fix(types): P0 mypy — explicit binascii import, drop dead or None in ntlmssp

syslog_bridge.py: base64.binascii is not a public mypy-visible attribute; import binascii directly and reference binascii.Error at the except clause. Propagated to all 26 template subdirectory copies (all were drift-free). ntlmssp.py: `principal = username or None` widened the type to str | None for no runtime reason — _decode_str() always returns str. Drop the `or None`. Propagated to smb/ and rdp/ copies. 762 → 722 mypy errors (-40).
2026-05-01 00:09:00 -04:00
parent fc1f0914b7
commit 909913e912
30 changed files with 57 additions and 30 deletions
--- a/decnet/templates/_shared/ntlmssp.py
+++ b/decnet/templates/_shared/ntlmssp.py
@@ -120,7 +120,7 @@ def parse_type3(blob: bytes) -> Optional[dict]:
    if domain:
        principal = f"{domain}\\{username}"
    else:
-        principal = username or None
+        principal = username
    return {
        "username": username,
--- a/decnet/templates/conpot/syslog_bridge.py
+++ b/decnet/templates/conpot/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/docker_api/syslog_bridge.py
+++ b/decnet/templates/docker_api/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/elasticsearch/syslog_bridge.py
+++ b/decnet/templates/elasticsearch/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/ftp/syslog_bridge.py
+++ b/decnet/templates/ftp/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/http/syslog_bridge.py
+++ b/decnet/templates/http/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/https/syslog_bridge.py
+++ b/decnet/templates/https/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/imap/syslog_bridge.py
+++ b/decnet/templates/imap/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/k8s/syslog_bridge.py
+++ b/decnet/templates/k8s/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/ldap/syslog_bridge.py
+++ b/decnet/templates/ldap/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/llmnr/syslog_bridge.py
+++ b/decnet/templates/llmnr/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/mongodb/syslog_bridge.py
+++ b/decnet/templates/mongodb/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/mqtt/syslog_bridge.py
+++ b/decnet/templates/mqtt/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/mssql/syslog_bridge.py
+++ b/decnet/templates/mssql/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/mysql/syslog_bridge.py
+++ b/decnet/templates/mysql/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/pop3/syslog_bridge.py
+++ b/decnet/templates/pop3/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/postgres/syslog_bridge.py
+++ b/decnet/templates/postgres/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/rdp/ntlmssp.py
+++ b/decnet/templates/rdp/ntlmssp.py
@@ -120,7 +120,7 @@ def parse_type3(blob: bytes) -> Optional[dict]:
    if domain:
        principal = f"{domain}\\{username}"
    else:
-        principal = username or None
+        principal = username
    return {
        "username": username,
--- a/decnet/templates/rdp/syslog_bridge.py
+++ b/decnet/templates/rdp/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/redis/syslog_bridge.py
+++ b/decnet/templates/redis/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/sip/syslog_bridge.py
+++ b/decnet/templates/sip/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/smb/ntlmssp.py
+++ b/decnet/templates/smb/ntlmssp.py
@@ -120,7 +120,7 @@ def parse_type3(blob: bytes) -> Optional[dict]:
    if domain:
        principal = f"{domain}\\{username}"
    else:
-        principal = username or None
+        principal = username
    return {
        "username": username,
--- a/decnet/templates/smb/syslog_bridge.py
+++ b/decnet/templates/smb/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/smtp/syslog_bridge.py
+++ b/decnet/templates/smtp/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/snmp/syslog_bridge.py
+++ b/decnet/templates/snmp/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/ssh/syslog_bridge.py
+++ b/decnet/templates/ssh/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/syslog_bridge.py
+++ b/decnet/templates/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/telnet/syslog_bridge.py
+++ b/decnet/templates/telnet/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/tftp/syslog_bridge.py
+++ b/decnet/templates/tftp/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None
--- a/decnet/templates/vnc/syslog_bridge.py
+++ b/decnet/templates/vnc/syslog_bridge.py
@@ -13,6 +13,7 @@ Facility: local0 (16). SD element ID uses PEN 55555.
 """
 import base64
 import binascii
 import re
 from datetime import datetime, timezone
 from typing import Any, Optional
@@ -144,7 +145,7 @@ def classify_authorization(header_value: Optional[str]) -> Optional[dict[str, An
    if scheme == "basic":
        try:
            decoded = base64.b64decode(rest, validate=True).decode("utf-8", errors="replace")
-        except (ValueError, base64.binascii.Error):
+        except (ValueError, binascii.Error):
            return None
        if ":" not in decoded:
            return None