- Notifications
You must be signed in to change notification settings - Fork15
Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.
License
dlint-py/dlint
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.
The most important thing I have done as a programmer in recent years is toaggressively pursue static code analysis. Even more valuable than thehundreds of serious bugs I have prevented with it is the change in mindsetabout the way I view software reliability and code quality.
For a static analysis project to succeed, developers must feel they benefitfrom and enjoy using it.
For documentation and a list of rules seedocs.
$ python -m pip install dlint
And double check that it was installed correctly:
$ python -m flake8 -hUsage: flake8 [options] file file ......Installed plugins: dlint: 0.16.0, mccabe: 0.5.3, pycodestyle: 2.2.0, pyflakes: 1.3.0
Note thedlint: 0.16.0.
Dlint builds onflake8 to perform its linting. This provides manyuseful features without re-inventing the wheel.
Let's run a simple check:
$ cat<<EOF > test.pyprint("TEST1")exec('print("TEST2")')EOF
$ python test.pyTEST1TEST2
$ python -m flake8 --select=DUO test.pytest.py:2:1: DUO105 use of"exec" is insecure- Why is this insecure? To learn more visit
/docs/linters/DUO105.md. - Why
DUO? Dlint was originally developed by theDuo Labs team.
The--select=DUO flag tellsflake8 to only run Dlint lint rules.
From here, we can easily run Dlint against a directory of Python code:
$ python -m flake8 --select=DUO /path/to/code
To fine-tune your linting, check out theflake8 help:
$ python -m flake8 --help
Dlint results can also be included inline in your editor for fast feedback.This typically requires an editor plugin or extension. Here are some startingpoints for common editors:
- Vim:https://github.com/vim-syntastic/syntastic
- Emacs:https://github.com/flycheck/flycheck
- Sublime:https://github.com/SublimeLinter/SublimeLinter-flake8
- PyCharm:https://foxmask.net/post/2016/02/17/pycharm-running-flake8/
- Atom:https://atom.io/packages/linter-flake8
- Visual Studio Code:https://code.visualstudio.com/docs/python/linting#_flake8
Dlint can easily be integrated into CI pipelines, or anything really.
For more information and examples see'How can I integrate Dlint into XYZ?'.
Dlint's custom plugins are built on asimple naming convention,and rely onPython modules.To make a Dlint custom plugin use the following conventions:
- The Python module namemust start with
dlint_plugin_. - The linter class namemust start with
Dlint. - The linter classshould inherit from
dlint.linters.base.BaseLinter.- If for some reason you'd like to avoid this, then youmust implementthe
get_resultsfunction appropriately and inherit fromast.NodeVisitor.
- If for some reason you'd like to avoid this, then youmust implementthe
See anexample plugin for further details.
First, install development packages:
$ python -m pip install -r requirements.txt$ python -m pip install -r requirements-dev.txt$ python -m pip install -e.$ pytest
$ flake8
$ pytest --cov
$ pytest -k test_benchmark_run --benchmark-py-file /path/to/file.py tests/test_benchmark/
Or get benchmark results for linters individually:
$ pytest -k test_benchmark_individual --benchmark-py-file /path/to/file.py tests/test_benchmark/
Or run against a single linter:
$ pytest -k test_benchmark_individual[DUO138-BadReCatastrophicUseLinter] --benchmark-py-file /path/to/file.py tests/test_benchmark/
About
Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.