Deprecate PGH001 in favor of S307

2023-09-18 23:31:55 -04:00 · 2023-09-18 23:31:55 -04:00 · 49d596c29d
parent 40f6456add
commit 49d596c29d
11 changed files with 1 additions and 110 deletions
--- a/crates/ruff/resources/test/fixtures/pygrep_hooks/PGH001_0.py
+++ b/crates/ruff/resources/test/fixtures/pygrep_hooks/PGH001_0.py
@ -1,9 +0,0 @@
-from ast import literal_eval
-
-eval("3 + 4")
-
-literal_eval({1: 2})
-
-
-def fn() -> None:
-    eval("3 + 4")
--- a/crates/ruff/resources/test/fixtures/pygrep_hooks/PGH001_1.py
+++ b/crates/ruff/resources/test/fixtures/pygrep_hooks/PGH001_1.py
@ -1,11 +0,0 @@
-def eval(content: str) -> None:
-    pass
-
-
-eval("3 + 4")
-
-literal_eval({1: 2})
-
-
-def fn() -> None:
-    eval("3 + 4")
--- a/crates/ruff/src/checkers/ast/analyze/expression.rs
+++ b/crates/ruff/src/checkers/ast/analyze/expression.rs
@ -736,9 +736,6 @@ pub(crate) fn expression(expr: &Expr, checker: &mut Checker) {
            if checker.enabled(Rule::CallDateFromtimestamp) {
                flake8_datetimez::rules::call_date_fromtimestamp(checker, func, expr.range());
            }
-            if checker.enabled(Rule::Eval) {
-                pygrep_hooks::rules::no_eval(checker, func);
-            }
            if checker.enabled(Rule::DeprecatedLogWarn) {
                pygrep_hooks::rules::deprecated_log_warn(checker, func);
            }
--- a/crates/ruff/src/codes.rs
+++ b/crates/ruff/src/codes.rs
@ -640,7 +640,6 @@ pub fn code_to_rule(linter: Linter, code: &str) -> Option<(RuleGroup, Rule)> {
        (Flake8Datetimez, "012") => (RuleGroup::Unspecified, rules::flake8_datetimez::rules::CallDateFromtimestamp),

        // pygrep-hooks
-        (PygrepHooks, "001") => (RuleGroup::Unspecified, rules::pygrep_hooks::rules::Eval),
        (PygrepHooks, "002") => (RuleGroup::Unspecified, rules::pygrep_hooks::rules::DeprecatedLogWarn),
        (PygrepHooks, "003") => (RuleGroup::Unspecified, rules::pygrep_hooks::rules::BlanketTypeIgnore),
        (PygrepHooks, "004") => (RuleGroup::Unspecified, rules::pygrep_hooks::rules::BlanketNOQA),
--- a/crates/ruff/src/rule_redirects.rs
+++ b/crates/ruff/src/rule_redirects.rs
@ -98,5 +98,6 @@ static REDIRECTS: Lazy<HashMap<&'static str, &'static str>> = Lazy::new(|| {
        ("T002", "FIX002"),
        ("T003", "FIX003"),
        ("T004", "FIX004"),
+        ("PGH001", "S307"),
    ])
 });
--- a/crates/ruff/src/rules/pygrep_hooks/mod.rs
+++ b/crates/ruff/src/rules/pygrep_hooks/mod.rs
@ -12,8 +12,6 @@ mod tests {
    use crate::test::test_path;
    use crate::{assert_messages, settings};

