Lint: add ruff for linting and formatting

.grype.yaml

@@ -2,47 +2,10 @@
 # latest release of Dangerzone, and offer our analysis.
 
 ignore:
-  - vulnerability: CVE-2024-5535
-  # CVE-2024-5171
-  # =============
-  #
-  # NVD Entry: https://nvd.nist.gov/vuln/detail/CVE-2024-5171
-  # Verdict: Dangerzone is not affected. The rationale is the following:
-  #
-  # The affected library, `libaom.so`, is linked by GStreamer's `libgstaom.so`
-  # library. The vulnerable `aom_img_alloc` function is only used when
-  # **encoding** a video to AV1. LibreOffce uses the **decode** path instead,
-  # when generating thumbnails.
-  #
-  # See also: https://github.com/freedomofpress/dangerzone/issues/895
-  - vulnerability: CVE-2024-5171
-
-  # CVE-2024-45491, CVE-2024-45492
-  # ===============================
-  #
-  # NVD Entries:
-  # * https://nvd.nist.gov/vuln/detail/CVE-2024-45491
-  # * https://nvd.nist.gov/vuln/detail/CVE-2024-45492
-  #
-  # Verdict: Dangerzone is not affected. The rationale is the following:
-  #
-  # The vulnerabilities that have been assigned to these CVEs affect only 32-bit
-  # architectures. Dangerzone ships only 64-bit images to users.
-  #
-  # See also: https://github.com/freedomofpress/dangerzone/issues/913
-  - vulnerability: CVE-2024-45491
-  - vulnerability: CVE-2024-45492
-
-  # CVE-2024-45490
+  # CVE-2024-11053
   # ==============
   #
-  # NVD Entry: https://nvd.nist.gov/vuln/detail/CVE-2024-45490
-  # Verdict: Dangerzone is not affected. The rationale is the following:
-  #
-  # In order to exploit this bug, the caller must pass a negative length to the
-  # `XML_ParseBuffer` function. This function is not directly used by
-  # LibreOffice, which instead uses a higher-level wrapper. Therefore, our
-  # understanding is that this path cannot be exploited by attackers.
-  #
-  # See also: https://github.com/freedomofpress/dangerzone/issues/913
-  - vulnerability: CVE-2024-45490
+  # NVD Entry: https://nvd.nist.gov/vuln/detail/CVE-2024-11053
+  # Verdict: Dangerzone is not affected because libcurl is an HTTP client, and
+  # the Dangerzone container does not make any network calls.
+  - vulnerability: CVE-2024-11053

Makefile

@@ -1,23 +1,6 @@
 LARGE_TEST_REPO_DIR:=tests/test_docs_large
 GIT_DESC=$$(git describe)
 JUNIT_FLAGS := --capture=sys -o junit_logging=all
-
-.PHONY: lint-black
-lint-black: ## check python source code formatting issues, with black
-	black --check --diff ./
-
-.PHONY: lint-black-apply
-lint-black-apply: ## apply black's source code formatting suggestions
-	black ./
-
-.PHONY: lint-isort
-lint-isort: ## check imports are organized, with isort
-	isort --check --diff ./
-
-.PHONY: lint-isort-apply
-lint-isort-apply: ## apply isort's imports organization suggestions
-	isort ./
-
 MYPY_ARGS := --ignore-missing-imports \
 			 --disallow-incomplete-defs \
 			 --disallow-untyped-defs \
@@ -26,19 +9,17 @@ MYPY_ARGS := --ignore-missing-imports \
 			 --warn-unused-ignores \
 			 --exclude $(LARGE_TEST_REPO_DIR)/*.py
 
-mypy-host:
+.PHONY: lint
+lint: ## Check the code for linting, formatting, and typing issues with ruff and mypy
+	ruff check
+	ruff format --check
 	mypy $(MYPY_ARGS) dangerzone
-
-mypy-tests:
 	mypy $(MYPY_ARGS) tests
 
-mypy: mypy-host mypy-tests ## check type hints with mypy
-
-.PHONY: lint
-lint: lint-black lint-isort mypy ## check the code with various linters
-
-.PHONY: lint-apply
-format: lint-black-apply lint-isort-apply ## apply all the linter's suggestions
+.PHONY: fix
+fix: ## apply all the suggestions from ruff
+	ruff check --fix
+	ruff format 
 
 .PHONY: test
 test:

dangerzone/isolation_provider/base.py

@@ -6,7 +6,6 @@
 import subprocess
 import sys
 from abc import ABC, abstractmethod
-from pathlib import Path
 from typing import IO, Callable, Iterator, Optional
 
 import fitz

dangerzone/logic.py

@@ -71,7 +71,7 @@ def convert_doc(document: Document) -> None:
                     ocr_lang,
                     stdout_callback,
                 )
-            except Exception as e:
+            except Exception:
                 log.exception(
                     f"Unexpected error occurred while converting '{document}'"
                 )

dev_scripts/env.py

@@ -8,7 +8,6 @@
 import shutil
 import subprocess
 import sys
-import urllib.request
 from datetime import date
 
 DEFAULT_GUI = True

dev_scripts/sign-assets.py

@@ -95,11 +95,11 @@ def main():
     parser.add_argument(
         "--version",
         required=True,
-        help=f"look for assets with this Dangerzone version",
+        help="look for assets with this Dangerzone version",
     )
     parser.add_argument(
         "dir",
-        help=f"look for assets in this directory",
+        help="look for assets in this directory",
     )
     args = parser.parse_args()
     setup_logging()