1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
[pyflakes]
apt = pyflakes
files = *.py
types = text/x-python
command = pyflakes {files}
[pyflakes3]
apt = pyflakes3 | pyflakes (<< 1.1.0-1)
files = *.py
types = text/x-python
command = pyflakes3 {files}
[pycodestyle]
flags = style
apt = pycodestyle
files = *.py
types = text/x-python
command = pycodestyle --ignore W191 {files}
[pydocstyle]
flags = style
apt = pydocstyle
files = *.py
types = text/x-python
command = pydocstyle .
[site-packages]
command = grep -nHrw site-packages .
[pythonpath]
command = grep -nHrw PYTHONPATH .
[environ-home]
files = *.py
types = text/x-python
command = grep -nH 'environ *\[.HOME.\]' {files}
[yaml-load]
files = *.py
types = text/x-python
comment = These calls are potentially vulnerable to Python code injection
command = grep -nHF 'yaml.load' {files}
[pylint]
apt = pylint
files = *.py
types = text/x-python
command = pylint --rcfile=/dev/null --msg-template='{{path}}:{{line}}:{{column}}: [{{category}}:{{symbol}}] {{obj}}: {{msg}}' --reports=n {files}
[pylint3]
apt = pylint3
files = *.py
types = text/x-python
command = pylint3 --rcfile=/dev/null --msg-template='{{path}}:{{line}}:{{column}}: [{{category}}:{{symbol}}] {{obj}}: {{msg}}' --reports=n {files}
[mypy]
apt = mypy
files = *.py
types = text/x-python
command = mypy --fast-parser {files}
[pyroma]
flags = dangerous fixme fixme-silent
apt = python3-pyroma
files = ./setup.py
command = pyroma -d .
[pyroma3]
flags = dangerous fixme fixme-silent
apt = python3-pyroma
files = ./setup.py
command = pyroma3 -d .
[python2-bandit]
flags = fixme fixme-silent
apt = python3-bandit
files = *.py
types = text/x-python
command = python2-bandit -r .
[python3-bandit]
flags = fixme fixme-silent
apt = python3-bandit
files = *.py
types = text/x-python
command = python3-bandit -r .
[dodgy]
flags = fixme fixme-silent
apt = dodgy
types = text/*
command = dodgy
[vulture]
apt = vulture
files = *.py
command = vulture .
# TODO: hacking
# TODO: flake8
# TDOO: https://github.com/PyCQA/flake8-import-order
# TODO: https://github.com/PyCQA/flake8-bugbear
# TODO: https://github.com/stephenfin/flake8-asserts
# TODO: pylint-celery
# TODO: pylint-django
# TODO: pylint-flask
# TODO: frosted
# TODO: pychecker (dangerous)
# TODO: twistedchecker
# TODO: pymetrics
# TODO: prospector
# TODO: pylama #779449
# TODO: python-debtcollector
# TODO: python-afl
# TODO: python3-requirements-detector
# TODO: https://github.com/jlachowski/clonedigger
# TODO: https://github.com/rubik/xenon
# TODO: https://gcc-python-plugin.readthedocs.io/en/latest/cpychecker.html
# TODO: http://jwilk.net/software/pydiatra
# TODO: shell metacharacter injection: subprocess shell=True os.system os.popen popen2 commands
# TODO: https://github.com/google/pytype
# TODO: pep8-naming
# TODO: https://github.com/mgedmin/check-manifest (dangerous)
# TODO: https://github.com/python-security/pyt
# vim:ft=dosini
|
