Populate Sonar findings (#567)

* from_finding > from_result

* report sonar findings

* test unfixed sonar

Author: clavedeluna

src/core_codemods/defectdojo/results.py

@@ -12,28 +12,28 @@
 
 class DefectDojoLocation(Location):
     @classmethod
-    def from_finding(cls, finding: dict) -> Self:
+    def from_result(cls, result: dict) -> Self:
         return cls(
-            file=Path(finding["file_path"]),
+            file=Path(result["file_path"]),
             # TODO: parse snippet from "description" field?
-            start=LineInfo(finding["line"]),
-            end=LineInfo(finding["line"]),
+            start=LineInfo(result["line"]),
+            end=LineInfo(result["line"]),
         )
 
 
 class DefectDojoResult(SASTResult):
     @classmethod
-    def from_finding(cls, finding: dict) -> Self:
+    def from_result(cls, result: dict) -> Self:
         return cls(
-            finding_id=finding["id"],
-            rule_id=finding["title"],
-            locations=[DefectDojoLocation.from_finding(finding)],
+            finding_id=result["id"],
+            rule_id=result["title"],
+            locations=[DefectDojoLocation.from_result(result)],
             finding=Finding(
-                id=str(finding["id"]),
+                id=str(result["id"]),
                 rule=Rule(
                     # TODO: it's possible that these fields actually come from the codemod and not the result
-                    id=str(finding["title"]),
-                    name=str(finding["title"]),
+                    id=str(result["title"]),
+                    name=str(result["title"]),
                     url=None,
                 ),
             ),
@@ -62,7 +62,7 @@ def from_json(cls, json_file: str | Path) -> Self:
             data = json.load(file)
 
         result_set = cls()
-        for finding in data.get("results"):
-            result_set.add_result(DefectDojoResult.from_finding(finding))
+        for result in data.get("results"):
+            result_set.add_result(DefectDojoResult.from_result(result))
 
         return result_set

src/core_codemods/sonar/results.py

@@ -6,8 +6,9 @@
 import libcst as cst
 from typing_extensions import Self
 
+from codemodder.codetf import Finding, Rule
 from codemodder.logging import logger
-from codemodder.result import LineInfo, Location, Result, ResultSet
+from codemodder.result import LineInfo, Location, ResultSet, SASTResult
 
 
 class SonarLocation(Location):
@@ -20,10 +21,10 @@ def from_json_location(cls, json_location) -> Self:
         return cls(file=file, start=start, end=end)
 
 
-class SonarResult(Result):
+class SonarResult(SASTResult):
 
     @classmethod
-    def from_result(cls, result) -> Self:
+    def from_result(cls, result: dict) -> Self:
         # Sonar issues have `rule` as key while hotspots call it `ruleKey`
         if not (rule_id := result.get("rule", None) or result.get("ruleKey", None)):
             raise ValueError("Could not extract rule id from sarif result.")
@@ -36,7 +37,21 @@ def from_result(cls, result) -> Self:
             ]
             for flow in result.get("flows", [])
         ]
-        return cls(rule_id=rule_id, locations=locations, codeflows=all_flows)
+
+        return cls(
+            finding_id=rule_id,
+            rule_id=rule_id,
+            locations=locations,
+            codeflows=all_flows,
+            finding=Finding(
+                id=rule_id,
+                rule=Rule(
+                    id=rule_id,
+                    name=rule_id,
+                    url=None,
+                ),
+            ),
+        )
 
     def match_location(self, pos, node):
         match node:

tests/codemods/sonar/test_sonar_django_json_response_type.py

@@ -14,6 +14,7 @@ def test_name(self):
         assert self.codemod.name == "django-json-response-type-S5131"
 
     def test_simple(self, tmpdir):
+        rule_id = "pythonsecurity:S5131"
         input_code = """
         from django.http import HttpResponse
         import json
@@ -33,7 +34,7 @@ def foo(request):
         issues = {
             "issues": [
                 {
-                    "rule": "pythonsecurity:S5131",
+                    "rule": rule_id,
                     "status": "OPEN",
                     "component": "code.py",
                     "textRange": {
@@ -45,4 +46,11 @@ def foo(request):
                 }
             ]
         }
-        self.run_and_assert(tmpdir, input_code, expected, results=json.dumps(issues))
+        changes = self.run_and_assert(
+            tmpdir, input_code, expected, results=json.dumps(issues)
+        )
+        assert changes is not None
+        assert changes[0].changes[0].findings is not None
+        assert changes[0].changes[0].findings[0].id == rule_id
+        assert changes[0].changes[0].findings[0].rule.id == rule_id
+        assert changes[0].changes[0].findings[0].rule.name == rule_id

