[tool.ruff]
line-length = 120
target-version = "py310"
format.quote-style = "preserve"

[tool.ruff.lint]
# 追加 D209，不会覆盖、不会屏蔽任何现有规则
extend-select = [
  "D209",  # 规则8：多行文档字符串末尾 """ 必须单独一行
  "SIM115",    # 规则17：推荐用 with 代替 try-finally
]

# 业界标准 PYLINT 生产配置
# 只开高价值规则，关闭所有洁癖规则
# ================================
[tool.pylint]
reports = false
score = false
max-line-length = 120
max-args = 15       # 放宽，不检查
max-branches = 50   # 放宽，不检查
max-statements = 200# 放宽，不检查
max-locals = 50     # 放宽，不检查
max-positional-arguments = 20  # 放宽，不检查

# ================================
# 只开启：真正会导致程序崩溃的错误（BUG 级别）
# ================================
enable = [
  # 语法/运行时错误（必开）
  "E0100",  # 语法错误
  "E0601",  # 使用未定义变量
  "E0602",  # 变量未定义
  "E0603",  # 使用未定义属性
  "E0611",  # 导入不存在的包
  "E0632",  # 缺少返回值
  "E1101",  # 访问不存在成员
  "E1120",  # 不可调用对象被调用
  "E0632",  # 缺少返回值

  # 潜在崩溃警告（高价值）
  "W0632",  # 元组解包不匹配（会崩）
  "W1514",  # open 未指定 encoding（跨平台乱码）
]

# ================================
# 关闭所有洁癖/格式/风格/复杂度警告
# ================================
disable = [
  # 所有命名、文档、格式
  "invalid-name",
  "missing-docstring",
  "missing-module-docstring",
  "missing-function-docstring",
  "missing-class-docstring",
  "empty-docstring",
  "line-too-long",
  "trailing-whitespace",

  # 所有复杂度检查（函数太长、分支太多、参数太多等）
  "too-many-arguments",
  "too-many-positional-arguments",
  "too-many-branches",
  "too-many-statements",
  "too-many-locals",
  "too-many-return-statements",
  "too-many-instance-attributes",
  "too-few-public-methods",
  "too-many-public-methods",

  # 所有未使用变量/参数警告
  "unused-argument",
  "unused-variable",
  "unused-import",

  # 所有保护成员访问警告
  "protected-access",

  # 所有风格优化建议
  "no-else-raise",
  "no-else-return",
  "consider-using-enumerate",
  "use-dict-literal",
  "consider-using-f-string",
  "superfluous-parens",
  "unnecessary-pass",
  "len-as-condition",
  "global-statement",
  "import-outside-toplevel",
  "raise-missing-from",
  "broad-except",
  "bare-except",

  # 导入相关
  "wrong-import-order",
  "wrong-import-position",
  "import-error",
]

# ==============================================
# Bandit 安全门禁专用配置
# 功能：仅检测用户指定的安全规则，已跳过 B101
# ==============================================
[tool.bandit]
# 检测所有级别（因为我们只精准开启需要的规则）
severity_level = "LOW"
confidence_level = "LOW"

# 跳过不需要扫描的目录
exclude_dirs = [
  "tests", "test", "venv", ".venv", "build", "dist", "migrations", "__pycache__"
]

# ==============================
# 仅开启你指定的安全规则
# ==============================
tests = [
  # SQL注入
  "B608",      # 禁止不可信数据拼接SQL

  # 命令注入
  "B602",      # 禁止调用OS命令解析器
  "B605",      # 不安全的子进程调用
  "B607",      # shell=True 风险

  # 危险代码执行
  "B307",      # 禁止使用eval/exec
  "B324",      # 禁止使用input函数

  # 反序列化漏洞
  "B301",      # 禁止对不可信数据unpickle

  # 加密安全
  "B306",      # 禁止弱加密算法
  "B321",      # 禁止弱哈希算法
  "B311",      # 使用安全随机数

  # 敏感信息泄露
  "B105",      # 禁止硬编码密码/密钥
  "B106",
  "B107",
  "B108",      # 禁止异常中泄露敏感信息
  "B110",      # 禁止日志输出敏感信息

]

# ==============================
# 明确跳过：B101（assert）
# 其余不需要的规则全部关闭
# ==============================
skips = [
  "B101",
  "B102", "B103", "B104",
  "B201", "B202",
  "B302", "B303", "B304", "B305", "B308",
  "B401", "B402", "B403", "B404", "B405", "B406",
  "B501", "B502", "B503",
  "B601", "B603", "B604", "B606", "B609",
  "B701", "B702"
]

# 输出格式
format = "screen"
quiet = false