thailint 0.10.0__py3-none-any.whl → 0.12.0__py3-none-any.whl

src/linters/stringly_typed/context_filter.py

@@ -0,0 +1,451 @@
+"""
+Purpose: Context-aware filtering for stringly-typed function call violations
+
+Scope: Filter out false positive function call patterns based on function names and contexts
+
+Overview: Implements a blocklist-based filtering approach to reduce false positives in the
+    stringly-typed linter's function call detection. Excludes known false positive patterns
+    including dictionary access methods, string processing functions, logging calls, framework
+    validators, and external API functions. Uses function name pattern matching and parameter
+    position filtering to achieve <5% false positive rate.
+
+Dependencies: re module for pattern matching
+
+Exports: FunctionCallFilter class
+
+Interfaces: FunctionCallFilter.should_include(function_name, param_index, string_values) -> bool
+
+Implementation: Blocklist-based filtering with function name patterns, parameter position rules,
+    and string value pattern detection
+"""
+
+import re
+
+
+class FunctionCallFilter:  # thailint: ignore srp - data-heavy class with extensive exclusion pattern lists
+    """Filters function call violations to reduce false positives.
+
+    Uses a blocklist approach to exclude known false positive patterns:
+    - Dictionary/object access methods (.get, .set, .pop)
+    - String processing methods (split, replace, strip, strftime)
+    - Logging and output functions (logger.*, print, echo)
+    - Framework-specific patterns (Pydantic validators, TypeVar)
+    - External API functions (boto3, HTTP clients)
+    - File and path operations
+    """
+
+    # Function name suffixes that always indicate false positives
+    _EXCLUDED_FUNCTION_SUFFIXES: tuple[str, ...] = (
+        # Exception constructors - error messages are inherently unique strings
+        "Error",
+        "Exception",
+        "Warning",
+    )
+
+    # Function name patterns to always exclude (case-insensitive suffix/contains match)
+    _EXCLUDED_FUNCTION_PATTERNS: tuple[str, ...] = (
+        # Dictionary/object access - these are metadata access, not domain values
+        ".get",
+        ".set",
+        ".pop",
+        ".setdefault",
+        ".update",
+        # List/collection operations
+        ".append",
+        ".extend",
+        ".insert",
+        ".add",
+        ".remove",
+        ".push",
+        ".set",
+        ".has",
+        "hasItem",
+        "push",
+        # String processing - delimiters and format strings
+        # Note: both .method and method forms to catch both method calls and standalone functions
+        ".split",
+        "split",
+        ".rsplit",
+        ".replace",
+        "replace",
+        ".strip",
+        ".rstrip",
+        ".lstrip",
+        ".startswith",
+        "startswith",
+        ".startsWith",
+        "startsWith",
+        ".endswith",
+        "endswith",
+        ".endsWith",
+        "endsWith",
+        ".includes",
+        "includes",
+        ".indexOf",
+        "indexOf",
+        ".lastIndexOf",
+        ".match",
+        ".search",
+        ".format",
+        ".join",
+        "join",
+        ".encode",
+        ".decode",
+        ".lower",
+        ".upper",
+        ".trim",
+        ".trimStart",
+        ".trimEnd",
+        ".padStart",
+        ".padEnd",
+        "strftime",
+        "strptime",
+        # Logging and output - human-readable messages
+        "logger.debug",
+        "logger.info",
+        "logger.warning",
+        "logger.error",
+        "logger.critical",
+        "logger.exception",
+        "logging.debug",
+        "logging.info",
+        "logging.warning",
+        "logging.error",
+        "print",
+        "echo",
+        "console.print",
+        "console.log",
+        "typer.echo",
+        "click.echo",
+        # Regex - pattern strings
+        "re.sub",
+        "re.match",
+        "re.search",
+        "re.compile",
+        "re.findall",
+        "re.split",
+        # Environment variables
+        "os.environ.get",
+        "os.getenv",
+        "environ.get",
+        "getenv",
+        # File operations
+        "open",
+        "Path",
+        # Framework validators - must be strings matching field names
+        "field_validator",
+        "validator",
+        "computed_field",
+        # Type system - required Python syntax
