Deprecate PGH001 in favor of S307

2023-09-18 23:31:55 -04:00 · 2023-09-18 23:31:55 -04:00 · 49d596c29d
parent 40f6456add
commit 49d596c29d
11 changed files with 1 additions and 110 deletions
--- a/crates/ruff/resources/test/fixtures/pygrep_hooks/PGH001_0.py
+++ b/crates/ruff/resources/test/fixtures/pygrep_hooks/PGH001_0.py
@ -1,9 +0,0 @@
 from ast import literal_eval
 eval("3 + 4")
 literal_eval({1: 2})
 def fn() -> None:
    eval("3 + 4")
--- a/crates/ruff/resources/test/fixtures/pygrep_hooks/PGH001_1.py
+++ b/crates/ruff/resources/test/fixtures/pygrep_hooks/PGH001_1.py
@ -1,11 +0,0 @@
 def eval(content: str) -> None:
    pass
 eval("3 + 4")
 literal_eval({1: 2})
 def fn() -> None:
    eval("3 + 4")
--- a/crates/ruff/src/checkers/ast/analyze/expression.rs
+++ b/crates/ruff/src/checkers/ast/analyze/expression.rs
@ -736,9 +736,6 @@ pub(crate) fn expression(expr: &Expr, checker: &mut Checker) {
            if checker.enabled(Rule::CallDateFromtimestamp) {
                flake8_datetimez::rules::call_date_fromtimestamp(checker, func, expr.range());
            }
            if checker.enabled(Rule::Eval) {
                pygrep_hooks::rules::no_eval(checker, func);
            }
            if checker.enabled(Rule::DeprecatedLogWarn) {
                pygrep_hooks::rules::deprecated_log_warn(checker, func);
            }
--- a/crates/ruff/src/codes.rs
+++ b/crates/ruff/src/codes.rs
@ -640,7 +640,6 @@ pub fn code_to_rule(linter: Linter, code: &str) -> Option<(RuleGroup, Rule)> {
        (Flake8Datetimez, "012") => (RuleGroup::Unspecified, rules::flake8_datetimez::rules::CallDateFromtimestamp),
        // pygrep-hooks
        (PygrepHooks, "001") => (RuleGroup::Unspecified, rules::pygrep_hooks::rules::Eval),
        (PygrepHooks, "002") => (RuleGroup::Unspecified, rules::pygrep_hooks::rules::DeprecatedLogWarn),
        (PygrepHooks, "003") => (RuleGroup::Unspecified, rules::pygrep_hooks::rules::BlanketTypeIgnore),
        (PygrepHooks, "004") => (RuleGroup::Unspecified, rules::pygrep_hooks::rules::BlanketNOQA),
--- a/crates/ruff/src/rule_redirects.rs
+++ b/crates/ruff/src/rule_redirects.rs
@ -98,5 +98,6 @@ static REDIRECTS: Lazy<HashMap<&'static str, &'static str>> = Lazy::new(|| {
        ("T002", "FIX002"),
        ("T003", "FIX003"),
        ("T004", "FIX004"),
        ("PGH001", "S307"),
    ])
 });
--- a/crates/ruff/src/rules/pygrep_hooks/mod.rs
+++ b/crates/ruff/src/rules/pygrep_hooks/mod.rs
@ -12,8 +12,6 @@ mod tests {
    use crate::test::test_path;
    use crate::{assert_messages, settings};
    #[test_case(Rule::Eval, Path::new("PGH001_0.py"))]
    #[test_case(Rule::Eval, Path::new("PGH001_1.py"))]
    #[test_case(Rule::DeprecatedLogWarn, Path::new("PGH002_0.py"))]
    #[test_case(Rule::DeprecatedLogWarn, Path::new("PGH002_1.py"))]
    #[test_case(Rule::BlanketTypeIgnore, Path::new("PGH003_0.py"))]
--- a/crates/ruff/src/rules/pygrep_hooks/rules/mod.rs
+++ b/crates/ruff/src/rules/pygrep_hooks/rules/mod.rs
@ -2,10 +2,8 @@ pub(crate) use blanket_noqa::*;
 pub(crate) use blanket_type_ignore::*;
 pub(crate) use deprecated_log_warn::*;
 pub(crate) use invalid_mock_access::*;
 pub(crate) use no_eval::*;
 mod blanket_noqa;
 mod blanket_type_ignore;
 mod deprecated_log_warn;
 mod invalid_mock_access;
 mod no_eval;
--- a/crates/ruff/src/rules/pygrep_hooks/rules/no_eval.rs
+++ b/crates/ruff/src/rules/pygrep_hooks/rules/no_eval.rs
@ -1,56 +0,0 @@
 use ruff_python_ast::{self as ast, Expr};
 use ruff_diagnostics::{Diagnostic, Violation};
 use ruff_macros::{derive_message_formats, violation};
 use ruff_text_size::Ranged;
 use crate::checkers::ast::Checker;
 /// ## What it does
 /// Checks for uses of the builtin `eval()` function.
