From cortex at worlddomination.be Fri Feb 1 11:07:08 2019 From: cortex at worlddomination.be (Laurent Peuch) Date: Fri, 1 Feb 2019 17:07:08 +0100 Subject: [code-quality] Baron/RedBaron release 0.9, full python 3 support Message-ID: <20190201160708.GA2591@rosenstein> Hello everyone, It's better late than never (and also things were not funny in my life the previous years), I've juste made a release for both Baron and RedBaron to fully support up to python 3 grammar up to python 3.7. This release might not be fully dry yet but it's there. Baron and RedBaron are 2 projects that works together to allow you to write code that both query and modify python /source/ code programmatically, they can be used to build custom refactoring script, tooling, analysing etc... Baron being the parser and RedBaron the API for humans on top of that. A huge focus has been put on creating a high level intuitive and powerful API to make those kind of complicated jobs as intuitive and as easy as possible but working on source code is still pretty hard. You can get an good idea in RedBaron's documentation https://redbaron.readthedocs.io (it's full of examples everywhere) Next steps in the roadmap are as boring as needed: * maybe python 3.8 support in advance * bug fixes, bugs fixes, bug fixes, bug fixes... * some needed features like the visitor/walker pattern And that's already a huge amount of work ^^' I also have R&D plans for exploring if it's possible to create a new generic refactoring syntax tree that could be plug into RedBaron while having no knowledge at all of the input language but that's long term. Up until recently (for several years) my work on RedBaron was fully volunteer based, if you wish to support it I've opened an OpenCollective for that https://opencollective.com/redbaron/ (and seeing who reports bugs and where they work I know this work is useful). I would also be very interested in doing this kind of research and work professionally for a structure but I'm not really sure where to look. I'll also be at FOSDEM if you want to say hi :) -- Laurent Peuch -- Bram From afin at itu.dk Tue Feb 5 03:54:25 2019 From: afin at itu.dk (Anders Fischer-Nielsen) Date: Tue, 5 Feb 2019 08:54:25 +0000 Subject: [code-quality] Possible to whitelist non-installed modules? Message-ID: Hi, I hope this is the right place to ask this question. I have also submitted an issue at https://github.com/PyCQA/pylint/issues/2726. I'm currently researching how to build static bug checkers of python packages in the Robot Operating System (http://www.ros.org) at the IT University of Copenhagen. I have a few questions related to the possibility of using pylint in order to build some of these checkers. It is possible to create so-called packages in ROS using Python (among other languages). I'm trying to see if it is possible to verify that the imported modules in these packages exist with pylint, but I'm having a hard time getting the expected behaviour (I have too many false positives). I'd like to verify whether these declared modules exist based on the requirement specification (a list of modules) of the ROS package - without installing all the required modules using e.g. pip. I have tried using the parameter `--extension-pkg-whitelist=packagename` but I am still getting false positives. What I'm wondering is: * Do I have to install all the declared modules using e.g. pip in order for pylint to detect them correctly? That would pretty much defeat the purpose of the checker I?m developing. * Is it possible to feed pylint a requirements.txt (or a similar format) that will then allow pylint to detect these imports as non-errors (again without installing)? Thanks for any answers in advance, Anders Fischer -------------- next part -------------- An HTML attachment was scrubbed... URL: From Trevor.Bidhadar at securedecisions.com Wed Feb 6 15:03:42 2019 From: Trevor.Bidhadar at securedecisions.com (Trevor Bidhadar) Date: Wed, 6 Feb 2019 20:03:42 +0000 Subject: [code-quality] Bandit: Severity and Confidence Definitions Message-ID: Hello, I am using Bandit and was wondering how do you define your severity and confidence levels? In other words, what makes a High severity a vulnerability High instead of Medium or Low? How do you define the confidence of the finding? Thank you in advance for the information, Trevor Bidhadar (631)-759-3960 Project Coordinator Secure Decisions div. of Applied Visions, Inc. 6 Bayview Avenue Northport, NY 11768 www.SecureDecisions.