thailint 0.11.0__py3-none-any.whl → 0.13.0__py3-none-any.whl

src/linters/stringly_typed/context_filter.py

@@ -0,0 +1,451 @@
+"""
+Purpose: Context-aware filtering for stringly-typed function call violations
+
+Scope: Filter out false positive function call patterns based on function names and contexts
+
+Overview: Implements a blocklist-based filtering approach to reduce false positives in the
+    stringly-typed linter's function call detection. Excludes known false positive patterns
+    including dictionary access methods, string processing functions, logging calls, framework
+    validators, and external API functions. Uses function name pattern matching and parameter
+    position filtering to achieve <5% false positive rate.
+
+Dependencies: re module for pattern matching
+
+Exports: should_include, are_all_values_excluded functions
+
+Interfaces: should_include(function_name, param_index, string_values) -> bool,
+    are_all_values_excluded(unique_values) -> bool
+
+Implementation: Blocklist-based filtering with function name patterns, parameter position rules,
+    and string value pattern detection
+"""
+
+import re
+
+# Function name suffixes that always indicate false positives
+_EXCLUDED_FUNCTION_SUFFIXES: tuple[str, ...] = (
+    # Exception constructors - error messages are inherently unique strings
+    "Error",
+    "Exception",
+    "Warning",
+)
+
+# Function name patterns to always exclude (case-insensitive suffix/contains match)
+_EXCLUDED_FUNCTION_PATTERNS: tuple[str, ...] = (
+    # Dictionary/object access - these are metadata access, not domain values
+    ".get",
+    ".set",
+    ".pop",
+    ".setdefault",
+    ".update",
+    # List/collection operations
+    ".append",
+    ".extend",
+    ".insert",
+    ".add",
+    ".remove",
+    ".push",
+    ".set",
+    ".has",
+    "hasItem",
+    "push",
+    # String processing - delimiters and format strings
+    # Note: both .method and method forms to catch both method calls and standalone functions
+    ".split",
+    "split",
+    ".rsplit",
+    ".replace",
+    "replace",
+    ".strip",
+    ".rstrip",
+    ".lstrip",
+    ".startswith",
+    "startswith",
+    ".startsWith",
+    "startsWith",
+    ".endswith",
+    "endswith",
+    ".endsWith",
+    "endsWith",
+    ".includes",
+    "includes",
+    ".indexOf",
+    "indexOf",
+    ".lastIndexOf",
+    ".match",
+    ".search",
+    ".format",
+    ".join",
+    "join",
+    ".encode",
+    ".decode",
+    ".lower",
+    ".upper",
+    ".trim",
+    ".trimStart",
+    ".trimEnd",
+    ".padStart",
+    ".padEnd",
+    "strftime",
+    "strptime",
+    # Logging and output - human-readable messages
+    "logger.debug",
+    "logger.info",
+    "logger.warning",
+    "logger.error",
+    "logger.critical",
+    "logger.exception",
+    "logging.debug",
+    "logging.info",
+    "logging.warning",
+    "logging.error",
+    "print",
+    "echo",
+    "console.print",
+    "console.log",
+    "typer.echo",
+    "click.echo",
+    # Regex - pattern strings
+    "re.sub",
+    "re.match",
+    "re.search",
+    "re.compile",
+    "re.findall",
+    "re.split",
+    # Environment variables
+    "os.environ.get",
+    "os.getenv",
+    "environ.get",
+    "getenv",
+    # File operations
+    "open",
+    "Path",
+    # Framework validators - must be strings matching field names
+    "field_validator",
+    "validator",
+    "computed_field",
+    # Type system - required Python syntax
+    "TypeVar",
+    "Generic",
+    "cast",
+    # Numeric - string representations of numbers
+    "Decimal",
+    "int",
+    "float",
+    # Exception constructors - error messages
+    "ValueError",
+    "TypeError",
+    "KeyError",
+    "AttributeError",
+    "RuntimeError",
+    "Exception",
+    "raise",
+    "APIException",
+    "HTTPException",
+    "ValidationError",
+    # CLI frameworks - short flags, option names, prompts
+    "typer.Option",
+    "typer.Argument",
+    "typer.confirm",
+    "typer.prompt",
+    "click.option",
+    "click.argument",
+    "click.confirm",
+    "click.prompt",
+    ".command",
+    # HTTP/API clients - external protocol strings
+    "requests.get",
+    "requests.post",
+    "requests.put",
+    "requests.delete",
+    "requests.patch",
+    "httpx.get",
+    "httpx.post",
+    "axios.get",
+    "axios.post",
+    "axios.put",
+    "axios.delete",
+    "axios.patch",
+    "client.get",
+    "client.post",
+    "client.put",
+    "client.delete",
+    "session.client",
+    "session.resource",
+    "_request",
+    # Browser/DOM APIs - CSS selectors and data URLs
+    "document.querySelector",
+    "document.querySelectorAll",
+    "document.getElementById",
+    "document.getElementsByClassName",
+    "canvas.toDataURL",
+    "canvas.toBlob",
+    "createElement",
+    "getAttribute",
+    "setAttribute",
+    "addEventListener",
+    "removeEventListener",
+    "localStorage.getItem",
+    "localStorage.setItem",
+    "sessionStorage.getItem",
+    "sessionStorage.setItem",
+    "window.confirm",
+    "window.alert",
+    "window.prompt",
+    "confirm",
+    "alert",
+    "prompt",
+    # React hooks - internal state identifiers
+    "useRef",
+    "useState",
+    "useCallback",
+    "useMemo",
+    # AWS SDK - service names and API parameters
+    "boto3.client",
+    "boto3.resource",
+    "generate_presigned_url",
+    # AWS CDK - infrastructure as code (broad patterns)
+    "s3.",
+    "ec2.",
+    "logs.",
+    "route53.",
+    "lambda_.",
+    "_lambda.",
+    "tasks.",
+    "iam.",
+    "dynamodb.",
+    "sqs.",
+    "sns.",
+    "apigateway.",
+    "cloudfront.",
+    "cdk.",
+    "sfn.",
+    "acm.",
+    "cloudwatch.",
+    "secretsmanager.",
+    "cr.",
+    "pipes.",
+    "rds.",
+    "elasticache.",
+    "from_lookup",
+    "generate_resource_name",
+    "CfnPipe",
+    "CfnOutput",
+    # FastAPI/Starlette routing
+    "router.get",
+    "router.post",
+    "router.put",
+    "router.delete",
+    "router.patch",
+    "app.get",
+    "app.post",
+    "app.put",
+    "app.delete",
+    "@app.",
+    "@router.",
+    # DynamoDB attribute access
+    "Key",
+    "Attr",
+    "ConditionExpression",
+    # Azure CLI - external tool invocation
+    "az",
+    # Database/ORM - schema definitions
+    "op.add_column",
+    "op.drop_column",
+    "op.create_table",
+    "op.alter_column",
+    "sa.Column",
+    "sa.PrimaryKeyConstraint",
+    "sa.ForeignKeyConstraint",
+    "Column",
+    "relationship",
+    "postgresql.ENUM",
+    "ENUM",
+    # Python built-ins
+    "getattr",
+    "setattr",
+    "hasattr",
+    "delattr",
+    "isinstance",
+    "issubclass",
+    # Pydantic/dataclass fields
+    "Field",
+    "PrivateAttr",
+    # UI frameworks - display text
+    "QLabel",
+    "QPushButton",
+    "QMessageBox",
+    "QCheckBox",
+    "setWindowTitle",
+    "setText",
+    "setToolTip",
+    "setPlaceholderText",
+    "setStatusTip",
+    "Static",
+    "Label",
+    "Button",
+    # Table/grid display - formatting
+    "table.add_row",
+    "add_row",
+    "add_column",
+    "Table",
+    "Panel",
+    "Console",
+    # Testing - mocks and fixtures
+    "monkeypatch.setattr",
+    "patch",
+    "Mock",
+    "MagicMock",
+    "PropertyMock",
+    # String parsing methods - internal message processing
+    ".index",
+    ".find",
+    ".rfind",
+    ".rindex",
+    # Storybook - action handlers
+    "action",
+    "fn",
+    # React state setters - UI state names
+    "setMessage",
+    "setError",
+    "setLoading",
+    "setStatus",
+    "setText",
+    # API clients - external endpoints
+    "API.",
+    "api.",
+    # CSS/styling
+    "setStyleSheet",
+    "add_class",
+    "remove_class",
+    # JSON/serialization - output identifiers
+    "_output",
+    "json.dumps",
+    "json.loads",
+    # Health checks - framework pattern
+    "register_health_check",
+    # Config management - dynamic config keys
+    "ensure_config_section",
+    "set_config_value",
+    "get_config_value",
+)
+
+# Function names where second parameter (index 1) should be excluded
+# These are typically default values, not keys
+_EXCLUDE_PARAM_INDEX_1: tuple[str, ...] = (
+    ".get",
+    "os.environ.get",
+    "environ.get",
+    "getattr",
+    "os.getenv",
+    "getenv",
+)
+
+# String value patterns that indicate false positives
+_EXCLUDED_VALUE_PATTERNS: tuple[re.Pattern[str], ...] = (
+    # strftime format strings
+    re.compile(r"^%[A-Za-z%-]+$"),
+    # Single character delimiters
+    re.compile(r"^[\n\t\r,;:|/\\.\-_]$"),
+    # Empty string or whitespace only
+    re.compile(r"^\s*$"),
+    # HTTP methods (external protocol)
+    re.compile(r"^(GET|POST|PUT|DELETE|PATCH|HEAD|OPTIONS)$"),
+    # Numeric strings (should use Decimal or int)
+    re.compile(r"^-?\d+\.?\d*$"),
+    # Short CLI flags
+    re.compile(r"^-[a-zA-Z]$"),
+    # CSS/Rich markup
+    re.compile(r"^\[/?[a-z]+\]"),
+    # File modes (only multi-char modes to avoid false positives on single letters)
+    re.compile(r"^[rwa][bt]\+?$|^[rwa]\+$"),
+)
+
+
+def should_include(
+    function_name: str,
+    param_index: int,
+    unique_values: set[str],
+) -> bool:
+    """Determine if a function call pattern should be included in violations.
+
+    Args:
+        function_name: Name of the function being called
+        param_index: Index of the parameter (0-based)
+        unique_values: Set of unique string values passed to this parameter
+
+    Returns:
+        True if this pattern should generate a violation, False to filter it out
+    """
+    # Check function name patterns
+    if _is_excluded_function(function_name):
+        return False
+
+    # Check parameter position for specific functions
+    if _is_excluded_param_position(function_name, param_index):
+        return False
+
+    # Check if all values match excluded patterns
+    if _all_values_excluded(unique_values):
+        return False
+
+    return True
+
+
+def are_all_values_excluded(unique_values: set[str]) -> bool:
+    """Check if all values match excluded patterns (numeric strings, delimiters, etc.).
+
+    Public interface for value-based filtering used by violation generator.
+
+    Args:
+        unique_values: Set of unique string values to check
+
+    Returns:
+        True if all values match excluded patterns, False otherwise
+    """
+    return _all_values_excluded(unique_values)
+
+
+def _is_excluded_function(function_name: str) -> bool:
+    """Check if function name matches any excluded pattern."""
+    # Check suffix patterns (e.g., *Error, *Exception)
+    if _matches_suffix(function_name):
+        return True
+    return _matches_pattern(function_name.lower())
+
+
+def _matches_suffix(function_name: str) -> bool:
+    """Check if function name ends with an excluded suffix."""
+    return any(function_name.endswith(s) for s in _EXCLUDED_FUNCTION_SUFFIXES)
+
+
+def _matches_pattern(func_lower: str) -> bool:
+    """Check if function name matches any excluded pattern."""
+    return any(
+        pattern.lower() in func_lower or func_lower.endswith(pattern.lower())
+        for pattern in _EXCLUDED_FUNCTION_PATTERNS
+    )
+
+
+def _is_excluded_param_position(function_name: str, param_index: int) -> bool:
+    """Check if this parameter position should be excluded for this function."""
+    if param_index != 1:
+        return False
+
+    func_lower = function_name.lower()
+    return any(
+        pattern.lower() in func_lower or func_lower.endswith(pattern.lower())
+        for pattern in _EXCLUDE_PARAM_INDEX_1
+    )
+
+
+def _all_values_excluded(unique_values: set[str]) -> bool:
+    """Check if all values in the set match excluded patterns."""
+    if not unique_values:
+        return True
+    return all(_is_excluded_value(value) for value in unique_values)
+
+
+def _is_excluded_value(value: str) -> bool:
+    """Check if a single value matches any excluded pattern."""
+    return any(pattern.match(value) for pattern in _EXCLUDED_VALUE_PATTERNS)

src/linters/stringly_typed/function_call_violation_builder.py

@@ -0,0 +1,135 @@
+"""
+Purpose: Build violations for function call patterns with limited string values
+
+Scope: Function call violation message and suggestion generation
+
+Overview: Handles building violation objects for function calls that consistently receive
+    a limited set of string values, suggesting they should use enums. Generates messages
+    with cross-file references and actionable suggestions. Separated from main violation
+    generator to maintain SRP compliance with focused responsibility.
+
+Dependencies: Violation, Severity, StoredFunctionCall, StringlyTypedConfig
+
+Exports: build_function_call_violations function
+
+Interfaces: build_function_call_violations(calls, unique_values) -> list[Violation]
+
+Implementation: Builds violations with cross-file references and enum suggestions
+"""
+
+from pathlib import Path
+
+from src.core.types import Severity, Violation
+
+from .storage import StoredFunctionCall
+
+
+def build_function_call_violations(
+    calls: list[StoredFunctionCall], unique_values: set[str]
+) -> list[Violation]:
+    """Build violations for all calls to a function with limited values.
+
+    Args:
+        calls: All calls to the function/param
+        unique_values: Set of unique string values passed
+
+    Returns:
+        List of violations for each call site
+    """
+    return [_build_violation(call, calls, unique_values) for call in calls]
+
+
+def _build_cross_references(call: StoredFunctionCall, all_calls: list[StoredFunctionCall]) -> str:
+    """Build cross-reference string for other function call locations.
+
+    Args:
+        call: Current call
+        all_calls: All calls with same function/param
+
+    Returns:
+        Comma-separated list of file:line references
+    """
+    refs = []
+    for other in all_calls:
+        if other.file_path != call.file_path or other.line_number != call.line_number:
+            refs.append(f"{Path(other.file_path).name}:{other.line_number}")
+
+    return ", ".join(refs[:5])  # Limit to 5 references
+
+
+def _build_violation(
+    call: StoredFunctionCall,
+    all_calls: list[StoredFunctionCall],
+    unique_values: set[str],
+) -> Violation:
+    """Build a single violation for a function call.
+
+    Args:
+        call: The specific call to create violation for
+        all_calls: All calls to the same function/param
+        unique_values: Set of unique string values passed
+
+    Returns:
+        Violation instance
+    """
+    message = _build_message(call, all_calls, unique_values)
+    suggestion = _build_suggestion(call, unique_values)
+
+    return Violation(
+        rule_id="stringly-typed.limited-values",
+        file_path=str(call.file_path),
+        line=call.line_number,
+        column=call.column,
+        message=message,
+        severity=Severity.ERROR,
+        suggestion=suggestion,
+    )
+
+
+def _build_message(
+    call: StoredFunctionCall,
+    all_calls: list[StoredFunctionCall],
+    unique_values: set[str],
+) -> str:
+    """Build violation message for function call pattern.
+
+    Args:
+        call: Current function call
+        all_calls: All calls to the same function/param
+        unique_values: Set of unique values passed
+
+    Returns:
+        Human-readable violation message
+    """
+    file_count = len({c.file_path for c in all_calls})
+    values_str = ", ".join(f"'{v}'" for v in sorted(unique_values))
+    param_desc = f"parameter {call.param_index}" if call.param_index > 0 else "first parameter"
+
+    message = (
+        f"Function '{call.function_name}' {param_desc} is called with "
+        f"only {len(unique_values)} unique string values [{values_str}] "
+        f"across {file_count} file(s)."
