77 0 77 0 0
RUF100 3 3 0 0 0
DOC501 2 1 1 0 0

@MichaReiser MichaReiser requested a review from ntBre April 2, 2025 07:50
@MichaReiser
Copy link
Member

We may want to make this a preview only change, as it changes the rule's scope significantly (as seen by the ecosystem checks)

@MichaReiser MichaReiser added the rule Implementing or modifying a lint rule label Apr 2, 2025
ntBre
ntBre approved these changes Apr 2, 2025
View reviewed changes
Copy link
Contributor

@ntBre ntBre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! This looks good to me besides a few minor comments and gating this behind preview, like Micha said. I think you just need something like if !is_trusted_input(arg) || checker.preview.is_disabled() { ... } because the match case is otherwise the same as before right?

@trag1c
Copy link
Contributor Author

trag1c commented Apr 2, 2025
edited
Loading

because the match case is otherwise the same as before right?

Yep, I simplified that a bit from Some(true) => S604, Some(false) => S603, None => S603 to Some(true) => S604, _ => S603 to deduplicate the identical arms 🙂

also TIL cmd+enter makes you post the comment 🤦

@trag1c trag1c requested a review from ntBre April 2, 2025 14:14
ntBre
ntBre approved these changes Apr 2, 2025
View reviewed changes
Copy link
Contributor

@ntBre ntBre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great, thanks! I also went through the ecosystem check, and everything looks good to me. Even the new RUF100 lints are true because the S603 noqa comments are no longer needed in a few places!

@ntBre ntBre added the preview Related to preview mode features label Apr 2, 2025
@ntBre ntBre merged commit c2512b4 into astral-sh:main Apr 2, 2025
22 checks passed
@trag1c trag1c deleted the s603-safe-literal branch April 2, 2025 15:25
dcreager added a commit that referenced this pull request Apr 3, 2025
@dcreager
Merge remote-tracking branch 'origin/main' into dcreager/typevar-type
1d6a917 
* origin/main: (35 commits)
  [red-knot] Callable types are disjoint from literals (#17160)
  [red-knot] Fix inference for `pow` between two literal integers (#17161)
  [red-knot] Add GitHub PR annotations when mdtests fail in CI (#17150)
  [red-knot] Fix equivalence of differently ordered unions that contain `Callable` types (#17145)
  [red-knot] Add initial set of tests for unreachable code (#17159)
  [`airflow`] Move `AIR302` to `AIR301` and `AIR303` to `AIR302` (#17151)
  ruff_db: simplify lifetimes on `DiagnosticDisplay`
  [red-knot] Detect division-by-zero in unions and intersections (#17157)
  [`airflow`] Add autofix infrastructure to `AIR302` name checks (#16965)
  [`flake8-bandit`] Mark `str` and `list[str]` literals as trusted input (`S603`) (#17136)
  [`airflow`] Add autofix for `AIR302` attribute checks (#16977)
  [`airflow`] Extend `AIR302` with additional symbols (#17085)
  [`airflow`] Move `AIR301` to `AIR002` (#16978)
  [`airflow`] Add autofix for `AIR302` method checks (#16976)
  ruff_db: switch diagnostic rendering over to `std::fmt::Display`
  [red-knot] Add 'Goto type definition' to the playground (#17055)
  red_knot_ide: update snapshots
  red_knot_python_semantic: remove comment about `TypeCheckDiagnostic`
  ruff_db: delete most of the old diagnostic code
  red_knot: use `Diagnostic` inside of red knot
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MichaReiser MichaReiser MichaReiser left review comments

@ntBre ntBre ntBre approved these changes

Assignees
No one assigned
Labels
preview Related to preview mode features rule Implementing or modifying a lint rule
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

S603 false positive on safe cmd
3 participants
@trag1c @MichaReiser @ntBre