Update rule metadata to accept multiple rules

pixee · Apr 22, 2024 · ff495ff · ff495ff
1 parent 8748ad5
commit ff495ff
Show file tree

Hide file tree

Showing 7 changed files with 48 additions and 27 deletions.
diff --git a/src/codemodder/codemods/api.py b/src/codemodder/codemods/api.py
@@ -9,6 +9,7 @@
     Reference,
     ReviewGuidance,
     ToolMetadata,
+    ToolRule,
 )
 from codemodder.codemods.libcst_transformer import (
     LibcstResultTransformer,

diff --git a/src/codemodder/codemods/base_codemod.py b/src/codemodder/codemods/base_codemod.py
@@ -13,7 +13,7 @@
 from codemodder.code_directory import file_line_patterns
 from codemodder.codemods.base_detector import BaseDetector
 from codemodder.codemods.base_transformer import BaseTransformerPipeline
-from codemodder.codetf import DetectionTool, Reference, Rule
+from codemodder.codetf import DetectionTool, Reference
 from codemodder.context import CodemodExecutionContext
 from codemodder.file_context import FileContext
 from codemodder.logging import logger
@@ -37,12 +37,21 @@ class Metadata:
     language: str = "python"
 
 
+@dataclass
+class ToolRule:
+    id: str
+    name: str
+    url: str | None = None
+
+
 @dataclass
 class ToolMetadata:
     name: str
-    rule_id: str
-    rule_name: str
-    rule_url: str | None = None
+    rules: list[ToolRule]
+
+    @property
+    def rule_ids(self):
+        return [rule.id for rule in self.rules]
 
 
 class BaseCodemod(metaclass=ABCMeta):
@@ -115,11 +124,6 @@ def detection_tool(self) -> DetectionTool | None:
 
         return DetectionTool(
             name=self._metadata.tool.name,
-            rule=Rule(
-                id=self._metadata.tool.rule_id,
-                name=self._metadata.tool.rule_name,
-                url=self._metadata.tool.rule_url,
-            ),
         )
 
     @cached_property

diff --git a/src/codemodder/codemods/test/integration_utils.py b/src/codemodder/codemods/test/integration_utils.py
@@ -300,7 +300,7 @@ def _assert_sonar_fields(self, result):
         assert self.codemod_instance._metadata.tool is not None
         assert (
             result["references"][-1]["description"]
-            == self.codemod_instance._metadata.tool.rule_name
+            == self.codemod_instance._metadata.tool.rules[0].name
         )
         assert result["detectionTool"]["name"] == "Sonar"
 

diff --git a/src/core_codemods/defectdojo/api.py b/src/core_codemods/defectdojo/api.py
@@ -6,7 +6,7 @@
 
 from typing_extensions import override
 
-from codemodder.codemods.api import Metadata, Reference, ToolMetadata
+from codemodder.codemods.api import Metadata, Reference, ToolMetadata, ToolRule
 from codemodder.codemods.base_detector import BaseDetector
 from codemodder.context import CodemodExecutionContext
 from codemodder.result import ResultSet
@@ -62,9 +62,13 @@ def from_core_codemod(
                 + other.description,
                 tool=ToolMetadata(
                     name="DefectDojo",
-                    rule_id=rule_id,
-                    rule_name=rule_name,
-                    rule_url=rule_url,
+                    rules=[
+                        ToolRule(
+                            id=rule_id,
+                            name=rule_name,
+                            url=rule_url,
+                        )
+                    ],
                 ),
             ),
             transformer=other.transformer,
@@ -82,5 +86,5 @@ def apply(
             context,
             files_to_analyze,
             # We know this has a tool because we created it with `from_core_codemod`
-            [cast(ToolMetadata, self._metadata.tool).rule_id],
+            cast(ToolMetadata, self._metadata.tool).rule_ids,
         )
diff --git a/src/core_codemods/defectdojo/semgrep/avoid_insecure_deserialization.py b/src/core_codemods/defectdojo/semgrep/avoid_insecure_deserialization.py
@@ -1,6 +1,6 @@
 import libcst as cst
 
