MPP-79: Add Python code linter

[pdehaan]

Ref: #160

OK, I had a bit more time last night to randomly look at Python libraries, and maybe we want some combination of Black (#160) and Pylint (which I'm assuming is roughly similar to Prettier+ESLint respectively).

I managed to pip install pylint in a virtualenv and then run this command:

pylint *.py emails phones privaterelay

************* Module emails.apps
emails/apps.py:8:8: C0415: Import outside toplevel (emails.signals) (import-outside-toplevel)
emails/apps.py:8:8: W0611: Unused import emails.signals (unused-import)
************* Module emails.context_processors
emails/context_processors.py:8:4: W0621: Redefining name 'relay_from_domain' from outer scope (line 6) (redefined-outer-name)
emails/context_processors.py:6:22: W0613: Unused argument 'request' (unused-argument)
emails/context_processors.py:7:4: W0612: Unused variable 'display_name' (unused-variable)
************* Module phones.tests
phones/tests.py:1:0: W0611: Unused TestCase imported from django.test (unused-import)
************* Module manage
manage.py:10:8: C0415: Import outside toplevel (django.core.management) (import-outside-toplevel)
************* Module emails.signals
emails/signals.py:9:24: W0613: Unused argument 'sender' (unused-argument)
emails/signals.py:9:0: W0613: Unused argument 'kwargs' (unused-argument)
************* Module privaterelay.signals
privaterelay/signals.py:7:20: W0613: Unused argument 'sender' (unused-argument)
************* Module privaterelay.context_processors
privaterelay/context_processors.py:4:20: W0613: Unused argument 'request' (unused-argument)
************* Module privaterelay.apps
privaterelay/apps.py:23:8: C0415: Import outside toplevel (allauth.socialaccount.signals) (import-outside-toplevel)
************* Module privaterelay.urls
privaterelay/urls.py:16:0: W0611: Unused config imported from decouple (unused-import)
************* Module privaterelay.settings
privaterelay/settings.py:112:33: W0613: Unused argument 'url' (unused-argument)
************* Module emails.models
emails/models.py:40:4: W0221: Parameters differ from overridden 'delete' method (arguments-differ)
emails/models.py:47:4: E0213: Method should have "self" as first argument (no-self-argument)
************* Module phones.views
phones/views.py:58:4: W0612: Unused variable 'db_session' (unused-variable)
phones/views.py:68:4: W0612: Unused variable 'pretty_from' (unused-variable)
phones/views.py:117:4: W0612: Unused variable 'new_participant' (unused-variable)
phones/views.py:125:4: W0612: Unused variable 'message' (unused-variable)
phones/views.py:11:0: W0611: Unused render imported from django.shortcuts (unused-import)
************* Module emails.tests.model_tests
emails/tests/model_tests.py:20:2: W0511: TODO: FIXME? this is dumb (fixme)
emails/tests/model_tests.py:23:12: W0612: Unused variable 'i' (unused-variable)
emails/tests/model_tests.py:38:8: W0612: Unused variable 'deleted_address' (unused-variable)
************* Module emails.views
emails/views.py:135:2: W0511: TODO: do we need this in SocketLabs? (fixme)
emails/views.py:169:7: C0123: Using type() instead of isinstance() for a typecheck. (unidiomatic-typecheck)
emails/views.py:181:4: W0612: Unused variable 'relay_display_name' (unused-variable)
emails/views.py:210:11: W0703: Catching too general exception Exception (broad-except)
emails/views.py:9:0: W0611: Unused config imported from decouple (unused-import)
emails/views.py:18:0: W0611: Unused render imported from django.shortcuts (unused-import)
emails/views.py:18:0: W0611: Unused get_object_or_404 imported from django.shortcuts (unused-import)
emails/views.py:22:0: W0611: Unused DeletedAddress imported from models (unused-import)
************* Module privaterelay.views
privaterelay/views.py:12:12: W0613: Unused argument 'request' (unused-argument)
privaterelay/views.py:36:14: W0613: Unused argument 'request' (unused-argument)
privaterelay/views.py:38:4: W0612: Unused variable 'c' (unused-variable)
privaterelay/views.py:42:16: W0613: Unused argument 'request' (unused-argument)

