lintro 0.3.2__py3-none-any.whl → 0.4.2__py3-none-any.whl

lintro/__init__.py

@@ -1,3 +1,3 @@
 """Lintro - A unified CLI core for code formatting, linting, and quality assurance."""
 
-__version__ = "0.3.2"
+__version__ = "0.4.2"

lintro/formatters/tools/__init__.py

@@ -1,5 +1,13 @@
 """Tool-specific table formatters package exports."""
 
+from lintro.formatters.tools.actionlint_formatter import (
+    ActionlintTableDescriptor,
+    format_actionlint_issues,
+)
+from lintro.formatters.tools.bandit_formatter import (
+    BanditTableDescriptor,
+    format_bandit_issues,
+)
 from lintro.formatters.tools.darglint_formatter import (
     DarglintTableDescriptor,
     format_darglint_issues,
@@ -22,6 +30,10 @@ from lintro.formatters.tools.yamllint_formatter import (
 )
 
 __all__ = [
+    "ActionlintTableDescriptor",
+    "format_actionlint_issues",
+    "BanditTableDescriptor",
+    "format_bandit_issues",
     "DarglintTableDescriptor",
     "format_darglint_issues",
     "HadolintTableDescriptor",

lintro/formatters/tools/actionlint_formatter.py

@@ -0,0 +1,82 @@
+"""Formatter for actionlint issues."""
+
+from lintro.formatters.core.table_descriptor import TableDescriptor
+from lintro.formatters.styles.csv import CsvStyle
+from lintro.formatters.styles.grid import GridStyle
+from lintro.formatters.styles.html import HtmlStyle
+from lintro.formatters.styles.json import JsonStyle
+from lintro.formatters.styles.markdown import MarkdownStyle
+from lintro.formatters.styles.plain import PlainStyle
+from lintro.parsers.actionlint.actionlint_issue import ActionlintIssue
+from lintro.utils.path_utils import normalize_file_path_for_display
+
+FORMAT_MAP = {
+    "plain": PlainStyle(),
+    "grid": GridStyle(),
+    "markdown": MarkdownStyle(),
+    "html": HtmlStyle(),
+    "json": JsonStyle(),
+    "csv": CsvStyle(),
+}
+
+
+class ActionlintTableDescriptor(TableDescriptor):
+    """Table descriptor for rendering Actionlint issues.
+
+    Provides the column schema and row extraction logic so any output style
+    can render a uniform table across formats (grid, markdown, html, csv, json).
+    """
+
+    def get_columns(self) -> list[str]:
+        """Return the ordered column headers for Actionlint issues.
+
+        Returns:
+            list[str]: Column names used by formatters.
+        """
+        return ["File", "Line", "Column", "Level", "Code", "Message"]
+
+    def get_rows(self, issues: list[ActionlintIssue]) -> list[list[str]]:
+        """Convert Actionlint issues to a list of row values.
+
+        Args:
+            issues: Parsed Actionlint issues to render.
+
+        Returns:
+            list[list[str]]: One row per issue matching the column order.
+        """
+        rows: list[list[str]] = []
+        for issue in issues:
+            rows.append(
+                [
+                    normalize_file_path_for_display(issue.file),
+                    str(issue.line),
+                    str(issue.column),
+                    issue.level,
+                    issue.code or "",
+                    issue.message,
+                ]
+            )
+        return rows
+
+
+def format_actionlint_issues(
+    issues: list[ActionlintIssue],
+    format: str = "grid",
+) -> str:
+    """Format Actionlint issues using the selected output style.
+
+    Args:
+        issues: Parsed Actionlint issues to format.
+        format: Output style key (plain, grid, markdown, html, json, csv).
+
+    Returns:
+        str: Rendered table content for the chosen style.
+    """
+    descriptor = ActionlintTableDescriptor()
+    formatter = FORMAT_MAP.get(format, GridStyle())
+    columns = descriptor.get_columns()
+    rows = descriptor.get_rows(issues)
+    # JsonStyle may accept tool_name but others do not; keep simple
+    if isinstance(formatter, JsonStyle):
+        return formatter.format(columns=columns, rows=rows, tool_name="actionlint")
+    return formatter.format(columns=columns, rows=rows)

