Linter and Security tools for python code

Author - Webner
7.05.2020
|
0 Comments
||

I have used 3 tools here:

  • Flake8
  • SublimeLinter
  • Flake8-Bandit

What is a linter?

Linter analyzes code to detect various categories of lint. Those categories can be broadly defined as the following:

  1. Logical Lint

    • Code errors
    • Code with potentially unintended results
    • Dangerous code patterns
  2. Stylistic Lint

    • Code not conforming to defined convention

Flake 8

Flake 8 is a Linting tool that is capable of detecting both logical and stylistic lint. It adds the style and complexity checks of pycodestyle to the logical lint detection of PyFlakes. It combines the following linters:

  • PyFlakes – Checks for logical issues
  • pycodestyle (formerly pep8) – Checks Styling conventions
  • Mccabe – Checks complexity

In comparison with Pylint – one of the oldest and most popular linters available; flake 8 takes a fraction of the time that Pylint takes to generate reports. Unlike Pylint it is not complicated, although its reports are very comprehensive and flake 8 provides simplicity with no compromise with useful functionality.

I am using ubuntu here, First, install the flake8 from terminal

Pip3 install flake8
You can use linter with any text editor. I am using it with sublime text 3. From the command palette; install SublimeLinter. After this install SublimeLinter-flake8.
In SublimeLinter user settings make some changes to skip warnings for “over indentation” and “indentation contains tabs”. These, in my opinion, are futile warnings and you can’t solve them because it creeps in even when single indentation is given which is required for eg – if statement.

// SublimeLinter Settings - User
{
"linters": {
// The name of the linter you installed
"flake8":{
"filter_errors": ["E117", "W191"],
"highlight":false
}
},
}

Here are screenshots using linters in sublime text 3:

This is a script that I had written which I am using as an example here(So code secrecy will not be an issue).You can hover over the box or dot to view the error/warning message.

The format of the output is as follows:
file path : line number : column number : error code : short description

Prefix for error codes:

  • E***/W***: pep8 errors and warnings
  • F***: PyFlakes codes
  • C9**: McCabe complexity plugin mccabe
  • N8**: Naming Conventions plugin pep8-naming

Note – Here I have used –isolated flag which displays all the error/ warning messages irrespective of the configuration settings. You can use –ignore flag too to ignore certain errors/warnings.

Flake8-Bandit

This tool is used to test for security issues in code. This is how you install in Ubuntu:
pip3 install flake8-bandit
Flake8 uses the bandit package from PuCQA. Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.
To learn more about this tool, read – https://github.com/PyCQA/bandit https://bandit.readthedocs.io/en/latest/index.html

Here -r flag means ‘run’. There are other flags and features that you can learn from the above-mentioned links.

Webner Solutions is a Software Development company focused on developing Insurance Agency Management Systems, Learning Management Systems and Salesforce apps. Contact us at dev@webners.com for your Insurance, eLearning and Salesforce applications.

Leave a Reply

Your email address will not be published. Required fields are marked *