Examples with Expressions org.sonar.python.checks.Expressions used on opensource projects

Search in sources :

Example 1 with Expressions

use of org.sonar.python.checks.Expressions in project sonar-python by SonarSource.

the class CsrfDisabledCheck method flaskWtfCsrfEnabledFalseCheck.

/**
 * Checks that <code>'WTF_CSRF_ENABLED'</code> setting is not switched off.
 */
private static void flaskWtfCsrfEnabledFalseCheck(SubscriptionContext subscriptionContext) {
    AssignmentStatement asgn = (AssignmentStatement) subscriptionContext.syntaxNode();
    // Checks that the left hand side is some kind of subscription of `something['WTF_CSRF_ENABLED']`
    // Does not check what `something` is - overtainting seems extremely unlikely in this case.
    boolean isWtfCsrfEnabledSubscription = asgn.lhsExpressions().stream().flatMap(exprList -> exprList.expressions().stream()).filter(expr -> expr.is(Tree.Kind.SUBSCRIPTION)).flatMap(s -> ((SubscriptionExpression) s).subscripts().expressions().stream()).anyMatch(isStringSatisfying(s -> "WTF_CSRF_ENABLED".equals(s) || "WTF_CSRF_CHECK_DEFAULT".equals(s)));
    if (isWtfCsrfEnabledSubscription && Expressions.isFalsy(asgn.assignedValue())) {
        subscriptionContext.addIssue(asgn.assignedValue(), MESSAGE);
    }
}
Also used : Arrays(java.util.Arrays) RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) PythonSubscriptionCheck(org.sonar.plugins.python.api.PythonSubscriptionCheck) AssignmentStatement(org.sonar.plugins.python.api.tree.AssignmentStatement) ClassDef(org.sonar.plugins.python.api.tree.ClassDef) ArrayList(java.util.ArrayList) TreeUtils(org.sonar.python.tree.TreeUtils) HashSet(java.util.HashSet) Decorator(org.sonar.plugins.python.api.tree.Decorator) Locale(java.util.Locale) Name(org.sonar.plugins.python.api.tree.Name) QualifiedExpression(org.sonar.plugins.python.api.tree.QualifiedExpression) Expression(org.sonar.plugins.python.api.tree.Expression) Expressions(org.sonar.python.checks.Expressions) Usage(org.sonar.plugins.python.api.symbols.Usage) KeyValuePair(org.sonar.plugins.python.api.tree.KeyValuePair) Predicate(java.util.function.Predicate) Set(java.util.Set) StringLiteral(org.sonar.plugins.python.api.tree.StringLiteral) SubscriptionContext(org.sonar.plugins.python.api.SubscriptionContext) ClassSymbol(org.sonar.plugins.python.api.symbols.ClassSymbol) Collectors(java.util.stream.Collectors) ListLiteral(org.sonar.plugins.python.api.tree.ListLiteral) Objects(java.util.Objects) List(java.util.List) Stream(java.util.stream.Stream) CallExpression(org.sonar.plugins.python.api.tree.CallExpression) SubscriptionExpression(org.sonar.plugins.python.api.tree.SubscriptionExpression) Optional(java.util.Optional) Tree(org.sonar.plugins.python.api.tree.Tree) Pattern(java.util.regex.Pattern) Rule(org.sonar.check.Rule) DictionaryLiteral(org.sonar.plugins.python.api.tree.DictionaryLiteral) Symbol(org.sonar.plugins.python.api.symbols.Symbol) AssignmentStatement(org.sonar.plugins.python.api.tree.AssignmentStatement) SubscriptionExpression(org.sonar.plugins.python.api.tree.SubscriptionExpression)

Example 2 with Expressions

use of org.sonar.python.checks.Expressions in project sonar-python by SonarSource.

the class CorsCheck method checkAllowOriginProperty.

private static void checkAllowOriginProperty(SubscriptionContext ctx) {
    AssignmentStatement assignment = (AssignmentStatement) ctx.syntaxNode();
    Optional<Expression> lhs = getOnlyAssignedLhs(assignment);
    if (lhs.isPresent() && lhs.get().is(SUBSCRIPTION)) {
        SubscriptionExpression subscription = (SubscriptionExpression) lhs.get();
        List<Expression> subscripts = subscription.subscripts().expressions();
        if (subscripts.size() != 1) {
            return;
        }
        if (subscription.object().is(NAME) && TYPES_TO_CHECK.stream().anyMatch(t -> subscription.object().type().canOnlyBe(t))) {
            reportIfAllowOriginIsSet(ctx, assignment, subscripts.get(0));
        } else {
            checkAllowOriginPropertyQualifiedExpr(ctx, assignment, subscription, subscripts);
        }
    }
}
Also used : LIST_LITERAL(org.sonar.plugins.python.api.tree.Tree.Kind.LIST_LITERAL) Arrays(java.util.Arrays) RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) REGULAR_ARGUMENT(org.sonar.plugins.python.api.tree.Tree.Kind.REGULAR_ARGUMENT) PythonSubscriptionCheck(org.sonar.plugins.python.api.PythonSubscriptionCheck) ASSIGNMENT_STMT(org.sonar.plugins.python.api.tree.Tree.Kind.ASSIGNMENT_STMT) FunctionDef(org.sonar.plugins.python.api.tree.FunctionDef) AssignmentStatement(org.sonar.plugins.python.api.tree.AssignmentStatement) ArgList(org.sonar.plugins.python.api.tree.ArgList) TreeUtils(org.sonar.python.tree.TreeUtils) Decorator(org.sonar.plugins.python.api.tree.Decorator) CALL_EXPR(org.sonar.plugins.python.api.tree.Tree.Kind.CALL_EXPR) STRING_LITERAL(org.sonar.plugins.python.api.tree.Tree.Kind.STRING_LITERAL) Name(org.sonar.plugins.python.api.tree.Name) QualifiedExpression(org.sonar.plugins.python.api.tree.QualifiedExpression) DICTIONARY_LITERAL(org.sonar.plugins.python.api.tree.Tree.Kind.DICTIONARY_LITERAL) Expression(org.sonar.plugins.python.api.tree.Expression) Parameter(org.sonar.plugins.python.api.tree.Parameter) Nullable(javax.annotation.Nullable) DictionaryLiteralElement(org.sonar.plugins.python.api.tree.DictionaryLiteralElement) Expressions(org.sonar.python.checks.Expressions) KeyValuePair(org.sonar.plugins.python.api.tree.KeyValuePair) DECORATOR(org.sonar.plugins.python.api.tree.Tree.Kind.DECORATOR) StringLiteral(org.sonar.plugins.python.api.tree.StringLiteral) SubscriptionContext(org.sonar.plugins.python.api.SubscriptionContext) ListLiteral(org.sonar.plugins.python.api.tree.ListLiteral) KEY_VALUE_PAIR(org.sonar.plugins.python.api.tree.Tree.Kind.KEY_VALUE_PAIR) NAME(org.sonar.plugins.python.api.tree.Tree.Kind.NAME) ParameterList(org.sonar.plugins.python.api.tree.ParameterList) List(java.util.List) CallExpression(org.sonar.plugins.python.api.tree.CallExpression) ExpressionList(org.sonar.plugins.python.api.tree.ExpressionList) SUBSCRIPTION(org.sonar.plugins.python.api.tree.Tree.Kind.SUBSCRIPTION) SubscriptionExpression(org.sonar.plugins.python.api.tree.SubscriptionExpression) Argument(org.sonar.plugins.python.api.tree.Argument) Optional(java.util.Optional) Tree(org.sonar.plugins.python.api.tree.Tree) TUPLE(org.sonar.plugins.python.api.tree.Tree.Kind.TUPLE) Rule(org.sonar.check.Rule) DictionaryLiteral(org.sonar.plugins.python.api.tree.DictionaryLiteral) Tuple(org.sonar.plugins.python.api.tree.Tuple) Collections(java.util.Collections) Symbol(org.sonar.plugins.python.api.symbols.Symbol) AssignmentStatement(org.sonar.plugins.python.api.tree.AssignmentStatement) QualifiedExpression(org.sonar.plugins.python.api.tree.QualifiedExpression) Expression(org.sonar.plugins.python.api.tree.Expression) CallExpression(org.sonar.plugins.python.api.tree.CallExpression) SubscriptionExpression(org.sonar.plugins.python.api.tree.SubscriptionExpression) SubscriptionExpression(org.sonar.plugins.python.api.tree.SubscriptionExpression)

Example 3 with Expressions

use of org.sonar.python.checks.Expressions in project sonar-python by SonarSource.

the class PubliclyWritableDirectoriesCheck method initialize.

@Override
public void initialize(Context context) {
    context.registerSyntaxNodeConsumer(Kind.STRING_ELEMENT, ctx -> {
        StringElement tree = (StringElement) ctx.syntaxNode();
        String stringElement = Expressions.unescape(tree).toLowerCase(Locale.ENGLISH);
        if (UNIX_WRITABLE_DIRECTORIES.stream().anyMatch(dir -> containsDirectory(stringElement, dir)) || WINDOWS_WRITABLE_DIRECTORIES.matcher(stringElement).matches()) {
            ctx.addIssue(tree, MESSAGE);
        }
    });
    context.registerSyntaxNodeConsumer(Kind.CALL_EXPR, ctx -> {
        CallExpression tree = (CallExpression) ctx.syntaxNode();
        List<Argument> arguments = tree.arguments();
        if (isOsEnvironGetter(tree) && arguments.stream().filter(arg -> arg.is(Kind.REGULAR_ARGUMENT)).map(RegularArgument.class::cast).map(RegularArgument::expression).anyMatch(PubliclyWritableDirectoriesCheck::isNonCompliantOsEnvironArgument)) {
            ctx.addIssue(tree, MESSAGE);
        }
    });
    context.registerSyntaxNodeConsumer(Kind.SUBSCRIPTION, ctx -> {
        SubscriptionExpression tree = (SubscriptionExpression) ctx.syntaxNode();
        if (isOsEnvironQualifiedExpression(tree.object()) && tree.subscripts().expressions().stream().anyMatch(PubliclyWritableDirectoriesCheck::isNonCompliantOsEnvironArgument)) {
            ctx.addIssue(tree, MESSAGE);
        }
    });
}
Also used : Arrays(java.util.Arrays) RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) StringElement(org.sonar.plugins.python.api.tree.StringElement) PythonSubscriptionCheck(org.sonar.plugins.python.api.PythonSubscriptionCheck) HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol) StringLiteral(org.sonar.plugins.python.api.tree.StringLiteral) Kind(org.sonar.plugins.python.api.tree.Tree.Kind) List(java.util.List) CallExpression(org.sonar.plugins.python.api.tree.CallExpression) SubscriptionExpression(org.sonar.plugins.python.api.tree.SubscriptionExpression) Locale(java.util.Locale) Argument(org.sonar.plugins.python.api.tree.Argument) Expression(org.sonar.plugins.python.api.tree.Expression) Pattern(java.util.regex.Pattern) Rule(org.sonar.check.Rule) Expressions(org.sonar.python.checks.Expressions) Symbol(org.sonar.plugins.python.api.symbols.Symbol) RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) Argument(org.sonar.plugins.python.api.tree.Argument) StringElement(org.sonar.plugins.python.api.tree.StringElement) RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) SubscriptionExpression(org.sonar.plugins.python.api.tree.SubscriptionExpression) CallExpression(org.sonar.plugins.python.api.tree.CallExpression)

