wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-09-08 04:53:08 +02:00
Code Issues Projects Releases Wiki Activity

Fix linting issues across the codebase

Browse source 
## Python Code Quality (ruff)
- Fixed import organization and removed unused imports in test files
- Replaced `== True` comparisons with direct boolean checks
- Added noqa comments for intentional imports in test modules

## YAML Formatting (yamllint)
- Removed trailing spaces in openssl.yml comments
- All YAML files now pass yamllint validation (except one pre-existing long regex line)

## Code Consistency
- Maintained proper import ordering in test files
- Ensured all code follows project linting standards
- Ready for CI pipeline validation

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Dan Guido 2025-08-04 22:13:48 -07:00
parent a6852f3ca6
commit e63a3d6357
3 changed files with 168 additions and 177 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
tests/unit/test_openssl_compatibility.py
View file

@ -5,18 +5,14 @@ Hybrid approach: validates actual certificates when available, else tests templa
Based on issues #14755, #14718 - Apple device compatibility Based on issues #14755, #14718 - Apple device compatibility
Issues #75, #153 - Security enhancements (name constraints, EKU restrictions) Issues #75, #153 - Security enhancements (name constraints, EKU restrictions)
""" """
import os
import glob import glob
import os
import re import re
import subprocess import subprocess
import sys import sys
import yaml
import tempfile
import ipaddress
from pathlib import Path
from cryptography import x509 from cryptography import x509
from cryptography.hazmat.primitives import serialization from cryptography.x509.oid import ExtensionOID, NameOID
from cryptography.x509.oid import NameOID, ExtensionOID
def find_generated_certificates(): def find_generated_certificates():
@ -120,7 +116,7 @@ def validate_ca_certificate_config():
print("⚠ Could not find openssl.yml task file") print("⚠ Could not find openssl.yml task file")
return return
with open(openssl_task_file, 'r') as f: with open(openssl_task_file) as f:
content = f.read() content = f.read()
# Verify key security configurations are present # Verify key security configurations are present
@ -208,7 +204,7 @@ def validate_server_certificates_config():
print("⚠ Could not find openssl.yml task file") print("⚠ Could not find openssl.yml task file")
return return
with open(openssl_task_file, 'r') as f: with open(openssl_task_file) as f:
content = f.read() content = f.read()
# Look for server certificate CSR section # Look for server certificate CSR section
@ -300,7 +296,7 @@ def validate_client_certificates_config():
print("⚠ Could not find openssl.yml task file") print("⚠ Could not find openssl.yml task file")
return return
with open(openssl_task_file, 'r') as f: with open(openssl_task_file) as f:
content = f.read() content = f.read()
# Look for client certificate CSR section # Look for client certificate CSR section
@ -376,7 +372,7 @@ def validate_pkcs12_files_config():
print("⚠ Could not find openssl.yml task file") print("⚠ Could not find openssl.yml task file")
return return
with open(openssl_task_file, 'r') as f: with open(openssl_task_file) as f:
content = f.read() content = f.read()
# Check PKCS#12 generation configuration # Check PKCS#12 generation configuration
@ -434,7 +430,7 @@ def validate_certificate_chain_real(cert_files):
print(f"✓ Real certificate chain valid: {os.path.basename(cert_path)}") print(f"✓ Real certificate chain valid: {os.path.basename(cert_path)}")
print(f"✓ All real certificates properly signed by CA") print("✓ All real certificates properly signed by CA")
def validate_certificate_chain_config(): def validate_certificate_chain_config():
"""Validate certificate chain configuration in Ansible files (CI mode)""" """Validate certificate chain configuration in Ansible files (CI mode)"""
@ -443,7 +439,7 @@ def validate_certificate_chain_config():
print("⚠ Could not find openssl.yml task file") print("⚠ Could not find openssl.yml task file")
return return
with open(openssl_task_file, 'r') as f: with open(openssl_task_file) as f:
content = f.read() content = f.read()
# Check certificate signing configuration # Check certificate signing configuration

21
tests/unit/test_wireguard_key_generation.py
View file

@ -8,7 +8,6 @@ import os
import subprocess import subprocess
import sys import sys
import tempfile import tempfile
import shutil
# Add library directory to path to import our custom module # Add library directory to path to import our custom module
sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', '..', 'library')) sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', '..', 'library'))
@ -29,7 +28,7 @@ def test_wireguard_tools_available():
def test_x25519_module_import(): def test_x25519_module_import():
"""Test that our custom x25519_pubkey module can be imported and used""" """Test that our custom x25519_pubkey module can be imported and used"""
try: try:
from x25519_pubkey import run_module import x25519_pubkey # noqa: F401
print("✓ x25519_pubkey module imports successfully") print("✓ x25519_pubkey module imports successfully")
return True return True
except ImportError as e: except ImportError as e:
@ -71,7 +70,6 @@ def test_x25519_pubkey_from_raw_file():
try: try:
# Import here so we can mock the module_utils if needed # Import here so we can mock the module_utils if needed
from unittest.mock import Mock
# Mock the AnsibleModule for testing # Mock the AnsibleModule for testing
class MockModule: class MockModule:
@ -90,8 +88,8 @@ def test_x25519_pubkey_from_raw_file():
try: try:
# Test the module logic directly # Test the module logic directly
from x25519_pubkey import run_module
import x25519_pubkey import x25519_pubkey
from x25519_pubkey import run_module
original_AnsibleModule = x25519_pubkey.AnsibleModule original_AnsibleModule = x25519_pubkey.AnsibleModule
@ -110,10 +108,10 @@ def test_x25519_pubkey_from_raw_file():
# Check the result # Check the result
assert 'public_key' in mock_module.result assert 'public_key' in mock_module.result
assert mock_module.result['changed'] == True assert mock_module.result['changed']
assert os.path.exists(public_key_path) assert os.path.exists(public_key_path)
with open(public_key_path, 'r') as f: with open(public_key_path) as f:
derived_pubkey = f.read().strip() derived_pubkey = f.read().strip()
# Validate base64 format # Validate base64 format
@ -144,7 +142,6 @@ def test_x25519_pubkey_from_b64_string():
raw_key_path, b64_key = generate_test_private_key() raw_key_path, b64_key = generate_test_private_key()
try: try:
from unittest.mock import Mock
class MockModule: class MockModule:
def __init__(self, params): def __init__(self, params):
@ -157,8 +154,8 @@ def test_x25519_pubkey_from_b64_string():
def exit_json(self, **kwargs): def exit_json(self, **kwargs):
self.result = kwargs self.result = kwargs
from x25519_pubkey import run_module
import x25519_pubkey import x25519_pubkey
from x25519_pubkey import run_module
original_AnsibleModule = x25519_pubkey.AnsibleModule original_AnsibleModule = x25519_pubkey.AnsibleModule
@ -207,7 +204,6 @@ def test_wireguard_validation():
try: try:
# Derive public key using our module # Derive public key using our module
from unittest.mock import Mock
class MockModule: class MockModule:
def __init__(self, params): def __init__(self, params):
@ -220,8 +216,8 @@ def test_wireguard_validation():
def exit_json(self, **kwargs): def exit_json(self, **kwargs):
self.result = kwargs self.result = kwargs
from x25519_pubkey import run_module
import x25519_pubkey import x25519_pubkey
from x25519_pubkey import run_module
original_AnsibleModule = x25519_pubkey.AnsibleModule original_AnsibleModule = x25519_pubkey.AnsibleModule
@ -269,7 +265,7 @@ AllowedIPs = 10.19.49.2/32
if wg_result.returncode == 0: if wg_result.returncode == 0:
wg_derived = wg_result.stdout.strip() wg_derived = wg_result.stdout.strip()
assert wg_derived == derived_pubkey, f"Key mismatch: wg={wg_derived} vs ours={derived_pubkey}" assert wg_derived == derived_pubkey, f"Key mismatch: wg={wg_derived} vs ours={derived_pubkey}"
print(f"✓ WireGuard validation: keys match wg pubkey output") print("✓ WireGuard validation: keys match wg pubkey output")
else: else:
print(f"⚠ Could not validate with wg pubkey: {wg_result.stderr}") print(f"⚠ Could not validate with wg pubkey: {wg_result.stderr}")
@ -291,7 +287,6 @@ def test_key_consistency():
try: try:
def derive_pubkey_from_same_key(): def derive_pubkey_from_same_key():
from unittest.mock import Mock
class MockModule: class MockModule:
def __init__(self, params): def __init__(self, params):
@ -304,8 +299,8 @@ def test_key_consistency():
def exit_json(self, **kwargs): def exit_json(self, **kwargs):
self.result = kwargs self.result = kwargs
from x25519_pubkey import run_module
import x25519_pubkey import x25519_pubkey
from x25519_pubkey import run_module
original_AnsibleModule = x25519_pubkey.AnsibleModule original_AnsibleModule = x25519_pubkey.AnsibleModule