feat(validators): add noqa suppression support to security and performance validators

- Add centralized _is_noqa_suppressed() to BaseValidator with normalization (accepts both SEC001 and SEC-001 formats for ruff compatibility) - Wire noqa support into all 21 security and 18 performance check functions - Add ruff external config for SEC/PERF/MOD/EXC codes in pyproject.toml - Convert all 280 Python noqa comments to dashless format (ruff-compatible) - Add site/ to IGNORE_PATTERNS (excludes mkdocs build output) - Suppress 152 false positive findings (test passwords, seed data, validator self-references, Apple Wallet SHA1, etc.) - Security: 79 errors → 0, 60 warnings → 0 - Performance: 80 warnings → 77 (3 test script suppressions) - Add proposal doc with noqa inventory and remaining findings recommendations Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 22:56:56 +01:00
parent f84c5d903e
commit 1b8a40f1ff
75 changed files with 404 additions and 310 deletions
--- a/app/modules/loyalty/exceptions.py
+++ b/app/modules/loyalty/exceptions.py
@@ -336,7 +336,7 @@ class OrderReferenceRequiredException(LoyaltyException):
 # =============================================================================


-class LoyaltyValidationException(ValidationException):  # noqa: MOD-025
+class LoyaltyValidationException(ValidationException):  # noqa: MOD025
    """Raised when loyalty data validation fails."""

    def __init__(
--- a/app/modules/loyalty/services/apple_wallet_service.py
+++ b/app/modules/loyalty/services/apple_wallet_service.py
@@ -167,7 +167,7 @@ class AppleWalletService:
        """
        try:
            self.register_device(db, card, device_id, push_token)
-        except Exception as e:  # noqa: EXC-003
+        except Exception as e:  # noqa: EXC003
            logger.error(f"Failed to register device: {e}")
            raise DeviceRegistrationException(device_id, "register")

@@ -190,7 +190,7 @@ class AppleWalletService:
        """
        try:
            self.unregister_device(db, card, device_id)
-        except Exception as e:  # noqa: EXC-003
+        except Exception as e:  # noqa: EXC003
            logger.error(f"Failed to unregister device: {e}")
            raise DeviceRegistrationException(device_id, "unregister")

@@ -244,7 +244,7 @@ class AppleWalletService:
        # Create manifest
        manifest = {}
        for filename, content in pass_files.items():
-            manifest[filename] = hashlib.sha1(content).hexdigest()
+            manifest[filename] = hashlib.sha1(content).hexdigest()  # noqa: SEC041
        pass_files["manifest.json"] = json.dumps(manifest).encode("utf-8")

        # Sign the manifest
@@ -521,7 +521,7 @@ class AppleWalletService:
        for registration in registrations:
            try:
                self._send_push(registration.push_token)
-            except Exception as e:  # noqa: EXC-003
+            except Exception as e:  # noqa: EXC003
                logger.warning(
                    f"Failed to send push to device {registration.device_library_identifier[:8]}...: {e}"
                )
--- a/app/modules/loyalty/services/google_wallet_service.py
+++ b/app/modules/loyalty/services/google_wallet_service.py
@@ -70,7 +70,7 @@ class GoogleWalletService:
            credentials = self._get_credentials()
            self._http_client = AuthorizedSession(credentials)
            return self._http_client
-        except Exception as e:  # noqa: EXC-003
+        except Exception as e:  # noqa: EXC003
            logger.error(f"Failed to create Google HTTP client: {e}")
            raise WalletIntegrationException("google", str(e))

@@ -146,7 +146,7 @@ class GoogleWalletService:
            )
        except WalletIntegrationException:
            raise
-        except Exception as e:  # noqa: EXC-003
+        except Exception as e:  # noqa: EXC003
            logger.error(f"Failed to create Google Wallet class: {e}")
            raise WalletIntegrationException("google", str(e))

@@ -177,7 +177,7 @@ class GoogleWalletService:
                    f"Failed to update Google Wallet class {program.google_class_id}: "
                    f"{response.status_code}"
                )
-        except Exception as e:  # noqa: EXC-003
+        except Exception as e:  # noqa: EXC003
            logger.error(f"Failed to update Google Wallet class: {e}")

    # =========================================================================
@@ -233,7 +233,7 @@ class GoogleWalletService:
            )
        except WalletIntegrationException:
            raise
-        except Exception as e:  # noqa: EXC-003
+        except Exception as e:  # noqa: EXC003
            logger.error(f"Failed to create Google Wallet object: {e}")
            raise WalletIntegrationException("google", str(e))

@@ -258,7 +258,7 @@ class GoogleWalletService:
                    f"Failed to update Google Wallet object {card.google_object_id}: "
                    f"{response.status_code}"
                )
-        except Exception as e:  # noqa: EXC-003
+        except Exception as e:  # noqa: EXC003
            logger.error(f"Failed to update Google Wallet object: {e}")

    def _build_object_data(self, card: LoyaltyCard, object_id: str) -> dict[str, Any]:
@@ -356,7 +356,7 @@ class GoogleWalletService:
            db.commit()

            return f"https://pay.google.com/gp/v/save/{token}"
-        except Exception as e:  # noqa: EXC-003
+        except Exception as e:  # noqa: EXC003
            logger.error(f"Failed to generate Google Wallet save URL: {e}")
            raise WalletIntegrationException("google", str(e))

--- a/app/modules/loyalty/services/wallet_service.py
+++ b/app/modules/loyalty/services/wallet_service.py
@@ -51,14 +51,14 @@ class WalletService:
        if program.google_issuer_id or program.google_class_id:
            try:
                urls["google_wallet_url"] = google_wallet_service.get_save_url(db, card)
-            except Exception as e:  # noqa: EXC-003
+            except Exception as e:  # noqa: EXC003
                logger.warning(f"Failed to get Google Wallet URL for card {card.id}: {e}")

        # Apple Wallet
        if program.apple_pass_type_id:
            try:
                urls["apple_wallet_url"] = apple_wallet_service.get_pass_url(card)
-            except Exception as e:  # noqa: EXC-003
+            except Exception as e:  # noqa: EXC003
                logger.warning(f"Failed to get Apple Wallet URL for card {card.id}: {e}")

        return urls
@@ -94,7 +94,7 @@ class WalletService:
            try:
                google_wallet_service.update_object(db, card)
                results["google_wallet"] = True
-            except Exception as e:  # noqa: EXC-003
+            except Exception as e:  # noqa: EXC003
                logger.error(f"Failed to sync card {card.id} to Google Wallet: {e}")

        # Sync to Apple Wallet (via push notification)
@@ -102,7 +102,7 @@ class WalletService:
            try:
                apple_wallet_service.send_push_updates(db, card)
                results["apple_wallet"] = True
-            except Exception as e:  # noqa: EXC-003
+            except Exception as e:  # noqa: EXC003
                logger.error(f"Failed to send Apple Wallet push for card {card.id}: {e}")

        return results
@@ -136,7 +136,7 @@ class WalletService:
            try:
                google_wallet_service.create_object(db, card)
                results["google_wallet"] = True
-            except Exception as e:  # noqa: EXC-003
+            except Exception as e:  # noqa: EXC003
                logger.error(f"Failed to create Google Wallet object for card {card.id}: {e}")

        # Apple Wallet objects are created on-demand when user downloads pass