inline comments removed, requirements-lint.txt updated, dependabot updated, E501 suppressed, mypy.ini file list removed

Author: Lion Holler

.github/dependabot.yml

@@ -14,12 +14,9 @@ updates:
     test-and-lint-dependencies:
       # Python dependencies that are only pinned to ensure test reproducibility
       patterns:
-        - "bandit"
-        - "black"
+        - "ruff"
         - "coverage"
-        - "isort"
         - "mypy"
-        - "pylint"
     dependencies:
       # Python (developer) runtime dependencies. Also any new dependencies not
       # caught by earlier groups

mypy.ini

@@ -1,9 +1,5 @@
 [mypy]
 warn_unused_configs = True
-files =
-    securesystemslib/signer/*.py,
-    securesystemslib/storage.py,
-    securesystemslib/_gpg/constants.py
 
 exclude = securesystemslib/_vendor
 

pylintrc

@@ -73,31 +73,23 @@ include = [
 # Ruff section
 [tool.ruff]
 lint.select = [
-    "I",      # isort: all
-    "PL",     # pylint: all
-    "S",      # flake8-bandit: all
-    "N",      # pep8-naming: all
-    "RUF100"  # ruff: find unused noqa
+  "E",      # ruff default
+  "F",      # ruff default
+  "I",      # isort: all
+  "PL",     # pylint: all
+  "S",      # flake8-bandit: all
+  "N",      # pep8-naming: all
+  "RUF100"  # ruff: find unused noqa
+]
+lint.ignore = [
+  "E501"    # ignore line-too-long
 ]
 exclude = ["_vendor"]
 
 # Same as Black.
 line-length = 80
 indent-width = 4
 
-[tool.ruff.format]
-# Like Black, use double quotes for strings.
-quote-style = "double"
-
-# Like Black, indent with spaces, rather than tabs.
-indent-style = "space"
-
-# Like Black, respect magic trailing commas.
-skip-magic-trailing-comma = false
-
-# Like Black, automatically detect the appropriate line ending.
-line-ending = "auto"
-
 [tool.ruff.lint.per-file-ignores]
 "tests/*" = [
     "S",      # bandit: Not running bandit on tests

pyproject.toml

@@ -1,6 +1,2 @@
 mypy==1.10.0
-black==24.4.2
-isort==5.13.2
-pylint==3.2.3
-bandit==1.7.9
 ruff==0.4.10

requirements-lint.txt

@@ -1,4 +1,3 @@
-# pylint: disable=missing-module-docstring
 import logging
 
 __version__ = "1.1.0"

securesystemslib/__init__.py

@@ -105,7 +105,7 @@ def parse_pubkey_payload(data):
     ptr += 1
     if version_number not in SUPPORTED_PUBKEY_PACKET_VERSIONS:
         raise PacketVersionNotSupportedError(
-            "Pubkey packet version '{}' not supported, must be one of {}".format(  # pylint: disable=consider-using-f-string
+            "Pubkey packet version '{}' not supported, must be one of {}".format(
                 version_number, SUPPORTED_PUBKEY_PACKET_VERSIONS
             )
         )
@@ -130,7 +130,7 @@ def parse_pubkey_payload(data):
     # as described in section 5.2.3.21.
     if algorithm not in SUPPORTED_SIGNATURE_ALGORITHMS:
         raise SignatureAlgorithmNotSupportedError(
-            "Signature algorithm '{}' not "  # pylint: disable=consider-using-f-string
+            "Signature algorithm '{}' not "
             "supported, please verify that your gpg configuration is creating "
             "either DSA, RSA, or EdDSA signatures (see RFC4880 9.1. Public-Key "
             "Algorithms).".format(algorithm)
@@ -216,7 +216,7 @@ def parse_pubkey_bundle(data):
                 and not key_bundle[PACKET_TYPE_PRIMARY_KEY]["key"]
             ):
                 raise PacketParsingError(
-                    "First packet must be a primary key ('{}'), "  # pylint: disable=consider-using-f-string
+                    "First packet must be a primary key ('{}'), "
                     "got '{}'.".format(PACKET_TYPE_PRIMARY_KEY, packet_type)
                 )
 
@@ -282,7 +282,7 @@ def parse_pubkey_bundle(data):
 
             else:
                 log.info(
-                    "Ignoring gpg key packet '{}', we only handle packets of "  # pylint: disable=logging-format-interpolation,consider-using-f-string
+                    "Ignoring gpg key packet '{}', we only handle packets of "
                     "types '{}' (see RFC4880 4.3. Packet Tags).".format(
                         packet_type,
                         [
@@ -297,8 +297,8 @@ def parse_pubkey_bundle(data):
 
