*: add ruff BLE rules (#16943)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

authentik/brands/models.py

@@ -113,7 +113,7 @@ class Brand(SerializerModel):
         try:
             return self.attributes.get("settings", {}).get("locale", "")
 
-        except Exception as exc:
+        except Exception as exc:  # noqa
             LOGGER.warning("Failed to get default locale", exc=exc)
             return ""
 

authentik/core/api/property_mappings.py

@@ -171,7 +171,7 @@ class PropertyMappingViewSet(
         except PropertyMappingExpressionException as exc:
             response_data["result"] = exception_to_string(exc.exc)
             response_data["successful"] = False
-        except Exception as exc:
+        except Exception as exc:  # noqa
             response_data["result"] = exception_to_string(exc)
             response_data["successful"] = False
         response = PropertyMappingTestResultSerializer(response_data)

authentik/core/management/commands/shell.py

@@ -99,7 +99,7 @@ class Command(BaseCommand):
         else:
             try:
                 hook()
-            except Exception:
+            except Exception:  # noqa
                 # Match the behavior of the cpython shell where an error in
                 # sys.__interactivehook__ prints a warning and the exception
                 # and continues.

authentik/core/models.py

@@ -406,7 +406,7 @@ class User(SerializerModel, GuardianUserMixin, AttributesMixin, AbstractUser):
         try:
             return self.attributes.get("settings", {}).get("locale", "")
 
-        except Exception as exc:
+        except Exception as exc:  # noqa
             LOGGER.warning("Failed to get default locale", exc=exc)
         if request:
             return request.brand.locale
@@ -587,7 +587,7 @@ class Application(SerializerModel, PolicyBindingModel):
             try:
                 return url % user.__dict__
 
-            except Exception as exc:
+            except Exception as exc:  # noqa
                 LOGGER.warning("Failed to format launch url", exc=exc)
                 return url
         return url
@@ -783,7 +783,7 @@ class Source(ManagedModel, SerializerModel, PolicyBindingModel):
                 "slug": self.slug,
             }
 
-        except Exception as exc:
+        except Exception as exc:  # noqa
             LOGGER.warning("Failed to template user path", exc=exc, source=self)
             return User.default_path()
 

authentik/flows/stage.py

@@ -160,7 +160,7 @@ class ChallengeStageView(StageView):
                 "user": self.get_pending_user(for_display=True),
             }
 
-        except Exception as exc:
+        except Exception as exc:  # noqa
             self.logger.warning("failed to template title", exc=exc)
             return self.executor.flow.title
 

authentik/flows/views/executor.py

@@ -198,7 +198,7 @@ class FlowExecutorView(APIView):
                 # if the cached plan is from an older version, it might have different attributes
                 # in which case we just delete the plan and invalidate everything
                 next_binding = self.plan.next(self.request)
-            except Exception as exc:
+            except Exception as exc:  # noqa
                 self._logger.warning(
                     "f(exec): found incompatible flow plan, invalidating run", exc=exc
                 )
@@ -288,7 +288,7 @@ class FlowExecutorView(APIView):
                 span.set_data("authentik Flow", self.flow.slug)
                 stage_response = self.current_stage_view.dispatch(request)
                 return to_stage_response(request, stage_response)
-        except Exception as exc:
+        except Exception as exc:  # noqa
             return self.handle_exception(exc)
 
     @extend_schema(
@@ -339,7 +339,7 @@ class FlowExecutorView(APIView):
                 span.set_data("authentik Flow", self.flow.slug)
                 stage_response = self.current_stage_view.dispatch(request)
                 return to_stage_response(request, stage_response)
-        except Exception as exc:
+        except Exception as exc:  # noqa
             return self.handle_exception(exc)
 
     def _initiate_plan(self) -> FlowPlan:
@@ -351,7 +351,7 @@ class FlowExecutorView(APIView):
             # there are no issues with the class we might've gotten
             # from the cache. If there are errors, just delete all cached flows
             _ = plan.has_stages
-        except Exception:
+        except Exception:  # noqa
             keys = cache.keys(f"{CACHE_PREFIX}*")
             cache.delete_many(keys)
             return self._initiate_plan()

authentik/policies/expression/evaluator.py

@@ -71,7 +71,7 @@ class PolicyEvaluator(BaseEvaluator):
             # PolicyExceptions should be propagated back to the process,
             # which handles recording and returning a correct result
             raise exc
-        except Exception as exc:
+        except Exception as exc:  # noqa
             LOGGER.warning("Expression error", exc=exc)
             return PolicyResult(False, str(exc))
         else:

authentik/policies/process.py

@@ -144,6 +144,6 @@ class PolicyProcess(PROCESS_CLASS):
         """Task wrapper to run policy checking"""
         try:
             self.connection.send(self.profiling_wrapper())
-        except Exception as exc:
+        except Exception as exc:  # noqa
             LOGGER.warning("Policy failed to run", exc=exc)
             self.connection.send(PolicyResult(False, str(exc)))

authentik/root/test_runner.py

@@ -177,6 +177,6 @@ class PytestTestRunner(DiscoverRunner):  # pragma: no cover
         with patch("guardian.shortcuts._get_ct_cached", patched__get_ct_cached):
             try:
                 return pytest.main(self.args)
-            except Exception as e:
+            except Exception as e:  # noqa
                 self.logger.error("Error running tests", error=str(e), test_files=self.args)
                 return 1

authentik/stages/authenticator/util.py

@@ -2,7 +2,7 @@
 
 import random
 import string
-from binascii import unhexlify
+from binascii import Error, unhexlify
 from os import urandom
 
 from django.core.exceptions import ValidationError
@@ -42,7 +42,7 @@ def hex_validator(length=0):
                 value = value.encode()
 
             unhexlify(value)
-        except Exception:
+        except Error:
             raise ValidationError(f"{value} is not valid hex-encoded data.") from None
 
         if (length > 0) and (len(value) != length * 2):

lifecycle/gunicorn.conf.py

@@ -136,7 +136,7 @@ if not CONFIG.get_bool("disable_startup_analytics", False):
                 timeout=5,
             )
 
-        except Exception:  # nosec
+        except Exception:  # nosec # noqa
             pass
 
 start_debug_server()

pyproject.toml

@@ -177,13 +177,14 @@ exclude = ["**/migrations/**", "**/node_modules/**"]
 
 [tool.ruff.lint]
 select = [
-  "E",  # pycodestyle
-  "F",  # Pyflakes
-  "I",  # isort
-  "UP", # pyupgrade
-  "B",  # flake8-bugbear
-  "DJ", # django
-  "PL", # pylint
+  "E",   # pycodestyle
+  "F",   # Pyflakes
+  "I",   # isort
+  "UP",  # pyupgrade
+  "B",   # flake8-bugbear
+  "DJ",  # django
+  "PL",  # pylint
+  "BLE", # flake8-blind-except
 ]
 ignore = [
   "DJ001", # Avoid using `null=True` on string-based fields,