tests/test_libcst_transformer.py

@@ -1,3 +1,4 @@
+import mock
 from libcst._exceptions import ParserSyntaxError
 
 from codemodder.codemods.libcst_transformer import (
@@ -7,10 +8,54 @@
 from codemodder.context import CodemodExecutionContext
 from codemodder.file_context import FileContext
 from core_codemods.defectdojo.results import DefectDojoResult
+from core_codemods.sonar.results import SonarResult
+
+FILE_PATH = mock.MagicMock()
+DEFECTDOJO_RESULTS = [
+    DefectDojoResult.from_result(
+        {
+            "id": 1,
+            "title": "python.django.security.audit.secure-cookies.django-secure-set-cookie",
+            "file_path": FILE_PATH,
+            "line": 2,
+        },
+    )
+]
+
+SONAR_RESULTS = [
+    SonarResult.from_result(
+        {
+            "rule": "python:S1716",
+            "textRange": {
+                "startLine": 1,
+                "endLine": 1,
+                "startOffset": 13,
+                "endOffset": 14,
+            },
+            "component": FILE_PATH,
+            "flows": [
+                {
+                    "locations": [
+                        {
+                            "component": FILE_PATH,
+                            "textRange": {
+                                "startLine": 1,
+                                "endLine": 1,
+                                "startOffset": 8,
+                                "endOffset": 9,
+                            },
+                        }
+                    ]
+                }
+            ],
+            "status": "OPEN",
+        }
+    )
+]
 
 
 def _apply_and_assert(mocker, transformer):
-    file_context = FileContext("home", mocker.MagicMock())
+    file_context = FileContext("home", FILE_PATH)
     execution_context = CodemodExecutionContext(
         directory=mocker.MagicMock(),
         dry_run=True,
@@ -30,21 +75,11 @@ def _apply_and_assert(mocker, transformer):
     assert file_context.unfixed_findings == []
 
 
-def _apply_and_assert_with_tool(mocker, transformer, reason):
-    file_path = mocker.MagicMock()
+def _apply_and_assert_with_tool(mocker, transformer, reason, results):
     file_context = FileContext(
         "home",
-        file_path,
-        results=[
-            DefectDojoResult.from_finding(
-                {
-                    "id": 1,
-                    "title": "python.django.security.audit.secure-cookies.django-secure-set-cookie",
-                    "file_path": file_path,
-                    "line": 2,
-                },
-            )
-        ],
+        FILE_PATH,
+        results=results,
     )
     execution_context = CodemodExecutionContext(
         directory=mocker.MagicMock(),
@@ -54,7 +89,7 @@ def _apply_and_assert_with_tool(mocker, transformer, reason):
         repo_manager=mocker.MagicMock(),
         path_include=[],
         path_exclude=[],
-        tool_result_files_map={"sonar": ["results.json"]},
+        tool_result_files_map={"DOESNTMATTER": ["testing.json"]},
     )
     pipeline = LibcstTransformerPipeline(transformer)
     pipeline.apply(
@@ -84,18 +119,31 @@ def test_transformer_error(mocker, caplog):
     assert "Failed to transform file" in caplog.text
 
 
-def test_parse_error_with_tool(mocker, caplog):
+def test_parse_error_with_defectdojo(mocker, caplog):
     mocker.patch(
         "codemodder.codemods.libcst_transformer.cst.parse_module",
         side_effect=ParserSyntaxError,
     )
     transformer = mocker.MagicMock(spec=LibcstResultTransformer)
-    _apply_and_assert_with_tool(mocker, transformer, "Failed to parse file")
+    _apply_and_assert_with_tool(
+        mocker, transformer, "Failed to parse file", DEFECTDOJO_RESULTS
+    )
     assert "Failed to parse file" in caplog.text
 
 
-def test_transformer_error_with_tool(mocker, caplog):
+def test_transformer_error_with_defectdojo(mocker, caplog):
     transformer = mocker.MagicMock(spec=LibcstResultTransformer)
     transformer.transform.side_effect = ParserSyntaxError
-    _apply_and_assert_with_tool(mocker, transformer, "Failed to transform file")
+    _apply_and_assert_with_tool(
+        mocker, transformer, "Failed to transform file", DEFECTDOJO_RESULTS
+    )
+    assert "Failed to transform file" in caplog.text
+
+
+def test_transformer_error_with_sonar(mocker, caplog):
+    transformer = mocker.MagicMock(spec=LibcstResultTransformer)
+    transformer.transform.side_effect = ParserSyntaxError
+    _apply_and_assert_with_tool(
+        mocker, transformer, "Failed to transform file", SONAR_RESULTS
+    )
     assert "Failed to transform file" in caplog.text