From b45b2577d95edeecc8a04269a6e4e0d5e5c1dc89 Mon Sep 17 00:00:00 2001 From: clavedeluna Date: Mon, 20 Nov 2023 13:53:39 -0300 Subject: [PATCH] add integration test --- .../test_secure_flask_session_config.py | 16 ++++++++++++++++ src/core_codemods/__init__.py | 2 ++ ..._python_secure-flask-session-configuration.md | 13 +++++++++++++ tests/samples/flask_app.py | 6 ++++++ 4 files changed, 37 insertions(+) create mode 100644 integration_tests/test_secure_flask_session_config.py create mode 100644 src/core_codemods/docs/pixee_python_secure-flask-session-configuration.md create mode 100644 tests/samples/flask_app.py diff --git a/integration_tests/test_secure_flask_session_config.py b/integration_tests/test_secure_flask_session_config.py new file mode 100644 index 000000000..f138ba184 --- /dev/null +++ b/integration_tests/test_secure_flask_session_config.py @@ -0,0 +1,16 @@ +from core_codemods.secure_flask_session_config import SecureFlaskSessionConfig +from integration_tests.base_test import ( + BaseIntegrationTest, + original_and_expected_from_code_path, +) + + +class TestSecureFlaskSessionConfig(BaseIntegrationTest): + codemod = SecureFlaskSessionConfig + code_path = "tests/samples/flask_app.py" + original_code, expected_new_code = original_and_expected_from_code_path( + code_path, [(2, "app.config['SESSION_COOKIE_HTTPONLY'] = True\n")] + ) + expected_diff = "--- \n+++ \n@@ -1,6 +1,6 @@\n from flask import Flask\n app = Flask(__name__)\n-app.config['SESSION_COOKIE_HTTPONLY'] = False\n+app.config['SESSION_COOKIE_HTTPONLY'] = True\n @app.route('/')\n def hello_world():\n return 'Hello World!'\n" + expected_line_change = "3" + change_description = SecureFlaskSessionConfig.CHANGE_DESCRIPTION diff --git a/src/core_codemods/__init__.py b/src/core_codemods/__init__.py index ee5dcd18a..120915ce4 100644 --- a/src/core_codemods/__init__.py +++ b/src/core_codemods/__init__.py @@ -27,6 +27,7 @@ from .use_generator import UseGenerator from .use_walrus_if import UseWalrusIf from .with_threading_lock import WithThreadingLock +from .secure_flask_session_config import SecureFlaskSessionConfig registry = CodemodCollection( origin="pixee", @@ -60,5 +61,6 @@ UseWalrusIf, WithThreadingLock, SQLQueryParameterization, + SecureFlaskSessionConfig, ], ) diff --git a/src/core_codemods/docs/pixee_python_secure-flask-session-configuration.md b/src/core_codemods/docs/pixee_python_secure-flask-session-configuration.md new file mode 100644 index 000000000..3c17e42e0 --- /dev/null +++ b/src/core_codemods/docs/pixee_python_secure-flask-session-configuration.md @@ -0,0 +1,13 @@ +Flask applications can configure sessions behavior at the application level. +This codemod looks for Flask application configuration that set `SESSION_COOKIE_HTTPONLY`, `SESSION_COOKIE_SECURE`, or `SESSION_COOKIE_SAMESITE` to an insecure value and changes it to a secure one. + +The changes from this codemod look like this: + +```diff + from flask import Flask + app = Flask(__name__) +- app.config['SESSION_COOKIE_HTTPONLY'] = False +- app.config.update(SESSION_COOKIE_SECURE=False) ++ app.config['SESSION_COOKIE_HTTPONLY'] = True ++ app.config.update(SESSION_COOKIE_SECURE=True) +``` diff --git a/tests/samples/flask_app.py b/tests/samples/flask_app.py new file mode 100644 index 000000000..879f6d37c --- /dev/null +++ b/tests/samples/flask_app.py @@ -0,0 +1,6 @@ +from flask import Flask +app = Flask(__name__) +app.config['SESSION_COOKIE_HTTPONLY'] = False +@app.route('/') +def hello_world(): + return 'Hello World!'