Example 1 with CallExpression
use of org.sonar.plugins.python.api.tree.CallExpression in project sonar-python by SonarSource.
the class SecureModeEncryptionAlgorithmsCheck method initialize.
@Override
public void initialize(Context context) {
context.registerSyntaxNodeConsumer(CALL_EXPR, ctx -> {
CallExpression callExpression = (CallExpression) ctx.syntaxNode();
Symbol calleeSymbol = callExpression.calleeSymbol();
if (calleeSymbol == null) {
return;
}
checkPycaLibrary(ctx, callExpression, calleeSymbol);
checkPycryptoAndCryptodomeLibraries(ctx, callExpression, calleeSymbol);
checkPydesLibrary(ctx, callExpression, calleeSymbol);
});
}
Also used :
Symbol(org.sonar.plugins.python.api.symbols.Symbol)
CallExpression(org.sonar.plugins.python.api.tree.CallExpression)
Example 2 with CallExpression
use of org.sonar.plugins.python.api.tree.CallExpression in project sonar-python by SonarSource.
the class CsrfDisabledCheck method functionCsrfExemptCheck.
/**
* Raises an issue whenever one of the CSRF-exemption decorators is used as an ordinary function.
*/
private static void functionCsrfExemptCheck(SubscriptionContext subscriptionContext) {
CallExpression callExpr = (CallExpression) subscriptionContext.syntaxNode();
Optional.ofNullable(callExpr.calleeSymbol()).map(Symbol::fullyQualifiedName).filter(DANGEROUS_DECORATORS::contains).ifPresent(fqn -> subscriptionContext.addIssue(callExpr.callee().lastToken(), MESSAGE));
}
Also used :
ClassSymbol(org.sonar.plugins.python.api.symbols.ClassSymbol)
Symbol(org.sonar.plugins.python.api.symbols.Symbol)
CallExpression(org.sonar.plugins.python.api.tree.CallExpression)
Example 3 with CallExpression
use of org.sonar.plugins.python.api.tree.CallExpression in project sonar-python by SonarSource.
the class DebugModeCheck method initialize.
@Override
public void initialize(Context context) {
context.registerSyntaxNodeConsumer(Kind.CALL_EXPR, ctx -> {
CallExpression callExpression = (CallExpression) ctx.syntaxNode();
List<Argument> arguments = callExpression.arguments();
if (!(callExpression.callee() instanceof QualifiedExpression)) {
return;
}
if ("django.conf.settings.configure".equals(getQualifiedName(callExpression)) && !arguments.isEmpty()) {
arguments.stream().filter(DebugModeCheck::isDebugArgument).forEach(arg -> ctx.addIssue(arg, MESSAGE));
}
});
context.registerSyntaxNodeConsumer(Kind.ASSIGNMENT_STMT, ctx -> {
if (!settingFiles.contains(ctx.pythonFile().fileName())) {
return;
}
AssignmentStatement assignmentStatementTree = (AssignmentStatement) ctx.syntaxNode();
for (ExpressionList lhsExpression : assignmentStatementTree.lhsExpressions()) {
boolean isDebugProperties = lhsExpression.expressions().stream().anyMatch(DebugModeCheck::isDebugIdentifier);
if (isDebugProperties && isTrueLiteral(assignmentStatementTree.assignedValue())) {
ctx.addIssue(assignmentStatementTree, MESSAGE);
}
}
});
}
Also used :
RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument)
Argument(org.sonar.plugins.python.api.tree.Argument)
QualifiedExpression(org.sonar.plugins.python.api.tree.QualifiedExpression)
AssignmentStatement(org.sonar.plugins.python.api.tree.AssignmentStatement)
CallExpression(org.sonar.plugins.python.api.tree.CallExpression)
ExpressionList(org.sonar.plugins.python.api.tree.ExpressionList)
Example 4 with CallExpression
use of org.sonar.plugins.python.api.tree.CallExpression in project sonar-python by SonarSource.
the class HttpOnlyCookieCheck method dictConstructorSessionCookieHttponlyCheck.
private void dictConstructorSessionCookieHttponlyCheck(SubscriptionContext ctx) {
CallExpression callExpression = (CallExpression) ctx.syntaxNode();
Optional<Expression> falsySetting = searchForFalsySessionCookieHttponlyInDictCons(callExpression);
falsySetting.ifPresent(expression -> ctx.addIssue(expression, message()));
}
Also used :
CallExpression(org.sonar.plugins.python.api.tree.CallExpression)
SubscriptionExpression(org.sonar.plugins.python.api.tree.SubscriptionExpression)
Expression(org.sonar.plugins.python.api.tree.Expression)
CallExpression(org.sonar.plugins.python.api.tree.CallExpression)
Example 5 with CallExpression
use of org.sonar.plugins.python.api.tree.CallExpression in project sonar-python by SonarSource.
the class ClearTextProtocolsCheck method initialize.
