diff --git a/pyproject.toml b/pyproject.toml index c1701cbdbaf5..ceb5009852f5 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -138,7 +138,7 @@ exclude_lines = [ # UP006: Minimum Python 3.9 # UP007, UP038: Minimum Python 3.10 ignore = ['N818', 'UP006', 'UP007', 'UP038'] -select = ['E', 'F', 'I', 'N', 'W', 'UP'] +select = ['E', 'F', 'I', 'N', 'W', 'UP', 'RUF'] line-length = 79 [tool.ruff.isort] diff --git a/setup.py b/setup.py index 4fe0c027c17c..87ca197207cc 100644 --- a/setup.py +++ b/setup.py @@ -58,7 +58,7 @@ ) ], ) -except: # noqa: E722 +except: # Note: This is a bare exception that re-raises so that we don't interfere # with anything the installation machinery might want to do. Because we # print this for any exception this msg can appear (e.g. in verbose logs) diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index b4f9e9df4e17..ac741659e671 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -96,7 +96,7 @@ class Backend: # disallowed algorithms are still present in OpenSSL. They just error if # you try to use them. To avoid that we allowlist the algorithms in # FIPS 140-3. This isn't ideal, but FIPS 140-3 is trash so here we are. - _fips_aead = { + _fips_aead: typing.ClassVar[typing.Set[bytes]] = { b"aes-128-ccm", b"aes-192-ccm", b"aes-256-ccm", diff --git a/src/cryptography/hazmat/primitives/serialization/pkcs7.py b/src/cryptography/hazmat/primitives/serialization/pkcs7.py index 9998bcaa1131..e06333a6d651 100644 --- a/src/cryptography/hazmat/primitives/serialization/pkcs7.py +++ b/src/cryptography/hazmat/primitives/serialization/pkcs7.py @@ -111,7 +111,7 @@ def add_signer( return PKCS7SignatureBuilder( self._data, - self._signers + [(certificate, private_key, hash_algorithm)], + [*self._signers, (certificate, private_key, hash_algorithm)], ) def add_certificate( @@ -121,7 +121,7 @@ def add_certificate( raise TypeError("certificate must be a x509.Certificate") return PKCS7SignatureBuilder( - self._data, self._signers, self._additional_certs + [certificate] + self._data, self._signers, [*self._additional_certs, certificate] ) def sign( diff --git a/src/cryptography/hazmat/primitives/serialization/ssh.py b/src/cryptography/hazmat/primitives/serialization/ssh.py index 7725c83543e8..c6177cf5630a 100644 --- a/src/cryptography/hazmat/primitives/serialization/ssh.py +++ b/src/cryptography/hazmat/primitives/serialization/ssh.py @@ -1356,7 +1356,7 @@ def add_critical_option( _valid_for_all_principals=self._valid_for_all_principals, _valid_before=self._valid_before, _valid_after=self._valid_after, - _critical_options=self._critical_options + [(name, value)], + _critical_options=[*self._critical_options, (name, value)], _extensions=self._extensions, ) @@ -1379,7 +1379,7 @@ def add_extension( _valid_before=self._valid_before, _valid_after=self._valid_after, _critical_options=self._critical_options, - _extensions=self._extensions + [(name, value)], + _extensions=[*self._extensions, (name, value)], ) def sign(self, private_key: SSHCertPrivateKeyTypes) -> SSHCertificate: diff --git a/src/cryptography/utils.py b/src/cryptography/utils.py index 719168168440..5facac1aef06 100644 --- a/src/cryptography/utils.py +++ b/src/cryptography/utils.py @@ -85,7 +85,7 @@ def __delattr__(self, attr: str) -> None: delattr(self._module, attr) def __dir__(self) -> typing.Sequence[str]: - return ["_module"] + dir(self._module) + return ["_module", *dir(self._module)] def deprecated( diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index 576385e088d8..3d9d7c4228b3 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -664,7 +664,7 @@ def add_extension( return CertificateSigningRequestBuilder( self._subject_name, - self._extensions + [extension], + [*self._extensions, extension], self._attributes, ) @@ -697,7 +697,7 @@ def add_attribute( return CertificateSigningRequestBuilder( self._subject_name, self._extensions, - self._attributes + [(oid, value, tag)], + [*self._attributes, (oid, value, tag)], ) def sign( @@ -916,7 +916,7 @@ def add_extension( self._serial_number, self._not_valid_before, self._not_valid_after, - self._extensions + [extension], + [*self._extensions, extension], ) def sign( @@ -1057,7 +1057,7 @@ def add_extension( self._issuer_name, self._last_update, self._next_update, - self._extensions + [extension], + [*self._extensions, extension], self._revoked_certificates, ) @@ -1075,7 +1075,7 @@ def add_revoked_certificate( self._last_update, self._next_update, self._extensions, - self._revoked_certificates + [revoked_certificate], + [*self._revoked_certificates, revoked_certificate], ) def sign( @@ -1152,7 +1152,7 @@ def add_extension( return RevokedCertificateBuilder( self._serial_number, self._revocation_date, - self._extensions + [extension], + [*self._extensions, extension], ) def build(self, backend: typing.Any = None) -> RevokedCertificate: diff --git a/src/cryptography/x509/ocsp.py b/src/cryptography/x509/ocsp.py index 7054795fcda8..a3546230e2a7 100644 --- a/src/cryptography/x509/ocsp.py +++ b/src/cryptography/x509/ocsp.py @@ -478,7 +478,7 @@ def add_extension( _reject_duplicate_extension(extension, self._extensions) return OCSPRequestBuilder( - self._request, self._request_hash, self._extensions + [extension] + self._request, self._request_hash, [*self._extensions, extension] ) def build(self) -> OCSPRequest: @@ -583,7 +583,7 @@ def add_extension( self._response, self._responder_id, self._certs, - self._extensions + [extension], + [*self._extensions, extension], ) def sign( diff --git a/tests/hazmat/backends/test_openssl_memleak.py b/tests/hazmat/backends/test_openssl_memleak.py index 05e8f9480356..371a7c990188 100644 --- a/tests/hazmat/backends/test_openssl_memleak.py +++ b/tests/hazmat/backends/test_openssl_memleak.py @@ -172,11 +172,7 @@ def assert_no_memory_leaks(s, argv=[]): env.pop("COV_CORE_DATAFILE", None) env.pop("COV_CORE_SOURCE", None) - argv = [ - sys.executable, - "-c", - f"{s}\n\n{MEMORY_LEAK_SCRIPT}", - ] + argv + argv = [sys.executable, "-c", f"{s}\n\n{MEMORY_LEAK_SCRIPT}", *argv] # Shell out to a fresh Python process because OpenSSL does not allow you to # install new memory hooks after the first malloc/free occurs. proc = subprocess.Popen( diff --git a/tests/hazmat/primitives/test_aead.py b/tests/hazmat/primitives/test_aead.py index c6811a496b24..5ae306254468 100644 --- a/tests/hazmat/primitives/test_aead.py +++ b/tests/hazmat/primitives/test_aead.py @@ -696,7 +696,7 @@ def test_vectors_invalid(self, backend, subtests): badkey = AESSIV(AESSIV.generate_key(256)) badkey.decrypt(ct, aad) with pytest.raises(InvalidTag): - aessiv.decrypt(ct, aad + [b""]) + aessiv.decrypt(ct, [*aad, b""]) with pytest.raises(InvalidTag): aessiv.decrypt(ct, [b"nonsense"]) with pytest.raises(InvalidTag): diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py index db3dcc30d809..4a9afc15a560 100644 --- a/tests/hazmat/primitives/test_dh.py +++ b/tests/hazmat/primitives/test_dh.py @@ -932,9 +932,7 @@ def test_public_bytes_values( serialization.PublicFormat.SubjectPublicKeyInfo, ), (serialization.Encoding.Raw, serialization.PublicFormat.PKCS1), - ] - + list( - itertools.product( + *itertools.product( [ serialization.Encoding.Raw, serialization.Encoding.X962, @@ -946,8 +944,8 @@ def test_public_bytes_values( serialization.PublicFormat.UncompressedPoint, serialization.PublicFormat.CompressedPoint, ], - ) - ), + ), + ], ) def test_public_bytes_rejects_invalid(self, encoding, fmt, backend): parameters = FFDH3072_P.parameters(backend) diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py index 00920868fc65..bf50c47c4295 100644 --- a/tests/hazmat/primitives/test_dsa.py +++ b/tests/hazmat/primitives/test_dsa.py @@ -988,9 +988,7 @@ def test_public_bytes_pkcs1_unsupported(self, backend): serialization.PublicFormat.SubjectPublicKeyInfo, ), (serialization.Encoding.Raw, serialization.PublicFormat.PKCS1), - ] - + list( - itertools.product( + *itertools.product( [ serialization.Encoding.Raw, serialization.Encoding.X962, @@ -1002,8 +1000,8 @@ def test_public_bytes_pkcs1_unsupported(self, backend): serialization.PublicFormat.UncompressedPoint, serialization.PublicFormat.CompressedPoint, ], - ) - ), + ), + ], ) def test_public_bytes_rejects_invalid(self, encoding, fmt, backend): key = DSA_KEY_2048.private_key(backend).public_key() diff --git a/tests/hazmat/primitives/test_pkcs12.py b/tests/hazmat/primitives/test_pkcs12.py index f44fdd115af3..0ff9f5693ad4 100644 --- a/tests/hazmat/primitives/test_pkcs12.py +++ b/tests/hazmat/primitives/test_pkcs12.py @@ -796,11 +796,11 @@ def test_certificate_repr(self, backend): cert = _load_cert(backend, os.path.join("x509", "cryptography.io.pem")) assert ( repr(PKCS12Certificate(cert, None)) - == f"" + == f"" ) assert ( repr(PKCS12Certificate(cert, b"a")) - == f"" + == f"" ) def test_key_and_certificates_constructor(self, backend): diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 017e02d424b2..85459a59461a 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -2740,9 +2740,7 @@ def test_public_bytes_invalid_format( serialization.PublicFormat.SubjectPublicKeyInfo, ), (serialization.Encoding.Raw, serialization.PublicFormat.PKCS1), - ] - + list( - itertools.product( + *itertools.product( [ serialization.Encoding.Raw, serialization.Encoding.X962, @@ -2754,8 +2752,8 @@ def test_public_bytes_invalid_format( serialization.PublicFormat.UncompressedPoint, serialization.PublicFormat.CompressedPoint, ], - ) - ), + ), + ], ) def test_public_bytes_rejects_invalid( self, rsa_key_2048: rsa.RSAPrivateKey, encoding, fmt, backend diff --git a/tests/hazmat/primitives/test_ssh.py b/tests/hazmat/primitives/test_ssh.py index d55e148c7a3d..a0f6db2e7630 100644 --- a/tests/hazmat/primitives/test_ssh.py +++ b/tests/hazmat/primitives/test_ssh.py @@ -404,12 +404,12 @@ def make_file( priv_type = pub_type pub = ssh._FragList() - for elem in (pub_type,) + pub_fields: + for elem in (pub_type, *pub_fields): pub.put_sshstr(elem) secret = ssh._FragList([checkval1, checkval2]) for i in range(nkeys): - for elem in (priv_type,) + priv_fields + (comment,): + for elem in (priv_type, *priv_fields, comment): secret.put_sshstr(elem) if pad is None: diff --git a/tests/hazmat/primitives/test_x963_vectors.py b/tests/hazmat/primitives/test_x963_vectors.py index 92f396e2c508..7614c373c9ea 100644 --- a/tests/hazmat/primitives/test_x963_vectors.py +++ b/tests/hazmat/primitives/test_x963_vectors.py @@ -26,7 +26,9 @@ def _skip_hashfn_unsupported(backend, hashfn): class TestX963: - _algorithms_dict: typing.Dict[str, typing.Type[hashes.HashAlgorithm]] = { + _algorithms_dict: typing.ClassVar[ + typing.Dict[str, typing.Type[hashes.HashAlgorithm]] + ] = { "SHA-1": hashes.SHA1, "SHA-224": hashes.SHA224, "SHA-256": hashes.SHA256, diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index e9841eead9fc..188de07ac1a5 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -5437,7 +5437,9 @@ def test_bad_time_in_validity(self, backend): class TestNameAttribute: - EXPECTED_TYPES = [ + EXPECTED_TYPES: typing.ClassVar[ + typing.List[typing.Tuple[x509.ObjectIdentifier, _ASN1Type]] + ] = [ (NameOID.COMMON_NAME, _ASN1Type.UTF8String), (NameOID.COUNTRY_NAME, _ASN1Type.PrintableString), (NameOID.LOCALITY_NAME, _ASN1Type.UTF8String),