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From lhinds at redhat.com Wed Feb 6 20:51:44 2019 From: lhinds at redhat.com (Luke Hinds) Date: Thu, 7 Feb 2019 01:51:44 +0000 Subject: [code-quality] Bandit: Severity and Confidence Definitions In-Reply-To: References: Message-ID: On Wed, Feb 6, 2019 at 11:56 PM Trevor Bidhadar < Trevor.Bidhadar at securedecisions.com> wrote: > Hello, > > > > I am using Bandit and was wondering how do you define your severity and > confidence levels? In other words, what makes a High severity a > vulnerability High instead of Medium or Low? How do you define the > confidence of the finding? > > > It's based on OWASP's Risk Rating, see the following: https://www.owasp.org/index.php/OWASP_Risk_Rating#Step_4:_Determining_the_Severity_of_the_Risk > Thank you in advance for the information, > > Trevor Bidhadar > > > > (631)-759-3960 > > *Project Coordinator* > > *Secure Decisions div. of Applied Visions, Inc.* > > *6 Bayview Avenue* > > *Northport, NY 11768* > > *www.SecureDecisions.com * > > > _______________________________________________ > code-quality mailing list > code-quality at python.org > https://mail.python.org/mailman/listinfo/code-quality > -- Luke Hinds | CTO Office | Red Hat e: lhinds at redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483 -------------- next part -------------- An HTML attachment was scrubbed... URL: From graffatcolmingov at gmail.com Wed Feb 6 21:11:22 2019 From: graffatcolmingov at gmail.com (Ian Stapleton Cordasco) Date: Wed, 6 Feb 2019 20:11:22 -0600 Subject: [code-quality] Bandit: Severity and Confidence Definitions In-Reply-To: References: Message-ID: We might want to explain this in the documentation Sent from my phone with my typo-happy thumbs. Please excuse my brevity On Wed, Feb 6, 2019, 20:10 Luke Hinds On Wed, Feb 6, 2019 at 11:56 PM Trevor Bidhadar < > Trevor.Bidhadar at securedecisions.com> wrote: > >> Hello, >> >> >> >> I am using Bandit and was wondering how do you define your severity and >> confidence levels? In other words, what makes a High severity a >> vulnerability High instead of Medium or Low? How do you define the >> confidence of the finding? >> >> >> > > It's based on OWASP's Risk Rating, see the following: > > > https://www.owasp.org/index.php/OWASP_Risk_Rating#Step_4:_Determining_the_Severity_of_the_Risk > > > >> Thank you in advance for the information, >> >> Trevor Bidhadar >> >> >> >> (631)-759-3960 >> >> *Project Coordinator* >> >> *Secure Decisions div. of Applied Visions, Inc.* >> >> *6 Bayview Avenue* >> >> *Northport, NY 11768* >> >> *www.SecureDecisions.com * >> >> >> _______________________________________________ >> code-quality mailing list >> code-quality at python.org >> https://mail.python.org/mailman/listinfo/code-quality >> > > > -- > Luke Hinds | CTO Office | Red Hat > e: lhinds at redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483 > _______________________________________________ > code-quality mailing list > code-quality at python.org > https://mail.python.org/mailman/listinfo/code-quality > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lhinds at redhat.com Thu Feb 7 02:34:00 2019 From: lhinds at redhat.com (Luke Hinds) Date: Thu, 7 Feb 2019 07:34:00 +0000 Subject: [code-quality] Bandit: Severity and Confidence Definitions In-Reply-To: References: Message-ID: Sounds like a good idea. @Trevor would you like to create an issue and make a pull request. On Thu, 7 Feb 2019, 02:11 Ian Stapleton Cordasco We might want to explain this in the documentation > > Sent from my phone with my typo-happy