Skip to content

Code Quality

ALN** occurrences by order of importance

NOQA Number of occurrences
ALN069: You can't import models from other components, see: https://www.notion.so/alaninsurance/Modular-monolith-a9d84f1318d34115bbd08b3648e5a587 ⧉", 11
ALN043: You can only import things from a Component public module, see: https://www.notion.so/alaninsurance/Modular-monolith-a9d84f1318d34115bbd08b3648e5a587 ⧉", 24
ALN021: Foreign keys must use models, not string. See this Notion page : https://www.notion.so/alaninsurance/Imports-5495c8713847434986ef03ad09158bf1 ⧉ 3
ALN051: Check that we use isodate_field(), optional_isodate_field(), isodatetime_field() and optional_isodatetime_field() in json dataclasses for es/be/ca apps 1
ALN085: Enforces SQLAlchemy 2.0 query style by detecting deprecated patterns that will be removed in SQLAlchemy 2.0. This linter checks for: 1. Usage of session.query() which is deprecated in favor of session.scalar(), session.scalars(), or session.execute() Note: Other SQLAlchemy 2.0 deprecation warnings are already being turned into errors at runtime by the _turn_sql_alchemy_warning_into_errors function in backend/shared/models/orm/sqlalchemy.py. 22
ALN103: Do not put secrets on a hardcoded custom-scheme deep link. Custom URL schemes (alanmobile://, alanbemobile://, alanesmobile://) can be registered by any app on the device, which can then hijack the link and read everything in it. So a secret query parameter on such a link can leak to a malicious app → token theft / account takeover. This guard only flags hardcoded string/f-string literals that carry both a custom scheme and a forbidden query parameter — the one pattern that is custom scheme in every environment (it bypasses DEEP_LINK_BASE_URL, which is https in prod). The build_deep_link(query_args={"token": ...}) path is intentionally not flagged: it resolves to an https Branch/Universal Link in prod. Bad: deeplink = f"alanmobile://impersonate/?user_id={uid}&admin_token={token}" Good: url = build_url(key, base_url=current_config["FR_FRONT_END_BASE_URL"], query_args={"token": token}) # https://link.alan.com/ ⧉... Known gaps (rare, accepted): string concatenation with + across literals, and a forbidden param injected only through an interpolated variable (e.g. f"alanmobile://{href}") are not statically visible. 1

Listing of files of the most critical ALN**

ALN069 occurs 11 times

File:line Content
components/ca/bootstrap/dependencies/gamification.py:177 ⧉ from components.gamification.internal.models.player import ( # noqa: ALN069
components/ca/internal/exemption/actions/tests/test_create_manual_exemption.py:37 ⧉ from components.onboarding.internal.models.tests.factories.factories import ( # noqa: ALN069
components/ca/internal/exemption/actions/tests/test_create_exemption_with_justification.py:19 ⧉ from components.onboarding.internal.models.tests.factories.factories import ( # noqa: ALN069
components/ca/internal/billing/models/premium_component.py:5 ⧉ from components.premium.public.models.helper import prefix_table_args # noqa: ALN069
components/ca/internal/billing/models/premium_component.py:6 ⧉ from components.premium.public.models.premium_component import ( # noqa: ALN069
components/ca/internal/user/controllers/tests/test_user_controller_smorest_migration.py:13 ⧉ from components.onboarding.internal.models.tests.factories.factories import ( # noqa: ALN069
components/ca/internal/tests/factories/factories.py:107 ⧉ from components.gamification.internal.models.player import Player # noqa: ALN069
components/ca/internal/tests/factories/factories.py:115 ⧉ from components.global_profile.internal.models.tests.factories import ( # noqa: ALN069
components/ca/internal/tests/factories/create_onboarded_ca_admin.py:16 ⧉ from components.onboarding.internal.models.brokers.onboarding_invitation import ( # noqa: ALN069
components/ca/internal/claim_management/claim_engine/steps/reimbursement_payment/business_logic/actions/tests/test_submit_reimbursement_payment.py:26 ⧉ from components.payment_gateway.subcomponents.accounts.models.tests.factories import ( # noqa: ALN069 for testing purposes
components/ca/internal/claim_management/claim_engine/steps/settlement/business_logic/actions/tests/test_reprocess_settlement_payments.py:22 ⧉ from components.payment_gateway.subcomponents.accounts.models.tests.factories import ( # noqa: ALN069 for testing purposes

ALN043 occurs 24 times

File:line Content
components/ca/conftest.py:34 ⧉ from components.authentication.bootstrap.bootstrap import ( # noqa: ALN043 allowed in conftest
components/ca/conftest.py:38 ⧉ from components.contracting.subcomponents.proposal.bootstrap.bootstrap import ( # noqa: ALN043 allowed in conftest
components/ca/conftest.py:41 ⧉ from components.customer_admin.bootstrap.bootstrap import ( # noqa: ALN043 allowed in conftest
components/ca/conftest.py:44 ⧉ from components.documents.bootstrap.bootstrap import ( # noqa: ALN043 allowed in conftest
components/ca/conftest.py:47 ⧉ from components.employment.bootstrap.bootstrap import ( # noqa: ALN043 allowed in conftest
components/ca/conftest.py:50 ⧉ from components.global_profile.bootstrap.bootstrap import ( # noqa: ALN043 allowed in conftest
components/ca/conftest.py:53 ⧉ from components.onboarding.bootstrap.bootstrap import ( # noqa: ALN043 allowed in conftest
components/ca/conftest.py:56 ⧉ from components.payment_gateway.bootstrap.bootstrap import ( # noqa: ALN043 allowed in conftest
components/ca/conftest.py:83 ⧉ from components.global_customer_dashboard.internal.controllers.admin import ( # noqa: ALN043
components/ca/conftest.py:87 ⧉ from components.global_customer_dashboard.internal.controllers.dsn_status import ( # noqa: ALN043
components/ca/features/steps/admin.py:15 ⧉ from components.global_customer_dashboard.external.actions.admin_invitation import ( # noqa: ALN043
components/ca/features/steps/admin.py:18 ⧉ from components.global_customer_dashboard.internal.business_logic.queries.admin_invitation import ( # noqa: ALN043
components/ca/features/steps/admin.py:24 ⧉ from components.onboarding.internal.actions.signup import ( # noqa: ALN043
components/ca/features/steps/admin.py:29 ⧉ from components.onboarding.internal.actions.update_company_admin_onboarding import ( # noqa: ALN043
components/ca/bootstrap/dependencies/customer_admin.py:23 ⧉ from components.customer_admin.internal.business_logic.queries.customer_admin_repository import ( # noqa: ALN043
components/ca/internal/contracting/commands/contracting.py:11 ⧉ from components.contracting.subcomponents.proposal.v2.internal.cli.expire_contracting_packages import ( # noqa: ALN043
components/ca/internal/customer_dashboard/controllers/tests/test_admin.py:22 ⧉ from components.global_customer_dashboard.external.queries.user import ( # noqa: ALN043
components/ca/internal/user/profile/repository.py:5 ⧉ from components.global_profile.internal.domain.entities import ( # noqa: ALN043
components/ca/internal/user/profile/repository.py:8 ⧉ from components.global_profile.internal.infrastructure.repository import ( # noqa: ALN043
components/ca/internal/user/controllers/tests/test_user_controller_smorest_migration.py:10 ⧉ from components.global_profile.internal.domain.tests.factories import ( # noqa: ALN043
components/ca/internal/tests/factories/factories.py:109 ⧉ from components.global_profile.internal.domain.tests.factories import ( # noqa: ALN043
components/ca/internal/tests/factories/factories.py:112 ⧉ from components.global_profile.internal.infrastructure.repository import ( # noqa: ALN043
components/ca/internal/tests/factories/create_onboarded_ca_admin.py:13 ⧉ from components.onboarding.internal.actions.update_company_admin_onboarding import ( # noqa: ALN043
components/ca/internal/helpers/tests/base_test_app.py:21 ⧉ from components.onboarding.bootstrap.testing import ( # noqa: ALN043