From 49d596c29d6e6bb4e7fb438080133bf08bb67028 Mon Sep 17 00:00:00 2001 From: Charlie Marsh Date: Mon, 18 Sep 2023 23:31:55 -0400 Subject: [PATCH] Deprecate PGH001 in favor of S307 --- .../test/fixtures/pygrep_hooks/PGH001_0.py | 9 --- .../test/fixtures/pygrep_hooks/PGH001_1.py | 11 ---- .../src/checkers/ast/analyze/expression.rs | 3 - crates/ruff/src/codes.rs | 1 - crates/ruff/src/rule_redirects.rs | 1 + crates/ruff/src/rules/pygrep_hooks/mod.rs | 2 - .../ruff/src/rules/pygrep_hooks/rules/mod.rs | 2 - .../src/rules/pygrep_hooks/rules/no_eval.rs | 56 ------------------- ...grep_hooks__tests__PGH001_PGH001_0.py.snap | 21 ------- ...grep_hooks__tests__PGH001_PGH001_1.py.snap | 4 -- ruff.schema.json | 1 - 11 files changed, 1 insertion(+), 110 deletions(-) delete mode 100644 crates/ruff/resources/test/fixtures/pygrep_hooks/PGH001_0.py delete mode 100644 crates/ruff/resources/test/fixtures/pygrep_hooks/PGH001_1.py delete mode 100644 crates/ruff/src/rules/pygrep_hooks/rules/no_eval.rs delete mode 100644 crates/ruff/src/rules/pygrep_hooks/snapshots/ruff__rules__pygrep_hooks__tests__PGH001_PGH001_0.py.snap delete mode 100644 crates/ruff/src/rules/pygrep_hooks/snapshots/ruff__rules__pygrep_hooks__tests__PGH001_PGH001_1.py.snap diff --git a/crates/ruff/resources/test/fixtures/pygrep_hooks/PGH001_0.py b/crates/ruff/resources/test/fixtures/pygrep_hooks/PGH001_0.py deleted file mode 100644 index eed83b81f987c..0000000000000 --- a/crates/ruff/resources/test/fixtures/pygrep_hooks/PGH001_0.py +++ /dev/null @@ -1,9 +0,0 @@ -from ast import literal_eval - -eval("3 + 4") - -literal_eval({1: 2}) - - -def fn() -> None: - eval("3 + 4") diff --git a/crates/ruff/resources/test/fixtures/pygrep_hooks/PGH001_1.py b/crates/ruff/resources/test/fixtures/pygrep_hooks/PGH001_1.py deleted file mode 100644 index ecb3e91a3a5d5..0000000000000 --- a/crates/ruff/resources/test/fixtures/pygrep_hooks/PGH001_1.py +++ /dev/null @@ -1,11 +0,0 @@ -def eval(content: str) -> None: - pass - - -eval("3 + 4") - -literal_eval({1: 2}) - - -def fn() -> None: - eval("3 + 4") diff --git a/crates/ruff/src/checkers/ast/analyze/expression.rs b/crates/ruff/src/checkers/ast/analyze/expression.rs index b28170a35039c..406361eaba0cd 100644 --- a/crates/ruff/src/checkers/ast/analyze/expression.rs +++ b/crates/ruff/src/checkers/ast/analyze/expression.rs @@ -736,9 +736,6 @@ pub(crate) fn expression(expr: &Expr, checker: &mut Checker) { if checker.enabled(Rule::CallDateFromtimestamp) { flake8_datetimez::rules::call_date_fromtimestamp(checker, func, expr.range()); } - if checker.enabled(Rule::Eval) { - pygrep_hooks::rules::no_eval(checker, func); - } if checker.enabled(Rule::DeprecatedLogWarn) { pygrep_hooks::rules::deprecated_log_warn(checker, func); } diff --git a/crates/ruff/src/codes.rs b/crates/ruff/src/codes.rs index d9d8b7b1b5db5..2fafe5179ed58 100644 --- a/crates/ruff/src/codes.rs +++ b/crates/ruff/src/codes.rs @@ -640,7 +640,6 @@ pub fn code_to_rule(linter: Linter, code: &str) -> Option<(RuleGroup, Rule)> { (Flake8Datetimez, "012") => (RuleGroup::Unspecified, rules::flake8_datetimez::rules::CallDateFromtimestamp), // pygrep-hooks - (PygrepHooks, "001") => (RuleGroup::Unspecified, rules::pygrep_hooks::rules::Eval), (PygrepHooks, "002") => (RuleGroup::Unspecified, rules::pygrep_hooks::rules::DeprecatedLogWarn), (PygrepHooks, "003") => (RuleGroup::Unspecified, rules::pygrep_hooks::rules::BlanketTypeIgnore), (PygrepHooks, "004") => (RuleGroup::Unspecified, rules::pygrep_hooks::rules::BlanketNOQA), diff --git a/crates/ruff/src/rule_redirects.rs b/crates/ruff/src/rule_redirects.rs index a9fd305027db2..82fb730ca99c0 100644 --- a/crates/ruff/src/rule_redirects.rs +++ b/crates/ruff/src/rule_redirects.rs @@ -98,5 +98,6 @@ static REDIRECTS: Lazy> = Lazy::new(|| { ("T002", "FIX002"), ("T003", "FIX003"), ("T004", "FIX004"), + ("PGH001", "S307"), ]) }); diff --git a/crates/ruff/src/rules/pygrep_hooks/mod.rs b/crates/ruff/src/rules/pygrep_hooks/mod.rs index c128517518da0..959e234c99c7d 100644 --- a/crates/ruff/src/rules/pygrep_hooks/mod.rs +++ b/crates/ruff/src/rules/pygrep_hooks/mod.rs @@ -12,8 +12,6 @@ mod tests { use crate::test::test_path; use crate::{assert_messages, settings}; - #[test_case(Rule::Eval, Path::new("PGH001_0.py"))] - #[test_case(Rule::Eval, Path::new("PGH001_1.py"))] #[test_case(Rule::DeprecatedLogWarn, Path::new("PGH002_0.py"))] #[test_case(Rule::DeprecatedLogWarn, Path::new("PGH002_1.py"))] #[test_case(Rule::BlanketTypeIgnore, Path::new("PGH003_0.py"))] diff --git a/crates/ruff/src/rules/pygrep_hooks/rules/mod.rs b/crates/ruff/src/rules/pygrep_hooks/rules/mod.rs index 1126d348dec43..32e82b15aada9 100644 --- a/crates/ruff/src/rules/pygrep_hooks/rules/mod.rs +++ b/crates/ruff/src/rules/pygrep_hooks/rules/mod.rs @@ -2,10 +2,8 @@ pub(crate) use blanket_noqa::*; pub(crate) use blanket_type_ignore::*; pub(crate) use deprecated_log_warn::*; pub(crate) use invalid_mock_access::*; -pub(crate) use no_eval::*; mod blanket_noqa; mod blanket_type_ignore; mod deprecated_log_warn; mod invalid_mock_access; -mod no_eval; diff --git a/crates/ruff/src/rules/pygrep_hooks/rules/no_eval.rs b/crates/ruff/src/rules/pygrep_hooks/rules/no_eval.rs deleted file mode 100644 index a9d49f7689fcc..0000000000000 --- a/crates/ruff/src/rules/pygrep_hooks/rules/no_eval.rs +++ /dev/null @@ -1,56 +0,0 @@ -use ruff_python_ast::{self as ast, Expr}; - -use ruff_diagnostics::{Diagnostic, Violation}; -use ruff_macros::{derive_message_formats, violation}; -use ruff_text_size::Ranged; - -use crate::checkers::ast::Checker; - -/// ## What it does -/// Checks for uses of the builtin `eval()` function. -/// -/// ## Why is this bad? -/// The `eval()` function is insecure as it enables arbitrary code execution. -/// -/// ## Example -/// ```python -/// def foo(): -/// x = eval(input("Enter a number: ")) -/// ... -/// ``` -/// -/// Use instead: -/// ```python -/// def foo(): -/// x = input("Enter a number: ") -/// ... -/// ``` -/// -/// ## References -/// - [Python documentation: `eval`](https://docs.python.org/3/library/functions.html#eval) -/// - [_Eval really is dangerous_ by Ned Batchelder](https://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html) -#[violation] -pub struct Eval; - -impl Violation for Eval { - #[derive_message_formats] - fn message(&self) -> String { - format!("No builtin `eval()` allowed") - } -} - -/// PGH001 -pub(crate) fn no_eval(checker: &mut Checker, func: &Expr) { - let Expr::Name(ast::ExprName { id, .. }) = func else { - return; - }; - if id != "eval" { - return; - } - if !checker.semantic().is_builtin("eval") { - return; - } - checker - .diagnostics - .push(Diagnostic::new(Eval, func.range())); -} diff --git a/crates/ruff/src/rules/pygrep_hooks/snapshots/ruff__rules__pygrep_hooks__tests__PGH001_PGH001_0.py.snap b/crates/ruff/src/rules/pygrep_hooks/snapshots/ruff__rules__pygrep_hooks__tests__PGH001_PGH001_0.py.snap deleted file mode 100644 index 61d1024fec5e3..0000000000000 --- a/crates/ruff/src/rules/pygrep_hooks/snapshots/ruff__rules__pygrep_hooks__tests__PGH001_PGH001_0.py.snap +++ /dev/null @@ -1,21 +0,0 @@ ---- -source: crates/ruff/src/rules/pygrep_hooks/mod.rs ---- -PGH001_0.py:3:1: PGH001 No builtin `eval()` allowed - | -1 | from ast import literal_eval -2 | -3 | eval("3 + 4") - | ^^^^ PGH001 -4 | -5 | literal_eval({1: 2}) - | - -PGH001_0.py:9:5: PGH001 No builtin `eval()` allowed - | -8 | def fn() -> None: -9 | eval("3 + 4") - | ^^^^ PGH001 - | - - diff --git a/crates/ruff/src/rules/pygrep_hooks/snapshots/ruff__rules__pygrep_hooks__tests__PGH001_PGH001_1.py.snap b/crates/ruff/src/rules/pygrep_hooks/snapshots/ruff__rules__pygrep_hooks__tests__PGH001_PGH001_1.py.snap deleted file mode 100644 index 73d713dc73482..0000000000000 --- a/crates/ruff/src/rules/pygrep_hooks/snapshots/ruff__rules__pygrep_hooks__tests__PGH001_PGH001_1.py.snap +++ /dev/null @@ -1,4 +0,0 @@ ---- -source: crates/ruff/src/rules/pygrep_hooks/mod.rs ---- - diff --git a/ruff.schema.json b/ruff.schema.json index 74f7245fcbbc7..ff083388e53ab 100644 --- a/ruff.schema.json +++ b/ruff.schema.json @@ -2208,7 +2208,6 @@ "PGH", "PGH0", "PGH00", - "PGH001", "PGH002", "PGH003", "PGH004",