+        "TypeVar",
+        "Generic",
+        "cast",
+        # Numeric - string representations of numbers
+        "Decimal",
+        "int",
+        "float",
+        # Exception constructors - error messages
+        "ValueError",
+        "TypeError",
+        "KeyError",
+        "AttributeError",
+        "RuntimeError",
+        "Exception",
+        "raise",
+        "APIException",
+        "HTTPException",
+        "ValidationError",
+        # CLI frameworks - short flags, option names, prompts
+        "typer.Option",
+        "typer.Argument",
+        "typer.confirm",
+        "typer.prompt",
+        "click.option",
+        "click.argument",
+        "click.confirm",
+        "click.prompt",
+        ".command",
+        # HTTP/API clients - external protocol strings
+        "requests.get",
+        "requests.post",
+        "requests.put",
+        "requests.delete",
+        "requests.patch",
+        "httpx.get",
+        "httpx.post",
+        "axios.get",
+        "axios.post",
+        "axios.put",
+        "axios.delete",
+        "axios.patch",
+        "client.get",
+        "client.post",
+        "client.put",
+        "client.delete",
+        "session.client",
+        "session.resource",
+        "_request",
+        # Browser/DOM APIs - CSS selectors and data URLs
+        "document.querySelector",
+        "document.querySelectorAll",
+        "document.getElementById",
+        "document.getElementsByClassName",
+        "canvas.toDataURL",
+        "canvas.toBlob",
+        "createElement",
+        "getAttribute",
+        "setAttribute",
+        "addEventListener",
+        "removeEventListener",
+        "localStorage.getItem",
+        "localStorage.setItem",
+        "sessionStorage.getItem",
+        "sessionStorage.setItem",
+        "window.confirm",
+        "window.alert",
+        "window.prompt",
+        "confirm",
+        "alert",
+        "prompt",
+        # React hooks - internal state identifiers
+        "useRef",
+        "useState",
+        "useCallback",
+        "useMemo",
+        # AWS SDK - service names and API parameters
+        "boto3.client",
+        "boto3.resource",
+        "generate_presigned_url",
+        # AWS CDK - infrastructure as code (broad patterns)
+        "s3.",
+        "ec2.",
+        "logs.",
+        "route53.",
+        "lambda_.",
+        "_lambda.",
+        "tasks.",
+        "iam.",
+        "dynamodb.",
+        "sqs.",
+        "sns.",
+        "apigateway.",
+        "cloudfront.",
+        "cdk.",
+        "sfn.",
+        "acm.",
+        "cloudwatch.",
+        "secretsmanager.",
+        "cr.",
+        "pipes.",
+        "rds.",
+        "elasticache.",
+        "from_lookup",
+        "generate_resource_name",
+        "CfnPipe",
+        "CfnOutput",
+        # FastAPI/Starlette routing
+        "router.get",
+        "router.post",
+        "router.put",
+        "router.delete",
+        "router.patch",
+        "app.get",
+        "app.post",
+        "app.put",
+        "app.delete",
+        "@app.",
+        "@router.",
+        # DynamoDB attribute access
+        "Key",
+        "Attr",
+        "ConditionExpression",
+        # Azure CLI - external tool invocation
+        "az",
+        # Database/ORM - schema definitions
+        "op.add_column",
+        "op.drop_column",
+        "op.create_table",
+        "op.alter_column",
+        "sa.Column",
+        "sa.PrimaryKeyConstraint",
+        "sa.ForeignKeyConstraint",
+        "Column",
+        "relationship",
+        "postgresql.ENUM",
+        "ENUM",
+        # Python built-ins
+        "getattr",
+        "setattr",
+        "hasattr",
+        "delattr",
+        "isinstance",
+        "issubclass",
+        # Pydantic/dataclass fields
+        "Field",
+        "PrivateAttr",
+        # UI frameworks - display text
+        "QLabel",
+        "QPushButton",
+        "QMessageBox",
+        "QCheckBox",
+        "setWindowTitle",
+        "setText",
+        "setToolTip",
+        "setPlaceholderText",
+        "setStatusTip",
+        "Static",
+        "Label",
+        "Button",
+        # Table/grid display - formatting
+        "table.add_row",
+        "add_row",
+        "add_column",
+        "Table",
+        "Panel",
+        "Console",
+        # Testing - mocks and fixtures
+        "monkeypatch.setattr",
+        "patch",
+        "Mock",
+        "MagicMock",
+        "PropertyMock",
+        # Storybook - action handlers
+        "action",
+        "fn",
+        # React state setters - UI state names
+        "setMessage",
+        "setError",
+        "setLoading",
+        "setStatus",
+        "setText",
+        # API clients - external endpoints
+        "API.",
+        "api.",
+        # CSS/styling
+        "setStyleSheet",
+        "add_class",
+        "remove_class",
+        # JSON/serialization - output identifiers
+        "_output",
+        "json.dumps",
+        "json.loads",
+        # Health checks - framework pattern
+        "register_health_check",
+    )
+
+    # Function names where second parameter (index 1) should be excluded
+    # These are typically default values, not keys
+    _EXCLUDE_PARAM_INDEX_1: tuple[str, ...] = (
+        ".get",
+        "os.environ.get",
+        "environ.get",
+        "getattr",
+        "os.getenv",
+        "getenv",
+    )
+
+    # String value patterns that indicate false positives
+    _EXCLUDED_VALUE_PATTERNS: tuple[re.Pattern[str], ...] = (
+        # strftime format strings
+        re.compile(r"^%[A-Za-z%-]+$"),
+        # Single character delimiters
+        re.compile(r"^[\n\t\r,;:|/\\.\-_]$"),
+        # Empty string or whitespace only
+        re.compile(r"^\s*$"),
+        # HTTP methods (external protocol)
+        re.compile(r"^(GET|POST|PUT|DELETE|PATCH|HEAD|OPTIONS)$"),
+        # Numeric strings (should use Decimal or int)
+        re.compile(r"^-?\d+\.?\d*$"),
+        # Short CLI flags
+        re.compile(r"^-[a-zA-Z]$"),
+        # CSS/Rich markup
+        re.compile(r"^\[/?[a-z]+\]"),
+        # File modes (only multi-char modes to avoid false positives on single letters)
+        re.compile(r"^[rwa][bt]\+?$|^[rwa]\+$"),
+    )
+
+    def should_include(
+        self,
+        function_name: str,
+        param_index: int,
+        unique_values: set[str],
+    ) -> bool:
+        """Determine if a function call pattern should be included in violations.
+
+        Args:
+            function_name: Name of the function being called
+            param_index: Index of the parameter (0-based)
+            unique_values: Set of unique string values passed to this parameter
+
+        Returns:
+            True if this pattern should generate a violation, False to filter it out
+        """
+        # Check function name patterns
+        if self._is_excluded_function(function_name):
+            return False
+
+        # Check parameter position for specific functions
+        if self._is_excluded_param_position(function_name, param_index):
+            return False
+
+        # Check if all values match excluded patterns
+        if self._all_values_excluded(unique_values):
+            return False
+
+        return True
+
+    def are_all_values_excluded(self, unique_values: set[str]) -> bool:
+        """Check if all values match excluded patterns (numeric strings, delimiters, etc.).
+
+        Public interface for value-based filtering used by violation generator.
+
+        Args:
+            unique_values: Set of unique string values to check
+
+        Returns:
+            True if all values match excluded patterns, False otherwise
+        """
+        return self._all_values_excluded(unique_values)
+
+    def _is_excluded_function(self, function_name: str) -> bool:
+        """Check if function name matches any excluded pattern."""
+        # Check suffix patterns (e.g., *Error, *Exception)
+        if self._matches_suffix(function_name):
+            return True
+        return self._matches_pattern(function_name.lower())
+
+    def _matches_suffix(self, function_name: str) -> bool:
+        """Check if function name ends with an excluded suffix."""
+        return any(function_name.endswith(s) for s in self._EXCLUDED_FUNCTION_SUFFIXES)
+
+    def _matches_pattern(self, func_lower: str) -> bool:
+        """Check if function name matches any excluded pattern."""
+        for pattern in self._EXCLUDED_FUNCTION_PATTERNS:
+            pattern_lower = pattern.lower()
+            if pattern_lower in func_lower or func_lower.endswith(pattern_lower):
+                return True
+        return False
+
+    def _is_excluded_param_position(self, function_name: str, param_index: int) -> bool:
+        """Check if this parameter position should be excluded for this function."""
