SONARPY-1015 Remove unrelated argument check for S6281 (#1131)

nils-werner-sonarsource · web-flow · commit 287ac6b645b0 · 2022-05-10T11:03:09.000+02:00
diff --git a/python-checks/src/main/java/org/sonar/python/checks/cdk/S3BucketBlockPublicAccessCheck.java b/python-checks/src/main/java/org/sonar/python/checks/cdk/S3BucketBlockPublicAccessCheck.java
@@ -29,7 +29,6 @@
 import org.sonar.plugins.python.api.tree.CallExpression;
 import org.sonar.plugins.python.api.tree.Expression;
 import org.sonar.plugins.python.api.tree.QualifiedExpression;
-import org.sonar.plugins.python.api.tree.Token;
 import org.sonar.plugins.python.api.tree.Tree;
 
 @Rule(key = "S6281")
@@ -48,12 +47,6 @@ public class S3BucketBlockPublicAccessCheck extends AbstractS3BucketCheck {
     
   @Override
   void visitBucketConstructor(SubscriptionContext ctx, CallExpression bucket) {
-    Optional<ArgumentTrace> publicReadAccess = getArgument(ctx, bucket, "public_read_access");
-    if (publicReadAccess.isPresent()) {
-      publicReadAccess.get().addIssueIf(S3BucketBlockPublicAccessCheck::isTrue, MESSAGE);
-      return;
-    }
-
     Optional<ArgumentTrace> blockPublicAccess = getArgument(ctx, bucket, "block_public_access");
     if (blockPublicAccess.isPresent()) {
       checkBlockPublicAccess(ctx, blockPublicAccess.get());
@@ -94,8 +87,4 @@ private static boolean isBlockPublicAccessConstructor(CallExpression expression)
     return Optional.ofNullable(expression.calleeSymbol()).map(Symbol::fullyQualifiedName).filter(BLOCK_PUBLIC_ACCESS_FQN::equals).isPresent();
   }
 
-  private static boolean isTrue(Expression expression) {
-    return Optional.ofNullable(expression.firstToken()).map(Token::value).filter("True"::equals).isPresent();
-  }
-
 }
diff --git a/python-checks/src/test/resources/checks/cdk/s3BucketBlockPublicAccessCheck.py b/python-checks/src/test/resources/checks/cdk/s3BucketBlockPublicAccessCheck.py
@@ -21,15 +21,6 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
                            block_public_access=public_access_only_block_acls_by_reference)  # NonCompliant {{Make sure allowing public ACL/policies to be set is safe here.}}
     #                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-        bucket = s3.Bucket(self, "AllowPublicReadAccess",
-                           public_read_access=True)  # NonCompliant {{Make sure allowing public ACL/policies to be set is safe here.}}
-
-        public_read_access = True
-    #   ^^^^^^^^^^^^^^^^^^^^^^^^^> {{Propagated setting.}}
-        bucket = s3.Bucket(self, "AllowPublicReadAccessByReference",
-                           public_read_access=public_read_access)  # NonCompliant {{Make sure allowing public ACL/policies to be set is safe here.}}
-    #                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
         bucket = s3.Bucket(self, "SingleUnblockPublicAccesses",
                            block_public_access=s3.BlockPublicAccess(
                                block_public_acls=False,  # NonCompliant {{Make sure allowing public ACL/policies to be set is safe here.}}
