skylos 2.1.1__py3-none-any.whl → 2.2.2__py3-none-any.whl

test/test_analyzer.py

@@ -8,11 +8,9 @@ from skylos.test_aware import TestAwareVisitor
 from skylos.framework_aware import FrameworkAwareVisitor
 
 from skylos.analyzer import (
-    Skylos, 
-    parse_exclude_folders, 
+    Skylos,  
     proc_file, 
-    analyze,
-    DEFAULT_EXCLUDE_FOLDERS,
+    analyze
 )
 
 @pytest.fixture
@@ -97,40 +95,6 @@ def internal_function():
         
         yield temp_path
 
-class TestParseExcludeFolders:
-    
-    def test_default_exclude_folders_included(self):
-        """default folders are included by default."""
-        result = parse_exclude_folders(None, use_defaults=True)
-        assert DEFAULT_EXCLUDE_FOLDERS.issubset(result)
-    
-    def test_default_exclude_folders_disabled(self):
-        """default folders can be disabled."""
-        result = parse_exclude_folders(None, use_defaults=False)
-        assert not DEFAULT_EXCLUDE_FOLDERS.intersection(result)
-    
-    def test_user_exclude_folders_added(self):
-        """user-specified folders are added."""
-        user_folders = {"custom_folder", "another_folder"}
-        result = parse_exclude_folders(user_folders, use_defaults=True)
-        assert user_folders.issubset(result)
-        assert DEFAULT_EXCLUDE_FOLDERS.issubset(result)
-    
-    def test_include_folders_override_defaults(self):
-        """include_folders can override defaults."""
-        include_folders = {"__pycache__", ".git"}
-        result = parse_exclude_folders(None, use_defaults=True, include_folders=include_folders)
-        for folder in include_folders:
-            assert folder not in result
-    
-    def test_include_folders_override_user_excludes(self):
-        """include_folders can override user excludes."""
-        user_excludes = {"custom_folder", "another_folder"}
-        include_folders = {"custom_folder"}
-        result = parse_exclude_folders(user_excludes, use_defaults=False, include_folders=include_folders)
-        assert "custom_folder" not in result
-        assert "another_folder" in result
-
 class TestSkylos:
     
     @pytest.fixture
@@ -144,7 +108,6 @@ class TestSkylos:
         assert isinstance(skylos.exports, defaultdict)
     
     def test_module_name_generation(self, skylos):
-        """Test module name generation from file paths."""
         root = Path("/project")
         
         # test a regular Python file
@@ -315,7 +278,7 @@ class TestHeuristics:
     
     def test_auto_called_methods_get_references(self, skylos_with_class_methods):
         """auto-called methods get reference counts when class is used."""
-        skylos, mock_class, mock_init, mock_enter = skylos_with_class_methods
+        skylos, _, mock_init, mock_enter = skylos_with_class_methods
         
         skylos._apply_heuristics()
         
@@ -451,7 +414,7 @@ class TestClass:
                     mock_framework_visitor = Mock(spec=FrameworkAwareVisitor)
                     mock_framework_visitor_class.return_value = mock_framework_visitor
                     
-                    defs, refs, dyn, exports, test_flags, framework_flags, _ = proc_file(f.name, "test_module")
+                    defs, refs, dyn, exports, test_flags, framework_flags = proc_file(f.name, "test_module")
                     
                     mock_visitor_class.assert_called_once_with("test_module", f.name)
                     mock_visitor.visit.assert_called_once()
@@ -472,7 +435,7 @@ class TestClass:
             f.flush()
             
             try:
-                defs, refs, dyn, exports, test_flags, framework_flags, _ = proc_file(f.name, "test_module")
+                defs, refs, dyn, exports, test_flags, framework_flags = proc_file(f.name, "test_module")
                 
                 assert defs == []
                 assert refs == []
@@ -506,7 +469,7 @@ class TestClass:
                     mock_framework_visitor = Mock(spec=FrameworkAwareVisitor)
                     mock_framework_visitor_class.return_value = mock_framework_visitor
                     
