Add missing ssl enums to astroid/brain (#1381)

Signed-off-by: Alexander Scheel <[email protected]>
Co-authored-by: Daniël van Noord <[email protected]>
Co-authored-by: Marc Mueller <[email protected]>

Author: 3 people

ChangeLog

@@ -22,6 +22,10 @@ Release date: TBA
 
   Closes PyCQA/pylint#3518
 
+* Adds missing enums from ``ssl`` module.
+
+  Closes PyCQA/pylint#3691
+
 * Remove dependency on ``pkg_resources`` from ``setuptools``.
 
   Closes #1103

astroid/brain/brain_ssl.py

@@ -6,12 +6,54 @@
 
 from astroid import parse
 from astroid.brain.helpers import register_module_extender
+from astroid.const import PY38_PLUS, PY310_PLUS
 from astroid.manager import AstroidManager
 
 
+def _verifyflags_enum() -> str:
+    enum = """
+    class VerifyFlags(_IntFlag):
+        VERIFY_DEFAULT = 0
+        VERIFY_CRL_CHECK_LEAF = 1
+        VERIFY_CRL_CHECK_CHAIN = 2
+        VERIFY_X509_STRICT = 3
+        VERIFY_X509_TRUSTED_FIRST = 4"""
+    if PY310_PLUS:
+        enum += """
+        VERIFY_ALLOW_PROXY_CERTS = 5
+        VERIFY_X509_PARTIAL_CHAIN = 6
+        """
+    return enum
+
+
+def _options_enum() -> str:
+    enum = """
+    class Options(_IntFlag):
+        OP_ALL = 1
+        OP_NO_SSLv2 = 2
+        OP_NO_SSLv3 = 3
+        OP_NO_TLSv1 = 4
+        OP_NO_TLSv1_1 = 5
+        OP_NO_TLSv1_2 = 6
+        OP_NO_TLSv1_3 = 7
+        OP_CIPHER_SERVER_PREFERENCE = 8
+        OP_SINGLE_DH_USE = 9
+        OP_SINGLE_ECDH_USE = 10
+        OP_NO_COMPRESSION = 11
+        OP_NO_TICKET = 12
+        OP_NO_RENEGOTIATION = 13"""
+    if PY38_PLUS:
+        enum += """
+        OP_ENABLE_MIDDLEBOX_COMPAT = 14"""
+    return enum
+
+
 def ssl_transform():
     return parse(
         """
+    # Import necessary for conversion of objects defined in C into enums
+    from enum import IntEnum as _IntEnum, IntFlag as _IntFlag
+
     from _ssl import OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_INFO, OPENSSL_VERSION
     from _ssl import _SSLContext, MemoryBIO
     from _ssl import (
@@ -64,7 +106,54 @@ def ssl_transform():
     from _ssl import _OPENSSL_API_VERSION
     from _ssl import PROTOCOL_SSLv23, PROTOCOL_TLSv1, PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2
     from _ssl import PROTOCOL_TLS, PROTOCOL_TLS_CLIENT, PROTOCOL_TLS_SERVER
+
+    class AlertDescription(_IntEnum):
+        ALERT_DESCRIPTION_ACCESS_DENIED = 0
+        ALERT_DESCRIPTION_BAD_CERTIFICATE = 1
+        ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE = 2
+        ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE = 3
+        ALERT_DESCRIPTION_BAD_RECORD_MAC = 4
+        ALERT_DESCRIPTION_CERTIFICATE_EXPIRED = 5
+        ALERT_DESCRIPTION_CERTIFICATE_REVOKED = 6
+        ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN = 7
+        ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE = 8
+        ALERT_DESCRIPTION_CLOSE_NOTIFY = 9
+        ALERT_DESCRIPTION_DECODE_ERROR = 10
+        ALERT_DESCRIPTION_DECOMPRESSION_FAILURE = 11
+        ALERT_DESCRIPTION_DECRYPT_ERROR = 12
+        ALERT_DESCRIPTION_HANDSHAKE_FAILURE = 13
+        ALERT_DESCRIPTION_ILLEGAL_PARAMETER = 14
+        ALERT_DESCRIPTION_INSUFFICIENT_SECURITY = 15
+        ALERT_DESCRIPTION_INTERNAL_ERROR = 16
+        ALERT_DESCRIPTION_NO_RENEGOTIATION = 17
+        ALERT_DESCRIPTION_PROTOCOL_VERSION = 18
+        ALERT_DESCRIPTION_RECORD_OVERFLOW = 19
+        ALERT_DESCRIPTION_UNEXPECTED_MESSAGE = 20
+        ALERT_DESCRIPTION_UNKNOWN_CA = 21
+        ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY = 22
+        ALERT_DESCRIPTION_UNRECOGNIZED_NAME = 23
+        ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE = 24
+        ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION = 25
+        ALERT_DESCRIPTION_USER_CANCELLED = 26
+
+    class SSLErrorNumber(_IntEnum):
+        SSL_ERROR_EOF = 0
+        SSL_ERROR_INVALID_ERROR_CODE = 1
+        SSL_ERROR_SSL = 2
+        SSL_ERROR_SYSCALL = 3
+        SSL_ERROR_WANT_CONNECT = 4
+        SSL_ERROR_WANT_READ = 5
+        SSL_ERROR_WANT_WRITE = 6
+        SSL_ERROR_WANT_X509_LOOKUP = 7
+        SSL_ERROR_ZERO_RETURN = 8
+
+    class VerifyMode(_IntEnum):
+        CERT_NONE = 0
+        CERT_OPTIONAL = 1
+        CERT_REQUIRED = 2
     """
+        + _verifyflags_enum()
+        + _options_enum()
     )
 