@Override
public void initialize(Context context) {
context.registerSyntaxNodeConsumer(Tree.Kind.STRING_ELEMENT, ctx -> {
Tree node = ctx.syntaxNode();
String value = Expressions.unescape((StringElement) node);
unsafeProtocol(value).map(protocol -> protocol.substring(0, protocol.length() - 3)).ifPresent(protocol -> ctx.addIssue(node, message(protocol)));
});
context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, ctx -> {
Symbol symbol = ((CallExpression) ctx.syntaxNode()).calleeSymbol();
isUnsafeLib(symbol).ifPresent(protocol -> ctx.addIssue(ctx.syntaxNode(), message(protocol)));
});
context.registerSyntaxNodeConsumer(Tree.Kind.ASSIGNMENT_STMT, ctx -> handleAssignmentStatement((AssignmentStatement) ctx.syntaxNode(), ctx));
}
Also used :
Arrays(java.util.Arrays)
StringElement(org.sonar.plugins.python.api.tree.StringElement)
URISyntaxException(java.net.URISyntaxException)
PythonSubscriptionCheck(org.sonar.plugins.python.api.PythonSubscriptionCheck)
HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol)
HashMap(java.util.HashMap)
SubscriptionContext(org.sonar.plugins.python.api.SubscriptionContext)
AssignmentStatement(org.sonar.plugins.python.api.tree.AssignmentStatement)
TreeUtils(org.sonar.python.tree.TreeUtils)
List(java.util.List)
CallExpression(org.sonar.plugins.python.api.tree.CallExpression)
Map(java.util.Map)
Optional(java.util.Optional)
Expression(org.sonar.plugins.python.api.tree.Expression)
Tree(org.sonar.plugins.python.api.tree.Tree)
URI(java.net.URI)
Pattern(java.util.regex.Pattern)
Rule(org.sonar.check.Rule)
Nullable(javax.annotation.Nullable)
Symbol(org.sonar.plugins.python.api.symbols.Symbol)
Expressions(org.sonar.python.checks.Expressions)
AssignmentStatement(org.sonar.plugins.python.api.tree.AssignmentStatement)
HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol)
Symbol(org.sonar.plugins.python.api.symbols.Symbol)
Tree(org.sonar.plugins.python.api.tree.Tree)
CallExpression(org.sonar.plugins.python.api.tree.CallExpression)
Aggregations
CallExpression (org.sonar.plugins.python.api.tree.CallExpression)94
Symbol (org.sonar.plugins.python.api.symbols.Symbol)54
RegularArgument (org.sonar.plugins.python.api.tree.RegularArgument)39
Expression (org.sonar.plugins.python.api.tree.Expression)33
Test (org.junit.Test)30
QualifiedExpression (org.sonar.plugins.python.api.tree.QualifiedExpression)27
FileInput (org.sonar.plugins.python.api.tree.FileInput)24
Tree (org.sonar.plugins.python.api.tree.Tree)18
List (java.util.List)17
Name (org.sonar.plugins.python.api.tree.Name)17
Argument (org.sonar.plugins.python.api.tree.Argument)15
HasSymbol (org.sonar.plugins.python.api.tree.HasSymbol)14
BinaryExpression (org.sonar.plugins.python.api.tree.BinaryExpression)12
Rule (org.sonar.check.Rule)11
SubscriptionContext (org.sonar.plugins.python.api.SubscriptionContext)11
ClassSymbol (org.sonar.plugins.python.api.symbols.ClassSymbol)11
StringLiteral (org.sonar.plugins.python.api.tree.StringLiteral)11
Set (java.util.Set)10
PythonSubscriptionCheck (org.sonar.plugins.python.api.PythonSubscriptionCheck)10
FunctionSymbol (org.sonar.plugins.python.api.symbols.FunctionSymbol)10
