Code quality improvements

This issue tracks the different things that can be done to improve the code quality. If you want to fix some one of the issues please comment on this issue, so I can update it.

pylint

We currently have a large list of warnings that we ignore. Those have to be reviewed and removed where possible.

Current warnings:

• W1509: #932
• C0103
• C0115:
• C0116:
• C0201: #932
• C0209: #932
• C0301
• C0302
• C0111
• W0102: #939
• W0511
• W0602: #946
• W0603
• W0703
• W1201: #914, #932
• W1203: #932
• E1120: #932
• R0801
• R0902
• R0903
• R0904
• R0912
• R0913
• R0914
• R0915
• R0201: #938
• R0911
• R1729: #932
• R1732: #937

flake8 integration

Flake8 does catches some errors that pylint does not and vice versa. We should integrate it into our style checks. List of potential useful plugins:

- flake8-bugbear
- flake8-comprehensions
- flake8-simplify
- flake8-builtins

MyPy

We currently not enforce types. This makes it harder to reason about some functions and allows for subtile errors. A strict mypy configuration currently returns about 2000 warnings that can probably removed by going through Keylime and adding type annotations.

Configuration used:

[mypy]
plugins = sqlmypy
strict = True
follow_imports = silent
ignore_missing_imports = True

pyright

Static code analysis reports several typing issues in most Python files. Investigate if we should integrate it.

TODOs:

• Add initial Mypy configuration: #930
• Add type hints to every file
  • TPM abstraction code
  • verifier
  • registrar
  • tenant
  • ca_util
• Add Mypy to tox setup

LGTM, semgrep and Bandit

There are multiple tools for analyzing the AST of the Python code and finding common security and code quality issues. We should at least integrate one of them into our CI.

Fuzzing methods that take user controlled input with something like https://github.com/google/atheris can also be useful (mentioned by @kkaarreell).

TODOs

• Integrate LGTM/GraphQL into the CI: https://github.com/keylime/keylime/pull/975
  • have a look at the found issues: https://lgtm.com/projects/g/keylime/keylime/alerts/?mode=list
• Integrate Bandit into the CI

Converting dicts to classes

For the agent event loop we use a dict to store all the necessary state of an agent. This is not ideal because it is hard to reason about what is actually in this dict. We should convert this dict to a class that holds all the required state. For this class we can then also provide conversion functions from and to the ORM class.

Unit tests

Most of the older code in Keylime is only covered by the restful test or the e2e tests. We should add unit tests for this code and refactor it to make it more testable where necessary.

New code should be ideally only added with unit tests.

Automatic code formatting

The current code has no clear style guidelines. We should try to enforce a style with automated tooling.

TODOs:

• Reformat code with black and add it to the CI pipeline
• Add isort to CI
• Add pre-commit hooks to make it easier to use https://github.com/keylime/keylime/pull/982

Removal of config.REQUIRE_ROOT

With #900 merged this flag should be fully removed.

• https://github.com/keylime/keylime/pull/972

Removal of vTPM code

Originally Keylime supported vTPMs a feature from Xen. This is no longer the case and the deep quote feature is not implemented in swtpm. Most of the code is already removed but there is still some broken skeleton code in there which should be removed.

I think we can move the issue on how to trust the underlying hypervisor out of Keylime and into the platform that manages the hypervisor (e.g. OpenStack).

• https://github.com/keylime/keylime/pull/974

Removal of STUB TPM logic

There are some parts of Keylime that have code for canned values. There seems to be no documentation on how to use that code and newer parts of Keylime do not implement it. I think this code can be removed.

• https://github.com/keylime/keylime/pull/957

Removing dependency of the TPM abstraction for the registrar and verifier

Both components initialize an abstract TPM without actually using a TPM. The registrar uses a software implementation of TPM_MakeCredential and the verifier uses tpm2_checkquote and tpm2_eventlog. https://github.com/keylime/enhancements/issues/59 already proposes to move the quote verification code into a separate module which is more flexible and easier to test.

Once the rust agent is the official one, the entire TPM abstraction code could then be removed.