+        if param_index != 1:
+            return False
+
+        func_lower = function_name.lower()
+        for pattern in self._EXCLUDE_PARAM_INDEX_1:
+            if pattern.lower() in func_lower or func_lower.endswith(pattern.lower()):
+                return True
+        return False
+
+    def _all_values_excluded(self, unique_values: set[str]) -> bool:
+        """Check if all values in the set match excluded patterns."""
+        if not unique_values:
+            return True
+        return all(self._is_excluded_value(value) for value in unique_values)
+
+    def _is_excluded_value(self, value: str) -> bool:
+        """Check if a single value matches any excluded pattern."""
+        for pattern in self._EXCLUDED_VALUE_PATTERNS:
+            if pattern.match(value):
+                return True
+        return False

src/linters/stringly_typed/function_call_violation_builder.py

@@ -0,0 +1,137 @@
+"""
+Purpose: Build violations for function call patterns with limited string values
+
+Scope: Function call violation message and suggestion generation
+
+Overview: Handles building violation objects for function calls that consistently receive
+    a limited set of string values, suggesting they should use enums. Generates messages
+    with cross-file references and actionable suggestions. Separated from main violation
+    generator to maintain SRP compliance with focused responsibility.
+
+Dependencies: Violation, Severity, StoredFunctionCall, StringlyTypedConfig
+
+Exports: FunctionCallViolationBuilder class
+
+Interfaces: FunctionCallViolationBuilder.build_violations(calls, unique_values) -> list[Violation]
+
+Implementation: Builds violations with cross-file references and enum suggestions
+"""
+
+from pathlib import Path
+
+from src.core.types import Severity, Violation
+
+from .storage import StoredFunctionCall
+
+
+def _build_cross_references(call: StoredFunctionCall, all_calls: list[StoredFunctionCall]) -> str:
+    """Build cross-reference string for other function call locations.
+
+    Args:
+        call: Current call
+        all_calls: All calls with same function/param
+
+    Returns:
+        Comma-separated list of file:line references
+    """
+    refs = []
+    for other in all_calls:
+        if other.file_path != call.file_path or other.line_number != call.line_number:
+            refs.append(f"{Path(other.file_path).name}:{other.line_number}")
+
+    return ", ".join(refs[:5])  # Limit to 5 references
+
+
+class FunctionCallViolationBuilder:
+    """Builds violations for function call patterns with limited string values."""
+
+    def build_violations(
+        self, calls: list[StoredFunctionCall], unique_values: set[str]
+    ) -> list[Violation]:
+        """Build violations for all calls to a function with limited values.
+
+        Args:
+            calls: All calls to the function/param
+            unique_values: Set of unique string values passed
+
+        Returns:
+            List of violations for each call site
+        """
+        return [self._build_violation(call, calls, unique_values) for call in calls]
+
+    def _build_violation(
+        self,
+        call: StoredFunctionCall,
+        all_calls: list[StoredFunctionCall],
+        unique_values: set[str],
+    ) -> Violation:
+        """Build a single violation for a function call.
+
+        Args:
+            call: The specific call to create violation for
+            all_calls: All calls to the same function/param
+            unique_values: Set of unique string values passed
+
+        Returns:
+            Violation instance
+        """
+        message = self._build_message(call, all_calls, unique_values)
+        suggestion = self._build_suggestion(call, unique_values)
+
+        return Violation(
+            rule_id="stringly-typed.limited-values",
+            file_path=str(call.file_path),
+            line=call.line_number,
+            column=call.column,
+            message=message,
+            severity=Severity.ERROR,
+            suggestion=suggestion,
+        )
+
+    def _build_message(
+        self,
+        call: StoredFunctionCall,
+        all_calls: list[StoredFunctionCall],
+        unique_values: set[str],
+    ) -> str:
+        """Build violation message for function call pattern.
+
+        Args:
+            call: Current function call
+            all_calls: All calls to the same function/param
+            unique_values: Set of unique values passed
+
+        Returns:
+            Human-readable violation message
+        """
+        file_count = len({c.file_path for c in all_calls})
+        values_str = ", ".join(f"'{v}'" for v in sorted(unique_values))
+        param_desc = f"parameter {call.param_index}" if call.param_index > 0 else "first parameter"
+
+        message = (
+            f"Function '{call.function_name}' {param_desc} is called with "
+            f"only {len(unique_values)} unique string values [{values_str}] "
+            f"across {file_count} file(s)."