 

tests/test_brain_ssl.py

@@ -0,0 +1,43 @@
+# Licensed under the LGPL: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
+# For details: https://github.com/PyCQA/astroid/blob/main/LICENSE
+# Copyright (c) https://github.com/PyCQA/astroid/blob/main/CONTRIBUTORS.txt
+
+"""Tests for the ssl brain."""
+
+from astroid import bases, nodes, parse
+
+
+def test_ssl_brain() -> None:
+    """Test ssl brain transform."""
+    module = parse(
+        """
+    import ssl
+    ssl.PROTOCOL_TLSv1
+    ssl.VerifyMode
+    ssl.TLSVersion
+    ssl.VerifyMode.CERT_REQUIRED
+    """
+    )
+    inferred_protocol = next(module.body[1].value.infer())
+    assert isinstance(inferred_protocol, nodes.Const)
+
+    inferred_verifymode = next(module.body[2].value.infer())
+    assert isinstance(inferred_verifymode, nodes.ClassDef)
+    assert inferred_verifymode.name == "VerifyMode"
+    assert len(inferred_verifymode.bases) == 1
+
+    # Check that VerifyMode correctly inherits from enum.IntEnum
+    int_enum = next(inferred_verifymode.bases[0].infer())
+    assert isinstance(int_enum, nodes.ClassDef)
+    assert int_enum.name == "IntEnum"
+    assert int_enum.parent.name == "enum"
+
+    # TLSVersion is inferred from the main module, not from the brain
+    inferred_tlsversion = next(module.body[3].value.infer())
+    assert isinstance(inferred_tlsversion, nodes.ClassDef)
+    assert inferred_tlsversion.name == "TLSVersion"
+
+    # TLSVersion is inferred from the main module, not from the brain
+    inferred_cert_required = next(module.body[4].value.infer())
+    assert isinstance(inferred_cert_required, bases.Instance)
+    assert inferred_cert_required._proxied.name == "CERT_REQUIRED"

tests/unittest_regrtest.py

@@ -304,16 +304,6 @@ def foo(self): #@
         inferred = next(node.infer())
         self.assertEqual(inferred.decoratornames(), {".Parent.foo.getter"})
 
-    def test_ssl_protocol(self) -> None:
-        node = extract_node(
-            """
-        import ssl
-        ssl.PROTOCOL_TLSv1
-        """
-        )
-        inferred = next(node.infer())
-        self.assertIsInstance(inferred, nodes.Const)
-
     def test_recursive_property_method(self) -> None:
         node = extract_node(
             """