SONARPY-3193 implement CallGraph data structure

pass call graph to checks

use call graph in AwsLambdaChecksUtils

fixes after PR

add isTrue and isFalse to TriBool

GitOrigin-RevId: 23a990b2adb91191a658a5448ab1c70dac6c5b01

Author: Seppli11

python-checks/src/main/java/org/sonar/python/checks/utils/AwsLambdaChecksUtils.java

@@ -16,22 +16,38 @@
  */
 package org.sonar.python.checks.utils;
 
+import org.sonar.plugins.python.api.PythonVisitorContext;
 import org.sonar.plugins.python.api.project.configuration.ProjectConfiguration;
 import org.sonar.plugins.python.api.tree.FunctionDef;
 import org.sonar.plugins.python.api.types.v2.FunctionType;
+import org.sonar.plugins.python.api.types.v2.TriBool;
+import org.sonar.python.semantic.v2.callgraph.CallGraph;
+import org.sonar.python.semantic.v2.callgraph.CallGraphWalker;
 
 public class AwsLambdaChecksUtils {
 
   private AwsLambdaChecksUtils() {
   }
 
-  public static boolean isLambdaHandler(ProjectConfiguration projectConfiguration, FunctionDef functionDef) {
-    return functionDef.name().typeV2() instanceof FunctionType functionType
-           && projectConfiguration.awsProjectConfiguration()
+  public static boolean isLambdaHandler(PythonVisitorContext ctx, FunctionDef functionDef) {
+    if (functionDef.name().typeV2() instanceof FunctionType functionType) {
+      String fqn = functionType.fullyQualifiedName();
+      return isLambdaHandlerFqn(ctx.projectConfiguration(), fqn) 
+        || isFqnCalledFromLambdaHandler(ctx.callGraph(), ctx.projectConfiguration(), fqn);
+    }
+    return false;
+  }
+
+  private static boolean isLambdaHandlerFqn(ProjectConfiguration projectConfiguration, String fqn) {
+    return projectConfiguration.awsProjectConfiguration()
              .awsLambdaHandlers()
              .stream()
-             .anyMatch(handler -> handler.fullyQualifiedName().equals(functionType.fullyQualifiedName()));
+             .anyMatch(handler -> handler.fullyQualifiedName().equals(fqn));
   }
 
-
+  private static boolean isFqnCalledFromLambdaHandler(CallGraph callGraph, ProjectConfiguration projectConfiguration, String fqn) {
+    return new CallGraphWalker(callGraph)
+      .isUsedFrom(fqn, node -> isLambdaHandlerFqn(projectConfiguration, node.fqn()))
+      .isTrue();
+  }
 }

python-checks/src/test/java/org/sonar/python/checks/utils/AwsLambdaCheckUtilsTest.java

@@ -0,0 +1,107 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.checks.utils;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+import org.sonar.plugins.python.api.PythonFile;
+import org.sonar.plugins.python.api.PythonVisitorContext;
+import org.sonar.plugins.python.api.project.configuration.AwsLambdaHandlerInfo;
+import org.sonar.plugins.python.api.project.configuration.ProjectConfiguration;
+import org.sonar.plugins.python.api.tree.FileInput;
+import org.sonar.plugins.python.api.tree.FunctionDef;
+import org.sonar.plugins.python.api.tree.Name;
+import org.sonar.plugins.python.api.types.v2.FunctionType;
+import org.sonar.plugins.python.api.types.v2.PythonType;
+import org.sonar.python.semantic.v2.callgraph.CallGraph;
+import org.sonar.python.tree.FileInputImpl;
+
+class AwsLambdaChecksUtilsTest {
+  @Test
+  void isLambdaHandlerTest_direct() {
+    var pythonVisitorContext = pythonVisitorContext(CallGraph.EMPTY);
+
+    var functionDef = functionDef("a.b.c");
+    assertThat(AwsLambdaChecksUtils.isLambdaHandler(pythonVisitorContext, functionDef)).isFalse();
+
+    pythonVisitorContext.projectConfiguration().awsProjectConfiguration().awsLambdaHandlers().add(new AwsLambdaHandlerInfo("a.b.c"));
+    assertThat(AwsLambdaChecksUtils.isLambdaHandler(pythonVisitorContext, functionDef)).isTrue();
+
+    var functionDefWithUnknownType = functionDef(PythonType.UNKNOWN);
+    assertThat(AwsLambdaChecksUtils.isLambdaHandler(pythonVisitorContext, functionDefWithUnknownType)).isFalse();
+  }
+
+  @Test
+  void isLambdaHandlerTest_callGraph() {
+    var callGraph = new CallGraph.Builder()
+      .addUsage("lambda.handler", "a.b.c")
+      .addUsage("a.b.c", "e.f.g")
+      .build();
+
+    var pythonVisitorContext = pythonVisitorContext(callGraph);
+
+    var functionDef = functionDef("e.f.g");
+
+    assertThat(AwsLambdaChecksUtils.isLambdaHandler(pythonVisitorContext, functionDef)).isFalse();
+
+    pythonVisitorContext.projectConfiguration().awsProjectConfiguration().awsLambdaHandlers().add(new AwsLambdaHandlerInfo("lambda.handler"));
+    assertThat(AwsLambdaChecksUtils.isLambdaHandler(pythonVisitorContext, functionDef)).isTrue();
+  }
+
+  private static PythonVisitorContext pythonVisitorContext(CallGraph callGraph) {
+    PythonFile pythonFile = pythonFile("test.py");
+    FileInput fileInput = mock(FileInputImpl.class);
+    
+    return new PythonVisitorContext.Builder(fileInput, pythonFile)
+      .projectConfiguration(new ProjectConfiguration())
+      .callGraph(callGraph)
+      .build();
+  }
+
+
+  private static FunctionDef functionDef(String name) {
+    FunctionType functionNameType = Mockito.mock(FunctionType.class);
+    Mockito.when(functionNameType.fullyQualifiedName()).thenReturn(name);
+    return functionDef(functionNameType);
+  }
+
+  private static FunctionDef functionDef(PythonType type) {
+    Name functionName = Mockito.mock(Name.class);
+    FunctionDef functionDef = Mockito.mock(FunctionDef.class);
+
+    Mockito.when(functionName.typeV2()).thenReturn(type);
+    Mockito.when(functionDef.name()).thenReturn(functionName);
+    return functionDef;
+  }
+
+  private static PythonFile pythonFile(String fileName) {
+    PythonFile pythonFile = Mockito.mock(PythonFile.class);
+    Mockito.when(pythonFile.fileName()).thenReturn(fileName);
+    try {
+      Mockito.when(pythonFile.uri()).thenReturn(Files.createTempFile(fileName, "py").toUri());
+    } catch (IOException e) {
+      throw new IllegalStateException("Cannot create temporary file");
+    }
+    return pythonFile;
+  }
+
+}