thumbs. Please excuse my brevity > > On Wed, Feb 6, 2019, 20:10 Luke Hinds >> On Wed, Feb 6, 2019 at 11:56 PM Trevor Bidhadar < >> Trevor.Bidhadar at securedecisions.com> wrote: >> >>> Hello, >>> >>> >>> >>> I am using Bandit and was wondering how do you define your severity and >>> confidence levels? In other words, what makes a High severity a >>> vulnerability High instead of Medium or Low? How do you define the >>> confidence of the finding? >>> >>> >>> >> >> It's based on OWASP's Risk Rating, see the following: >> >> >> https://www.owasp.org/index.php/OWASP_Risk_Rating#Step_4:_Determining_the_Severity_of_the_Risk >> >> >> >>> Thank you in advance for the information, >>> >>> Trevor Bidhadar >>> >>> >>> >>> (631)-759-3960 >>> >>> *Project Coordinator* >>> >>> *Secure Decisions div. of Applied Visions, Inc.* >>> >>> *6 Bayview Avenue* >>> >>> *Northport, NY 11768* >>> >>> *www.SecureDecisions.com * >>> >>> >>> _______________________________________________ >>> code-quality mailing list >>> code-quality at python.org >>> https://mail.python.org/mailman/listinfo/code-quality >>> >> >> >> -- >> Luke Hinds | CTO Office | Red Hat >> e: lhinds at redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483 >> _______________________________________________ >> code-quality mailing list >> code-quality at python.org >> https://mail.python.org/mailman/listinfo/code-quality >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tartley at tartley.com Thu Feb 7 21:50:46 2019 From: tartley at tartley.com (Jonathan Hartley) Date: Thu, 07 Feb 2019 21:50:46 -0500 Subject: [code-quality] =?utf-8?q?pylint_goes_from_2_seconds_to_2_minutes?= =?utf-8?q?_when_I_add_call_to_third_party_package?= Message-ID: <6c633ab3-a27c-43f3-b93a-5029fad7821b@www.fastmail.com> Hi. On my new project, pylint takes 2 seconds. If I add a call to a class in 3rd party package 'pyglet', then pylint checking time goes up to 2 minutes. I presume it's checking pyglet. How do I tell pylint not to do that? Minimal repro: $ mkvirtualenv -p python3.7 pylinttest (pylinttest) $ pip install -U pylint pyglet (pylinttest) $ cat pylint_test.py import pyglet def create(title): win = pyglet.window.Window() (pylinttest) $ pylint pylint_test.py ************* Module pylint_test pylint_test.py:5:0: C0305: Trailing newlines (trailing-newlines) pylint_test.py:1:0: C0111: Missing module docstring (missing-docstring) pylint_test.py:3:0: C0111: Missing function docstring (missing-docstring) * 2 MINUTE PAUSE HERE* pylint_test.py:3:11: W0613: Unused argument 'title' (unused-argument) pylint_test.py:4:4: W0612: Unused variable 'win' (unused-variable) If I change the line: win = pyglet.window.Window() by removing the '( )', so that we no longer call Window: win = pyglet.window.Window then pylint checks go back down to 2 seconds. I tried many different config settings, on the command line and in my pylintrc, such as: ignored-modules=pyglet ignored-modules=pyglet.window ignored-classes=pyglet.window.Window ignore=pyglet to no avail. Forgive me, I must be missing something obvious. Any pointers what I should go read about would appreciated. Best, Jonathan -- Jonathan Hartley +1(507)513-1101 @tartley http://tartley.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From wolfgang.kde at rohdewald.de Fri Feb 8 05:27:59 2019 From: wolfgang.kde at rohdewald.de (Wolfgang Rohdewald) Date: Fri, 08 Feb 2019 11:27:59 +0100 Subject: [code-quality] jobs in pylintrc Message-ID: Hi, by trial and error I found that I can put this into pylintrc: jobs=4 But I cannot find anything in the documentation where this is mentioned. Why is that so? Should I have searched harder? pylint --version pylint 2.2.2 astroid 2.1.0 Python 3.6.7 (default, Oct 22 2018, 11:32:17) [GCC 8.2.0] -- Wolfgang From tartley at tartley.com Fri Feb 8 10:11:32 2019 From: tartley at tartley.com (Jonathan Hartley) Date: Fri, 08 Feb 2019 10:11:32 -0500 Subject: [code-quality] jobs in pylintrc In-Reply-To: References: Message-ID: I see it in the online docs here: https://pylint.readthedocs.io/en/latest/user_guide/run.html#parallel-execution and `pylint --help | less` will let you search (type '/') for '-j'. Best, Jonathan On Fri, Feb 8, 2019, at 05:54, Wolfgang Rohdewald wrote: > Hi, > > by trial and error I found that I can put this into pylintrc: > > jobs=4 > > > But I cannot find anything in the documentation where this is mentioned. > Why is that so? Should I have searched harder? > > > pylint --version > pylint 2.2.2 > astroid 2.1.0 > Python 3.6.7 (default, Oct 22 2018, 11:32:17) > [GCC 8.2.0] > > -- > Wolfgang > > > _______________________________________________ > code-quality mailing list > code-quality at python.org > https://mail.python.org/mailman/listinfo/code-quality > -- Jonathan Hartley +1(507)513-1101 @tartley http://tartley.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From mariatta.wijaya at gmail.com Fri Feb 8 09:03:55 2019 From: mariatta.wijaya at gmail.com (Mariatta Wijaya) Date: Fri, 8 Feb 2019 06:03:55 -0800 Subject: [code-quality] jobs in pylintrc In-Reply-To: References: Message-ID: It is described here: https://github.com/PyCQA/pylint/blob/51e12f81e410a3459b118e9551e77ff61470d4ef/pylintrc#L21 "Use multiple processes to speed up pylint" On Fri, Feb 8, 2019, 3:54 AM Wolfgang Rohdewald Hi, > > by trial and error I found that I can put this into pylintrc: > > jobs=4 > > > But I cannot find anything in the documentation where this is mentioned. > Why is that so? Should I have searched harder? > > > pylint --version > pylint 2.2.2 > astroid 2.1.0 > Python 3.6.7 (default, Oct 22 2018, 11:32:17) > [GCC 8.2.0] > > -- > Wolfgang > > > _______________________________________________ > code-quality mailing list > code-quality at python.org > https://mail.python.org/mailman/listinfo/code-quality > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wolfgang.kde at rohdewald.de Fri Feb 8 10:27:02 2019 From: wolfgang.kde at rohdewald.de (Wolfgang Rohdewald) Date: Fri, 08 Feb 2019 16:27:02 +0100 Subject: [code-quality] jobs in pylintrc In-Reply-To: References: Message-ID: <4bf202e4007f759d75255a43aa449a8f914b522f.camel@rohdewald.de> On Fr, 2019-02-08 at 06:03 -0800, Mariatta Wijaya wrote: > It is described here: https://github.com/PyCQA/pylint/blob/51e12f81e410a3459b118e9551e77ff61470d4ef/pylintrc#L21 > > "Use multiple processes to speed up pylint" OK, Thanks. This is good for new users but I am using pylint since quite a few years. It seems this option never made it into my personal pylintrc. But now I checked pylint -h again and I found pylint --full-documentation which actually mentions the pylintrc jobs option. Sorry for the noise -- Wolfgang From jean_christophe_morin at hotmail.com Sun Feb 24 11:33:59 2019 From: jean_christophe_morin at hotmail.com (Jean-Christophe Morin) Date: Sun, 24 Feb 2019 16:33:59 +0000 Subject: [code-quality] Pylint logo Message-ID: Hey guys, my name is Jean-Christophe Morin and I've been using Pylint for a couple of years now and I love it. I'm also a user of Jenkins, more particularly the warnings-ng plugin (https://github.com/jenkinsci/warnings-ng-plugin/blob/master/doc/Documentation.md) They have support for Pylint natively and it's now the "official" (in quotes cause it was created to avoid having one million plugin for each language) plugin to read code analysis reports for all languages in Jenkins (reference: https://jenkins.io/blog/2018/09/11/speaker-blog-warnings-plugin/). Note that I'm not the author of this plugin, so, so I am not doing any kind of publicity or any kind. They list the tools they support in https://github.com/jenkinsci/warnings-ng-plugin/blob/master/SUPPORTED-FORMATS.md, but as you will see, Pylint has no logo :( So my question is, can I use the logo from https://www.pylint.org/? If so, can I make a square icon with only the left part without text? I haven't found any information on whether or not we are authorized to use this logo or if it's an official logo, etc. Thanks a lot! Get Outlook for Android -------------- next part -------------- An HTML attachment was scrubbed... URL: