SONARPY-3747 Fix FN on S8370 to raise issue on all children (#827)

joke1196 · sonartech · commit 469478620754 · 2026-02-03T16:19:17.000Z
GitOrigin-RevId: b12a8338b5faa6b2658c86f5f028dc3c09920f1e
diff --git a/python-checks/src/main/java/org/sonar/python/checks/FlaskPostWithQueryParameterCheck.java b/python-checks/src/main/java/org/sonar/python/checks/FlaskPostWithQueryParameterCheck.java
@@ -57,8 +57,16 @@ private static void checkPostWithQueryParams(SubscriptionContext ctx) {
       return;
     }
 
-    TreeUtils.firstChild(functionDef, tree -> tree instanceof QualifiedExpression qe && isRequestArgs(qe, ctx))
-      .ifPresent(requestArgs -> ctx.addIssue(requestArgs, MESSAGE));
+    findRequestArgsRecursively(functionDef, ctx)
+      .forEach(requestArgs -> ctx.addIssue(requestArgs, MESSAGE));
+  }
+
+  private static Stream<Tree> findRequestArgsRecursively(Tree tree, SubscriptionContext ctx) {
+    if (tree instanceof QualifiedExpression qe && isRequestArgs(qe, ctx)) {
+      return Stream.of(tree);
+    }
+    return tree.children().stream()
+      .flatMap(child -> findRequestArgsRecursively(child, ctx));
   }
 
   private static boolean isPostRoute(FunctionDef functionDef, SubscriptionContext ctx) {
@@ -127,3 +135,4 @@ private static boolean isRequestArgs(QualifiedExpression qualifiedExpr, Subscrip
     return TypeMatchers.isObjectOfType(REQUEST_FQN).isTrueFor(request, ctx);
   }
 }
+
diff --git a/python-checks/src/test/resources/checks/flaskPostWithQueryParameter.py b/python-checks/src/test/resources/checks/flaskPostWithQueryParameter.py
@@ -40,6 +40,7 @@ def getting_args():
 def update_resource():
     key = request.args.get('key')  # Noncompliant
     #     ^^^^^^^^^^^^
+    response.set_cookie(request.args.get("name"), request.args.get("value"))  # Noncompliant 2
     return 'Updated'
 
 @app.route('/data', methods=['GET','POST'])

Original file line number	Diff line number	Diff line change
`@@ -57,8 +57,16 @@ private static void checkPostWithQueryParams(SubscriptionContext ctx) {`
`57`	`57`	`return;`
`58`	`58`	`}`
`59`	`59`
`60`		`- TreeUtils.firstChild(functionDef, tree -> tree instanceof QualifiedExpression qe && isRequestArgs(qe, ctx))`
`61`		`- .ifPresent(requestArgs -> ctx.addIssue(requestArgs, MESSAGE));`
	`60`	`+ findRequestArgsRecursively(functionDef, ctx)`
	`61`	`+ .forEach(requestArgs -> ctx.addIssue(requestArgs, MESSAGE));`
	`62`	`+ }`
	`63`	`+`
	`64`	`+ private static Stream<Tree> findRequestArgsRecursively(Tree tree, SubscriptionContext ctx) {`
	`65`	`+ if (tree instanceof QualifiedExpression qe && isRequestArgs(qe, ctx)) {`
	`66`	`+ return Stream.of(tree);`
	`67`	`+ }`
	`68`	`+ return tree.children().stream()`
	`69`	`+ .flatMap(child -> findRequestArgsRecursively(child, ctx));`
`62`	`70`	`}`
`63`	`71`
`64`	`72`	`private static boolean isPostRoute(FunctionDef functionDef, SubscriptionContext ctx) {`
`@@ -127,3 +135,4 @@ private static boolean isRequestArgs(QualifiedExpression qualifiedExpr, Subscrip`
`127`	`135`	`return TypeMatchers.isObjectOfType(REQUEST_FQN).isTrueFor(request, ctx);`
`128`	`136`	`}`
`129`	`137`	`}`
	`138`	`+`