Check file paths passed on as tool findings (#637)

clavedeluna · web-flow · commit db3bc2fdbdd9 · 2024-06-13T14:25:12.000Z
do not continue condemodder if any flag path is not found
diff --git a/src/codemodder/codemodder.py b/src/codemodder/codemodder.py
@@ -159,14 +159,26 @@ def run(original_args) -> int:
     logger.info("codemodder: python/%s", __version__)
     logger.info("command: %s %s", Path(sys.argv[0]).name, " ".join(original_args))
 
-    # TODO: this should be dict[str, list[Path]]
-    tool_result_files_map: DefaultDict[str, list[str]] = detect_sarif_tools(
-        [Path(name) for name in argv.sarif or []]
-    )
+    try:
+        # TODO: this should be dict[str, list[Path]]
+        tool_result_files_map: DefaultDict[str, list[str]] = detect_sarif_tools(
+            [Path(name) for name in argv.sarif or []]
+        )
+    except FileNotFoundError as err:
+        logger.error(err)
+        return 1
+
     tool_result_files_map["sonar"].extend(argv.sonar_issues_json or [])
     tool_result_files_map["sonar"].extend(argv.sonar_hotspots_json or [])
     tool_result_files_map["defectdojo"] = argv.defectdojo_findings_json or []
 
+    for file_name in itertools.chain(*tool_result_files_map.values()):
+        if not os.path.exists(file_name):
+            logger.error(
+                f"FileNotFoundError: [Errno 2] No such file or directory: '{file_name}'"
+            )
+            return 1
+
     repo_manager = PythonRepoManager(Path(argv.directory))
 
     try:
diff --git a/tests/test_codemodder.py b/tests/test_codemodder.py
@@ -394,3 +394,27 @@ def test_diff_newline_edge_case(self):
 +CSRF_TRUSTED_ORIGINS = ["http://127.0.0.1:8000","http://0.0.0.0:8000","http://172.16.189.10"]
 +SESSION_COOKIE_SECURE = True"""
         )
+
+    @pytest.mark.parametrize(
+        "flag",
+        [
+            "sarif",
+            "sonar-issues-json",
+            "sonar-hotspots-json",
+            "defectdojo-findings-json",
+        ],
+    )
+    @mock.patch("codemodder.codetf.CodeTF.write_report")
+    def test_bad_sarif_path(self, mock_report, caplog, flag):
+        args = [
+            "tests/samples",
+            "--output",
+            "here.txt",
+            "--codemod-include=url-sandbox",
+            f"--{flag}=bad.json",
+        ]
+
+        exit_code = run(args)
+        assert exit_code == 1
+        assert "No such file or directory: 'bad.json'" in caplog.text
+        mock_report.assert_not_called()
