This is an automated email from the ASF dual-hosted git repository.
arm pushed a commit to branch taint_tracking_types
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/taint_tracking_types by this
push:
new 74925b03 Validate session by type instead of name, and _ prefix unused
sessions
74925b03 is described below
commit 74925b03ceff7b8eb0d3293c469bfceb82075610
Author: Alastair McFarlane <[email protected]>
AuthorDate: Thu Feb 26 17:49:39 2026 +0000
Validate session by type instead of name, and _ prefix unused sessions
---
atr/blueprints/common.py | 2 +-
atr/get/checklist.py | 2 +-
atr/get/committees.py | 4 ++--
atr/get/distribution.py | 10 +++++-----
atr/get/docs.py | 4 ++--
atr/get/download.py | 8 ++++----
atr/get/ignores.py | 2 +-
atr/get/keys.py | 8 +++++---
atr/get/projects.py | 2 +-
atr/get/ref.py | 2 +-
atr/get/release.py | 6 +++---
atr/get/root.py | 4 ++--
atr/get/start.py | 2 +-
atr/get/test.py | 6 +++---
atr/get/tokens.py | 2 +-
atr/post/keys.py | 2 +-
atr/post/test.py | 4 ++--
atr/post/upload.py | 2 +-
18 files changed, 37 insertions(+), 35 deletions(-)
diff --git a/atr/blueprints/common.py b/atr/blueprints/common.py
index ccdca547..d12b4446 100644
--- a/atr/blueprints/common.py
+++ b/atr/blueprints/common.py
@@ -85,7 +85,7 @@ def build_path(
if hint is None:
raise TypeError(f"Parameter {param_name!r} in {func.__name__} has
no type annotation")
- if param_name == "session":
+ if hint is web.Public or hint is web.Committer:
if ix != 0:
raise TypeError(f"Parameter {param_name!r} in {func.__name__}
must be first")
public = hint is web.Public
diff --git a/atr/get/checklist.py b/atr/get/checklist.py
index 3153114e..2d4fd788 100644
--- a/atr/get/checklist.py
+++ b/atr/get/checklist.py
@@ -35,7 +35,7 @@ import atr.web as web
@get.typed
async def selected(
- session: web.Public,
+ _session: web.Public,
_checklist: Literal["checklist"],
project_name: safe.ProjectName,
version_name: safe.VersionName,
diff --git a/atr/get/committees.py b/atr/get/committees.py
index 098c1b55..f565d8b9 100644
--- a/atr/get/committees.py
+++ b/atr/get/committees.py
@@ -32,7 +32,7 @@ import atr.web as web
@get.typed
-async def directory(session: web.Public, _committees: Literal["committees"])
-> str:
+async def directory(_session: web.Public, _committees: Literal["committees"])
-> str:
"""
URL: /committees
Main committee directory page.
@@ -48,7 +48,7 @@ async def directory(session: web.Public, _committees:
Literal["committees"]) ->
@get.typed
-async def view(session: web.Public, _committees: Literal["committees"], name:
str) -> str:
+async def view(_session: web.Public, _committees: Literal["committees"], name:
str) -> str:
"""
URL: /committees/<name>
"""
diff --git a/atr/get/distribution.py b/atr/get/distribution.py
index 3b608ca2..fe7eb035 100644
--- a/atr/get/distribution.py
+++ b/atr/get/distribution.py
@@ -37,7 +37,7 @@ from atr.tasks import gha
@get.typed
async def automate(
- session: web.Committer,
+ _session: web.Committer,
_distribution: Literal["distribution/automate"],
project_name: safe.ProjectName,
version_name: safe.VersionName,
@@ -50,7 +50,7 @@ async def automate(
@get.typed
async def list_get(
- session: web.Committer,
+ _session: web.Committer,
_distribution: Literal["distribution/list"],
project_name: safe.ProjectName,
version_name: safe.VersionName,
@@ -144,7 +144,7 @@ async def list_get(
@get.typed
async def record(
- session: web.Committer,
+ _session: web.Committer,
_distribution: Literal["distribution/record"],
project_name: safe.ProjectName,
version_name: safe.VersionName,
@@ -157,7 +157,7 @@ async def record(
@get.typed
async def stage_automate(
- session: web.Committer,
+ _session: web.Committer,
_distribution: Literal["distribution/stage/automate"],
project_name: safe.ProjectName,
version_name: safe.VersionName,
@@ -170,7 +170,7 @@ async def stage_automate(
@get.typed
async def stage_record(
- session: web.Committer,
+ _session: web.Committer,
_distribution: Literal["distribution/stage/record"],
project_name: safe.ProjectName,
version_name: safe.VersionName,
diff --git a/atr/get/docs.py b/atr/get/docs.py
index 1e2e5b33..52a1a92f 100644
--- a/atr/get/docs.py
+++ b/atr/get/docs.py
@@ -52,12 +52,12 @@ class H1Parser(HTMLParser):
@get.typed
-async def index(session: web.Public, _docs: Literal["docs"]) -> str:
+async def index(_session: web.Public, _docs: Literal["docs"]) -> str:
return await _serve_docs_page("index")
@get.typed
-async def page(session: web.Public, _docs: Literal["docs"], path: unsafe.Path)
-> str:
+async def page(_session: web.Public, _docs: Literal["docs"], path:
unsafe.Path) -> str:
validated_page = form.to_relpath(path)
if validated_page is None:
quart.abort(400)
diff --git a/atr/get/download.py b/atr/get/download.py
index b694bd75..28120a13 100644
--- a/atr/get/download.py
+++ b/atr/get/download.py
@@ -79,7 +79,7 @@ async def all_selected(
@get.typed
async def path(
- session: web.Public,
+ _session: web.Public,
_download_path: Literal["download/path"],
project_name: safe.ProjectName,
version_name: safe.VersionName,
@@ -94,7 +94,7 @@ async def path(
@get.typed
async def path_empty(
- session: web.Public,
+ _session: web.Public,
_download_path: Literal["download/path"],
project_name: safe.ProjectName,
version_name: safe.VersionName,
@@ -108,7 +108,7 @@ async def path_empty(
@get.typed
async def sh_selected(
- session: web.Public,
+ _session: web.Public,
_download_sh: Literal["download/sh"],
project_name: safe.ProjectName,
version_name: safe.VersionName,
@@ -133,7 +133,7 @@ async def sh_selected(
@get.typed
async def urls_selected(
- session: web.Public,
+ _session: web.Public,
_download_urls: Literal["download/urls"],
project_name: safe.ProjectName,
version_name: safe.VersionName,
diff --git a/atr/get/ignores.py b/atr/get/ignores.py
index 45c23c01..fec0c60b 100644
--- a/atr/get/ignores.py
+++ b/atr/get/ignores.py
@@ -32,7 +32,7 @@ import atr.web as web
@get.typed
async def ignores(
- session: web.Committer,
+ _session: web.Committer,
_ignores: Literal["ignores"],
project_name: safe.ProjectName,
) -> str | web.WerkzeugResponse:
diff --git a/atr/get/keys.py b/atr/get/keys.py
index b82c1b7f..18223ff8 100644
--- a/atr/get/keys.py
+++ b/atr/get/keys.py
@@ -36,7 +36,7 @@ import atr.web as web
@get.typed
-async def add(session: web.Committer, _keys_add: Literal["keys/add"]) -> str:
+async def add(_session: web.Committer, _keys_add: Literal["keys/add"]) -> str:
"""
URL: /keys/add
Add a new public signing key to the user's account.
@@ -181,7 +181,9 @@ async def details(session: web.Committer, _keys_details:
Literal["keys/details"]
@get.typed
-async def export(session: web.Committer, _keys_export: Literal["keys/export"],
committee_name: str) -> web.TextResponse:
+async def export(
+ _session: web.Committer, _keys_export: Literal["keys/export"],
committee_name: str
+) -> web.TextResponse:
"""
URL: /keys/export/<committee_name>
Export a KEYS file for a specific committee.
@@ -266,7 +268,7 @@ async def ssh_add(session: web.Committer, _keys_ssh_add:
Literal["keys/ssh/add"]
@get.typed
-async def upload(session: web.Committer, _keys_upload: Literal["keys/upload"])
-> str:
+async def upload(_session: web.Committer, _keys_upload:
Literal["keys/upload"]) -> str:
"""
URL: /keys/upload
Upload a KEYS file containing multiple OpenPGP keys.
diff --git a/atr/get/projects.py b/atr/get/projects.py
index ae2435b6..5e30b96b 100644
--- a/atr/get/projects.py
+++ b/atr/get/projects.py
@@ -94,7 +94,7 @@ async def add_project(
@get.typed
-async def projects(session: web.Public, _projects: Literal["projects"]) -> str:
+async def projects(_session: web.Public, _projects: Literal["projects"]) ->
str:
"""
URL: /projects
Main project directory page.
diff --git a/atr/get/ref.py b/atr/get/ref.py
index 24123181..9a665ac5 100644
--- a/atr/get/ref.py
+++ b/atr/get/ref.py
@@ -35,7 +35,7 @@ import atr.web as web
@get.typed
-async def resolve(session: web.Public, _ref: Literal["ref"], ref_path:
unsafe.Path) -> web.WerkzeugResponse:
+async def resolve(_session: web.Public, _ref: Literal["ref"], ref_path:
unsafe.Path) -> web.WerkzeugResponse:
"""
URL: /ref/<ref_path>
Resolve a code reference to a GitHub permalink.
diff --git a/atr/get/release.py b/atr/get/release.py
index 114a9e3d..2a535fc2 100644
--- a/atr/get/release.py
+++ b/atr/get/release.py
@@ -32,7 +32,7 @@ import atr.web as web
@get.typed
async def finished(
- session: web.Public, _releases_finished: Literal["releases/finished"],
project_name: safe.ProjectName
+ _session: web.Public, _releases_finished: Literal["releases/finished"],
project_name: safe.ProjectName
) -> str:
"""
URL: /releases/finished/<project_name>
@@ -60,7 +60,7 @@ async def finished(
@get.typed
-async def releases(session: web.Public, _releases: Literal["releases"]) -> str:
+async def releases(_session: web.Public, _releases: Literal["releases"]) ->
str:
"""
URL: /releases
View all releases.
@@ -89,7 +89,7 @@ async def releases(session: web.Public, _releases:
Literal["releases"]) -> str:
@get.typed
async def select(
- session: web.Committer, _release_select: Literal["release/select"],
project_name: safe.ProjectName
+ _session: web.Committer, _release_select: Literal["release/select"],
project_name: safe.ProjectName
) -> str:
"""
URL: /release/select/<project_name>
diff --git a/atr/get/root.py b/atr/get/root.py
index 38b85352..75be7ca9 100644
--- a/atr/get/root.py
+++ b/atr/get/root.py
@@ -59,7 +59,7 @@ _POLICIES: Final = htm.div[
@get.typed
-async def about(session: web.Committer, _about: Literal["about"]) -> str:
+async def about(_session: web.Committer, _about: Literal["about"]) -> str:
"""
URL: /about
About page.
@@ -68,7 +68,7 @@ async def about(session: web.Committer, _about:
Literal["about"]) -> str:
@get.typed
-async def index(session: web.Public, _root: Literal[""]) ->
quart_response.Response | str:
+async def index(_session: web.Public, _root: Literal[""]) ->
quart_response.Response | str:
"""
URL: /
Show public info or an entry portal for participants.
diff --git a/atr/get/start.py b/atr/get/start.py
index b82aa0d7..17ff9e98 100644
--- a/atr/get/start.py
+++ b/atr/get/start.py
@@ -35,7 +35,7 @@ import atr.web as web
@get.typed
-async def selected(session: web.Committer, _start: Literal["start"],
project_name: safe.ProjectName) -> str:
+async def selected(_session: web.Committer, _start: Literal["start"],
project_name: safe.ProjectName) -> str:
"""
URL: /start/<project_name>
"""
diff --git a/atr/get/test.py b/atr/get/test.py
index 3a6d2368..4022add6 100644
--- a/atr/get/test.py
+++ b/atr/get/test.py
@@ -42,7 +42,7 @@ import atr.web as web
@get.typed
-async def test_empty(session: web.Public, _test_empty: Literal["test/empty"])
-> str:
+async def test_empty(_session: web.Public, _test_empty: Literal["test/empty"])
-> str:
"""
URL: /test/empty
"""
@@ -62,7 +62,7 @@ async def test_empty(session: web.Public, _test_empty:
Literal["test/empty"]) ->
@get.typed
-async def test_login(session: web.Public, _test_login: Literal["test/login"])
-> web.WerkzeugResponse:
+async def test_login(_session: web.Public, _test_login: Literal["test/login"])
-> web.WerkzeugResponse:
"""
URL: /test/login
"""
@@ -142,7 +142,7 @@ async def test_merge(
@get.typed
-async def test_multiple(session: web.Public, _test_multiple:
Literal["test/multiple"]) -> str:
+async def test_multiple(_session: web.Public, _test_multiple:
Literal["test/multiple"]) -> str:
"""
URL: /test/multiple
"""
diff --git a/atr/get/tokens.py b/atr/get/tokens.py
index 388b517e..49592225 100644
--- a/atr/get/tokens.py
+++ b/atr/get/tokens.py
@@ -30,7 +30,7 @@ import atr.web as web
@get.typed
-async def tokens(session: web.Committer, _tokens: Literal["tokens"]) -> str:
+async def tokens(_session: web.Committer, _tokens: Literal["tokens"]) -> str:
"""
URL: /tokens
"""
diff --git a/atr/post/keys.py b/atr/post/keys.py
index 1e651914..bc637bf9 100644
--- a/atr/post/keys.py
+++ b/atr/post/keys.py
@@ -212,7 +212,7 @@ async def ssh_add(
@post.typed
async def upload(
- session: web.Committer,
+ _session: web.Committer,
_keys_upload: Literal["keys/upload"],
upload_form: shared.keys.UploadKeysForm,
) -> str:
diff --git a/atr/post/test.py b/atr/post/test.py
index 4fd4ee97..4d66d859 100644
--- a/atr/post/test.py
+++ b/atr/post/test.py
@@ -28,7 +28,7 @@ import atr.web as web
@post.typed
async def test_empty(
- session: web.Public, _test_empty: Literal["test/empty"], _form: form.Empty
+ _session: web.Public, _test_empty: Literal["test/empty"], _form: form.Empty
) -> web.WerkzeugResponse:
"""
URL: /test/empty
@@ -41,7 +41,7 @@ async def test_empty(
@post.typed
async def test_multiple(
- session: web.Public, _test_multiple: Literal["test/multiple"],
multiple_form: shared.test.MultipleForm
+ _session: web.Public, _test_multiple: Literal["test/multiple"],
multiple_form: shared.test.MultipleForm
) -> web.WerkzeugResponse:
"""
URL: /test/multiple
diff --git a/atr/post/upload.py b/atr/post/upload.py
index 60dcd84a..ec3a3125 100644
--- a/atr/post/upload.py
+++ b/atr/post/upload.py
@@ -131,7 +131,7 @@ async def selected(
@post.typed
async def stage(
- session: web.Committer,
+ _session: web.Committer,
_upload_stage: Literal["upload/stage"],
project_name: safe.ProjectName,
version_name: safe.VersionName,
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