lintro/formatters/tools/bandit_formatter.py

@@ -0,0 +1,100 @@
+"""Bandit formatter for security issue output."""
+
+from lintro.formatters.core.table_descriptor import TableDescriptor
+from lintro.parsers.bandit.bandit_issue import BanditIssue
+from lintro.utils.path_utils import normalize_file_path_for_display
+
+
+class BanditTableDescriptor(TableDescriptor):
+    """Table descriptor for Bandit security issues."""
+
+    def get_columns(self) -> list[str]:
+        """Get column headers for Bandit issues table.
+
+        Returns:
+            list[str]: List of column headers.
+        """
+        return ["File", "Line", "Test ID", "Severity", "Confidence", "Issue"]
+
+    def get_rows(self, issues: list[BanditIssue]) -> list[list[str]]:
+        """Convert Bandit issues to table rows.
+
+        Args:
+            issues: list[BanditIssue]: List of Bandit issues.
+
+        Returns:
+            list[list[str]]: List of table rows.
+        """
+        rows = []
+        for issue in issues:
+            # Get severity icon
+            severity_icon = self._get_severity_icon(issue.issue_severity)
+
+            rows.append(
+                [
+                    normalize_file_path_for_display(issue.file),
+                    str(issue.line),
+                    issue.test_id,
+                    f"{severity_icon} {issue.issue_severity}",
+                    issue.issue_confidence,
+                    issue.issue_text,
+                ]
+            )
+        return rows
+
+    def _get_severity_icon(self, severity: str) -> str:
+        """Get icon for severity level.
+
+        Args:
+            severity: str: Severity level.
+
+        Returns:
+            str: Icon character.
+        """
+        return {
+            "HIGH": "🔴",
+            "MEDIUM": "🟠",
+            "LOW": "🟡",
+            "UNKNOWN": "⚪",
+        }.get(severity.upper(), "⚪")
+
+
+def format_bandit_issues(
+    issues: list[BanditIssue],
+    format: str = "grid",
+) -> str:
+    """Format Bandit issues using the appropriate output style.
+
+    Args:
+        issues: list[BanditIssue]: List of Bandit issues to format.
+        format: str: Output format (grid, plain, markdown, html, json, csv).
+
+    Returns:
+        str: Formatted issues string.
+    """
+    from lintro.formatters.styles.csv import CsvStyle
+    from lintro.formatters.styles.grid import GridStyle
+    from lintro.formatters.styles.html import HtmlStyle
+    from lintro.formatters.styles.json import JsonStyle
+    from lintro.formatters.styles.markdown import MarkdownStyle
+    from lintro.formatters.styles.plain import PlainStyle
+
+    style_map = {
+        "grid": GridStyle(),
+        "plain": PlainStyle(),
+        "markdown": MarkdownStyle(),
+        "html": HtmlStyle(),
+        "json": JsonStyle(),
+        "csv": CsvStyle(),
+    }
+
+    style_key = (format or "grid").lower()
+    style = style_map.get(style_key, GridStyle())
+    descriptor = BanditTableDescriptor()
+
+    columns = descriptor.get_columns()
+    rows = descriptor.get_rows(issues)
+
+    if style_key == "json":
+        return style.format(columns=columns, rows=rows, tool_name="bandit")
+    return style.format(columns=columns, rows=rows)

lintro/parsers/__init__.py

@@ -0,0 +1,21 @@
+"""Parser modules for Lintro tools."""
+
+from lintro.parsers import (
+    actionlint,
+    bandit,
+    darglint,
+    hadolint,
+    prettier,
+    ruff,
+    yamllint,
+)
+
+__all__ = [
+    "actionlint",
+    "bandit",
+    "darglint",
+    "hadolint",
+    "prettier",
+    "ruff",
+    "yamllint",
+]

lintro/parsers/actionlint/__init__.py

@@ -0,0 +1 @@
+"""Actionlint parser package."""

lintro/parsers/actionlint/actionlint_issue.py

@@ -0,0 +1,24 @@
+"""Issue model for actionlint output."""
+
+from dataclasses import dataclass
+
+
+@dataclass
+class ActionlintIssue:
+    """Represents a single actionlint issue parsed from CLI output.
+
+    Attributes:
+        file: File path where the issue occurred.
+        line: Line number of the issue (1-based).
+        column: Column number of the issue (1-based).
+        level: Severity level (e.g., "error", "warning").
+        code: Optional rule/code identifier, when present.
+        message: Human-readable message describing the issue.
+    """
+
+    file: str
+    line: int
+    column: int
+    level: str
+    code: str | None
+    message: str

