Skip to content

[ENHANCEMENT] Replace magic strings with Enums for severity levels and LLM providers #47

Closed
#81
Closed
[ENHANCEMENT] Replace magic strings with Enums for severity levels and LLM providers#47
#81
Labels
good first issueGood for newcomerspythonPull requests that update python code
@advaitpatel

Description

@advaitpatel
advaitpatel
opened on Apr 2, 2026

Overview

Severity levels (`CRITICAL`, `HIGH`, `MEDIUM`, `LOW`, `UNKNOWN`) and LLM provider names (`openai`, `anthropic`, `google`, `ollama`) are repeated as raw strings in at least 8 files. This causes:

  • Typo-prone comparisons — a typo like `"CRITCAL"` silently passes validation
  • No IDE autocomplete — contributors can't discover valid values
  • Scattered validation — the same list of valid providers appears in `utils.py`, `config_manager.py`, and `docksec.py` independently

Proposed Solution

Add an `enums.py` module (or add to `config.py`) with two enums:

# docksec/enums.py
from enum import Enum

class Severity(str, Enum):
    CRITICAL = "CRITICAL"
    HIGH = "HIGH"
    MEDIUM = "MEDIUM"
    LOW = "LOW"
    UNKNOWN = "UNKNOWN"

    @classmethod
    def values(cls) -> list[str]:
        return [e.value for e in cls]

    @classmethod
    def scored_levels(cls) -> list["Severity"]:
        """Severities that affect the security score."""
        return [cls.CRITICAL, cls.HIGH, cls.MEDIUM, cls.LOW]


class LLMProvider(str, Enum):
    OPENAI = "openai"
    ANTHROPIC = "anthropic"
    GOOGLE = "google"
    OLLAMA = "ollama"

    @classmethod
    def values(cls) -> list[str]:
        return [e.value for e in cls]

Files to Update

File Change
`config.py` Import `Severity`, replace string literals
`config_manager.py` Replace provider/severity string lists with Enum
`docker_scanner.py` Replace all severity string comparisons
`score_calculator.py` Use `Severity` enum in score weights dict
`utils.py` Replace provider validation with `LLMProvider`
`docksec.py` Use `LLMProvider.values()` in argparse choices
`tests/` Update tests to use enum values

Example Refactor

# Before (docker_scanner.py)
if severity in ["CRITICAL", "HIGH", "MEDIUM", "LOW"]:
    ...

SEVERITY_WEIGHTS = {"CRITICAL": 10, "HIGH": 5, "MEDIUM": 2, "LOW": 1}

# After
from docksec.enums import Severity

if severity in Severity.values():
    ...

SEVERITY_WEIGHTS = {
    Severity.CRITICAL: 10,
    Severity.HIGH: 5,
    Severity.MEDIUM: 2,
    Severity.LOW: 1,
}

Acceptance Criteria

  • `Severity` and `LLMProvider` enums created
  • All magic string comparisons replaced across the codebase
  • All existing tests still pass (no behavior change, refactor only)
  • `argparse` provider choices sourced from `LLMProvider.values()`

Skill Level

Beginner Python. Pure refactor — no logic changes required.

Notes

Since `Severity` and `LLMProvider` extend `str`, they are backwards-compatible with existing string comparisons and JSON serialization — no behavior changes needed anywhere.

Metadata

Metadata

Assignees

No one assigned

    Labels

    good first issueGood for newcomerspythonPull requests that update python code

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions