mirror of
https://github.com/domainaware/parsedmarc.git
synced 2026-07-16 05:24:56 +00:00
Follow-ups from the review of PR #825 (whose implementation had already landed on master via #826's stacked merge): - Honor the documented [smtp] attachment and [smtp] message options. Both were parsed into opts but never passed to either summary-email transport (also broken in released 10.2.2), so a configured custom attachment filename or message body was silently ignored. Both the SMTP and Microsoft Graph transports now receive them, and the missing smtp_attachment Namespace default is added (also covers SIGHUP reload, which rebuilds opts from the CLI Namespace). - Don't mislabel non-Graph mailbox errors as Microsoft Graph failures: the shared mailbox-fetch and watch handlers now log a generic "Mailbox Error" with traceback when the connection isn't Graph. - Declare microsoft-kiota-abstractions as a direct dependency (imported directly in cli.py for Graph error handling; previously transitive). Migrate all runtime HTTP from requests to httpx (webhook client, Splunk HEC client, and the PSL-overrides / IP-database / reverse-DNS-map / IPinfo-API fetches in utils.py): - follow_redirects=True everywhere to preserve requests' default redirect-following; httpx does not follow redirects by default. - The PSL-overrides and reverse-DNS-map fetches gain a 60s timeout (previously none), matching the IP-database fetch. - response.ok -> response.is_success; requests.RequestException -> httpx.HTTPError; raw string bodies use content= (httpx's data= is form-encoding only); Splunk HEC verification moves to client construction (httpx has no per-request verify). - requests drops out of [project] dependencies and moves to the [build] extra for the out-of-wheel maintainer script collect_domain_info.py, which deliberately stays on requests/urllib3 for its permissive-TLS adapter. - Remove the requests-era module-level urllib3.disable_warnings(InsecureRequestWarning) in splunk.py; httpx doesn't route through urllib3, so its only remaining effect was globally silencing insecure-TLS warnings from other urllib3-based components as an import side effect. Nothing imports urllib3 directly anymore, so it also leaves [project] dependencies. Tests: config-to-transport wiring for attachment/message on both transports (including defaults), non-Graph errors keep the generic log line, webhook/Splunk payload assertions moved to content=, and Splunk verify asserted at httpx.Client construction. 736 passed; ruff and pyright clean. Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
168 lines
5.8 KiB
TOML
168 lines
5.8 KiB
TOML
[build-system]
|
|
requires = [
|
|
"hatchling>=1.27.0",
|
|
]
|
|
requires_python = ">=3.10,<3.15"
|
|
build-backend = "hatchling.build"
|
|
|
|
[project]
|
|
name = "parsedmarc"
|
|
dynamic = [
|
|
"version",
|
|
]
|
|
description = "A Python package and CLI for parsing aggregate, failure, and SMTP TLS DMARC reports"
|
|
readme = "README.md"
|
|
license = "Apache-2.0"
|
|
authors = [
|
|
{ name = "Sean Whalen", email = "whalenster@gmail.com" },
|
|
]
|
|
keywords = [
|
|
"DMARC",
|
|
"parser",
|
|
"reporting",
|
|
]
|
|
classifiers = [
|
|
"Development Status :: 5 - Production/Stable",
|
|
"Intended Audience :: Developers",
|
|
"Intended Audience :: Information Technology",
|
|
"License :: OSI Approved :: Apache Software License",
|
|
"Operating System :: OS Independent",
|
|
"Programming Language :: Python :: 3",
|
|
"Programming Language :: Python :: 3 :: Only",
|
|
"Programming Language :: Python :: 3.10",
|
|
"Programming Language :: Python :: 3.11",
|
|
"Programming Language :: Python :: 3.12",
|
|
"Programming Language :: Python :: 3.13",
|
|
"Programming Language :: Python :: 3.14",
|
|
]
|
|
requires-python = ">=3.10"
|
|
dependencies = [
|
|
"azure-identity>=1.8.0",
|
|
"azure-monitor-ingestion>=1.0.0",
|
|
"boto3>=1.16.63",
|
|
"dateparser>=1.1.1",
|
|
"dnspython>=2.0.0",
|
|
"elasticsearch>=8.18,<9",
|
|
"expiringdict>=1.1.4",
|
|
# The runtime HTTP library (utils.py fetches, webhook and Splunk HEC
|
|
# clients, Graph error handling in cli.py). The floor matches
|
|
# microsoft-kiota-http's own requirement.
|
|
"httpx>=0.25",
|
|
"kafka-python>=2.3.2",
|
|
"lxml>=4.4.0",
|
|
"mailsuite[gmail,msgraph]>=2.2.2",
|
|
"maxminddb>=2.0.0",
|
|
# Imported directly in cli.py for Graph error handling; otherwise
|
|
# only a transitive dep of mailsuite[msgraph] -> msgraph-sdk.
|
|
"microsoft-kiota-abstractions>=1.8.0",
|
|
"opensearch-py>=2.4.2,<=4.0.0",
|
|
"publicsuffixlist>=0.10.0",
|
|
"pygelf>=0.4.2",
|
|
"tqdm>=4.31.1",
|
|
"xmltodict>=0.12.0",
|
|
"PyYAML>=6.0.3"
|
|
]
|
|
|
|
[project.optional-dependencies]
|
|
postgresql = [
|
|
# Optional output backend. psycopg ships prebuilt binary wheels via the
|
|
# [binary] extra, but those wheels don't exist for every platform/arch,
|
|
# so PostgreSQL support is opt-in rather than a mandatory dependency.
|
|
"psycopg[binary]>=3.1.0",
|
|
]
|
|
build = [
|
|
# Used only by maintainer tooling under parsedmarc/resources/maps/ —
|
|
# `collect_domain_info.py --use-search-fallback` falls back to a
|
|
# DuckDuckGo search when the homepage fetch returns a bot-block / parked
|
|
# / empty page. Optional import; the script runs without it as long as
|
|
# the fallback flag isn't passed.
|
|
"ddgs>=9.0.0",
|
|
"hatch>=1.14.0",
|
|
"myst-parser[linkify]",
|
|
"nose",
|
|
# Pinned exactly: pyright's checks evolve between releases, so an
|
|
# unpinned version could break CI without any code change. Bump
|
|
# deliberately (and fix any new findings) rather than implicitly.
|
|
"pyright==1.1.410",
|
|
"pytest",
|
|
"pytest-cov",
|
|
# Used only by the out-of-wheel maintainer script
|
|
# parsedmarc/resources/maps/collect_domain_info.py, which deliberately
|
|
# stays on requests because its permissive-TLS fallback is built on
|
|
# urllib3's HTTPAdapter machinery.
|
|
"requests>=2.22.0",
|
|
"ruff",
|
|
"sphinx",
|
|
"sphinx_rtd_theme",
|
|
]
|
|
|
|
[project.scripts]
|
|
parsedmarc = "parsedmarc.cli:_main"
|
|
|
|
[project.urls]
|
|
Homepage = "https://domainaware.github.io/parsedmarc"
|
|
|
|
[tool.hatch.version]
|
|
path = "parsedmarc/constants.py"
|
|
|
|
[tool.hatch.build.targets.sdist]
|
|
include = [
|
|
"/parsedmarc",
|
|
]
|
|
|
|
[tool.hatch.build]
|
|
exclude = [
|
|
"base_reverse_dns.csv",
|
|
"unknown_base_reverse_dns.csv",
|
|
"README.md",
|
|
"*.bak",
|
|
# Maintenance tooling: any Python file under parsedmarc/resources/maps/
|
|
# whose name doesn't start with `_` (i.e. everything except __init__.py,
|
|
# which must keep shipping for `importlib.resources.files()` lookups).
|
|
"parsedmarc/resources/maps/[!_]*.py",
|
|
]
|
|
|
|
[tool.ruff.lint]
|
|
# Enforce modern type-hint syntax on top of ruff's default rules. With
|
|
# requires-python >=3.10, PEP 585 builtins (list[int]) and PEP 604 unions
|
|
# (X | Y, X | None) are available, so keep the deprecated typing.List /
|
|
# Union / Optional spellings out of the codebase.
|
|
extend-select = [
|
|
"UP006", # non-pep585-annotation: List -> list, Dict -> dict
|
|
"UP007", # non-pep604-annotation-union: Union[X, Y] -> X | Y
|
|
"UP035", # deprecated-import: typing.List etc. / typing -> collections.abc
|
|
"UP045", # non-pep604-annotation-optional: Optional[X] -> X | None
|
|
]
|
|
|
|
[tool.pyright]
|
|
# The whole codebase passes pyright with zero errors and warnings; CI
|
|
# enforces this (see .github/workflows/python-tests.yml). Run locally with
|
|
# `pyright` from the repo root. Requires the [postgresql] extra to be
|
|
# installed so the optional psycopg import in parsedmarc/postgres.py
|
|
# resolves.
|
|
include = ["parsedmarc", "tests", "docs"]
|
|
typeCheckingMode = "standard"
|
|
|
|
[tool.pytest.ini_options]
|
|
# Default to the per-module test layout under tests/. New tests should go
|
|
# into tests/test_<module>.py to match the file they exercise; do not
|
|
# reintroduce a monolithic tests.py.
|
|
testpaths = ["tests"]
|
|
|
|
[tool.coverage.run]
|
|
# Coverage measures shipped code only. Master's reported ≈66.9% on
|
|
# Codecov was an artefact of the old monolithic tests.py having no
|
|
# [tool.coverage.run] block, which let coverage's default behaviour
|
|
# measure every file imported during the run — including the test file
|
|
# itself at ~99% "covered". That inflated the headline by ~8 percentage
|
|
# points without any actual testing signal. Restricting to the parsedmarc
|
|
# package gives a meaningful number that tracks how much of the shipped
|
|
# library the test suite actually exercises.
|
|
source = ["parsedmarc"]
|
|
# Maintainer-only batch scripts under parsedmarc/resources/maps/ ship
|
|
# out of the wheel (see the [tool.hatch.build] exclude block above) —
|
|
# omit them so the headline number reflects only installed library code.
|
|
omit = [
|
|
"*/parsedmarc/resources/maps/*.py",
|
|
]
|