sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(validators): add noqa suppression support to security and performance validators
All checks were successful
CI / dependency-scanning (push) Successful in 27s
Details
CI / docs (push) Successful in 35s
Details
CI / ruff (push) Successful in 8s
Details
CI / pytest (push) Successful in 34m22s
Details
CI / validate (push) Successful in 19s
Details
CI / deploy (push) Successful in 2m25s
Details

Browse Source 
- Add centralized _is_noqa_suppressed() to BaseValidator with normalization
  (accepts both SEC001 and SEC-001 formats for ruff compatibility)
- Wire noqa support into all 21 security and 18 performance check functions
- Add ruff external config for SEC/PERF/MOD/EXC codes in pyproject.toml
- Convert all 280 Python noqa comments to dashless format (ruff-compatible)
- Add site/ to IGNORE_PATTERNS (excludes mkdocs build output)
- Suppress 152 false positive findings (test passwords, seed data, validator
  self-references, Apple Wallet SHA1, etc.)
- Security: 79 errors → 0, 60 warnings → 0
- Performance: 80 warnings → 77 (3 test script suppressions)
- Add proposal doc with noqa inventory and remaining findings recommendations

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-02-14 22:56:56 +01:00
parent f84c5d903e
commit 1b8a40f1ff
75 changed files with 404 additions and 310 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
app/modules/tenancy/exceptions.py
View File

@@ -128,7 +128,7 @@ class PlatformNotFoundException(OrionException):
)
class PlatformInactiveException(OrionException): # noqa: MOD-025
class PlatformInactiveException(OrionException): # noqa: MOD025
"""Raised when trying to access an inactive platform."""
def __init__(self, code: str):
@@ -140,7 +140,7 @@ class PlatformInactiveException(OrionException): # noqa: MOD-025
)
class PlatformUpdateException(OrionException): # noqa: MOD-025
class PlatformUpdateException(OrionException): # noqa: MOD025
"""Raised when platform update fails."""
def __init__(self, code: str, reason: str):
@@ -196,7 +196,7 @@ class StoreNotActiveException(BusinessLogicException):
)
class StoreNotVerifiedException(BusinessLogicException): # noqa: MOD-025
class StoreNotVerifiedException(BusinessLogicException): # noqa: MOD025
"""Raised when trying to perform operations requiring verified store."""
def __init__(self, store_code: str):
@@ -260,7 +260,7 @@ class StoreValidationException(ValidationException):
self.error_code = "STORE_VALIDATION_FAILED"
class MaxStoresReachedException(BusinessLogicException): # noqa: MOD-025
class MaxStoresReachedException(BusinessLogicException): # noqa: MOD025
"""Raised when user tries to create more stores than allowed."""
def __init__(self, max_stores: int, user_id: int | None = None):
@@ -275,7 +275,7 @@ class MaxStoresReachedException(BusinessLogicException): # noqa: MOD-025
)
class StoreAccessDeniedException(AuthorizationException): # noqa: MOD-025
class StoreAccessDeniedException(AuthorizationException): # noqa: MOD025
"""Raised when no store context is available for an authenticated endpoint."""
def __init__(self, message: str = "No store context available"):
@@ -337,7 +337,7 @@ class MerchantNotFoundException(ResourceNotFoundException):
)
class MerchantAlreadyExistsException(ConflictException): # noqa: MOD-025
class MerchantAlreadyExistsException(ConflictException): # noqa: MOD025
"""Raised when trying to create a merchant that already exists."""
def __init__(self, merchant_name: str):
@@ -348,7 +348,7 @@ class MerchantAlreadyExistsException(ConflictException): # noqa: MOD-025
)
class MerchantNotActiveException(BusinessLogicException): # noqa: MOD-025
class MerchantNotActiveException(BusinessLogicException): # noqa: MOD025
"""Raised when trying to perform operations on inactive merchant."""
def __init__(self, merchant_id: int):
@@ -359,7 +359,7 @@ class MerchantNotActiveException(BusinessLogicException): # noqa: MOD-025
)
class MerchantNotVerifiedException(BusinessLogicException): # noqa: MOD-025
class MerchantNotVerifiedException(BusinessLogicException): # noqa: MOD025
"""Raised when trying to perform operations requiring verified merchant."""
def __init__(self, merchant_id: int):
@@ -370,7 +370,7 @@ class MerchantNotVerifiedException(BusinessLogicException): # noqa: MOD-025
)
class UnauthorizedMerchantAccessException(AuthorizationException): # noqa: MOD-025
class UnauthorizedMerchantAccessException(AuthorizationException): # noqa: MOD025
"""Raised when user tries to access merchant they don't own."""
def __init__(self, merchant_id: int, user_id: int | None = None):
@@ -385,7 +385,7 @@ class UnauthorizedMerchantAccessException(AuthorizationException): # noqa: MOD-
)
class InvalidMerchantDataException(ValidationException): # noqa: MOD-025
class InvalidMerchantDataException(ValidationException): # noqa: MOD025
"""Raised when merchant data is invalid or incomplete."""
def __init__(
@@ -402,7 +402,7 @@ class InvalidMerchantDataException(ValidationException): # noqa: MOD-025
self.error_code = "INVALID_MERCHANT_DATA"
class MerchantValidationException(ValidationException): # noqa: MOD-025
class MerchantValidationException(ValidationException): # noqa: MOD025
"""Raised when merchant validation fails."""
def __init__(
@@ -527,7 +527,7 @@ class CannotModifySelfException(BusinessLogicException):
)
class BulkOperationException(BusinessLogicException): # noqa: MOD-025
class BulkOperationException(BusinessLogicException): # noqa: MOD025
"""Raised when bulk admin operation fails."""
def __init__(
@@ -675,7 +675,7 @@ class TeamMemberAlreadyExistsException(ConflictException):
)
class TeamInvitationNotFoundException(ResourceNotFoundException): # noqa: MOD-025
class TeamInvitationNotFoundException(ResourceNotFoundException): # noqa: MOD025
"""Raised when a team invitation is not found."""
def __init__(self, invitation_token: str):
@@ -687,7 +687,7 @@ class TeamInvitationNotFoundException(ResourceNotFoundException): # noqa: MOD-0
)
class TeamInvitationExpiredException(BusinessLogicException): # noqa: MOD-025
class TeamInvitationExpiredException(BusinessLogicException): # noqa: MOD025
"""Raised when trying to accept an expired invitation."""
def __init__(self, invitation_token: str):
@@ -709,7 +709,7 @@ class TeamInvitationAlreadyAcceptedException(ConflictException):
)
class UnauthorizedTeamActionException(AuthorizationException): # noqa: MOD-025
class UnauthorizedTeamActionException(AuthorizationException): # noqa: MOD025
"""Raised when user tries to perform team action without permission."""
def __init__(
@@ -745,7 +745,7 @@ class CannotRemoveOwnerException(BusinessLogicException):
)
class CannotModifyOwnRoleException(BusinessLogicException): # noqa: MOD-025
class CannotModifyOwnRoleException(BusinessLogicException): # noqa: MOD025
"""Raised when user tries to modify their own role."""
def __init__(self, user_id: int):
@@ -756,7 +756,7 @@ class CannotModifyOwnRoleException(BusinessLogicException): # noqa: MOD-025
)
class RoleNotFoundException(ResourceNotFoundException): # noqa: MOD-025
class RoleNotFoundException(ResourceNotFoundException): # noqa: MOD025
"""Raised when a role is not found."""
def __init__(self, role_id: int, store_id: int | None = None):
@@ -776,7 +776,7 @@ class RoleNotFoundException(ResourceNotFoundException): # noqa: MOD-025
self.details.update(details)
class InvalidRoleException(ValidationException): # noqa: MOD-025
class InvalidRoleException(ValidationException): # noqa: MOD025
"""Raised when role data is invalid."""
def __init__(
@@ -793,7 +793,7 @@ class InvalidRoleException(ValidationException): # noqa: MOD-025
self.error_code = "INVALID_ROLE_DATA"
class InsufficientTeamPermissionsException(AuthorizationException): # noqa: MOD-025
class InsufficientTeamPermissionsException(AuthorizationException): # noqa: MOD025
"""Raised when user lacks required team permissions for an action."""
def __init__(
@@ -817,7 +817,7 @@ class InsufficientTeamPermissionsException(AuthorizationException): # noqa: MOD
)
class MaxTeamMembersReachedException(BusinessLogicException): # noqa: MOD-025
class MaxTeamMembersReachedException(BusinessLogicException): # noqa: MOD025
"""Raised when store has reached maximum team members limit."""
def __init__(self, max_members: int, store_id: int):
@@ -852,7 +852,7 @@ class TeamValidationException(ValidationException):
self.error_code = "TEAM_VALIDATION_FAILED"
class InvalidInvitationDataException(ValidationException): # noqa: MOD-025
class InvalidInvitationDataException(ValidationException): # noqa: MOD025
"""Raised when team invitation data is invalid."""
def __init__(
@@ -963,7 +963,7 @@ class StoreDomainAlreadyExistsException(ConflictException):
)
class InvalidDomainFormatException(ValidationException): # noqa: MOD-025
class InvalidDomainFormatException(ValidationException): # noqa: MOD025
"""Raised when domain format is invalid."""
def __init__(self, domain: str, reason: str = "Invalid domain format"):
@@ -1020,7 +1020,7 @@ class DomainAlreadyVerifiedException(BusinessLogicException):
)
class MultiplePrimaryDomainsException(BusinessLogicException): # noqa: MOD-025
class MultiplePrimaryDomainsException(BusinessLogicException): # noqa: MOD025
"""Raised when trying to set multiple primary domains."""
def __init__(self, store_id: int):
@@ -1054,7 +1054,7 @@ class MaxDomainsReachedException(BusinessLogicException):
)
class UnauthorizedDomainAccessException(BusinessLogicException): # noqa: MOD-025
class UnauthorizedDomainAccessException(BusinessLogicException): # noqa: MOD025
"""Raised when trying to access domain that doesn't belong to store."""
def __init__(self, domain_id: int, store_id: int):

2
app/modules/tenancy/models/merchant_domain.py
View File

@@ -103,7 +103,7 @@ class MerchantDomain(Base, TimestampMixin):
- EXAMPLE.COM -> example.com
"""
# Remove protocol
domain = domain.replace("https://", "").replace("http://", "") # SEC-034
domain = domain.replace("https://", "").replace("http://", "") # noqa: SEC034
# Remove trailing slash
domain = domain.rstrip("/")

2
app/modules/tenancy/models/store_domain.py
View File

@@ -92,7 +92,7 @@ class StoreDomain(Base, TimestampMixin):
- EXAMPLE.COM -> example.com
"""
# Remove protocol
domain = domain.replace("https://", "").replace("http://", "") # SEC-034
domain = domain.replace("https://", "").replace("http://", "") # noqa: SEC034
# Remove trailing slash
domain = domain.rstrip("/")

2
app/modules/tenancy/schemas/merchant_domain.py
View File

@@ -34,7 +34,7 @@ class MerchantDomainCreate(BaseModel):
def validate_domain(cls, v: str) -> str:
"""Validate and normalize domain."""
# Remove protocol if present
domain = v.replace("https://", "").replace("http://", "") # SEC-034
domain = v.replace("https://", "").replace("http://", "") # noqa: SEC034
# Remove trailing slash
domain = domain.rstrip("/")

2
app/modules/tenancy/schemas/store_domain.py
View File

@@ -35,7 +35,7 @@ class StoreDomainCreate(BaseModel):
def validate_domain(cls, v: str) -> str:
"""Validate and normalize domain."""
# Remove protocol if present
domain = v.replace("https://", "").replace("http://", "") # SEC-034
domain = v.replace("https://", "").replace("http://", "") # noqa: SEC034
# Remove trailing slash
domain = domain.rstrip("/")

10
app/modules/tenancy/tests/unit/test_admin_platform_service.py
View File

@@ -255,7 +255,7 @@ class TestAdminPlatformServiceQueries:
another_admin = User(
email="another_padmin@example.com",
username="another_padmin",
hashed_password=auth_manager.hash_password("pass"), # noqa: SEC-001
hashed_password=auth_manager.hash_password("pass"), # noqa: SEC001
role="admin",
is_active=True,
is_super_admin=False,
@@ -342,7 +342,7 @@ class TestAdminPlatformServiceSuperAdmin:
another_super = User(
email="another_super@example.com",
username="another_super",
hashed_password=auth_manager.hash_password("pass"), # noqa: SEC-001
hashed_password=auth_manager.hash_password("pass"), # noqa: SEC001
role="admin",
is_active=True,
is_super_admin=True,
@@ -416,7 +416,7 @@ class TestAdminPlatformServiceCreatePlatformAdmin:
db=db,
email="new_padmin@example.com",
username="new_padmin",
password="securepass123", # noqa: SEC-001
password="securepass123", # noqa: SEC001
platform_ids=[test_platform.id, another_platform.id],
created_by_user_id=test_super_admin.id,
first_name="New",
@@ -444,7 +444,7 @@ class TestAdminPlatformServiceCreatePlatformAdmin:
db=db,
email=test_platform_admin.email, # Duplicate
username="unique_username",
password="securepass123", # noqa: SEC-001
password="securepass123", # noqa: SEC001
platform_ids=[test_platform.id],
created_by_user_id=test_super_admin.id,
)
@@ -461,7 +461,7 @@ class TestAdminPlatformServiceCreatePlatformAdmin:
db=db,
email="unique@example.com",
username=test_platform_admin.username, # Duplicate
password="securepass123", # noqa: SEC-001
password="securepass123", # noqa: SEC001
platform_ids=[test_platform.id],
created_by_user_id=test_super_admin.id,
)

12
app/modules/tenancy/tests/unit/test_store_team_service.py
View File

@@ -87,7 +87,7 @@ def pending_invitation(db, team_store, test_user, auth_manager):
new_user = User(
email=f"pending_{unique_id}@example.com",
username=f"pending_{unique_id}",
hashed_password=auth_manager.hash_password("temppass"), # noqa: SEC-001
hashed_password=auth_manager.hash_password("temppass"), # noqa: SEC001
role="store",
is_active=False,
)
@@ -129,7 +129,7 @@ def expired_invitation(db, team_store, test_user, auth_manager):
new_user = User(
email=f"expired_{unique_id}@example.com",
username=f"expired_{unique_id}",
hashed_password=auth_manager.hash_password("temppass"), # noqa: SEC-001
hashed_password=auth_manager.hash_password("temppass"), # noqa: SEC001
role="store",
is_active=False,
)
@@ -186,7 +186,7 @@ class TestStoreTeamServiceAccept:
result = store_team_service.accept_invitation(
db=db,
invitation_token=pending_invitation.invitation_token,
password="newpassword123", # noqa: SEC-001
password="newpassword123", # noqa: SEC001
first_name="John",
last_name="Doe",
)
@@ -203,7 +203,7 @@ class TestStoreTeamServiceAccept:
store_team_service.accept_invitation(
db=db,
invitation_token="invalid_token_12345",
password="password123", # noqa: SEC-001
password="password123", # noqa: SEC001
)
def test_accept_invitation_already_accepted(self, db, team_member):
@@ -213,7 +213,7 @@ class TestStoreTeamServiceAccept:
store_team_service.accept_invitation(
db=db,
invitation_token="some_token", # team_member has no token
password="password123", # noqa: SEC-001
password="password123", # noqa: SEC001
)
def test_accept_invitation_expired(self, db, expired_invitation):
@@ -222,7 +222,7 @@ class TestStoreTeamServiceAccept:
store_team_service.accept_invitation(
db=db,
invitation_token=expired_invitation.invitation_token,
password="password123", # noqa: SEC-001
password="password123", # noqa: SEC001
)
assert "expired" in str(exc_info.value).lower()

14
app/modules/tenancy/tests/unit/test_user_model.py
View File

@@ -17,7 +17,7 @@ class TestUserModel:
user = User(
email="db_test@example.com",
username="dbtest",
hashed_password="hashed_password_123", # noqa: SEC-001
hashed_password="hashed_password_123", # noqa: SEC001
role="user",
is_active=True,
)
@@ -39,7 +39,7 @@ class TestUserModel:
user1 = User(
email="unique@example.com",
username="user1",
hashed_password="hash1", # noqa: SEC-001
hashed_password="hash1", # noqa: SEC001
)
db.add(user1)
db.commit()
@@ -49,7 +49,7 @@ class TestUserModel:
user2 = User(
email="unique@example.com",
username="user2",
hashed_password="hash2", # noqa: SEC-001
hashed_password="hash2", # noqa: SEC001
)
db.add(user2)
db.commit()
@@ -59,7 +59,7 @@ class TestUserModel:
user1 = User(
email="user1@example.com",
username="sameusername",
hashed_password="hash1", # noqa: SEC-001
hashed_password="hash1", # noqa: SEC001
)
db.add(user1)
db.commit()
@@ -69,7 +69,7 @@ class TestUserModel:
user2 = User(
email="user2@example.com",
username="sameusername",
hashed_password="hash2", # noqa: SEC-001
hashed_password="hash2", # noqa: SEC001
)
db.add(user2)
db.commit()
@@ -79,7 +79,7 @@ class TestUserModel:
user = User(
email="defaults@example.com",
username="defaultuser",
hashed_password="hash", # noqa: SEC-001
hashed_password="hash", # noqa: SEC001
)
db.add(user)
db.commit()
@@ -93,7 +93,7 @@ class TestUserModel:
user = User(
email="optional@example.com",
username="optionaluser",
hashed_password="hash", # noqa: SEC-001
hashed_password="hash", # noqa: SEC001
first_name="John",
last_name="Doe",
)