Tweaks

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S504.py

@@ -1,16 +1,15 @@
 import ssl
 from ssl import wrap_socket
 
-
 ssl.wrap_socket()  # S504
 wrap_socket()  # S504
 ssl.wrap_socket(ssl_version=ssl.PROTOCOL_TLSv1_2)  # OK
 
 
-class Foo:
+class Class:
     def wrap_socket(self):
         pass
 
 
-f = Foo()
-f.wrap_socket()  # OK
+obj = Class()
+obj.wrap_socket()  # OK

crates/ruff_linter/src/registry/rule_set.rs

@@ -3,7 +3,7 @@ use ruff_macros::CacheKey;
 use std::fmt::{Debug, Formatter};
 use std::iter::FusedIterator;
 
-const RULESET_SIZE: usize = 12;
+const RULESET_SIZE: usize = 13;
 
 /// A set of [`Rule`]s.
 ///

crates/ruff_linter/src/rules/flake8_bandit/rules/ssl_with_no_version.rs

@@ -6,11 +6,11 @@ use ruff_text_size::Ranged;
 use crate::checkers::ast::Checker;
 
 /// ## What it does
-/// Checks for calls to `ssl.wrap_socket()` with no version set
+/// Checks for calls to `ssl.wrap_socket()` without an `ssl_version`.
 ///
 /// ## Why is this bad?
-/// This method is known to provide a default value that maximizes compatibility, but permits use
-/// of the aforementioned broken protocol versions.
+/// This method is known to provide a default value that maximizes
+/// compatibility, but permits use of insecure protocols.
 ///
 /// ## Example
 /// ```python
@@ -31,23 +31,21 @@ pub struct SslWithNoVersion;
 impl Violation for SslWithNoVersion {
     #[derive_message_formats]
     fn message(&self) -> String {
-        format!("`ssl.wrap_socket` called with no `ssl_version` set`")
+        format!("`ssl.wrap_socket` called without an `ssl_version``")
     }
 }
 
 /// S504
 pub(crate) fn ssl_with_no_version(checker: &mut Checker, call: &ExprCall) {
-    if !checker
+    if checker
         .semantic()
         .resolve_call_path(call.func.as_ref())
         .is_some_and(|call_path| matches!(call_path.as_slice(), ["ssl", "wrap_socket"]))
     {
-        return;
-    };
-
-    if call.arguments.find_keyword("ssl_version").is_none() {
-        checker
-            .diagnostics
-            .push(Diagnostic::new(SslWithNoVersion, call.range()));
+        if call.arguments.find_keyword("ssl_version").is_none() {
+            checker
+                .diagnostics
+                .push(Diagnostic::new(SslWithNoVersion, call.range()));
+        }
     }
 }

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S504_S504.py.snap

@@ -1,20 +1,22 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S504.py:5:1: S504 `ssl.wrap_socket` called with no `ssl_version` set`
+S504.py:4:1: S504 `ssl.wrap_socket` called without an `ssl_version``
   |
-5 | ssl.wrap_socket()  # S504
+2 | from ssl import wrap_socket
+3 | 
+4 | ssl.wrap_socket()  # S504
   | ^^^^^^^^^^^^^^^^^ S504
-6 | wrap_socket()  # S504
-7 | ssl.wrap_socket(ssl_version=ssl.PROTOCOL_TLSv1_2)  # OK
+5 | wrap_socket()  # S504
+6 | ssl.wrap_socket(ssl_version=ssl.PROTOCOL_TLSv1_2)  # OK
   |
 
-S504.py:6:1: S504 `ssl.wrap_socket` called with no `ssl_version` set`
+S504.py:5:1: S504 `ssl.wrap_socket` called without an `ssl_version``
   |
-5 | ssl.wrap_socket()  # S504
-6 | wrap_socket()  # S504
+4 | ssl.wrap_socket()  # S504
+5 | wrap_socket()  # S504
   | ^^^^^^^^^^^^^ S504
-7 | ssl.wrap_socket(ssl_version=ssl.PROTOCOL_TLSv1_2)  # OK
+6 | ssl.wrap_socket(ssl_version=ssl.PROTOCOL_TLSv1_2)  # OK
   |