lintro/parsers/actionlint/actionlint_parser.py

@@ -0,0 +1,67 @@
+"""Parser for actionlint CLI output.
+
+This module parses the default text output produced by the ``actionlint``
+binary into structured ``ActionlintIssue`` objects so that Lintro can render
+uniform tables and reports across styles.
+"""
+
+from __future__ import annotations
+
+import re
+from typing import Iterable
+
+from lintro.parsers.actionlint.actionlint_issue import ActionlintIssue
+
+_LINE_RE: re.Pattern[str] = re.compile(
+    r"^(?P<file>[^:]+):(?P<line>\d+):(?P<col>\d+):\s*(?:(?P<level>error|warning):\s*)?(?P<msg>.*?)(?:\s*\[(?P<code>[A-Za-z0-9_\-\.]+)\])?$",
+)
+
+
+def parse_actionlint_output(output: str | None) -> list[ActionlintIssue]:
+    """Parse raw actionlint output into structured issues.
+
+    Args:
+        output: Raw stdout/stderr combined output from actionlint.
+
+    Returns:
+        list[ActionlintIssue]: Parsed issues from the tool output.
+    """
+    if not output:
+        return []
+
+    issues: list[ActionlintIssue] = []
+    for line in _iter_nonempty_lines(output):
+        m = _LINE_RE.match(line.strip())
+        if not m:
+            continue
+        file_path = m.group("file")
+        line_no = int(m.group("line"))
+        col_no = int(m.group("col"))
+        level = m.group("level") or "error"
+        msg = m.group("msg").strip()
+        code = m.group("code")
+        issues.append(
+            ActionlintIssue(
+                file=file_path,
+                line=line_no,
+                column=col_no,
+                level=level,
+                code=code,
+                message=msg,
+            ),
+        )
+    return issues
+
+
+def _iter_nonempty_lines(text: str) -> Iterable[str]:
+    """Iterate non-empty lines from a text block.
+
+    Args:
+        text: Input text to split into lines.
+
+    Yields:
+        Non-empty lines stripped of surrounding whitespace.
+    """
+    for ln in text.splitlines():
+        if ln.strip():
+            yield ln

lintro/tools/__init__.py

@@ -6,6 +6,8 @@ from lintro.models.core.tool_config import ToolConfig
 from lintro.tools.core.tool_manager import ToolManager
 
 # Import core implementations after Tool class definition to avoid circular imports
+from lintro.tools.implementations.tool_actionlint import ActionlintTool
+from lintro.tools.implementations.tool_bandit import BanditTool
 from lintro.tools.implementations.tool_darglint import DarglintTool
 from lintro.tools.implementations.tool_hadolint import HadolintTool
 from lintro.tools.implementations.tool_prettier import PrettierTool
@@ -32,6 +34,8 @@ __all__ = [
     "ToolEnum",
     "tool_manager",
     "AVAILABLE_TOOLS",
+    "ActionlintTool",
+    "BanditTool",
     "DarglintTool",
     "HadolintTool",
     "PrettierTool",

lintro/tools/core/tool_base.py

@@ -2,10 +2,12 @@
 
 import os
 import shutil
-import subprocess
+import subprocess  # nosec B404 - subprocess used safely with shell=False
 from abc import ABC, abstractmethod
 from dataclasses import dataclass, field
 
+from loguru import logger
+
 from lintro.enums.tool_type import ToolType
 from lintro.models.core.tool import ToolConfig, ToolResult
 
@@ -107,9 +109,9 @@ class BaseTool(ABC):
                             continue
                         if line_stripped not in self.exclude_patterns:
                             self.exclude_patterns.append(line_stripped)
-        except Exception:
+        except Exception as e:
             # Non-fatal if ignore file can't be read
-            pass
+            logger.debug(f"Could not read .lintro-ignore: {e}")
 
         # Load default options from config
         if hasattr(self.config, "options") and self.config.options:
@@ -146,7 +148,7 @@ class BaseTool(ABC):
             FileNotFoundError: If command executable is not found.
         """
         try:
-            result = subprocess.run(
+            result = subprocess.run(  # nosec B603 - args list, shell=False
                 cmd,
                 capture_output=True,
                 text=True,

lintro/tools/implementations/tool_actionlint.py

@@ -0,0 +1,151 @@
+"""Actionlint integration for lintro.
+
+This module wires the `actionlint` CLI into Lintro's tool system. It discovers
+GitHub Actions workflow files, executes `actionlint`, parses its output into
+structured issues, and returns a normalized `ToolResult`.
+"""
+
+from __future__ import annotations
+
+import subprocess  # nosec B404 - used safely with shell disabled
+from dataclasses import dataclass, field
+
+from loguru import logger
+
+from lintro.enums.tool_type import ToolType
+from lintro.models.core.tool import ToolConfig, ToolResult
+from lintro.parsers.actionlint.actionlint_parser import parse_actionlint_output
+from lintro.tools.core.tool_base import BaseTool
+from lintro.utils.tool_utils import walk_files_with_excludes
+
+# Defaults
+ACTIONLINT_DEFAULT_TIMEOUT: int = 30
+ACTIONLINT_DEFAULT_PRIORITY: int = 40
+ACTIONLINT_FILE_PATTERNS: list[str] = ["*.yml", "*.yaml"]
+
+
+@dataclass
+class ActionlintTool(BaseTool):
+    """GitHub Actions workflow linter (actionlint).
+
+    Attributes:
+        name: Tool name used across the system.
+        description: Human-readable description for listings/help.
+        can_fix: Whether the tool can apply fixes (actionlint cannot).
+        config: `ToolConfig` with defaults for priority, file patterns, and
+            `ToolType` classification.
+    """
+
+    name: str = "actionlint"
+    description: str = "Static checker for GitHub Actions workflows"
+    can_fix: bool = False
+    config: ToolConfig = field(
+        default_factory=lambda: ToolConfig(
+            priority=ACTIONLINT_DEFAULT_PRIORITY,
+            conflicts_with=[],
+            file_patterns=ACTIONLINT_FILE_PATTERNS,
+            tool_type=ToolType.LINTER | ToolType.INFRASTRUCTURE,
+            options={
+                "timeout": ACTIONLINT_DEFAULT_TIMEOUT,
+                # Option placeholders for future extension (e.g., color, format)
+            },
+        ),
+    )
+
+    def _build_command(self) -> list[str]:
+        """Build the base actionlint command.
+
+        We intentionally avoid flags here for maximum portability across
+        platforms and actionlint versions. The tool's default text output
+        follows the conventional ``file:line:col: message [CODE]`` format,
+        which our parser handles directly without requiring a custom format
+        switch.
+
+        Returns:
+            The base command list for invoking actionlint.
+        """
+        return ["actionlint"]
+
+    def check(self, paths: list[str]) -> ToolResult:
+        """Check GitHub Actions workflow files with actionlint.
+
+        Args:
+            paths: File or directory paths to search for workflow files.
+
+        Returns:
+            A `ToolResult` containing success status, aggregated output (if any),
+            issue count, and parsed issues.
+        """
+        self._validate_paths(paths=paths)
+        if not paths:
+            return ToolResult(
+                name=self.name,
+                success=True,
+                output="No files to check.",
+                issues_count=0,
+            )
+
+        candidate_yaml_files: list[str] = walk_files_with_excludes(
+            paths=paths,
+            file_patterns=self.config.file_patterns,
+            exclude_patterns=self.exclude_patterns,
+            include_venv=self.include_venv,
+        )
+        # Restrict to GitHub Actions workflow location
+        workflow_files: list[str] = []
+        for file_path in candidate_yaml_files:
+            norm = file_path.replace("\\", "/")
+            if "/.github/workflows/" in norm:
+                workflow_files.append(file_path)
+        logger.debug(f"Files to check (actionlint): {workflow_files}")
+
+        if not workflow_files:
+            return ToolResult(
+                name=self.name,
+                success=True,
+                output="No GitHub workflow files found to check.",
+                issues_count=0,
+            )
+
+        timeout: int = self.options.get("timeout", ACTIONLINT_DEFAULT_TIMEOUT)
+        all_outputs: list[str] = []
+        all_issues = []
+        all_success = True
+
+        base_cmd = self._build_command()
+        for file_path in workflow_files:
+            cmd = base_cmd + [file_path]
+            try:
+                success, output = self._run_subprocess(cmd=cmd, timeout=timeout)
+                issues = parse_actionlint_output(output)
+                if not success:
+                    all_success = False
+                if issues:
+                    all_outputs.append(output)
+                    all_issues.extend(issues)
+            except subprocess.TimeoutExpired:
+                all_success = False
+                all_outputs.append(f"Timeout while checking {file_path}")
+            except Exception as e:  # pragma: no cover
+                all_success = False
+                all_outputs.append(f"Error checking {file_path}: {e}")
+
+        combined_output = "\n".join(all_outputs) if all_outputs else None
+        return ToolResult(
+            name=self.name,
+            success=all_success,
+            output=combined_output,
+            issues_count=len(all_issues),
+            issues=all_issues,
+        )
+
+    def fix(self, paths: list[str]) -> ToolResult:
+        """Raise since actionlint cannot apply automatic fixes.
+
+        Args:
+            paths: File or directory paths (ignored).
+
+        Raises:
+            NotImplementedError: Actionlint does not support auto-fixing.
+        """
+        raise NotImplementedError("actionlint cannot automatically fix issues.")