------------------------------------------------------------------
Your code has been rated at 9.30/10 (previous run: 9.30/10, +0.00)

Where I had to do some fiddling with the .pylintrc config file to exclude a bunch of messages I wasn't ready to hear from yet (about 98% of that list was automatically generated by pylint, I only added a few gems at the top of the list):

[MASTER]

# Add files or directories to the blacklist. They should be base names, not
# paths.
ignore=emails/migrations

# ...<snip snap>...

[MESSAGES CONTROL]

# Only show warnings with the listed confidence levels. Leave empty to show
# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED.
confidence=

disable=print-statement,
        missing-class-docstring,
        missing-module-docstring,
        missing-function-docstring,
        wrong-import-order,
        C0330,
        R0801,
        too-few-public-methods,
        import-error,
        no-self-use,
        invalid-name,
        parameter-unpacking,
        unpacking-in-except,
        no-member,
        old-raise-syntax,
        backtick,
        long-suffix,
        old-ne-operator,
        old-octal-literal,
        import-star-module-level,
        non-ascii-bytes-literal,
        raw-checker-failed,
        bad-inline-option,
        locally-disabled,
        file-ignored,
        suppressed-message,
        useless-suppression,
        deprecated-pragma,
        use-symbolic-message-instead,
        apply-builtin,
        basestring-builtin,
        buffer-builtin,
        cmp-builtin,
        coerce-builtin,
        execfile-builtin,
        file-builtin,
        long-builtin,
        raw_input-builtin,
        reduce-builtin,
        standarderror-builtin,
        unicode-builtin,
        xrange-builtin,
        coerce-method,
        delslice-method,
        getslice-method,
        setslice-method,
        no-absolute-import,
        old-division,
        dict-iter-method,
        dict-view-method,
        next-method-called,
        metaclass-assignment,
        indexing-exception,
        raising-string,
        reload-builtin,
        oct-method,
        hex-method,
        nonzero-method,
        cmp-method,
        input-builtin,
        round-builtin,
        intern-builtin,
        unichr-builtin,
        map-builtin-not-iterating,
        zip-builtin-not-iterating,
        range-builtin-not-iterating,
        filter-builtin-not-iterating,
        using-cmp-argument,
        eq-without-hash,
        div-method,
        idiv-method,
        rdiv-method,
        exception-message-attribute,
        invalid-str-codec,
        sys-max-int,
        bad-python3-import,
        deprecated-string-function,
        deprecated-str-translate-call,
        deprecated-itertools-function,
        deprecated-types-field,
        next-method-defined,
        dict-items-not-iterating,
        dict-keys-not-iterating,
        dict-values-not-iterating,
        deprecated-operator-function,
        deprecated-urllib-function,
        xreadlines-attribute,
        deprecated-sys-function,
        exception-escape,
        comprehension-escape

[pdehaan]

Also randomly tried bandit, which didn't give a lot of feedback:

bandit -r *.py emails phones privaterelay
[main]  INFO    profile include tests: None
[main]  INFO    profile exclude tests: None
[main]  INFO    cli include tests: None
[main]  INFO    cli exclude tests: None
[main]  INFO    running on Python 3.7.4
[node_visitor]  INFO    Unable to find qualified name for module: manage.py
Run started:2020-04-14 16:40:05.061205

Test results:
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   Location: emails/tests/model_tests.py:18
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
17          relay_address = RelayAddress.make_relay_address(self.user)
18          assert relay_address.user == self.user
19

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   Location: emails/tests/model_tests.py:25
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
24              relay_addresses.append(RelayAddress.make_relay_address(self.user))
25          assert len(relay_addresses) == len(set(relay_addresses))
26

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
   Severity: Low   Confidence: High
   Location: emails/tests/model_tests.py:32
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
31          deleted_count = DeletedAddress.objects.filter(address_hash=address_hash).count()
32          assert deleted_count == 1
33

--------------------------------------------------

Code scanned:
    Total lines of code: 1135
    Total lines skipped (#nosec): 0

Run metrics:
    Total issues (by severity):
        Undefined: 0.0
        Low: 3.0
        Medium: 0.0
        High: 0.0
    Total issues (by confidence):
        Undefined: 0.0
        Low: 0.0
        Medium: 0.0
        High: 3.0
Files skipped (0):

