mirror of
https://github.com/trailofbits/algo.git
synced 2025-09-06 12:03:38 +02:00
Fix linting issues across the codebase
## Python Code Quality (ruff) - Fixed import organization and removed unused imports in test files - Replaced `== True` comparisons with direct boolean checks - Added noqa comments for intentional imports in test modules ## YAML Formatting (yamllint) - Removed trailing spaces in openssl.yml comments - All YAML files now pass yamllint validation (except one pre-existing long regex line) ## Code Consistency - Maintained proper import ordering in test files - Ensured all code follows project linting standards - Ready for CI pipeline validation 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Dan Guido
parent
a6852f3ca6
commit
e63a3d6357
3 changed files with 168 additions and 177 deletions
|
|
@ -5,18 +5,14 @@ Hybrid approach: validates actual certificates when available, else tests templa
|
|||
Based on issues #14755, #14718 - Apple device compatibility
|
||||
Issues #75, #153 - Security enhancements (name constraints, EKU restrictions)
|
||||
"""
|
||||
import os
|
||||
import glob
|
||||
import os
|
||||
import re
|
||||
import subprocess
|
||||
import sys
|
||||
import yaml
|
||||
import tempfile
|
||||
import ipaddress
|
||||
from pathlib import Path
|
||||
|
||||
from cryptography import x509
|
||||
from cryptography.hazmat.primitives import serialization
|
||||
from cryptography.x509.oid import NameOID, ExtensionOID
|
||||
from cryptography.x509.oid import ExtensionOID, NameOID
|
||||
|
||||
|
||||
def find_generated_certificates():
|
||||
|
|
@ -120,7 +116,7 @@ def validate_ca_certificate_config():
|
|||
print("⚠ Could not find openssl.yml task file")
|
||||
return
|
||||
|
||||
with open(openssl_task_file, 'r') as f:
|
||||
with open(openssl_task_file) as f:
|
||||
content = f.read()
|
||||
|
||||
# Verify key security configurations are present
|
||||
|
|
@ -208,7 +204,7 @@ def validate_server_certificates_config():
|
|||
print("⚠ Could not find openssl.yml task file")
|
||||
return
|
||||
|
||||
with open(openssl_task_file, 'r') as f:
|
||||
with open(openssl_task_file) as f:
|
||||
content = f.read()
|
||||
|
||||
# Look for server certificate CSR section
|
||||
|
|
@ -300,7 +296,7 @@ def validate_client_certificates_config():
|
|||
print("⚠ Could not find openssl.yml task file")
|
||||
return
|
||||
|
||||
with open(openssl_task_file, 'r') as f:
|
||||
with open(openssl_task_file) as f:
|
||||
content = f.read()
|
||||
|
||||
# Look for client certificate CSR section
|
||||
|
|
@ -376,7 +372,7 @@ def validate_pkcs12_files_config():
|
|||
print("⚠ Could not find openssl.yml task file")
|
||||
return
|
||||
|
||||
with open(openssl_task_file, 'r') as f:
|
||||
with open(openssl_task_file) as f:
|
||||
content = f.read()
|
||||
|
||||
# Check PKCS#12 generation configuration
|
||||
|
|
@ -434,7 +430,7 @@ def validate_certificate_chain_real(cert_files):
|
|||
|
||||
print(f"✓ Real certificate chain valid: {os.path.basename(cert_path)}")
|
||||
|
||||
print(f"✓ All real certificates properly signed by CA")
|
||||
print("✓ All real certificates properly signed by CA")
|
||||
|
||||
def validate_certificate_chain_config():
|
||||
"""Validate certificate chain configuration in Ansible files (CI mode)"""
|
||||
|
|
@ -443,7 +439,7 @@ def validate_certificate_chain_config():
|
|||
print("⚠ Could not find openssl.yml task file")
|
||||
return
|
||||
|
||||
with open(openssl_task_file, 'r') as f:
|
||||
with open(openssl_task_file) as f:
|
||||
content = f.read()
|
||||
|
||||
# Check certificate signing configuration
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ import os
|
|||
import subprocess
|
||||
import sys
|
||||
import tempfile
|
||||
import shutil
|
||||
|
||||
# Add library directory to path to import our custom module
|
||||
sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', '..', 'library'))
|
||||
|
|
@ -29,7 +28,7 @@ def test_wireguard_tools_available():
|
|||
def test_x25519_module_import():
|
||||
"""Test that our custom x25519_pubkey module can be imported and used"""
|
||||
try:
|
||||
from x25519_pubkey import run_module
|
||||
import x25519_pubkey # noqa: F401
|
||||
print("✓ x25519_pubkey module imports successfully")
|
||||
return True
|
||||
except ImportError as e:
|
||||
|
|
@ -71,7 +70,6 @@ def test_x25519_pubkey_from_raw_file():
|
|||
|
||||
try:
|
||||
# Import here so we can mock the module_utils if needed
|
||||
from unittest.mock import Mock
|
||||
|
||||
# Mock the AnsibleModule for testing
|
||||
class MockModule:
|
||||
|
|
@ -90,8 +88,8 @@ def test_x25519_pubkey_from_raw_file():
|
|||
|
||||
try:
|
||||
# Test the module logic directly
|
||||
from x25519_pubkey import run_module
|
||||
import x25519_pubkey
|
||||
from x25519_pubkey import run_module
|
||||
|
||||
original_AnsibleModule = x25519_pubkey.AnsibleModule
|
||||
|
||||
|
|
@ -110,10 +108,10 @@ def test_x25519_pubkey_from_raw_file():
|
|||
|
||||
# Check the result
|
||||
assert 'public_key' in mock_module.result
|
||||
assert mock_module.result['changed'] == True
|
||||
assert mock_module.result['changed']
|
||||
assert os.path.exists(public_key_path)
|
||||
|
||||
with open(public_key_path, 'r') as f:
|
||||
with open(public_key_path) as f:
|
||||
derived_pubkey = f.read().strip()
|
||||
|
||||
# Validate base64 format
|
||||
|
|
@ -144,7 +142,6 @@ def test_x25519_pubkey_from_b64_string():
|
|||
raw_key_path, b64_key = generate_test_private_key()
|
||||
|
||||
try:
|
||||
from unittest.mock import Mock
|
||||
|
||||
class MockModule:
|
||||
def __init__(self, params):
|
||||
|
|
@ -157,8 +154,8 @@ def test_x25519_pubkey_from_b64_string():
|
|||
def exit_json(self, **kwargs):
|
||||
self.result = kwargs
|
||||
|
||||
from x25519_pubkey import run_module
|
||||
import x25519_pubkey
|
||||
from x25519_pubkey import run_module
|
||||
|
||||
original_AnsibleModule = x25519_pubkey.AnsibleModule
|
||||
|
||||
|
|
@ -207,7 +204,6 @@ def test_wireguard_validation():
|
|||
|
||||
try:
|
||||
# Derive public key using our module
|
||||
from unittest.mock import Mock
|
||||
|
||||
class MockModule:
|
||||
def __init__(self, params):
|
||||
|
|
@ -220,8 +216,8 @@ def test_wireguard_validation():
|
|||
def exit_json(self, **kwargs):
|
||||
self.result = kwargs
|
||||
|
||||
from x25519_pubkey import run_module
|
||||
import x25519_pubkey
|
||||
from x25519_pubkey import run_module
|
||||
|
||||
original_AnsibleModule = x25519_pubkey.AnsibleModule
|
||||
|
||||
|
|
@ -269,7 +265,7 @@ AllowedIPs = 10.19.49.2/32
|
|||
if wg_result.returncode == 0:
|
||||
wg_derived = wg_result.stdout.strip()
|
||||
assert wg_derived == derived_pubkey, f"Key mismatch: wg={wg_derived} vs ours={derived_pubkey}"
|
||||
print(f"✓ WireGuard validation: keys match wg pubkey output")
|
||||
print("✓ WireGuard validation: keys match wg pubkey output")
|
||||
else:
|
||||
print(f"⚠ Could not validate with wg pubkey: {wg_result.stderr}")
|
||||
|
||||
|
|
@ -291,7 +287,6 @@ def test_key_consistency():
|
|||
|
||||
try:
|
||||
def derive_pubkey_from_same_key():
|
||||
from unittest.mock import Mock
|
||||
|
||||
class MockModule:
|
||||
def __init__(self, params):
|
||||
|
|
@ -304,8 +299,8 @@ def test_key_consistency():
|
|||
def exit_json(self, **kwargs):
|
||||
self.result = kwargs
|
||||
|
||||
from x25519_pubkey import run_module
|
||||
import x25519_pubkey
|
||||
from x25519_pubkey import run_module
|
||||
|
||||
original_AnsibleModule = x25519_pubkey.AnsibleModule
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue