Skip to content

Commit b9c5f4d

Browse files
Seppli11Seppli11
committed
SONARPY-2413 Clean-up the csrf_except decorator check
1 parent d06c65d commit b9c5f4d

File tree

1 file changed

+5
-13
lines changed

1 file changed

+5
-13
lines changed

python-checks/src/main/java/org/sonar/python/checks/hotspots/CsrfDisabledCheck.java

Lines changed: 5 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -20,13 +20,10 @@
2020
import java.util.Arrays;
2121
import java.util.HashSet;
2222
import java.util.List;
23-
import java.util.Locale;
24-
import java.util.Objects;
2523
import java.util.Optional;
2624
import java.util.Set;
2725
import java.util.function.Predicate;
2826
import java.util.regex.Pattern;
29-
import java.util.stream.Stream;
3027
import org.sonar.check.Rule;
3128
import org.sonar.plugins.python.api.PythonSubscriptionCheck;
3229
import org.sonar.plugins.python.api.SubscriptionContext;
@@ -117,19 +114,14 @@ private static Predicate<Expression> isListAnyMatch(Predicate<Expression> pred)
117114
"django.views.decorators.csrf.csrf_exempt",
118115
"flask_wtf.csrf.CSRFProtect.exempt"));
119116

117+
private static boolean isDangerousDecorator(Decorator expression) {
118+
return DANGEROUS_DECORATORS.stream().anyMatch(dangerousFqn -> TreeUtils.isDecoratorWithFQN(expression, dangerousFqn));
119+
}
120+
120121
/** Raises issue whenever a decorator with something about "CSRF" and "exempt" in the combined name is found. */
121122
private static void decoratorCsrfExemptCheck(SubscriptionContext subscriptionContext) {
122123
Decorator decorator = (Decorator) subscriptionContext.syntaxNode();
123-
List<String> names = Stream.of(TreeUtils.decoratorNameFromExpression(decorator.expression()))
124-
.filter(Objects::nonNull)
125-
.flatMap(s -> Arrays.stream(s.split("\\.")))
126-
.toList();
127-
// This is a temporary workaround until symbol resolution works for decorators.
128-
// Use the actual functions with FQNs from DANGEROUS_DECORATORS once that's fixed.
129-
// Related ticket: https://jira.sonarsource.com/browse/SONARPY-681
130-
boolean isDangerous = names.stream().anyMatch(s -> s.toLowerCase(Locale.US).contains("csrf")) &&
131-
names.stream().anyMatch(s -> s.toLowerCase(Locale.US).contains("exempt"));
132-
if (isDangerous) {
124+
if(isDangerousDecorator(decorator)) {
133125
subscriptionContext.addIssue(decorator.lastToken(), MESSAGE);
134126
}
135127
}

0 commit comments

Comments
 (0)