Example 4 with Expressions

use of org.sonar.python.checks.Expressions in project sonar-python by SonarSource.

the class HttpOnlyCookieCheck method subscriptionSessionCookieHttponlyCheck.

private void subscriptionSessionCookieHttponlyCheck(SubscriptionContext ctx) {
    AssignmentStatement assignmentStatement = (AssignmentStatement) ctx.syntaxNode();
    boolean isSubscriptionToSessionCookieHttponly = assignmentStatement.lhsExpressions().stream().flatMap(exprList -> exprList.expressions().stream()).filter(expr -> expr.is(Tree.Kind.SUBSCRIPTION)).flatMap(subscription -> ((SubscriptionExpression) subscription).subscripts().expressions().stream()).anyMatch(HttpOnlyCookieCheck::isSessionCookieHttponlyStringLiteral);
    if (isSubscriptionToSessionCookieHttponly && Expressions.isFalsy(assignmentStatement.assignedValue())) {
        ctx.addIssue(assignmentStatement.assignedValue(), message());
    }
}
Also used : KeyValuePair(org.sonar.plugins.python.api.tree.KeyValuePair) RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) StringLiteral(org.sonar.plugins.python.api.tree.StringLiteral) HashMap(java.util.HashMap) SubscriptionContext(org.sonar.plugins.python.api.SubscriptionContext) AssignmentStatement(org.sonar.plugins.python.api.tree.AssignmentStatement) CallExpression(org.sonar.plugins.python.api.tree.CallExpression) SubscriptionExpression(org.sonar.plugins.python.api.tree.SubscriptionExpression) Name(org.sonar.plugins.python.api.tree.Name) Map(java.util.Map) Argument(org.sonar.plugins.python.api.tree.Argument) Optional(java.util.Optional) Expression(org.sonar.plugins.python.api.tree.Expression) Tree(org.sonar.plugins.python.api.tree.Tree) Rule(org.sonar.check.Rule) DictionaryLiteral(org.sonar.plugins.python.api.tree.DictionaryLiteral) Collections(java.util.Collections) Symbol(org.sonar.plugins.python.api.symbols.Symbol) Expressions(org.sonar.python.checks.Expressions) AssignmentStatement(org.sonar.plugins.python.api.tree.AssignmentStatement) SubscriptionExpression(org.sonar.plugins.python.api.tree.SubscriptionExpression)

Aggregations

Rule (org.sonar.check.Rule)4 Symbol (org.sonar.plugins.python.api.symbols.Symbol)4 CallExpression (org.sonar.plugins.python.api.tree.CallExpression)4 Expression (org.sonar.plugins.python.api.tree.Expression)4 RegularArgument (org.sonar.plugins.python.api.tree.RegularArgument)4 StringLiteral (org.sonar.plugins.python.api.tree.StringLiteral)4 SubscriptionExpression (org.sonar.plugins.python.api.tree.SubscriptionExpression)4 Expressions (org.sonar.python.checks.Expressions)4 Arrays (java.util.Arrays)3 List (java.util.List)3 Optional (java.util.Optional)3 PythonSubscriptionCheck (org.sonar.plugins.python.api.PythonSubscriptionCheck)3 SubscriptionContext (org.sonar.plugins.python.api.SubscriptionContext)3 Argument (org.sonar.plugins.python.api.tree.Argument)3 AssignmentStatement (org.sonar.plugins.python.api.tree.AssignmentStatement)3 DictionaryLiteral (org.sonar.plugins.python.api.tree.DictionaryLiteral)3 KeyValuePair (org.sonar.plugins.python.api.tree.KeyValuePair)3 Name (org.sonar.plugins.python.api.tree.Name)3 Tree (org.sonar.plugins.python.api.tree.Tree)3 Collections (java.util.Collections)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial