fix: use shared import rule

Bearer · May 15, 2024 · a5127ca · a5127ca
1 parent ec0b98a
commit a5127ca
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 33 deletions.
diff --git a/rules/python/django/cookies.yml b/rules/python/django/cookies.yml
@@ -6,15 +6,22 @@ patterns:
       $<RESPONSE>.set_cookie($<KEY>, $<VALUE>, $<...>)
     filters:
       - variable: RESPONSE
-        detection: python_shared_django_http_response
-        scope: cursor
+        detection: python_django_cookies_http_response_instance
       - either:
           - variable: KEY
             detection: python_shared_lang_datatype
             scope: result
           - variable: VALUE
             detection: python_shared_lang_datatype
             scope: result
+auxiliary: 
+  - id: python_django_cookies_http_response_instance
+    patterns:
+      - pattern: $<HTTP_RESPONSE>($<...>)
+        filters:
+          - variable: HTTP_RESPONSE
+            detection: python_shared_django_http_response
+            scope: cursor
 languages:
   - python
 severity: high

diff --git a/rules/python/lang/cookies.yml b/rules/python/lang/cookies.yml
@@ -1,5 +1,6 @@
 imports:
   - python_shared_lang_datatype
+  - python_shared_lang_import2
 patterns:
   - pattern: $<COOKIE_INIT>[$<_>] = $<DATA_TYPE>
     filters:
@@ -15,26 +16,24 @@ auxiliary:
       - pattern: $<COOKIE>()
         filters:
           - variable: COOKIE
-            detection: python_lang_cookies_class
+            detection: python_lang_cookies_cookie_class
             scope: result
-  - id: python_lang_cookies_class
+  - id: python_lang_cookies_cookie_class
     patterns:
       - pattern: $<COOKIE_CLASS>
         filters:
           - variable: COOKIE_CLASS
-            regex: \A(http\.)?(cookies\.)?(Simple|Base)Cookie\z
-      - pattern: from http.cookies import $<COOKIE_CLASS>
-        filters:
-          - variable: COOKIE_CLASS
-            values:
-              - SimpleCookie
-              - BaseCookie
-      - pattern: from http.cookies import $<COOKIE_CLASS> as $<!>$<_>
-        filters:
-          - variable: COOKIE_CLASS
-            values:
-              - SimpleCookie
-              - BaseCookie
+            detection: python_shared_lang_import2
+            scope: cursor
+            filters:
+              - variable: MODULE1
+                values: [http]
+              - variable: MODULE2
+                values: [cookies]
+              - variable: NAME
+                values:
+                  - BaseCookie
+                  - SimpleCookie
 languages:
   - python
 severity: high

diff --git a/rules/python/shared/django/http_response.yml b/rules/python/shared/django/http_response.yml
@@ -1,22 +1,21 @@
 type: shared
+imports:
+  - python_shared_lang_import2
 languages:
   - python
 patterns:
   - pattern: $<HTTP_RESPONSE>
     filters:
       - variable: HTTP_RESPONSE
-        detection: python_shared_django_http_response_class
-        scope: result
-auxiliary:
-  - id: python_shared_django_http_response_class
-    patterns:
-      - HttpResponse
-      - from django.http import $<!>HttpResponse
-      - from django.http import HttpResponse as $<!>$<_>
-      - pattern: $<HTTP_RESPONSE>
+        detection: python_shared_lang_import2
+        scope: cursor
         filters:
-          - variable: HTTP_RESPONSE
-            regex: \A(django\.)?(http\.)?HttpResponse\z
+          - variable: MODULE1
+            values: [django]
+          - variable: MODULE2
+            values: [http]
+          - variable: NAME
+            values: [HttpResponse]
 metadata:
   description: "Python Django HTTP Response object."
-  id: python_shared_django_http_response
+  id: python_shared_django_http_response
diff --git a/tests/python/django/cookies/testdata/main.py b/tests/python/django/cookies/testdata/main.py
@@ -1,13 +1,15 @@
-from django.shortcuts import render, HttpResponse
+from django.shortcuts import render
+from django.http import HttpResponse
 
 def bad(user):
-  response = HttpResponse("Set User")
+  response = HttpResponse()
   # bearer:expected python_django_cookies
   response.set_cookie('user', user.email)
 
 def bad2(customer):
+  resp = HttpResponse("Set User")
   # bearer:expected python_django_cookies
-  HttpResponse.set_cookie('logged customer', customer.email)
+  resp.set_cookie('logged customer', customer.email)
 
 def ok(user)
   response = HttpResponse("Set User")

diff --git a/tests/python/lang/cookies/testdata/main.py b/tests/python/lang/cookies/testdata/main.py
@@ -6,7 +6,7 @@ def bad(user):
   myCookie["user"] = user.email
 
 def bad2(customer):
-  myBasicCookie = http.cookies.BaseCookie()
+  myBasicCookie = cookies.BaseCookie()
   # bearer:expected python_lang_cookies
   myBasicCookie["logged customer"] = customer.email