[pdehaan]

@jrbenny35 offered the following advice in Slack:

black has become a standard but it's good to also have flake8

[pdehaan]

Flake8 output:

# Ignore "E501 line too long" errors.
flake8 *.py emails phones privaterelay --extend-ignore=E501

emails/apps.py:8:9: F401 'emails.signals' imported but unused
emails/views.py:9:1: F401 'decouple.config' imported but unused
emails/views.py:18:1: F401 'django.shortcuts.render' imported but unused
emails/views.py:18:1: F401 'django.shortcuts.get_object_or_404' imported but unused
emails/views.py:22:1: F401 '.models.DeletedAddress' imported but unused
emails/migrations/0004_auto_20190612_2047.py:2:1: F401 'uuid' imported but unused
emails/tests/model_tests.py:38:9: F841 local variable 'deleted_address' is assigned to but never used
phones/tests.py:1:1: F401 'django.test.TestCase' imported but unused
phones/views.py:11:1: F401 'django.shortcuts.render' imported but unused
phones/views.py:58:5: F841 local variable 'db_session' is assigned to but never used
phones/views.py:68:5: F841 local variable 'pretty_from' is assigned to but never used
phones/views.py:117:5: F841 local variable 'new_participant' is assigned to but never used
phones/views.py:125:5: F841 local variable 'message' is assigned to but never used
privaterelay/settings.py:150:69: E231 missing whitespace after ','
privaterelay/settings.py:188:78: E231 missing whitespace after ','
privaterelay/settings.py:189:79: E231 missing whitespace after ','
privaterelay/settings.py:190:80: E231 missing whitespace after ','
privaterelay/settings.py:255:70: E231 missing whitespace after ','
privaterelay/settings.py:256:60: E231 missing whitespace after ','
privaterelay/urls.py:16:1: F401 'decouple.config' imported but unused
privaterelay/views.py:38:5: F841 local variable 'c' is assigned to but never used

[pdehaan]

Sorry, I'm basically just using this issue as a notepad for my learnings at this point. Feel free to unsubscribe to my TED talk here...

@hackebrot also suggested the following:

I recommend using black for auto-formatting, mypy as a linter if you use type-annotations, flake8 for general linting, and pytest for automated tests.

[groovecoder]

The first tests are using pytest already, and flake8 will be a good addition. We don't use type annotations, though. Let's start with that and maybe add black if needed.

[pdehaan]

Also, digging in a bit more, I think https://github.com/pyupio/safety would be nice to add as well. It seems to be the Python verison of npm audit. Looks like we might need to update django.

https://github.com/vintasoftware/python-linters-and-code-analysis

[pdehaan]

I'm still playing w/ flake8-black, but not sure how valuable it is as a flake8 plugin vs standalone tool since flake8 only seems to give me vague output like:

./emails/models.py:15:16: BLK100 Black would make changes.

Here was my local .flake8 config file (but I honestly don't know enough about Python to know if thats the best approach, or if you want it some awkward tox file or add a precommit hook, etc):

[flake8]
exclude = */migrations/*,venv,.git
extend-ignore = E501
max-complexity = 10

[jwhitlock]

I'm working on black + flake8 + mypy:

• PR #1830 - Framework for running linters in CircleCI
• PR #1831 - mypy

I think we can do this rapidly at the end of this sprint / beginning of next, so I've also moved MPP-79 to the current sprint.

[jwhitlock]

1 of 5 linters integrated:

• ✓ black - #1857
• mypy - #1831
• flake8 - In WIP branch
• isort - In WIP branch
• pyright - Mostly VSCode, but works with other environments as well

I think I'll also want a (optional) pre-commit hook, so devs can see linting exceptions before committing and submitting PRs.

The mypy PR is a bit stuck, and others have not fully adopted black, so I'm going to change tactics and introduce mypy in person or over Zoom, so that the PR review is not the first encounter.

[jwhitlock]

mypy was merged at the end of June 2022. The next goals are to get developers to use it, and to increase strictness.

Many Python projects are switching to ruff and enjoying the fast linting: https://beta.ruff.rs/docs/. This may be better than flake8 / isort.