+        )
+
+        other_refs = _build_cross_references(call, all_calls)
+        if other_refs:
+            message += f" Also called in: {other_refs}."
+
+        return message
+
+    def _build_suggestion(self, call: StoredFunctionCall, unique_values: set[str]) -> str:
+        """Build fix suggestion for function call pattern.
+
+        Args:
+            call: The function call
+            unique_values: Set of unique values passed
+
+        Returns:
+            Human-readable suggestion
+        """
+        return (
+            f"Consider defining an enum or type union with the "
+            f"{len(unique_values)} possible values for '{call.function_name}' "
+            f"parameter {call.param_index}."
+        )

src/linters/stringly_typed/ignore_checker.py

@@ -0,0 +1,102 @@
+"""
+Purpose: Ignore directive checking for stringly-typed linter violations
+
+Scope: Line-level, block-level, and file-level ignore directive support
+
+Overview: Provides ignore directive checking functionality for the stringly-typed linter.
+    Wraps the centralized IgnoreDirectiveParser to filter violations based on inline comments
+    like `# thailint: ignore[stringly-typed]`. Supports line-level, block-level
+    (ignore-start/ignore-end), file-level (ignore-file), and next-line directives.
+    Handles both Python (# comment) and TypeScript (// comment) syntax.
+
+Dependencies: IgnoreDirectiveParser from src.linter_config.ignore, Violation type, pathlib
+
+Exports: IgnoreChecker class
+
+Interfaces: IgnoreChecker.filter_violations(violations) -> list[Violation]
+
+Implementation: Uses cached IgnoreDirectiveParser singleton, reads file content on demand,
+    supports both stringly-typed.* and stringly-typed specific rule matching
+"""
+
+from pathlib import Path
+
+from src.core.types import Violation
+from src.linter_config.ignore import get_ignore_parser
+
+
+class IgnoreChecker:
+    """Checks for ignore directives in stringly-typed linter violations.
+
+    Wraps the centralized IgnoreDirectiveParser to filter stringly-typed
+    violations based on inline ignore comments.
+    """
+
+    def __init__(self, project_root: Path | None = None) -> None:
+        """Initialize with project root for ignore parser.
+
+        Args:
+            project_root: Optional project root directory. Defaults to cwd.
+        """
+        self._ignore_parser = get_ignore_parser(project_root)
+        self._file_content_cache: dict[str, str] = {}
+
+    def filter_violations(self, violations: list[Violation]) -> list[Violation]:
+        """Filter violations based on ignore directives.
+
+        Args:
+            violations: List of violations to filter
+
+        Returns:
+            List of violations not suppressed by ignore directives
+        """
+        return [v for v in violations if not self._should_ignore(v)]
+
+    def _should_ignore(self, violation: Violation) -> bool:
+        """Check if a violation should be ignored.
+
+        Args:
+            violation: Violation to check
+
+        Returns:
+            True if violation should be ignored
+        """
+        file_content = self._get_file_content(violation.file_path)
+        return self._ignore_parser.should_ignore_violation(violation, file_content)
+
+    def _get_file_content(self, file_path: str) -> str:
+        """Get file content with caching.
+
+        Args:
+            file_path: Path to file
+
+        Returns:
+            File content or empty string if unreadable
+        """
+        if file_path in self._file_content_cache:
+            return self._file_content_cache[file_path]
+
+        content = self._read_file_content(file_path)
+        self._file_content_cache[file_path] = content
+        return content
+
+    def _read_file_content(self, file_path: str) -> str:
+        """Read file content from disk.
+
+        Args:
+            file_path: Path to file
+
+        Returns:
+            File content or empty string if unreadable
+        """
+        try:
+            path = Path(file_path)
+            if path.exists():
+                return path.read_text(encoding="utf-8")
+        except (OSError, UnicodeDecodeError):
+            pass
+        return ""
+
+    def clear_cache(self) -> None:
+        """Clear file content cache."""
+        self._file_content_cache.clear()