chore: fix secure alert about set_cookie (#376)

Signed-off-by: Keming <[email protected]>

pyproject.toml

@@ -64,7 +64,7 @@ line-length = 88
 [tool.ruff.lint]
 select = ["E", "F", "B", "G", "I", "SIM", "TID", "PL", "RUF"]
 ignore = ["E501", "PLR2004", "RUF012"]
-[tool.ruff.pylint]
+[tool.ruff.lint.pylint]
 max-args = 12
 max-branches = 15
 

spectree/plugins/starlette_plugin.py

@@ -197,9 +197,7 @@ def parse_route(app, prefix=""):
         return routes
 
     def bypass(self, func, method):
-        if method in ["HEAD", "OPTIONS"]:
-            return True
-        return False
+        return method in ["HEAD", "OPTIONS"]
 
     def parse_func(self, route):
         for method in route.methods or ["GET"]:

tests/flask_imports/dry_plugin_flask.py

@@ -9,7 +9,9 @@
 
 @pytest.mark.parametrize("response_format", ["json", "xml"])
 def test_flask_skip_validation(client, response_format: str):
-    client.set_cookie(key="pub", value="abcdefg")
+    client.set_cookie(
+        key="pub", value="abcdefg", secure=True, httponly=True, samesite="Strict"
+    )
     assert response_format in ("json", "xml")
     resp = client.post(
         f"/api/user_skip/flask?order=1&response_format={response_format}",
@@ -31,7 +33,9 @@ def test_flask_skip_validation(client, response_format: str):
 
 
 def test_flask_return_model(client):
-    client.set_cookie(key="pub", value="abcdefg")
+    client.set_cookie(
+        key="pub", value="abcdefg", secure=True, httponly=True, samesite="Strict"
+    )
 
     resp = client.post(
         "/api/user_model/flask?order=1",
@@ -134,7 +138,9 @@ def test_flask_validate_basic(client):
     ],
 )
 def test_flask_validate_post_data(client, fragment):
-    client.set_cookie(key="pub", value="abcdefg")
+    client.set_cookie(
+        key="pub", value="abcdefg", secure=True, httponly=True, samesite="Strict"
+    )
     resp = client.post(
         f"/api/{fragment}/flask?order=1",
         json=dict(name="flask", limit=10),

tests/quart_imports/dry_plugin_quart.py

@@ -7,7 +7,9 @@
 
 @pytest.mark.parametrize("response_format", ["json", "xml"])
 def test_quart_skip_validation(client, response_format: str):
-    client.set_cookie("quart", "pub", "abcdefg")
+    client.set_cookie(
+        "quart", "pub", "abcdefg", secure=True, httponly=True, samesite="Strict"
+    )
 
     resp = asyncio.run(
         client.post(
@@ -32,7 +34,9 @@ def test_quart_skip_validation(client, response_format: str):
 
 
 def test_quart_return_model(client):
-    client.set_cookie("quart", "pub", "abcdefg")
+    client.set_cookie(
+        "quart", "pub", "abcdefg", secure=True, httponly=True, samesite="Strict"
+    )
 
     resp = asyncio.run(
         client.post(
@@ -129,7 +133,9 @@ def test_quart_validate(client):
     assert resp.status_code == 422
     assert resp.headers.get("X-Error") == "Validation Error"
 
-    client.set_cookie("quart", "pub", "abcdefg")
+    client.set_cookie(
+        "quart", "pub", "abcdefg", secure=True, httponly=True, samesite="Strict"
+    )
     for fragment in ("user", "user_annotated"):
         resp = asyncio.run(
             client.post(

tests/test_config.py

@@ -40,7 +40,7 @@ def test_config_contact():
         Configuration(contact={"name": "John", "url": "url"})
 
 
-@pytest.mark.skipif(EmailFieldType == str, reason="email-validator is not installled")
+@pytest.mark.skipif(EmailFieldType is str, reason="email-validator is not installled")
 def test_config_contact_invalid_email():
     with pytest.raises(ValidationError):
         Configuration(contact={"name": "John", "email": "hello"})

tests/test_response.py

@@ -43,7 +43,7 @@ def test_init_response():
     expect_400_model = gen_list_model(JSON)
     assert resp.has_model()
     assert resp.find_model(200) is None
-    assert type(resp.find_model(400)) == type(expect_400_model) and get_type_hints(
+    assert type(resp.find_model(400)) is type(expect_400_model) and get_type_hints(
         resp.find_model(400)
     ) == get_type_hints(expect_400_model)
     assert resp.find_model(401) == DemoModel