python-checks/src/test/java/org/sonar/python/checks/utils/AwsLambdaChecksUtilsTest.java

@@ -36,6 +36,7 @@
 import org.sonar.python.semantic.v2.ProjectLevelTypeTable;
 import org.sonar.python.semantic.v2.SymbolTableBuilderV2;
 import org.sonar.python.semantic.v2.TypeInferenceV2;
+import org.sonar.python.semantic.v2.callgraph.CallGraph;
 import org.sonar.python.types.v2.TypeChecker;
 
 public class PythonVisitorContext extends PythonInputFileContext {
@@ -46,6 +47,7 @@ public class PythonVisitorContext extends PythonInputFileContext {
   private ModuleType moduleType = null;
   private final List<PreciseIssue> issues;
   private final ProjectConfiguration projectConfiguration;
+  private final CallGraph callGraph;
 
   private PythonVisitorContext(FileInput rootTree, 
       PythonFile pythonFile, 
@@ -54,7 +56,8 @@ private PythonVisitorContext(FileInput rootTree,
       ProjectLevelSymbolTable projectLevelSymbolTable, 
       CacheContext cacheContext,
       SonarProduct sonarProduct,
-      ProjectConfiguration projectConfiguration) {
+      ProjectConfiguration projectConfiguration,
+      CallGraph callGraph) {
 
     super(pythonFile, workingDirectory, cacheContext, sonarProduct, projectLevelSymbolTable);
     var symbolTableBuilderV2 = new SymbolTableBuilderV2(rootTree);
@@ -64,6 +67,7 @@ private PythonVisitorContext(FileInput rootTree,
     this.moduleType = new TypeInferenceV2(projectLevelTypeTable, pythonFile, symbolTable, packageName).inferModuleType(rootTree);
     this.typeChecker = new TypeChecker(projectLevelTypeTable);
     this.projectConfiguration = projectConfiguration;
+    this.callGraph = callGraph;
     this.rootTree = rootTree;
     this.parsingException = null;
     this.issues = new ArrayList<>();
@@ -79,6 +83,7 @@ public PythonVisitorContext(PythonFile pythonFile, RecognitionException parsingE
     this.parsingException = parsingException;
     this.typeChecker = new TypeChecker(new ProjectLevelTypeTable(ProjectLevelSymbolTable.empty()));
     this.projectConfiguration = new ProjectConfiguration();
+    this.callGraph = CallGraph.EMPTY;
     this.issues = new ArrayList<>();
   }
 
@@ -112,6 +117,10 @@ public ProjectConfiguration projectConfiguration() {
     return projectConfiguration;
   }
 
+  public CallGraph callGraph() {
+    return callGraph;
+  }
+
   public static class Builder {
     private final PythonFile pythonFile;
     private final FileInput rootTree;
@@ -121,6 +130,7 @@ public static class Builder {
     private Optional<SonarProduct> sonarProduct = Optional.empty();
     private Optional<File> workingDirectory = Optional.empty();
     private Optional<ProjectConfiguration> projectConfiguration = Optional.empty();
+    private Optional<CallGraph> callGraph = Optional.empty();
     private Optional<String> packageName = Optional.empty();
 
     public Builder(FileInput rootTree, PythonFile pythonFile) {
@@ -158,6 +168,11 @@ public Builder projectConfiguration(ProjectConfiguration projectConfiguration) {
       return this;
     }
 
+    public Builder callGraph(CallGraph callGraph) {
+      this.callGraph = Optional.ofNullable(callGraph);
+      return this;
+    }
+
     public PythonVisitorContext build() {
       return new PythonVisitorContext(
         rootTree,
@@ -167,7 +182,8 @@ public PythonVisitorContext build() {
         projectLevelSymbolTable.orElseGet(ProjectLevelSymbolTable::empty),
         cacheContext.orElseGet(CacheContextImpl::dummyCache),
         sonarProduct.orElse(SonarProduct.SONARQUBE),
-        projectConfiguration.orElse(new ProjectConfiguration())
+        projectConfiguration.orElse(new ProjectConfiguration()),
+        callGraph.orElse(CallGraph.EMPTY)
       );
     } 
   }

python-frontend/src/main/java/org/sonar/plugins/python/api/PythonVisitorContext.java

@@ -27,6 +27,7 @@
 import org.sonar.plugins.python.api.symbols.Symbol;
 import org.sonar.plugins.python.api.tree.Token;
 import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.python.semantic.v2.callgraph.CallGraph;
 import org.sonar.python.types.v2.TypeChecker;
 
 public interface SubscriptionContext {
@@ -70,4 +71,6 @@ public interface SubscriptionContext {
   TypeChecker typeChecker();
 
   ProjectConfiguration projectConfiguration();
+
+  CallGraph callGraph();
 }

python-frontend/src/main/java/org/sonar/plugins/python/api/SubscriptionContext.java

@@ -33,4 +33,12 @@ public TriBool and(TriBool triBool) {
     }
     return FALSE;
   }
+
+  public boolean isTrue() {
+    return this.equals(TRUE);
+  }
+
+  public boolean isFalse() {
+    return this.equals(FALSE);
+  }
 }

python-frontend/src/main/java/org/sonar/plugins/python/api/types/v2/TriBool.java

@@ -49,6 +49,7 @@
 import org.sonar.python.regex.PythonAnalyzerRegexSource;
 import org.sonar.python.regex.PythonRegexIssueLocation;
 import org.sonar.python.regex.RegexContext;
+import org.sonar.python.semantic.v2.callgraph.CallGraph;
 import org.sonar.python.types.v2.TypeChecker;
 import org.sonarsource.analyzer.commons.regex.RegexParseResult;
 import org.sonarsource.analyzer.commons.regex.RegexParser;
@@ -190,6 +191,12 @@ public ProjectConfiguration projectConfiguration() {
       return pythonVisitorContext.projectConfiguration();
     }
 
+    @Override
+    public CallGraph callGraph() {
+      return pythonVisitorContext.callGraph();
+    }
+
+    @Override
     public RegexParseResult regexForStringElement(StringElement stringElement, FlagSet flagSet) {
       return regexCache.computeIfAbsent(stringElement.hashCode() + "-" + flagSet.getMask(),
         s -> new RegexParser(new PythonAnalyzerRegexSource(stringElement), flagSet).parse());

python-frontend/src/main/java/org/sonar/python/SubscriptionVisitor.java

@@ -0,0 +1,60 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.semantic.v2.callgraph;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public class CallGraph {
+  public static final CallGraph EMPTY = new CallGraph(Map.of());
+
+  private final Map<String, List<CallGraphNode>> usageEdges;
+
+  private CallGraph(Map<String, List<CallGraphNode>> usageEdges) {
+    this.usageEdges = usageEdges;
+  }
+
+  public List<CallGraphNode> getUsages(String fqn) {
+    return Collections.unmodifiableList(usageEdges.getOrDefault(fqn, List.of()));
+  }
+
+  public static class Builder {
+    private Map<String, List<CallGraphNode>> builderUsageEdges = new HashMap<>();
+
+    /**
+     * Adds a usage edge from one function to another in the call graph.
+     * @param from The calling function's fully qualified name (FQN).
+     * @param to The functions that is being called
+     * @return this builder
+     */
+    public Builder addUsage(String from, String to) {
+      var node = new CallGraphNode(from);
+      builderUsageEdges.computeIfAbsent(to, k -> new ArrayList<>()).add(node);
+      return this;
+    }
+
+    public CallGraph build() {
+      var graph = new CallGraph(builderUsageEdges);
+      builderUsageEdges = new HashMap<>();
+      return graph;
+    }
+  }
+
+}