+    )
+
+    other_refs = _build_cross_references(call, all_calls)
+    if other_refs:
+        message += f" Also called in: {other_refs}."
+
+    return message
+
+
+def _build_suggestion(call: StoredFunctionCall, unique_values: set[str]) -> str:
+    """Build fix suggestion for function call pattern.
+
+    Args:
+        call: The function call
+        unique_values: Set of unique values passed
+
+    Returns:
+        Human-readable suggestion
+    """
+    return (
+        f"Consider defining an enum or type union with the "
+        f"{len(unique_values)} possible values for '{call.function_name}' "
+        f"parameter {call.param_index}."
+    )

src/linters/stringly_typed/ignore_checker.py

@@ -0,0 +1,102 @@
+"""
+Purpose: Ignore directive checking for stringly-typed linter violations
+
+Scope: Line-level, block-level, and file-level ignore directive support
+
+Overview: Provides ignore directive checking functionality for the stringly-typed linter.
+    Wraps the centralized IgnoreDirectiveParser to filter violations based on inline comments
+    like `# thailint: ignore[stringly-typed]`. Supports line-level, block-level
+    (ignore-start/ignore-end), file-level (ignore-file), and next-line directives.
+    Handles both Python (# comment) and TypeScript (// comment) syntax.
+
+Dependencies: IgnoreDirectiveParser from src.linter_config.ignore, Violation type, pathlib
+
+Exports: IgnoreChecker class
+
+Interfaces: IgnoreChecker.filter_violations(violations) -> list[Violation]
+
+Implementation: Uses cached IgnoreDirectiveParser singleton, reads file content on demand,
+    supports both stringly-typed.* and stringly-typed specific rule matching
+"""
+
+from pathlib import Path
+
+from src.core.types import Violation
+from src.linter_config.ignore import get_ignore_parser
+
+
+class IgnoreChecker:
+    """Checks for ignore directives in stringly-typed linter violations.
+
+    Wraps the centralized IgnoreDirectiveParser to filter stringly-typed
+    violations based on inline ignore comments.
+    """
+
+    def __init__(self, project_root: Path | None = None) -> None:
+        """Initialize with project root for ignore parser.
+
+        Args:
+            project_root: Optional project root directory. Defaults to cwd.
+        """
+        self._ignore_parser = get_ignore_parser(project_root)
+        self._file_content_cache: dict[str, str] = {}
+
+    def filter_violations(self, violations: list[Violation]) -> list[Violation]:
+        """Filter violations based on ignore directives.
+
+        Args:
+            violations: List of violations to filter
+
+        Returns:
+            List of violations not suppressed by ignore directives
+        """
+        return [v for v in violations if not self._should_ignore(v)]
+
+    def _should_ignore(self, violation: Violation) -> bool:
+        """Check if a violation should be ignored.
+
+        Args:
+            violation: Violation to check
+
+        Returns:
+            True if violation should be ignored
+        """
+        file_content = self._get_file_content(violation.file_path)
+        return self._ignore_parser.should_ignore_violation(violation, file_content)
+
+    def _get_file_content(self, file_path: str) -> str:
+        """Get file content with caching.
+
+        Args:
+            file_path: Path to file
+
+        Returns:
+            File content or empty string if unreadable
+        """
+        if file_path in self._file_content_cache:
+            return self._file_content_cache[file_path]
+
+        content = self._read_file_content(file_path)
+        self._file_content_cache[file_path] = content
+        return content
+
+    def _read_file_content(self, file_path: str) -> str:
+        """Read file content from disk.
+
+        Args:
+            file_path: Path to file
+
+        Returns:
+            File content or empty string if unreadable
+        """
+        try:
+            path = Path(file_path)
+            if path.exists():
+                return path.read_text(encoding="utf-8")
+        except (OSError, UnicodeDecodeError):
+            pass
+        return ""
+
+    def clear_cache(self) -> None:
+        """Clear file content cache."""
+        self._file_content_cache.clear()