Merge 0b6ce96 into 7d971ba

cisagov · Nov 8, 2018 · eeaad60 · eeaad60
2 parents 7d971ba + 0b6ce96
commit eeaad60
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 21 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -19,7 +19,12 @@ install:
 
 script:
   - pytest --cov=pshtt
-  - flake8 .
+  # Let's ignore E501 (line too long) warnings for now.
+  #
+  # There are A LOT of W504 warnings, and getting rid of them is
+  # dangerous because there are lots of parentheses and making flake8
+  # happy but changing the logic would be easy to do.
+  - flake8 --ignore=E501,W504 .
   - bash travis_scripts/build_docker_image.sh
   - pshtt --help
   - pshtt --version

diff --git a/pshtt/__init__.py b/pshtt/__init__.py
@@ -1 +1 @@
-__version__ = '0.5.1'
+__version__ = '0.5.2'
diff --git a/pshtt/pshtt.py b/pshtt/pshtt.py
@@ -414,10 +414,10 @@ def hsts_check(endpoint):
         # TODO: make this more resilient to pathological HSTS headers.
 
         # handle multiple HSTS headers, requests comma-separates them
-        first_pass = re.split(',\s?', header)[0]
-        second_pass = re.sub('\'', '', first_pass)
+        first_pass = re.split(r',\s?', header)[0]
+        second_pass = re.sub(r'\'', '', first_pass)
 
-        temp = re.split(';\s?', second_pass)
+        temp = re.split(r';\s?', second_pass)
 
         if "max-age" in header.lower():
             endpoint.hsts_max_age = int(temp[0][len("max-age="):])
@@ -473,7 +473,7 @@ def https_check(endpoint):
 
     try:
         cert_response = cert_plugin_result.as_text()
-    except AttributeError as err:
+    except AttributeError:
         logging.warn("Known error in sslyze 1.X with EC public keys. See https://github.com/nabla-c0d3/sslyze/issues/215")
         return None
     except Exception as err:
@@ -995,22 +995,16 @@ def is_domain_supports_https(domain):
 
 
 def is_domain_enforces_https(domain):
-    """
-    A domain that 'Enforces HTTPS' must 'Support HTTPS' and default to HTTPS.
-    For websites (where Redirect is false) they are allowed to eventually
-    redirect to an https:// URI. For "redirect domains" (domains where the
-    Redirect value is true) they must immediately redirect clients to an
-    https:// URI (even if that URI is on another domain) in order to be said to
-    enforce HTTPS.
+    """A domain that 'Enforces HTTPS' must 'Support HTTPS' and default to
+    HTTPS.  For websites (where Redirect is false) they are allowed to
+    eventually redirect to an https:// URI. For "redirect domains"
+    (domains where the Redirect value is true) they must immediately
+    redirect clients to an https:// URI (even if that URI is on
+    another domain) in order to be said to enforce HTTPS.
     """
     return is_domain_supports_https(domain) and (
-        is_strictly_forces_https(domain) and
-        (
-            is_defaults_to_https(domain) or
-            is_redirect(domain)
-        ) or (
-            (not is_strictly_forces_https(domain)) and
-            is_defaults_to_https(domain)
+        is_defaults_to_https(domain) or (
+            is_strictly_forces_https(domain) and is_redirect(domain)
         )
     )
 

diff --git a/pshtt/utils.py b/pshtt/utils.py
@@ -90,7 +90,7 @@ def format_domains(domains):
 
     for domain in domains:
         # Replace a single instance of http://, https://, and www. if present.
-        formatted_domains.append(re.sub("^(https?://)?(www\.)?", "", domain))
+        formatted_domains.append(re.sub(r"^(https?://)?(www\.)?", "", domain))
 
     return formatted_domains