1 files changed, 50 insertions, 27 deletions
diff --git a/linter_plugin.py b/linter_plugin.py
index 4938755cf..1754b1a2a 100644
--- a/linter_plugin.py
+++ b/linter_plugin.py
@@ -1,29 +1,52 @@
-"""Certbot ACME PyLint plugin.
-
-http://docs.pylint.org/plugins.html
-
 """
-from astroid import MANAGER
-from astroid import nodes
-
-
-def register(unused_linter):
-    """Register this module as PyLint plugin."""
-
-def _transform(cls):
-    # fix the "no-member" error on instances of
-    # letsencrypt.acme.util.ImmutableMap subclasses (instance
-    # attributes are initialized dynamically based on __slots__)
+Certbot PyLint plugin.
 
-    # TODO: this is too broad and applies to any tested class...
-
-    if cls.slots() is not None:
-        for slot in cls.slots():
-            cls.locals[slot.value] = [nodes.EmptyNode()]
-
-    if cls.name == 'JSONObjectWithFields':
-        # _fields is magically introduced by JSONObjectWithFieldsMeta
-        cls.locals['_fields'] = [nodes.EmptyNode()]
-
-
-MANAGER.register_transform(nodes.Class, _transform)
+The built-in ImportChecker of Pylint does a similar job to ForbidStandardOsModule to detect
+deprecated modules. You can check its behavior as a reference to what is coded here.
+See https://github.com/PyCQA/pylint/blob/b20a2984c94e2946669d727dbda78735882bf50a/pylint/checkers/imports.py#L287
+See http://docs.pylint.org/plugins.html
+"""
+from pylint.checkers import BaseChecker
+from pylint.interfaces import IAstroidChecker
+
+# Modules in theses packages can import the os module.
+WHITELIST_PACKAGES = ['acme', 'certbot_compatibility_test', 'letshelp_certbot', 'lock_test']
+
+
+class ForbidStandardOsModule(BaseChecker):
+    """
+    This checker ensures that standard os module (and submodules) is not imported by certbot
+    modules. Otherwise an 'os-module-forbidden' error will be registered for the faulty lines.
+    """
+    __implements__ = IAstroidChecker
+
+    name = 'forbid-os-module'
+    msgs = {
+        'E5001': (
+            'Forbidden use of os module, certbot.compat.os must be used instead',
+            'os-module-forbidden',
+            'Some methods from the standard os module cannot be used for security reasons on Windows: '
+            'the safe wrapper certbot.compat.os must be used instead in Certbot.'
+        )
+    }
+    priority = -1
+
+    def visit_import(self, node):
+        os_used = any(name for name in node.names if name[0] == 'os' or name[0].startswith('os.'))
+        if os_used and not _check_disabled(node):
+            self.add_message('os-module-forbidden', node=node)
+
+    def visit_importfrom(self, node):
+        if node.modname == 'os' or node.modname.startswith('os.') and not _check_disabled(node):
+            self.add_message('os-module-forbidden', node=node)
+
+
+def register(linter):
+    """Pylint hook to auto-register this linter"""
+    linter.register_checker(ForbidStandardOsModule(linter))
+
+
+def _check_disabled(node):
+    module = node.root()
+    return any(package for package in WHITELIST_PACKAGES
+               if module.name.startswith(package + '.') or module.name == package)