Examples with HasSymbol org.sonar.plugins.python.api.tree.HasSymbol used on opensource projects

Search in sources :

Example 1 with HasSymbol

use of org.sonar.plugins.python.api.tree.HasSymbol in project sonar-python by SonarSource.

the class HardCodedCredentialsCheck method handleAssignmentStatement.

private void handleAssignmentStatement(AssignmentStatement assignmentStatement, SubscriptionContext ctx) {
    ExpressionList lhs = assignmentStatement.lhsExpressions().get(0);
    Expression expression = lhs.expressions().get(0);
    if (expression instanceof HasSymbol) {
        Symbol symbol = ((HasSymbol) expression).symbol();
        String matchedCredential = credentialSymbolName(symbol);
        if (matchedCredential != null) {
            checkAssignedValue(assignmentStatement, matchedCredential, ctx);
        }
    }
    if (expression.is(Kind.SUBSCRIPTION)) {
        SubscriptionExpression subscriptionExpression = (SubscriptionExpression) expression;
        for (Expression expr : subscriptionExpression.subscripts().expressions()) {
            if (expr.is(Kind.STRING_LITERAL)) {
                String matchedCredential = matchedCredential(((StringLiteral) expr).trimmedQuotesValue(), variablePatterns());
                if (matchedCredential != null) {
                    checkAssignedValue(assignmentStatement, matchedCredential, ctx);
                }
            }
        }
    }
}
Also used : Expression(org.sonar.plugins.python.api.tree.Expression) CallExpression(org.sonar.plugins.python.api.tree.CallExpression) SubscriptionExpression(org.sonar.plugins.python.api.tree.SubscriptionExpression) HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol) Symbol(org.sonar.plugins.python.api.symbols.Symbol) SubscriptionExpression(org.sonar.plugins.python.api.tree.SubscriptionExpression) ExpressionList(org.sonar.plugins.python.api.tree.ExpressionList) HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol)

Example 2 with HasSymbol

use of org.sonar.plugins.python.api.tree.HasSymbol in project sonar-python by SonarSource.

the class XMLParserXXEVulnerableCheck method checkSettingFeatureGesToTrue.

private static boolean checkSettingFeatureGesToTrue(CallExpression callExpression) {
    List<Argument> arguments = callExpression.arguments();
    if (arguments.size() != 2 || arguments.stream().anyMatch(argument -> !argument.is(Tree.Kind.REGULAR_ARGUMENT))) {
        return false;
    }
    Expression first = ((RegularArgument) arguments.get(0)).expression();
    Expression second = ((RegularArgument) arguments.get(1)).expression();
    if (!(first instanceof HasSymbol)) {
        return false;
    }
    Symbol symbol = ((HasSymbol) first).symbol();
    if (symbol == null) {
        return false;
    }
    return "xml.sax.handler.feature_external_ges".equals(symbol.fullyQualifiedName()) && !Expressions.isFalsy(second);
}
Also used : RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) Optional.ofNullable(java.util.Optional.ofNullable) PythonSubscriptionCheck(org.sonar.plugins.python.api.PythonSubscriptionCheck) HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol) SubscriptionContext(org.sonar.plugins.python.api.SubscriptionContext) TreeUtils(org.sonar.python.tree.TreeUtils) List(java.util.List) CallExpression(org.sonar.plugins.python.api.tree.CallExpression) QualifiedExpression(org.sonar.plugins.python.api.tree.QualifiedExpression) Argument(org.sonar.plugins.python.api.tree.Argument) NameImpl(org.sonar.python.tree.NameImpl) Expression(org.sonar.plugins.python.api.tree.Expression) Tree(org.sonar.plugins.python.api.tree.Tree) Rule(org.sonar.check.Rule) CheckForNull(javax.annotation.CheckForNull) Symbol(org.sonar.plugins.python.api.symbols.Symbol) Nullable(javax.annotation.Nullable) RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) Argument(org.sonar.plugins.python.api.tree.Argument) CallExpression(org.sonar.plugins.python.api.tree.CallExpression) QualifiedExpression(org.sonar.plugins.python.api.tree.QualifiedExpression) Expression(org.sonar.plugins.python.api.tree.Expression) HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol) Symbol(org.sonar.plugins.python.api.symbols.Symbol) RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol)

Example 3 with HasSymbol

use of org.sonar.plugins.python.api.tree.HasSymbol in project sonar-python by SonarSource.

the class ItemOperationsTypeCheck method isValidSubscription.

@Override
public boolean isValidSubscription(Expression subscriptionObject, String requiredMethod, @Nullable String classRequiredMethod, Map<LocationInFile, String> secondaries) {
    if (subscriptionObject.is(Tree.Kind.GENERATOR_EXPR)) {
        return false;
    }
    if (subscriptionObject.is(Tree.Kind.CALL_EXPR)) {
        Symbol subscriptionCalleeSymbol = ((CallExpression) subscriptionObject).calleeSymbol();
        if (subscriptionCalleeSymbol != null && subscriptionCalleeSymbol.is(FUNCTION) && ((FunctionSymbol) subscriptionCalleeSymbol).isAsynchronous()) {
            FunctionSymbol functionSymbol = (FunctionSymbol) subscriptionCalleeSymbol;
            secondaries.put(functionSymbol.definitionLocation(), String.format(SECONDARY_MESSAGE, functionSymbol.name()));
            return false;
        }
    }
    if (subscriptionObject instanceof HasSymbol) {
        Symbol symbol = ((HasSymbol) subscriptionObject).symbol();
        if (symbol == null || isTypingOrCollectionsSymbol(symbol)) {
            return true;
        }
        if (symbol.is(FUNCTION, CLASS)) {
            secondaries.put(symbol.is(FUNCTION) ? ((FunctionSymbol) symbol).definitionLocation() : ((ClassSymbol) symbol).definitionLocation(), String.format(SECONDARY_MESSAGE, symbol.name()));
            return canHaveMethod(symbol, requiredMethod, classRequiredMethod);
        }
    }
    InferredType type = subscriptionObject.type();
    String typeName = InferredTypes.typeName(type);
    String secondaryMessage = typeName != null ? String.format(SECONDARY_MESSAGE, typeName) : DEFAULT_SECONDARY_MESSAGE;
    secondaries.put(typeClassLocation(type), secondaryMessage);
    return type.canHaveMember(requiredMethod);
}
Also used : InferredType(org.sonar.plugins.python.api.types.InferredType) FunctionSymbol(org.sonar.plugins.python.api.symbols.FunctionSymbol) HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol) ClassSymbol(org.sonar.plugins.python.api.symbols.ClassSymbol) FunctionSymbol(org.sonar.plugins.python.api.symbols.FunctionSymbol) Symbol(org.sonar.plugins.python.api.symbols.Symbol) ClassSymbol(org.sonar.plugins.python.api.symbols.ClassSymbol) CallExpression(org.sonar.plugins.python.api.tree.CallExpression) HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol)

Example 4 with HasSymbol

use of org.sonar.plugins.python.api.tree.HasSymbol in project sonar-python by SonarSource.

the class IterationOnNonIterableCheck method isValidIterable.

boolean isValidIterable(Expression expression, Map<LocationInFile, String> secondaries) {
    if (expression.is(Tree.Kind.CALL_EXPR)) {
        CallExpression callExpression = (CallExpression) expression;
        Symbol calleeSymbol = callExpression.calleeSymbol();
        if (calleeSymbol != null && calleeSymbol.is(Symbol.Kind.FUNCTION) && ((FunctionSymbol) calleeSymbol).isAsynchronous()) {
            FunctionSymbol functionSymbol = (FunctionSymbol) calleeSymbol;
            secondaries.put(functionSymbol.definitionLocation(), String.format(SECONDARY_MESSAGE, functionSymbol.name()));
            return false;
        }
    }
    if (expression instanceof HasSymbol) {
        Symbol symbol = ((HasSymbol) expression).symbol();
        if (symbol != null) {
            if (symbol.is(Symbol.Kind.FUNCTION)) {
                FunctionSymbol functionSymbol = (FunctionSymbol) symbol;
                secondaries.put(functionSymbol.definitionLocation(), String.format(SECONDARY_MESSAGE, functionSymbol.name()));
                return functionSymbol.hasDecorators();
            }
            if (symbol.is(Symbol.Kind.CLASS)) {
                ClassSymbolImpl classSymbol = (ClassSymbolImpl) symbol;
                secondaries.put(classSymbol.definitionLocation(), String.format(SECONDARY_MESSAGE, classSymbol.name()));
                // Metaclasses might add the method by default
                return classSymbol.hasSuperClassWithUnknownMetaClass() || classSymbol.hasUnresolvedTypeHierarchy();
            }
        }
    }
    InferredType type = expression.type();
    String typeName = InferredTypes.typeName(type);
    String secondaryMessage = typeName != null ? String.format(SECONDARY_MESSAGE, typeName) : DEFAULT_SECONDARY_MESSAGE;
    secondaries.put(InferredTypes.typeClassLocation(type), secondaryMessage);
    return type.canHaveMember("__iter__") || type.canHaveMember("__getitem__");
}
Also used : InferredType(org.sonar.plugins.python.api.types.InferredType) FunctionSymbol(org.sonar.plugins.python.api.symbols.FunctionSymbol) HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol) ClassSymbol(org.sonar.plugins.python.api.symbols.ClassSymbol) FunctionSymbol(org.sonar.plugins.python.api.symbols.FunctionSymbol) Symbol(org.sonar.plugins.python.api.symbols.Symbol) ClassSymbolImpl(org.sonar.python.semantic.ClassSymbolImpl) CallExpression(org.sonar.plugins.python.api.tree.CallExpression) HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol)

Example 5 with HasSymbol

use of org.sonar.plugins.python.api.tree.HasSymbol in project sonar-python by SonarSource.

the class IncorrectExceptionTypeCheck method initialize.

@Override
public void initialize(Context context) {
    context.registerSyntaxNodeConsumer(Tree.Kind.RAISE_STMT, ctx -> {
        RaiseStatement raiseStatement = (RaiseStatement) ctx.syntaxNode();
        if (raiseStatement.expressions().isEmpty()) {
            return;
        }
        Expression raisedExpression = raiseStatement.expressions().get(0);
        if (!raisedExpression.type().canBeOrExtend(BASE_EXCEPTION)) {
            ctx.addIssue(raiseStatement, MESSAGE);
            return;
        }
        Symbol symbol = null;
        if (raisedExpression instanceof HasSymbol) {
            symbol = ((HasSymbol) raisedExpression).symbol();
        } else if (raisedExpression.is(Tree.Kind.CALL_EXPR)) {
            symbol = ((CallExpression) raisedExpression).calleeSymbol();
        }
        if (!mayInheritFromBaseException(symbol)) {
            ctx.addIssue(raiseStatement, MESSAGE);
        }
    });
}
Also used : CallExpression(org.sonar.plugins.python.api.tree.CallExpression) Expression(org.sonar.plugins.python.api.tree.Expression) HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol) ClassSymbol(org.sonar.plugins.python.api.symbols.ClassSymbol) Symbol(org.sonar.plugins.python.api.symbols.Symbol) CallExpression(org.sonar.plugins.python.api.tree.CallExpression) HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol) RaiseStatement(org.sonar.plugins.python.api.tree.RaiseStatement)

Aggregations

HasSymbol (org.sonar.plugins.python.api.tree.HasSymbol)11 Symbol (org.sonar.plugins.python.api.symbols.Symbol)9 Expression (org.sonar.plugins.python.api.tree.Expression)8 CallExpression (org.sonar.plugins.python.api.tree.CallExpression)6 ClassSymbol (org.sonar.plugins.python.api.symbols.ClassSymbol)5 QualifiedExpression (org.sonar.plugins.python.api.tree.QualifiedExpression)3 List (java.util.List)2 Rule (org.sonar.check.Rule)2 PythonSubscriptionCheck (org.sonar.plugins.python.api.PythonSubscriptionCheck)2 SubscriptionContext (org.sonar.plugins.python.api.SubscriptionContext)2 FunctionSymbol (org.sonar.plugins.python.api.symbols.FunctionSymbol)2 ExceptClause (org.sonar.plugins.python.api.tree.ExceptClause)2 RegularArgument (org.sonar.plugins.python.api.tree.RegularArgument)2 Tree (org.sonar.plugins.python.api.tree.Tree)2 InferredType (org.sonar.plugins.python.api.types.InferredType)2 TreeUtils (org.sonar.python.tree.TreeUtils)2 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 Optional.ofNullable (java.util.Optional.ofNullable)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial