-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Tests and docs for flask-enable-csrf-protection
- Loading branch information
1 parent
eea8940
commit 192c7f0
Showing
6 changed files
with
148 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| from core_codemods.flask_enable_csrf_protection import FlaskEnableCSRFProtection | ||
| from integration_tests.base_test import ( | ||
| BaseIntegrationTest, | ||
| original_and_expected_from_code_path, | ||
| ) | ||
|
|
||
|
|
||
| class TestFlaskEnableCSRFProtection(BaseIntegrationTest): | ||
| codemod = FlaskEnableCSRFProtection | ||
| code_path = "tests/samples/flask_enable_csrf_protection.py" | ||
| original_code, expected_new_code = original_and_expected_from_code_path( | ||
| code_path, | ||
| [ | ||
| (1, """from flask_wtf.csrf import CSRFProtect\n"""), | ||
| (2, """\n"""), | ||
| (3, """app = Flask(__name__)\n"""), | ||
| (4, """csrf_app = CSRFProtect(app)\n"""), | ||
| ], | ||
| ) | ||
|
|
||
| # fmt: off | ||
| expected_diff =( | ||
| """--- \n""" | ||
| """+++ \n""" | ||
| """@@ -1,3 +1,5 @@\n""" | ||
| """ from flask import Flask\n""" | ||
| """+from flask_wtf.csrf import CSRFProtect\n""" | ||
| """ \n""" | ||
| """ app = Flask(__name__)\n""" | ||
| """+csrf_app = CSRFProtect(app)\n""" | ||
| ) | ||
| # fmt: on | ||
|
|
||
| expected_line_change = "3" | ||
| change_description = FlaskEnableCSRFProtection.CHANGE_DESCRIPTION | ||
| num_changed_files = 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 10 additions & 0 deletions
10
src/core_codemods/docs/pixee_python_flask-enable-csrf-protection.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| Flask views using `FlaskForm` have CSRF protection enabled by default. However other views may use AJAX to perform unsafe HTTP methods. FlaskWTF provides a way to enable CSRF protection globally for all views of a Flask app. | ||
| Our changes look something like this: | ||
|
|
||
| ```diff | ||
| from flask import Flask | ||
| +from flask_wtf.csrf import CSRFProtect | ||
|
|
||
| app = Flask(__name__) | ||
| +csrf_app = CSRFProtect(app) | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,97 @@ | ||
| from core_codemods.flask_enable_csrf_protection import FlaskEnableCSRFProtection | ||
| from tests.codemods.base_codemod_test import BaseCodemodTest | ||
| from textwrap import dedent | ||
|
|
||
|
|
||
| class TestFlaskEnableCSRFProtection(BaseCodemodTest): | ||
| codemod = FlaskEnableCSRFProtection | ||
|
|
||
| def test_name(self): | ||
| assert self.codemod.name() == "flask-enable-csrf-protection" | ||
|
|
||
| def test_simple(self, tmpdir): | ||
| input_code = """\ | ||
| from flask import Flask | ||
| app = Flask(__name__) | ||
| """ | ||
| expected = """\ | ||
| from flask import Flask | ||
| from flask_wtf.csrf import CSRFProtect | ||
| app = Flask(__name__) | ||
| csrf_app = CSRFProtect(app) | ||
| """ | ||
| self.run_and_assert(tmpdir, dedent(input_code), dedent(expected)) | ||
| assert len(self.file_context.codemod_changes) == 1 | ||
|
|
||
| def test_simple_alias(self, tmpdir): | ||
| input_code = """\ | ||
| from flask import Flask as Flosk | ||
| app = Flosk(__name__) | ||
| """ | ||
| expected = """\ | ||
| from flask import Flask as Flosk | ||
| from flask_wtf.csrf import CSRFProtect | ||
| app = Flosk(__name__) | ||
| csrf_app = CSRFProtect(app) | ||
| """ | ||
| self.run_and_assert(tmpdir, dedent(input_code), dedent(expected)) | ||
| assert len(self.file_context.codemod_changes) == 1 | ||
|
|
||
| def test_multiple(self, tmpdir): | ||
| input_code = """\ | ||
| from flask import Flask | ||
| app = Flask(__name__) | ||
| app2 = Flask(__name__) | ||
| """ | ||
| expected = """\ | ||
| from flask import Flask | ||
| from flask_wtf.csrf import CSRFProtect | ||
| app = Flask(__name__) | ||
| csrf_app = CSRFProtect(app) | ||
| app2 = Flask(__name__) | ||
| csrf_app2 = CSRFProtect(app2) | ||
| """ | ||
| self.run_and_assert(tmpdir, dedent(input_code), dedent(expected)) | ||
| assert len(self.file_context.codemod_changes) == 2 | ||
|
|
||
| def test_multiple_inline(self, tmpdir): | ||
| input_code = """\ | ||
| from flask import Flask | ||
| app = Flask(__name__); app2 = Flask(__name__) | ||
| """ | ||
| expected = """\ | ||
| from flask import Flask | ||
| from flask_wtf.csrf import CSRFProtect | ||
| app = Flask(__name__); app2 = Flask(__name__); csrf_app = CSRFProtect(app); csrf_app2 = CSRFProtect(app2) | ||
| """ | ||
| self.run_and_assert(tmpdir, dedent(input_code), dedent(expected)) | ||
| assert len(self.file_context.codemod_changes) == 1 | ||
|
|
||
| def test_multiple_inline_suite(self, tmpdir): | ||
| input_code = """\ | ||
| from flask import Flask | ||
| if True: app = Flask(__name__); app2 = Flask(__name__) | ||
| """ | ||
| expected = """\ | ||
| from flask import Flask | ||
| from flask_wtf.csrf import CSRFProtect | ||
| if True: app = Flask(__name__); app2 = Flask(__name__); csrf_app = CSRFProtect(app); csrf_app2 = CSRFProtect(app2) | ||
| """ | ||
| self.run_and_assert(tmpdir, dedent(input_code), dedent(expected)) | ||
| assert len(self.file_context.codemod_changes) == 1 | ||
|
|
||
| def test_simple_protected(self, tmpdir): | ||
| input_code = """\ | ||
| from flask import Flask | ||
| from flask_wtf.csrf import CSRFProtect | ||
| app = Flask(__name__) | ||
| csrf_app = CSRFProtect(app) | ||
| """ | ||
| self.run_and_assert(tmpdir, dedent(input_code), dedent(input_code)) | ||
| assert len(self.file_context.codemod_changes) == 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,3 @@ | ||
| from flask import Flask | ||
| from flask_wtf.csrf import CSRFProtect | ||
|
|
||
| app = Flask(__name__) |