Add pre-commit hooks with Ruff, Black, and mypy

Magic-Man-us · Magic-Man-us · commit 46da56eea03d · 2025-11-02T12:09:00.000-05:00
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,35 @@
+# Pre-commit hooks for code quality
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+      - id: check-merge-conflict
+      - id: check-toml
+
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.1.6
+    hooks:
+      - id: ruff
+        args: [--fix]
+      - id: ruff-format
+
+  - repo: https://github.com/psf/black
+    rev: 23.11.0
+    hooks:
+      - id: black
+
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v1.7.0
+    hooks:
+      - id: mypy
+        additional_dependencies:
+          - pydantic>=2.5.0
+          - aiohttp>=3.9.0
+          - click>=8.1.0
+          - beautifulsoup4>=4.12.0
+        args: [--ignore-missing-imports]
+        exclude: ^tests/
diff --git a/src/sitescanner/core/scanner.py b/src/sitescanner/core/scanner.py
@@ -3,6 +3,7 @@
 import asyncio
 import logging
 from datetime import datetime
+from typing import Any
 from uuid import uuid4
 
 import aiohttp
@@ -46,7 +47,7 @@ def __init__(self, config: ScanConfig) -> None:
         self._session: aiohttp.ClientSession | None = None
 
         # Initialize scanner modules
-        self.scanners = {
+        self.scanners: dict[str, Any] = {
             "sql_injection": SQLInjectionScanner(),
             "xss": XSSScanner(),
             "csrf": CSRFScanner(),
@@ -61,7 +62,9 @@ async def __aenter__(self) -> "Scanner":
         )
         return self
 
-    async def __aexit__(self, exc_type, exc_val, exc_tb) -> None:
+    async def __aexit__(
+        self, exc_type: type[BaseException] | None, exc_val: BaseException | None, exc_tb: object
+    ) -> None:
         """Async context manager exit."""
         if self._session:
             await self._session.close()
@@ -96,7 +99,7 @@ async def scan(self) -> ScanResult:
         # Run enabled scanners concurrently
         scan_tasks = []
         for scanner_name in self.config.enabled_scanners:
-            if scanner_name in self.scanners:
+            if scanner_name in self.scanners and self._session:
                 scanner = self.scanners[scanner_name]
                 scan_tasks.append(scanner.scan_pages(pages, self._session))
 
diff --git a/src/sitescanner/scanners/csrf.py b/src/sitescanner/scanners/csrf.py
@@ -2,6 +2,7 @@
 
 import asyncio
 import logging
+from typing import Any
 
 import aiohttp
 from bs4 import BeautifulSoup
@@ -44,14 +45,12 @@ def calculate_protection_level(self) -> str:
             ]
         )
 
-        if protections == 0:
-            return "none"
-        elif protections == 1:
-            return "weak"
-        elif protections == 2:
-            return "moderate"
-        else:
-            return "strong"
+        protection_levels = {
+            0: "none",
+            1: "weak",
+            2: "moderate",
+        }
+        return protection_levels.get(protections, "strong")
 
 
 class CSRFScanner:
@@ -134,7 +133,7 @@ async def _scan_page(self, url: str, session: aiohttp.ClientSession) -> list[Vul
 
         return vulnerabilities
 
-    def _analyze_form(self, form: BeautifulSoup, page_url: str) -> CSRFTestCase:
+    def _analyze_form(self, form: Any, page_url: str) -> CSRFTestCase:
         """Analyze a form for CSRF protection using Pydantic validation.
 
         Args:
@@ -165,8 +164,12 @@ def _analyze_form(self, form: BeautifulSoup, page_url: str) -> CSRFTestCase:
 
         inputs = form.find_all(["input", "textarea", "select"])
         for input_field in inputs:
-            field_name = input_field.get("name", "")
-            field_value = input_field.get("value", "")
+            field_name_raw = input_field.get("name", "")
+            field_value_raw = input_field.get("value", "")
+
+            # Extract string values
+            field_name = field_name_raw if isinstance(field_name_raw, str) else ""
+            field_value = field_value_raw if isinstance(field_value_raw, str) else ""
 
             if field_name:
                 fields[field_name] = field_value
@@ -183,9 +186,9 @@ def _analyze_form(self, form: BeautifulSoup, page_url: str) -> CSRFTestCase:
         return CSRFTestCase(
             url=page_url,
             form_action=form_action if form_action else None,
-            form_method=form_method
-            if form_method in ["GET", "POST", "PUT", "DELETE", "PATCH"]
-            else "POST",
+            form_method=(
+                form_method if form_method in ["GET", "POST", "PUT", "DELETE", "PATCH"] else "POST"
+            ),
             has_csrf_token=has_csrf,
             token_field_name=csrf_token_field,
             form_fields=fields,
@@ -195,8 +198,8 @@ def _analyze_form(self, form: BeautifulSoup, page_url: str) -> CSRFTestCase:
     def _check_csrf_protection(
         self,
         test_case: CSRFTestCase,
-        headers: dict,
-        cookies: dict,
+        headers: dict[str, str],
+        cookies: dict[str, Any],
     ) -> CSRFProtectionCheck:
         """Check for various CSRF protection mechanisms.
 
@@ -212,7 +215,7 @@ def _check_csrf_protection(
 
         # Check for SameSite cookie attribute
         for cookie in cookies.values():
-            if hasattr(cookie, "get") and cookie.get("samesite"):
+            if hasattr(cookie, "get") and callable(cookie.get) and cookie.get("samesite"):
                 protection.has_samesite_cookie = True
                 break
 
