diff options
| -rw-r--r-- | README.rst | 15 | ||||
| -rw-r--r-- | doc/data/messages/e/exec-used/details.rst | 11 | ||||
| -rw-r--r-- | doc/development_guide/how_tos/plugins.rst | 2 | ||||
| -rw-r--r-- | doc/user_guide/configuration/index.rst | 9 |
4 files changed, 32 insertions, 5 deletions
diff --git a/README.rst b/README.rst index e6e20b43e..3d99a0965 100644 --- a/README.rst +++ b/README.rst @@ -59,10 +59,19 @@ will know that ``argparse.error(...)`` is in fact a logging call and not an argp .. _`code smells`: https://martinfowler.com/bliki/CodeSmell.html Pylint is highly configurable and permits to write plugins in order to add your -own checks (for example, for internal libraries or an internal rule). Pylint has an -ecosystem of existing plugins for popular frameworks such as `pylint-django`_ or -`pylint-sonarjson`_. +own checks (for example, for internal libraries or an internal rule). Pylint also has an +ecosystem of existing plugins for popular frameworks and third party libraries. +.. note:: + + Pylint supports the Python standard library out of the box. Third-party + libraries are not always supported, so a plugin might be needed. A good place + to start is ``PyPI`` which often returns a plugin by searching for + ``pylint <library>``. `pylint-pydantic`_, `pylint-django`_ and + `pylint-sonarjson`_ are examples of such plugins. More information about plugins + and how to load them can be found at :ref:`plugins <plugins>`. + +.. _`pylint-pydantic`: https://pypi.org/project/pylint-pydantic .. _`pylint-django`: https://github.com/PyCQA/pylint-django .. _`pylint-sonarjson`: https://github.com/omegacen/pylint-sonarjson diff --git a/doc/data/messages/e/exec-used/details.rst b/doc/data/messages/e/exec-used/details.rst index 2a61975f2..246857f32 100644 --- a/doc/data/messages/e/exec-used/details.rst +++ b/doc/data/messages/e/exec-used/details.rst @@ -1 +1,10 @@ -The available methods and variables used in ``exec()`` may introduce a security hole. You can restrict the use of these variables and methods by passing optional globals and locals parameters (dictionaries) to the ``exec()`` method. +The available methods and variables used in ``exec()`` may introduce a security hole. +You can restrict the use of these variables and methods by passing optional globals +and locals parameters (dictionaries) to the ``exec()`` method. + +However, use of ``exec`` is still insecure. For example, consider the following call +that writes a file to the user's system: + +.. code-block:: python + + exec("""\nwith open("file.txt", "w", encoding="utf-8") as file:\n file.write("# code as nefarious as imaginable")\n""") diff --git a/doc/development_guide/how_tos/plugins.rst b/doc/development_guide/how_tos/plugins.rst index bc2c0f14c..3940f2481 100644 --- a/doc/development_guide/how_tos/plugins.rst +++ b/doc/development_guide/how_tos/plugins.rst @@ -1,5 +1,7 @@ .. -*- coding: utf-8 -*- +.. _plugins: + How To Write a Pylint Plugin ============================ diff --git a/doc/user_guide/configuration/index.rst b/doc/user_guide/configuration/index.rst index d039b4445..ffe8c51a3 100644 --- a/doc/user_guide/configuration/index.rst +++ b/doc/user_guide/configuration/index.rst @@ -9,7 +9,7 @@ various projects and a lot of checks to activate if they suit your style. You can generate a sample configuration file with ``--generate-toml-config`` or ``--generate-rcfile``. Every option present on the command line before this -will be included in the file +will be included in the file. For example:: @@ -18,6 +18,13 @@ For example:: In practice, it is often better to create a minimal configuration file which only contains configuration overrides. For all other options, Pylint will use its default values. +.. note:: + + The internals that create the configuration files fall back to the default values if + no other value was given. This means that some values depend on the interpreter that + was used to generate the file. Most notably ``py-version`` which defaults to the + current interpreter. + .. toctree:: :maxdepth: 2 :titlesonly: |