Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
.. image:: https://img.shields.io/badge/code%20style-black-000000.svg :target: https://github.com/python/black :alt: Black
.. image:: https://travis-ci.org/jllorencetti/pytest-deadfixtures.svg?branch=master :target: https://travis-ci.org/jllorencetti/pytest-deadfixtures :alt: See Build Status on Travis CI
A simple plugin to list unused or duplicated fixtures in a pytest suite.
You can install "pytest-deadfixtures" via pip
_ from PyPI
_::
$ pip install pytest-deadfixtures
Important
The --dead-fixtures
option will not run your tests and it's also sensible for errors in the pytest collection step.
If you are using as part of you CI process the recommended way is to run it after the default test run. For example::
script:
- pytest
- pytest --dead-fixtures
Listing unused fixtures
Just run 'pytest' with an extra option '--dead-fixtures'::
$ pytest --dead-fixtures
============================= test session starts ==============================
(hidden for brevity)
Hey there, I believe the following fixture(s) are not being used:
Fixture name: some_fixture, location: test_write_docs_when_verbose.py:5
========================= no tests ran in 0.00 seconds =========================
Using some level of verbosity will also print the docstring of each fixture::
$ pytest --dead-fixtures -v
============================= test session starts ==============================
(hidden for brevity)
Hey there, I believe the following fixture(s) are not being used:
Fixture name: some_fixture, location: test_write_docs_when_verbose.py:5
Blabla fixture docs
========================= no tests ran in 0.00 seconds =========================
Listing repeated fixtures
Now that you removed every unused fixture of your test suite, what if you want to go an extra mile?
An important note about this is that it uses the fixture return value to verify if two or more fixtures are equal.
This means fixtures without a truthy return value will be skipped.
You should use this as a hint only, verify that the functionality provided by both fixtures are really repeated before deleting one of them.
Just run 'pytest' with an extra option '--dup-fixtures', unlike the '--dead-fixtures' option, it'll normally run you tests::
$ pytest --dup-fixtures
======================================================================================================================== test session starts ========================================================================================================================
(hidden for brevity)
tests/test_deadfixtures.py ........
You may have some duplicate fixtures:
Fixture name: someclass_fixture, location: test_repeated_fixtures.py:12
Fixture name: someclass_samefixture, location: test_repeated_fixtures.py:17
wemake-django-template
_Contributions are very welcome. Tests can be run with tox
_, please ensure
the coverage at least stays the same before you submit a pull request.
Distributed under the terms of the MIT
_ license, 'pytest-deadfixtures' is free and open source software
If you encounter any problems, please file an issue
_ along with a detailed description.
.. _@jllorencetti
: https://github.com/jllorencetti
.. _MIT
: http://opensource.org/licenses/MIT
.. _file an issue
: https://github.com/jllorencetti/pytest-deadfixtures/issues
.. _pytest
: https://github.com/pytest-dev/pytest
.. _tox
: https://tox.readthedocs.io/en/latest/
.. _pip
: https://pypi.python.org/pypi/pip/
.. _PyPI
: https://pypi.python.org/pypi
.. _wemake-django-template
: https://github.com/wemake-services/wemake-django-template
FAQs
A simple plugin to list unused fixtures in pytest
We found that pytest-deadfixtures demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.