         # Both errors might be raised in parse_packet_header and in this loop
         except (PacketParsingError, IndexError) as e:
-            raise PacketParsingError(  # pylint: disable=raise-missing-from
-                "Invalid public key data at position {}: {}.".format(  # pylint: disable=consider-using-f-string
+            raise PacketParsingError(
+                "Invalid public key data at position {}: {}.".format(
                     position, e
                 )
             )
@@ -369,15 +369,15 @@ def _assign_certified_key_info(bundle):
             # TODO: Revise exception taxonomy:
             # It's okay to ignore some exceptions (unsupported algorithms etc.) but
             # we should blow up if a signature is malformed (missing subpackets).
-            except Exception as e:  # pylint: disable=broad-except
+            except Exception as e:
                 log.info(e)
                 continue
 
             if not bundle[PACKET_TYPE_PRIMARY_KEY]["key"]["keyid"].endswith(
                 signature["keyid"]
             ):
                 log.info(
-                    "Ignoring User ID certificate issued by '{}'.".format(  # pylint: disable=logging-format-interpolation,consider-using-f-string
+                    "Ignoring User ID certificate issued by '{}'.".format(
                         signature["keyid"]
                     )
                 )
@@ -392,7 +392,7 @@ def _assign_certified_key_info(bundle):
 
             if not is_valid:
                 log.info(
-                    "Ignoring invalid User ID self-certificate issued "  # pylint: disable=logging-format-interpolation,consider-using-f-string
+                    "Ignoring invalid User ID self-certificate issued "
                     "by '{}'.".format(signature["keyid"])
                 )
                 continue
@@ -493,7 +493,7 @@ def _get_verified_subkeys(bundle):
             )
 
         # TODO: Revise exception taxonomy
-        except Exception as e:  # pylint: disable=broad-except
+        except Exception as e:
             log.info(e)
             continue
 
@@ -523,7 +523,7 @@ def _get_verified_subkeys(bundle):
                 key_binding_signatures.append(signature)
 
             # TODO: Revise exception taxonomy
-            except Exception as e:  # pylint: disable=broad-except
+            except Exception as e:
                 log.info(e)
                 continue
         # NOTE: As per the V4 key structure diagram in RFC4880 section 12.1., a
@@ -535,7 +535,7 @@ def _get_verified_subkeys(bundle):
         # an *embedded primary key binding signature*.
         if len(key_binding_signatures) != 1:
             log.info(
-                "Ignoring subkey '{}' due to wrong amount of key binding "  # pylint: disable=logging-format-interpolation,consider-using-f-string
+                "Ignoring subkey '{}' due to wrong amount of key binding "
                 "signatures ({}), must be exactly 1.".format(
                     subkey["keyid"], len(key_binding_signatures)
                 )
@@ -550,7 +550,7 @@ def _get_verified_subkeys(bundle):
 
         if not is_valid:
             log.info(
-                "Ignoring subkey '{}' due to invalid key binding signature.".format(  # pylint: disable=logging-format-interpolation,consider-using-f-string
+                "Ignoring subkey '{}' due to invalid key binding signature.".format(
                     subkey["keyid"]
                 )
             )
@@ -610,8 +610,9 @@ def get_pubkey_bundle(data, keyid):
     """
     if not data:
         raise KeyNotFoundError(
-            "Could not find gpg key '{}' in empty exported key "  # pylint: disable=consider-using-f-string
-            "data.".format(keyid)
+            "Could not find gpg key '{}' in empty exported key " "data.".format(
+                keyid
+            )
         )
 
     # Parse out master key and subkeys (enriched and verified via certificates
@@ -631,7 +632,7 @@ def get_pubkey_bundle(data, keyid):
         if public_key and public_key["keyid"].endswith(keyid.lower()):
             if idx > 1:
                 log.debug(
-                    "Exporting master key '{}' including subkeys '{}' for"  # pylint: disable=logging-format-interpolation,consider-using-f-string
+                    "Exporting master key '{}' including subkeys '{}' for"
                     " passed keyid '{}'.".format(
                         master_public_key["keyid"],
                         ", ".join(list(sub_public_keys.keys())),
@@ -642,9 +643,7 @@ def get_pubkey_bundle(data, keyid):
 
     else:
         raise KeyNotFoundError(
-            "Could not find gpg key '{}' in exported key data.".format(  # pylint: disable=consider-using-f-string
-                keyid
-            )
+            "Could not find gpg key '{}' in exported key data.".format(keyid)
         )
 
     # Add subkeys dictionary to master pubkey "subkeys" field if subkeys exist
@@ -655,7 +654,7 @@ def get_pubkey_bundle(data, keyid):
 
 
 # ruff: noqa: PLR0912, PLR0915
-def parse_signature_packet(  # pylint: disable=too-many-locals,too-many-branches,too-many-statements
+def parse_signature_packet(
     data,
     supported_signature_types=None,
     supported_hash_algorithms=None,
@@ -725,7 +724,7 @@ def parse_signature_packet(  # pylint: disable=too-many-locals,too-many-branches
     ptr += 1
     if version_number not in SUPPORTED_SIGNATURE_PACKET_VERSIONS:
         raise ValueError(
-            "Signature version '{}' not supported, must be one of "  # pylint: disable=consider-using-f-string
+            "Signature version '{}' not supported, must be one of "
             "{}.".format(version_number, SUPPORTED_SIGNATURE_PACKET_VERSIONS)
         )
 
@@ -738,7 +737,7 @@ def parse_signature_packet(  # pylint: disable=too-many-locals,too-many-branches
 
     if signature_type not in supported_signature_types:
         raise ValueError(
-            "Signature type '{}' not supported, must be one of {} "  # pylint: disable=consider-using-f-string
+            "Signature type '{}' not supported, must be one of {} "
             "(see RFC4880 5.2.1. Signature Types).".format(
                 signature_type, supported_signature_types
             )
@@ -749,7 +748,7 @@ def parse_signature_packet(  # pylint: disable=too-many-locals,too-many-branches
 
     if signature_algorithm not in SUPPORTED_SIGNATURE_ALGORITHMS:
         raise ValueError(
-            "Signature algorithm '{}' not "  # pylint: disable=consider-using-f-string
+            "Signature algorithm '{}' not "
             "supported, please verify that your gpg configuration is creating "
             "either DSA, RSA, or EdDSA signatures (see RFC4880 9.1. Public-Key "
             "Algorithms).".format(signature_algorithm)
@@ -763,7 +762,7 @@ def parse_signature_packet(  # pylint: disable=too-many-locals,too-many-branches
 
     if hash_algorithm not in supported_hash_algorithms:
         raise ValueError(
-            "Hash algorithm '{}' not supported, must be one of {}"  # pylint: disable=consider-using-f-string
+            "Hash algorithm '{}' not supported, must be one of {}"
             " (see RFC4880 9.4. Hash Algorithms).".format(
                 hash_algorithm, supported_hash_algorithms
             )
@@ -863,7 +862,7 @@ def parse_signature_packet(  # pylint: disable=too-many-locals,too-many-branches
     # Fail if keyid and short keyid are specified but don't match
     if keyid and not keyid.endswith(short_keyid):  # pragma: no cover
         raise ValueError(
-            "This signature packet seems to be corrupted. The key ID "  # pylint: disable=consider-using-f-string
+            "This signature packet seems to be corrupted. The key ID "
             "'{}' of the 'Issuer' subpacket must match the lower 64 bits of the "
             "fingerprint '{}' of the 'Issuer Fingerprint' subpacket (see RFC4880 "
             "and rfc4880bis-06 5.2.3.28. Issuer Fingerprint).".format(
@@ -887,7 +886,7 @@ def parse_signature_packet(  # pylint: disable=too-many-locals,too-many-branches
     signature = handler.get_signature_params(data[ptr:])
 
     signature_data = {
-        "keyid": "{}".format(keyid),  # pylint: disable=consider-using-f-string
+        "keyid": "{}".format(keyid),
         "other_headers": binascii.hexlify(data[:other_headers_ptr]).decode(
             "ascii"
         ),

securesystemslib/_gpg/common.py

@@ -20,7 +20,7 @@
 import logging
 import os
 import shlex
-import subprocess  # nosec
+import subprocess
 from typing import List, Optional
 
 log = logging.getLogger(__name__)
@@ -36,7 +36,7 @@ def is_available_gnupg(gnupg: str, timeout: Optional[int] = None) -> bool:
 
     gpg_version_cmd = shlex.split(f"{gnupg} --version")
     try:
-        subprocess.run(  # nosec
+        subprocess.run(
             gpg_version_cmd,  # noqa: S603
             capture_output=True,
             timeout=timeout,

securesystemslib/_gpg/constants.py

@@ -27,14 +27,11 @@
 except ImportError:
     CRYPTO = False
 
-# pylint: disable=wrong-import-position
 # ruff: noqa: E402
 from securesystemslib import exceptions
 from securesystemslib._gpg import util as gpg_util
 from securesystemslib._gpg.exceptions import PacketParsingError
 
-# pylint: enable=wrong-import-position
-
 
 def create_pubkey(pubkey_info):
     """

securesystemslib/_gpg/dsa.py

@@ -79,7 +79,7 @@ def get_pubkey_params(data):
     # See 9.2. ECC Curve OID
     if curve_oid != ED25519_PUBLIC_KEY_OID:
         raise PacketParsingError(
-            "bad ed25519 curve OID '{}', expected {}'".format(  # pylint: disable=consider-using-f-string
+            "bad ed25519 curve OID '{}', expected {}'".format(
                 curve_oid, ED25519_PUBLIC_KEY_OID
             )
         )
@@ -90,7 +90,7 @@ def get_pubkey_params(data):
 
     if public_key_len != ED25519_PUBLIC_KEY_LENGTH:
         raise PacketParsingError(
-            "bad ed25519 MPI length '{}', expected {}'".format(  # pylint: disable=consider-using-f-string
+            "bad ed25519 MPI length '{}', expected {}'".format(
                 public_key_len, ED25519_PUBLIC_KEY_LENGTH
             )
         )
@@ -100,7 +100,7 @@ def get_pubkey_params(data):
 
     if public_key_prefix != ED25519_PUBLIC_KEY_PREFIX:
         raise PacketParsingError(
-            "bad ed25519 MPI prefix '{}', expected '{}'".format(  # pylint: disable=consider-using-f-string
+            "bad ed25519 MPI prefix '{}', expected '{}'".format(
                 public_key_prefix, ED25519_PUBLIC_KEY_PREFIX
             )
         )