Skip to main content

Dlint is a tool for encouraging best coding practices and helping ensure we're writing secure Python code.

Project description

Duo Labs

Dlint

Build Status Python Versions PyPI Version

Dlint is a tool for encouraging best coding practices and helping ensure we're writing secure Python code.

The most important thing I have done as a programmer in recent years is to aggressively pursue static code analysis. Even more valuable than the hundreds of serious bugs I have prevented with it is the change in mindset about the way I view software reliability and code quality.

For a static analysis project to succeed, developers must feel they benefit from and enjoy using it.

For documentation and a list of rules see docs.

Installing

$ python -m pip install dlint

Specify python2 or python3 to install for a specific Python version.

And double check that it was installed correctly:

$ python -m flake8 -h
Usage: flake8 [options] file file ...

...

Installed plugins: dlint: 0.9.2, mccabe: 0.5.3, pycodestyle: 2.2.0, pyflakes: 1.3.0

Note the dlint: 0.9.2.

Using

Dlint uses flake8 to perform its linting functionality which provides many useful features without re-inventing the wheel.

CLI

Let's run a simple check:

$ cat << EOF > test.py
print("TEST1")
exec('print("TEST2")')
EOF
$ python test.py
TEST1
TEST2
$ python -m flake8 --select=DUO test.py
test.py:2:1: DUO105 use of "exec" is insecure

To learn more about why "exec" is insecure visit /docs/linters/DUO105.md.

The --select=DUO flag tells flake8 to only run Dlint lint rules.

From here, we can easily run Dlint against a directory of Python code:

$ python -m flake8 --select=DUO /path/to/code

To fine-tune your linting, check out the flake8 help:

$ python -m flake8 --help

Inline Editor

Dlint results can also be included inline in your editor for fast feedback. This typically requires an editor plugin or extension. Here are some starting points for common editors:

Integrating

Dlint can easily be integrated into CI pipelines, or anything really.

For more information and examples see 'How can I integrate Dlint into XYZ?'.

Custom Plugins

Dlint's custom plugins are built on a simple naming convention, and rely on Python modules. To make a Dlint custom plugin use the following conventions:

  • The Python module name must start with dlint_plugin_.
  • The linter class name must start with Dlint.
  • The linter class should inherit from dlint.linters.base.BaseLinter.
    • If for some reason you'd like to avoid this, then you must implement the get_results function appropriately and inherit from ast.NodeVisitor.

See an example plugin for further details.

Developing

First, install development packages:

$ python -m pip install -r requirements.txt
$ python -m pip install -r requirements-dev.txt
$ python -m pip install -e .

Testing

$ pytest

Linting

$ flake8

Coverage

$ pytest --cov

Benchmarking

$ pytest --benchmark-py-file /path/to/python/file tests/test_benchmark/

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

dlint-0.9.2-py2.py3-none-any.whl (74.0 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file dlint-0.9.2-py2.py3-none-any.whl.

File metadata

  • Download URL: dlint-0.9.2-py2.py3-none-any.whl
  • Upload date:
  • Size: 74.0 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/3.6.8

File hashes

Hashes for dlint-0.9.2-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 9031708af91ff9b81e549f439a4b7c7ac750e219b5666921be784b69e4aaed1b
MD5 376f1db74c633d7ab003a3d83b520574
BLAKE2b-256 a21556a614ae1ddc15515cb1fa7ec7fb5ab4e5f0c2192ee6d927e0713e31d4c7

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page