-    #[test_case(Rule::Eval, Path::new("PGH001_0.py"))]
-    #[test_case(Rule::Eval, Path::new("PGH001_1.py"))]
    #[test_case(Rule::DeprecatedLogWarn, Path::new("PGH002_0.py"))]
    #[test_case(Rule::DeprecatedLogWarn, Path::new("PGH002_1.py"))]
    #[test_case(Rule::BlanketTypeIgnore, Path::new("PGH003_0.py"))]
--- a/crates/ruff/src/rules/pygrep_hooks/rules/mod.rs
+++ b/crates/ruff/src/rules/pygrep_hooks/rules/mod.rs
@ -2,10 +2,8 @@ pub(crate) use blanket_noqa::*;
 pub(crate) use blanket_type_ignore::*;
 pub(crate) use deprecated_log_warn::*;
 pub(crate) use invalid_mock_access::*;
-pub(crate) use no_eval::*;

 mod blanket_noqa;
 mod blanket_type_ignore;
 mod deprecated_log_warn;
 mod invalid_mock_access;
-mod no_eval;
--- a/crates/ruff/src/rules/pygrep_hooks/rules/no_eval.rs
+++ b/crates/ruff/src/rules/pygrep_hooks/rules/no_eval.rs
@ -1,56 +0,0 @@
-use ruff_python_ast::{self as ast, Expr};
-
-use ruff_diagnostics::{Diagnostic, Violation};
-use ruff_macros::{derive_message_formats, violation};
-use ruff_text_size::Ranged;
-
-use crate::checkers::ast::Checker;
-
-/// ## What it does
-/// Checks for uses of the builtin `eval()` function.
-///
-/// ## Why is this bad?
-/// The `eval()` function is insecure as it enables arbitrary code execution.
-///
-/// ## Example
-/// ```python
-/// def foo():
-///     x = eval(input("Enter a number: "))
-///     ...
-/// ```
-///
-/// Use instead:
-/// ```python
-/// def foo():
-///     x = input("Enter a number: ")
-///     ...
-/// ```
-///
-/// ## References
-/// - [Python documentation: `eval`](https://docs.python.org/3/library/functions.html#eval)
-/// - [_Eval really is dangerous_ by Ned Batchelder](https://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html)
-#[violation]
-pub struct Eval;
-
-impl Violation for Eval {
-    #[derive_message_formats]
-    fn message(&self) -> String {
-        format!("No builtin `eval()` allowed")
-    }
-}
-
-/// PGH001
-pub(crate) fn no_eval(checker: &mut Checker, func: &Expr) {
-    let Expr::Name(ast::ExprName { id, .. }) = func else {
-        return;
-    };
-    if id != "eval" {
-        return;
-    }
-    if !checker.semantic().is_builtin("eval") {
-        return;
-    }
-    checker
-        .diagnostics
-        .push(Diagnostic::new(Eval, func.range()));
-}
--- a/crates/ruff/src/rules/pygrep_hooks/snapshots/ruffrulespygrep_hookstestsPGH001_PGH001_0.py.snap
+++ b/crates/ruff/src/rules/pygrep_hooks/snapshots/ruffrulespygrep_hookstestsPGH001_PGH001_0.py.snap
@ -1,21 +0,0 @@
---
-source: crates/ruff/src/rules/pygrep_hooks/mod.rs
---
-PGH001_0.py:3:1: PGH001 No builtin `eval()` allowed
-  |
-1 | from ast import literal_eval
-2 | 
-3 | eval("3 + 4")
-  | ^^^^ PGH001
-4 | 
-5 | literal_eval({1: 2})
-  |
-
-PGH001_0.py:9:5: PGH001 No builtin `eval()` allowed
-  |
-8 | def fn() -> None:
-9 |     eval("3 + 4")
-  |     ^^^^ PGH001
-  |
-
-
--- a/crates/ruff/src/rules/pygrep_hooks/snapshots/ruffrulespygrep_hookstestsPGH001_PGH001_1.py.snap
+++ b/crates/ruff/src/rules/pygrep_hooks/snapshots/ruffrulespygrep_hookstestsPGH001_PGH001_1.py.snap
@ -1,4 +0,0 @@
---
-source: crates/ruff/src/rules/pygrep_hooks/mod.rs
---
-
--- a/ruff.schema.json
+++ b/ruff.schema.json
@ -2208,7 +2208,6 @@
        "PGH",
        "PGH0",
        "PGH00",
-        "PGH001",
        "PGH002",
        "PGH003",
        "PGH004",