Examples with AssignmentStatement org.sonar.plugins.python.api.tree.AssignmentStatement used on opensource projects

Example 1 with AssignmentStatement

use of org.sonar.plugins.python.api.tree.AssignmentStatement in project sonar-python by SonarSource.

the class OverwrittenCollectionEntryCheck method check.

private static void check(SubscriptionContext ctx, StatementList statementList) {
    Map<CollectionKey, List<CollectionWrite>> collectionWrites = new HashMap<>();
    for (Statement statement : statementList.statements()) {
        CollectionWrite write = null;
        if (statement.is(Kind.ASSIGNMENT_STMT)) {
            AssignmentStatement assignment = (AssignmentStatement) statement;
            Expression expression = lhs(assignment);
            write = collectionWrite(assignment, expression);
        }
        if (write != null) {
            collectionWrites.computeIfAbsent(write.collectionKey, k -> new ArrayList<>()).add(write);
        } else {
            reportOverwrites(ctx, collectionWrites);
            collectionWrites.clear();
        }
    }
    reportOverwrites(ctx, collectionWrites);
}

Example 2 with AssignmentStatement

use of org.sonar.plugins.python.api.tree.AssignmentStatement in project sonar-python by SonarSource.

the class CsrfDisabledCheck method flaskWtfCsrfEnabledFalseCheck.

/**
 * Checks that <code>'WTF_CSRF_ENABLED'</code> setting is not switched off.
 */
private static void flaskWtfCsrfEnabledFalseCheck(SubscriptionContext subscriptionContext) {
    AssignmentStatement asgn = (AssignmentStatement) subscriptionContext.syntaxNode();
    // Checks that the left hand side is some kind of subscription of `something['WTF_CSRF_ENABLED']`
    // Does not check what `something` is - overtainting seems extremely unlikely in this case.
    boolean isWtfCsrfEnabledSubscription = asgn.lhsExpressions().stream().flatMap(exprList -> exprList.expressions().stream()).filter(expr -> expr.is(Tree.Kind.SUBSCRIPTION)).flatMap(s -> ((SubscriptionExpression) s).subscripts().expressions().stream()).anyMatch(isStringSatisfying(s -> "WTF_CSRF_ENABLED".equals(s) || "WTF_CSRF_CHECK_DEFAULT".equals(s)));
    if (isWtfCsrfEnabledSubscription && Expressions.isFalsy(asgn.assignedValue())) {
        subscriptionContext.addIssue(asgn.assignedValue(), MESSAGE);
    }
}

Example 3 with AssignmentStatement

use of org.sonar.plugins.python.api.tree.AssignmentStatement in project sonar-python by SonarSource.

the class CsrfDisabledCheck method metaCheck.

/**
 * Detects <code>class Meta</code> withing <code>FlaskForm</code>-subclasses,
 * with <code>csrf</code> set to <code>False</code>.
 */
private static void metaCheck(SubscriptionContext subscriptionContext) {
    ClassDef classDef = (ClassDef) subscriptionContext.syntaxNode();
    if (!"Meta".equals(classDef.name().name())) {
        return;
    }
    boolean isWithinFlaskForm = Optional.ofNullable(TreeUtils.firstAncestorOfKind(classDef, Tree.Kind.CLASSDEF)).map(parentClassDef -> ((ClassDef) parentClassDef).name().symbol()).filter(s -> s.is(Symbol.Kind.CLASS)).map(ClassSymbol.class::cast).filter(parentClassSymbol -> parentClassSymbol.canBeOrExtend("flask_wtf.FlaskForm")).isPresent();
    if (!isWithinFlaskForm) {
        return;
    }
    classDef.body().statements().forEach(stmt -> {
        if (stmt.is(Tree.Kind.ASSIGNMENT_STMT)) {
            AssignmentStatement asgn = (AssignmentStatement) stmt;
            if (isLhsCalled("csrf").test(asgn) && Expressions.isFalsy(asgn.assignedValue())) {
                subscriptionContext.addIssue(asgn.assignedValue(), MESSAGE);
            }
        }
    });
}

Example 4 with AssignmentStatement

use of org.sonar.plugins.python.api.tree.AssignmentStatement in project sonar-python by SonarSource.

the class DebugModeCheck method initialize.

@Override
public void initialize(Context context) {
    context.registerSyntaxNodeConsumer(Kind.CALL_EXPR, ctx -> {
        CallExpression callExpression = (CallExpression) ctx.syntaxNode();
        List<Argument> arguments = callExpression.arguments();
        if (!(callExpression.callee() instanceof QualifiedExpression)) {
            return;
        }
        if ("django.conf.settings.configure".equals(getQualifiedName(callExpression)) && !arguments.isEmpty()) {
            arguments.stream().filter(DebugModeCheck::isDebugArgument).forEach(arg -> ctx.addIssue(arg, MESSAGE));
        }
    });
    context.registerSyntaxNodeConsumer(Kind.ASSIGNMENT_STMT, ctx -> {
        if (!settingFiles.contains(ctx.pythonFile().fileName())) {
            return;
        }
        AssignmentStatement assignmentStatementTree = (AssignmentStatement) ctx.syntaxNode();
        for (ExpressionList lhsExpression : assignmentStatementTree.lhsExpressions()) {
            boolean isDebugProperties = lhsExpression.expressions().stream().anyMatch(DebugModeCheck::isDebugIdentifier);
            if (isDebugProperties && isTrueLiteral(assignmentStatementTree.assignedValue())) {
                ctx.addIssue(assignmentStatementTree, MESSAGE);
            }
        }
    });
}

Example 5 with AssignmentStatement

use of org.sonar.plugins.python.api.tree.AssignmentStatement in project sonar-python by SonarSource.

the class ClearTextProtocolsCheck method initialize.

@Override
public void initialize(Context context) {
    context.registerSyntaxNodeConsumer(Tree.Kind.STRING_ELEMENT, ctx -> {
        Tree node = ctx.syntaxNode();
        String value = Expressions.unescape((StringElement) node);
        unsafeProtocol(value).map(protocol -> protocol.substring(0, protocol.length() - 3)).ifPresent(protocol -> ctx.addIssue(node, message(protocol)));
    });
    context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, ctx -> {
        Symbol symbol = ((CallExpression) ctx.syntaxNode()).calleeSymbol();
        isUnsafeLib(symbol).ifPresent(protocol -> ctx.addIssue(ctx.syntaxNode(), message(protocol)));
    });
    context.registerSyntaxNodeConsumer(Tree.Kind.ASSIGNMENT_STMT, ctx -> handleAssignmentStatement((AssignmentStatement) ctx.syntaxNode(), ctx));
}