 ///
 /// ## Why is this bad?
 /// The `eval()` function is insecure as it enables arbitrary code execution.
 ///
 /// ## Example
 /// ```python
 /// def foo():
 ///     x = eval(input("Enter a number: "))
 ///     ...
 /// ```
 ///
 /// Use instead:
 /// ```python
 /// def foo():
 ///     x = input("Enter a number: ")
 ///     ...
 /// ```
 ///
 /// ## References
 /// - [Python documentation: `eval`](https://docs.python.org/3/library/functions.html#eval)
 /// - [_Eval really is dangerous_ by Ned Batchelder](https://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html)
 #[violation]
 pub struct Eval;
 impl Violation for Eval {
    #[derive_message_formats]
    fn message(&self) -> String {
        format!("No builtin `eval()` allowed")
    }
 }
 /// PGH001
 pub(crate) fn no_eval(checker: &mut Checker, func: &Expr) {
    let Expr::Name(ast::ExprName { id, .. }) = func else {
        return;
    };
    if id != "eval" {
        return;
    }
    if !checker.semantic().is_builtin("eval") {
        return;
    }
    checker
        .diagnostics
        .push(Diagnostic::new(Eval, func.range()));
 }
--- a/crates/ruff/src/rules/pygrep_hooks/snapshots/ruffrulespygrep_hookstestsPGH001_PGH001_0.py.snap
+++ b/crates/ruff/src/rules/pygrep_hooks/snapshots/ruffrulespygrep_hookstestsPGH001_PGH001_0.py.snap
@ -1,21 +0,0 @@
 ---
 source: crates/ruff/src/rules/pygrep_hooks/mod.rs
 ---
 PGH001_0.py:3:1: PGH001 No builtin `eval()` allowed
  |
 1 | from ast import literal_eval
 2 | 
 3 | eval("3 + 4")
  | ^^^^ PGH001
 4 | 
 5 | literal_eval({1: 2})
  |
 PGH001_0.py:9:5: PGH001 No builtin `eval()` allowed
  |
 8 | def fn() -> None:
 9 |     eval("3 + 4")
  |     ^^^^ PGH001
  |
--- a/crates/ruff/src/rules/pygrep_hooks/snapshots/ruffrulespygrep_hookstestsPGH001_PGH001_1.py.snap
+++ b/crates/ruff/src/rules/pygrep_hooks/snapshots/ruffrulespygrep_hookstestsPGH001_PGH001_1.py.snap
@ -1,4 +0,0 @@
 ---
 source: crates/ruff/src/rules/pygrep_hooks/mod.rs
 ---
--- a/ruff.schema.json
+++ b/ruff.schema.json
@ -2208,7 +2208,6 @@
        "PGH",
        "PGH0",
        "PGH00",
        "PGH001",
        "PGH002",
        "PGH003",
        "PGH004",