-from codemodder.codemods.api import Metadata, ReviewGuidance, ToolMetadata
+from codemodder.codemods.api import Metadata, ReviewGuidance, ToolMetadata, ToolRule
 from codemodder.codemods.libcst_transformer import (
     LibcstResultTransformer,
     LibcstTransformerPipeline,
@@ -47,9 +47,13 @@ def leave_Call(
         review_guidance=ReviewGuidance.MERGE_AFTER_CURSORY_REVIEW,
         tool=ToolMetadata(
             name="DefectDojo",
-            rule_id="python.django.security.audit.avoid-insecure-deserialization.avoid-insecure-deserialization",
-            rule_name="avoid-insecure-deserialization",
-            rule_url="https://semgrep.dev/playground/r/python.django.security.audit.avoid-insecure-deserialization.avoid-insecure-deserialization",
+            rules=[
+                ToolRule(
+                    id="python.django.security.audit.avoid-insecure-deserialization.avoid-insecure-deserialization",
+                    name="avoid-insecure-deserialization",
+                    url="https://semgrep.dev/playground/r/python.django.security.audit.avoid-insecure-deserialization.avoid-insecure-deserialization",
+                )
+            ],
         ),
         references=[],
     ),

diff --git a/src/core_codemods/defectdojo/semgrep/django_secure_set_cookie.py b/src/core_codemods/defectdojo/semgrep/django_secure_set_cookie.py
@@ -1,6 +1,6 @@
 import libcst as cst
 
-from codemodder.codemods.api import Metadata, ReviewGuidance, ToolMetadata
+from codemodder.codemods.api import Metadata, ReviewGuidance, ToolMetadata, ToolRule
 from codemodder.codemods.libcst_transformer import (
     LibcstResultTransformer,
     LibcstTransformerPipeline,
@@ -41,9 +41,13 @@ def leave_Call(self, original_node: cst.Call, updated_node: cst.Call) -> cst.Cal
         review_guidance=ReviewGuidance.MERGE_AFTER_CURSORY_REVIEW,
         tool=ToolMetadata(
             name="DefectDojo",
-            rule_id="python.django.security.audit.secure-cookies.django-secure-set-cookie",
-            rule_name="django-secure-set-cookie",
-            rule_url="https://semgrep.dev/playground/r/python.django.security.audit.secure-cookies.django-secure-set-cookie",
+            rules=[
+                ToolRule(
+                    id="python.django.security.audit.secure-cookies.django-secure-set-cookie",
+                    name="django-secure-set-cookie",
+                    url="https://semgrep.dev/playground/r/python.django.security.audit.secure-cookies.django-secure-set-cookie",
+                )
+            ],
         ),
         references=[],
     ),

diff --git a/src/core_codemods/sonar/api.py b/src/core_codemods/sonar/api.py
@@ -1,7 +1,7 @@
 from functools import cache
 from pathlib import Path
 
-from codemodder.codemods.base_codemod import Metadata, Reference, ToolMetadata
+from codemodder.codemods.base_codemod import Metadata, Reference, ToolMetadata, ToolRule
 from codemodder.codemods.base_detector import BaseDetector
 from codemodder.codemods.base_transformer import BaseTransformerPipeline
 from codemodder.context import CodemodExecutionContext
@@ -37,9 +37,13 @@ def from_core_codemod(
                 + other.description,
                 tool=ToolMetadata(
                     name="Sonar",
-                    rule_id=rule_id,
-                    rule_name=rule_name,
-                    rule_url=rule_url,
+                    rules=[
+                        ToolRule(
+                            id=rule_id,
+                            name=rule_name,
+                            url=rule_url,
+                        )
+                    ],
                 ),
             ),
             transformer=transformer if transformer else other.transformer,