Added integration test

Author: andrecsilva

integration_tests/sonar/test_sonar_secure_cookie.py

@@ -0,0 +1,19 @@
+from codemodder.codemods.test import SonarIntegrationTest
+from core_codemods.sonar.sonar_secure_cookie import (
+    SonarSecureCookie,
+    SonarSecureCookieTransformer,
+)
+
+
+class TestSonarSecureCookie(SonarIntegrationTest):
+    codemod = SonarSecureCookie
+    code_path = "tests/samples/secure_cookie.py"
+    replacement_lines = [
+        (
+            8,
+            """    resp.set_cookie('custom_cookie', 'value', secure=True, httponly=True, samesite='Lax')\n""",
+        ),
+    ]
+    expected_diff = "--- \n+++ \n@@ -5,5 +5,5 @@\n @app.route('/')\n def index():\n     resp = make_response('Custom Cookie Set')\n-    resp.set_cookie('custom_cookie', 'value')\n+    resp.set_cookie('custom_cookie', 'value', secure=True, httponly=True, samesite='Lax')\n     return resp\n"
+    expected_line_change = "8"
+    change_description = SonarSecureCookieTransformer.change_description

integration_tests/test_secure_flask_cookie.py

@@ -1,5 +1,5 @@
 from codemodder.codemods.test import BaseIntegrationTest
-from core_codemods.secure_flask_cookie import SecureFlaskCookie
+from core_codemods.secure_flask_cookie import SecureCookieTransformer, SecureFlaskCookie
 
 
 class TestSecureFlaskCookie(BaseIntegrationTest):
@@ -23,4 +23,4 @@ def index():
     ]
     expected_diff = "--- \n+++ \n@@ -5,5 +5,5 @@\n @app.route('/')\n def index():\n     resp = make_response('Custom Cookie Set')\n-    resp.set_cookie('custom_cookie', 'value')\n+    resp.set_cookie('custom_cookie', 'value', secure=True, httponly=True, samesite='Lax')\n     return resp\n"
     expected_line_change = "8"
-    change_description = SecureFlaskCookie.change_description
+    change_description = SecureCookieTransformer.change_description

src/codemodder/codemods/test/integration_utils.py

@@ -124,8 +124,12 @@ def _assert_results_fields(self, results, output_path):
 
         # TODO: if/when we add description for each url
         for reference in result["references"][
-            # Last reference for Sonar has a different description
-            : (-1 if self.sonar_issues_json or self.sonar_hotspots_json else None)
+            # Last references for Sonar has a different description
+            : (
+                -len(self.codemod.requested_rules)
+                if self.sonar_issues_json or self.sonar_hotspots_json
+                else None
+            )
         ]:
             assert reference["url"] == reference["description"]
 
@@ -288,21 +292,25 @@ def check_sonar_issues(cls):
             (cls.sonar_issues_json, cls.sonar_hotspots_json)
         )
 
-        assert (
-            cls.codemod.requested_rules[-1] in sonar_results
+        assert any(
+            map(lambda x: x in sonar_results, cls.codemod.requested_rules)
         ), f"Make sure to add a sonar issue/hotspot for {cls.codemod.rule_id} in {cls.sonar_issues_json} or {cls.sonar_hotspots_json}"
         results_for_codemod = sonar_results[cls.codemod.requested_rules[-1]]
         file_path = pathlib.Path(cls.code_filename)
         assert (
             file_path in results_for_codemod
-        ), f"Make sure to add a sonar issue/hotspot for file `{cls.code_filename}` under rule `{cls.codemod.rule_id}`in {cls.sonar_issues_json} or {cls.sonar_hotspots_json}"
+        ), f"Make sure to add a sonar issue/hotspot for file `{cls.code_filename}` under one of the rules `{cls.codemod.requested_rules}`in {cls.sonar_issues_json} or {cls.sonar_hotspots_json}"
 
     def _assert_sonar_fields(self, result):
         assert self.codemod_instance._metadata.tool is not None
-        assert (
-            result["references"][-1]["description"]
-            == self.codemod_instance._metadata.tool.rules[0].name
-        )
+        rules = self.codemod_instance._metadata.tool.rules
+        for i in range(len(rules)):
+            assert (
+                result["references"][len(result["references"]) - len(rules) + i][
+                    "description"
+                ]
+                == self.codemod_instance._metadata.tool.rules[i].name
+            )
         assert result["detectionTool"]["name"] == "Sonar"
 
 

src/core_codemods/sonar/sonar_secure_cookie.py

@@ -16,7 +16,7 @@
     ToolRule(
         id="python:S2092",
         name='Creating cookies without the "secure" flag is security-sensitive',
-        url="ahttps://rules.sonarsource.com/python/RSPEC-2092/",
+        url="https://rules.sonarsource.com/python/RSPEC-2092/",
     ),
 ]
 

tests/samples/sonar_hotspots.json

@@ -5,6 +5,46 @@
     "total": 4
   },
   "hotspots": [
+    {
+      "key": "AZRvB_g13jBxJiUZnPHJ",
+      "component": "pixee_codemodder-python:secure_cookie.py",
+      "project": "pixee_codemodder-python",
+      "securityCategory": "insecure-conf",
+      "vulnerabilityProbability": "LOW",
+      "status": "TO_REVIEW",
+      "line": 8,
+      "message": "Make sure creating this cookie without the \"secure\" flag is safe.",
+      "creationDate": "2025-01-16T13:11:02+0100",
+      "updateDate": "2025-01-16T13:12:34+0100",
+      "textRange": {
+        "startLine": 8,
+        "endLine": 8,
+        "startOffset": 4,
+        "endOffset": 19
+      },
+      "flows": [],
+      "ruleKey": "python:S2092"
+    },
+    {
+      "key": "AZRvB_g13jBxJiUZnPHI",
+      "component": "pixee_codemodder-python:secure_cookie.py",
+      "project": "pixee_codemodder-python",
+      "securityCategory": "others",
+      "vulnerabilityProbability": "LOW",
+      "status": "TO_REVIEW",
+      "line": 8,
+      "message": "Make sure creating this cookie without the \"HttpOnly\" flag is safe.",
+      "creationDate": "2025-01-16T13:11:02+0100",
+      "updateDate": "2025-01-16T13:12:34+0100",
+      "textRange": {
+        "startLine": 8,
+        "endLine": 8,
+        "startOffset": 4,
+        "endOffset": 19
+      },
+      "flows": [],
+      "ruleKey": "python:S3330"
+    },
     {
       "key": "AY6fXn2rzaaymEtIucTd",
       "component": "pixee_codemodder-python:secure_random.py",