-                    defs, refs, dyn, exports, test_flags, framework_flags, _ = proc_file((f.name, "test_module"))
+                    defs, refs, dyn, exports, test_flags, framework_flags = proc_file((f.name, "test_module"))
                     
                     mock_visitor_class.assert_called_once_with("test_module", f.name)
             finally:

test/test_new_behaviours.py

@@ -0,0 +1,52 @@
+import json
+from skylos.analyzer import analyze
+
+def test_dataclass_fields(tmp_path):
+    p = tmp_path / "dc.py"
+    p.write_text(
+        "from dataclasses import dataclass\n"
+        "@dataclass\n"
+        "class C:\n"
+        "    x: int = 1\n"
+        "    y: int = 2\n"
+        "def f(c: C):\n"
+        "    return c.x + c.y\n"
+        "f(C())\n"
+    )
+    result = json.loads(analyze(str(tmp_path), conf=0))
+    assert result['unused_variables'] == []
+
+def test_dead_store_guard(tmp_path):
+    p = tmp_path / "dstore.py"
+    p.write_text(
+        "lst=[1,2,3]\n"
+        "dir=0\n"
+        "if 'a' in lst:\n"
+        "    pass\n"
+        "else:\n"
+        "    dir=1\n"
+        "print(dir)\n"
+    )
+    result = json.loads(analyze(str(tmp_path), conf=0))
+    assert result['unused_variables'] == []
+
+def test_unused_constant_reported(tmp_path):
+    p = tmp_path / "pool.py"
+    p.write_text(
+        "from concurrent.futures import ProcessPoolExecutor\n"
+        "PROCESS_POOL=None\n"
+        "NEVER_USED=123\n"
+        "def get_pool():\n"
+        "    global PROCESS_POOL\n"
+        "    if PROCESS_POOL is None:\n"
+        "        PROCESS_POOL=ProcessPoolExecutor(max_workers=2)\n"
+        "    return PROCESS_POOL\n"
+        "get_pool()\n"
+    )
+    result = json.loads(analyze(str(tmp_path), conf=0))
+    names = set()
+    for v in result['unused_variables']:
+        names.add(v['name'])
+
+    assert 'NEVER_USED' in names
+    assert 'PROCESS_POOL' not in names

test/test_secrets.py

@@ -0,0 +1,179 @@
+import ast
+import pytest
+from skylos.rules.secrets import scan_ctx
+
+ELLIPSIS = "…"
+
+def _ctx_from_source(src, rel="app.py", with_ast=False):
+    if with_ast:
+        tree = ast.parse(src)
+    else:
+        tree = None
+    
+    lines = src.splitlines(True)
+    
+    context = {
+        "relpath": rel,
+        "lines": lines, 
+        "tree": tree
+    }
+    
+    return context
+
+def test_github_and_generic_both_fire_on_token_assignment():
+    src = 'GITHUB_TOKEN = "ghp_1234567890abcdef1234567890abcdef1234"\n'
+    
+    findings = list(scan_ctx(_ctx_from_source(src)))
+    
+    providers = set()
+    for finding in findings:
+        provider_name = finding["provider"]
+        providers.add(provider_name)
+    
+    assert "github" in providers
+    assert "generic" in providers
+    
+    github_previews = []
+    for finding in findings:
+        if finding["provider"] == "github":
+            preview = finding["preview"]
+            github_previews.append(preview)
+    
+    assert len(github_previews) > 0
+    first_preview = github_previews[0]
+    assert first_preview.startswith("ghp_")
+    assert ELLIPSIS in first_preview
+
+@pytest.mark.parametrize(
+    "line,provider",
+    [
+        ('GITLAB_PAT = "glpat-A1b2C3d4E5f6G7h8I9j0"\n', "gitlab"),
+        ('SLACK_BOT = "xoxb-1234567890ABCDEF12"\n', "slack"),
+        ('STRIPE = "sk_live_a1B2c3D4e5F6g7H8"\n', "stripe"),
+        ('GOOGLE = "AIzaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"\n', "google_api_key"),
+        ('SENDGRID = "SG.AAAAABBBBBCCCCCC.DDDDDEEEEEFFFFFFF"\n', "sendgrid"),
+        ('TWILIO = "SK0123456789abcdef0123456789abcdef"\n', "twilio"),
+        ('PK = "-----BEGIN RSA PRIVATE KEY-----"\n', "private_key_block"),
+        ('AWS_ACCESS_KEY_ID = "AKIAABCDEFGHIJKLMNOP"\n', "aws_access_key_id"),
+    ],
+)
+def test_provider_patterns(line, provider):
+    findings = list(scan_ctx(_ctx_from_source(line)))
+    assert any(f["provider"] == provider for f in findings)
+
+
+def test_aws_secret_access_key_special_case():
+    src = (
+        'AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"\n'
+    )
+    findings = list(scan_ctx(_ctx_from_source(src)))
+    hit = None
+    for finding in findings:
+        if finding["provider"] == "aws_secret_access_key":
+            hit = finding
+            break
+
+    assert hit is not None
+    assert "entropy" in hit and isinstance(hit["entropy"], float)
+    assert ELLIPSIS in hit["preview"]
+
+
+def test_generic_entropy_detection_and_threshold():
+    src = 'X = "o2uV7Ew1kZ9Q3nR8sT5yU6pX4cJ2mL7a"\n'
+    findings = list(scan_ctx(_ctx_from_source(src)))
+    assert any(f["provider"] == "generic" for f in findings)
+
+    findings_high_thr = list(scan_ctx(_ctx_from_source(src), min_entropy=8.0))
+    assert not any(f["provider"] == "generic" for f in findings_high_thr)
+
+
+def test_ignore_directive_suppresses_matches():
+    src = 'GITHUB_TOKEN = "ghp_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"  # skylos: ignore[SKY-S101]\n'
+    findings = list(scan_ctx(_ctx_from_source(src)))
+    assert findings == []
+
+
+def test_allowlist_patterns_suppresses_line():
+    src = 'TWILIO = "SKabcdefabcdefabcdefabcdefabcdefabcd"\n'
+    allow = [r"TWILIO\s*="]
+    findings = list(scan_ctx(_ctx_from_source(src), allowlist_patterns=allow))
+    assert findings == []
+
+
+def test_scan_comments_toggle():
+    line = '# cred: xoxb-1234567890ABCDEF12 appears only in comment\n'
+    findings_default = list(scan_ctx(_ctx_from_source(line)))
+
+    found_slack = False
+    for finding in findings_default:
+        if finding["provider"] == "slack":
+            found_slack = True
+            break
+
+    assert found_slack
+
+    findings_off = list(scan_ctx(_ctx_from_source(line), scan_comments=False))
+    assert findings_off == []
+
+
+def test_scan_docstrings_toggle_with_ast():
+    src = '''"""
+module docstring with a GITHUB token: ghp_1234567890abcdef1234567890abcdef1234
+"""
+def f():
+    """Function docstring with AWS AKIAABCDEFGHIJKLMNOP key."""
+    return 1
+'''
+    f1 = list(scan_ctx(_ctx_from_source(src, with_ast=True)))
+    providers_in_f1 = set()
+    for finding in f1:
+        provider_name = finding["provider"]
+        providers_in_f1.add(provider_name)
+    assert "github" in providers_in_f1 or "aws_access_key_id" in providers_in_f1
+
+    f2 = list(scan_ctx(_ctx_from_source(src, with_ast=True), scan_docstrings=False))
+    assert f2 == []
+
+
+def test_suffix_and_path_filters():
+    ctx_txt = _ctx_from_source('X="ghp_1234567890abcdef1234567890abcdef1234"\n', rel="notes.txt")
+    assert list(scan_ctx(ctx_txt)) == []
+
+    ctx_vendor = _ctx_from_source('X="AKIAABCDEFGHIJKLMNOP"\n', rel="vendor/app.py")
+    out = list(scan_ctx(ctx_vendor, ignore_path_substrings=["vendor"]))
+    assert out == []
+
+
+def test_masking_behavior_short_and_long():
+    short = 'X = "ABCDEFGH"\n'
+    long = 'token = "ABCDEFGHIJKLMNOPKLMN"\n' 
+
+    short_findings = scan_ctx(_ctx_from_source(short))
+
+    f_short = None
+    for finding in short_findings:
+        if finding["provider"] == "generic":
+            f_short = finding
+            break
+
+    long_findings = scan_ctx(_ctx_from_source(long))
+
+    f_long = None
+    for finding in long_findings:
+        if finding["provider"] == "generic":
+            f_long = finding
+            break
+
+    assert f_short is None
+
+    long_preview = f_long["preview"]
+    starts_with_abcd = long_preview.startswith("ABCD")
+    ends_with_klmn = long_preview.endswith("KLMN") 
+    contains_ellipsis = ELLIPSIS in long_preview
+
+    assert starts_with_abcd and ends_with_klmn and contains_ellipsis
+  
+def test_safe_hints_suppress_detection():
+    safe_line = 'EXAMPLE_TOKEN = "sk_test_this_is_example_value_not_real_123456"\n'
+    out = list(scan_ctx(_ctx_from_source(safe_line)))
+    assert out == []