SONARPY-3949 Migrated rule S2115, S5828, S6727, S6882, S6887 to typeV2 (#991)

GitOrigin-RevId: 712dcaf53f7ce55d7259650cf0efe27b5d7cf5b6

Author: joke1196

python-checks/src/main/java/org/sonar/python/checks/DbNoPasswordCheck.java

@@ -16,14 +16,12 @@
  */
 package org.sonar.python.checks;
 
-import java.util.Arrays;
 import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import org.sonar.check.Rule;
 import org.sonar.plugins.python.api.PythonSubscriptionCheck;
 import org.sonar.plugins.python.api.SubscriptionContext;
-import org.sonar.plugins.python.api.symbols.Symbol;
 import org.sonar.plugins.python.api.tree.Argument;
 import org.sonar.plugins.python.api.tree.AssignmentStatement;
 import org.sonar.plugins.python.api.tree.CallExpression;
@@ -34,6 +32,8 @@
 import org.sonar.plugins.python.api.tree.StringLiteral;
 import org.sonar.plugins.python.api.tree.Tree;
 import org.sonar.plugins.python.api.tree.Tree.Kind;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatcher;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatchers;
 
 import static org.sonar.plugins.python.api.tree.Tree.Kind.ASSIGNMENT_STMT;
 import static org.sonar.plugins.python.api.tree.Tree.Kind.CALL_EXPR;
@@ -49,15 +49,19 @@ public class DbNoPasswordCheck extends PythonSubscriptionCheck {
 
   private static final String MESSAGE = "Add password protection to this database.";
 
-  private static final List<String> CONNECT_METHODS = Arrays.asList(
-    "mysql.connector.connect",
-    "mysql.connector.connection.MySQLConnection",
-    "pymysql.connections.connect",
-    "psycopg2.connect",
-    "pgdb.connect.connect",
-    "pg.DB",
-    "pg.connect"
-  );
+  private static final TypeMatcher PG_MATCHER = TypeMatchers.any(
+    TypeMatchers.isType("pg.db.DB"),
+    TypeMatchers.isType("pg.connect"));
+
+  private static final TypeMatcher CONNECT_MATCHER = TypeMatchers.any(
+    TypeMatchers.isType("mysql.connector.connect"),
+    TypeMatchers.isType("mysql.connector.connection.MySQLConnection"),
+    TypeMatchers.isType("pymysql.connections.connect"),
+    TypeMatchers.isType("psycopg2.connect"),
+    // pgdb.connect is a module whose connect function has FQN pgdb.connect.connect.
+    // isType can't resolve it through the type table, so use withFQN to match on the FQN directly.
+    TypeMatchers.withFQN("pgdb.connect.connect"),
+    PG_MATCHER);
 
   private static final Pattern CONNECTION_URI_PATTERN =
     Pattern.compile("^(?:postgresql|mysql|oracle|mssql)(?:\\+.+?)?://.+?(:.*)?@.+");
@@ -83,17 +87,17 @@ private static void checkDbUri(SubscriptionContext ctx) {
 
   private static void checkDbApi(SubscriptionContext ctx) {
     CallExpression callExpr = (CallExpression) ctx.syntaxNode();
-    Symbol symbol = callExpr.calleeSymbol();
-    if (symbol != null && CONNECT_METHODS.contains(symbol.fullyQualifiedName())) {
-      RegularArgument passwordArgument = getPasswordArgument(symbol.fullyQualifiedName(), callExpr.arguments());
-      if (passwordArgument != null && isString(passwordArgument.expression(), "")) {
-        ctx.addIssue(passwordArgument, MESSAGE);
-      }
+    if (!CONNECT_MATCHER.isTrueFor(callExpr.callee(), ctx)) {
+      return;
+    }
+    boolean isPg = PG_MATCHER.isTrueFor(callExpr.callee(), ctx);
+    RegularArgument passwordArgument = getPasswordArgument(isPg, callExpr.arguments());
+    if (passwordArgument != null && isString(passwordArgument.expression(), "")) {
+      ctx.addIssue(passwordArgument, MESSAGE);
     }
   }
 
-  private static RegularArgument getPasswordArgument(String method, List<Argument> arguments) {
-    boolean isPg = method.startsWith("pg.");
+  private static RegularArgument getPasswordArgument(boolean isPg, List<Argument> arguments) {
     String argumentKeyword = isPg ? "passwd" : "password";
     int passwordIndex = isPg ? 5 : 2;
     int positionalIndex = 0;

python-checks/src/main/java/org/sonar/python/checks/IncorrectParameterDatetimeConstructorsCheck.java

@@ -19,14 +19,15 @@
 import org.sonar.check.Rule;
 import org.sonar.plugins.python.api.PythonSubscriptionCheck;
 import org.sonar.plugins.python.api.SubscriptionContext;
-import org.sonar.plugins.python.api.symbols.Symbol;
 import org.sonar.plugins.python.api.tree.CallExpression;
 import org.sonar.plugins.python.api.tree.Expression;
 import org.sonar.plugins.python.api.tree.Name;
 import org.sonar.plugins.python.api.tree.NumericLiteral;
 import org.sonar.plugins.python.api.tree.RegularArgument;
 import org.sonar.plugins.python.api.tree.Tree;
 import org.sonar.plugins.python.api.tree.UnaryExpression;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatcher;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatchers;
 import org.sonar.python.checks.utils.Expressions;
 import org.sonar.python.tree.TreeUtils;
 
@@ -36,6 +37,9 @@ public class IncorrectParameterDatetimeConstructorsCheck extends PythonSubscript
   private static final int MAX_YEAR = 9999;
   private static final String MESSAGE = "Provide a correct value for the `%s` parameter.";
   private static final String MESSAGE_SECONDARY_LOCATION = "An invalid value is assigned here.";
+  private static final TypeMatcher DATE_MATCHER = TypeMatchers.isType("datetime.date");
+  private static final TypeMatcher TIME_MATCHER = TypeMatchers.isType("datetime.time");
+  private static final TypeMatcher DATETIME_MATCHER = TypeMatchers.isType("datetime.datetime");
 
   @Override
   public void initialize(Context context) {
@@ -44,15 +48,12 @@ public void initialize(Context context) {
 
   private static void checkCallExpr(SubscriptionContext context) {
     CallExpression callExpression = (CallExpression) context.syntaxNode();
-    Symbol calleeSymbol = callExpression.calleeSymbol();
-    if (calleeSymbol == null) {
-      return;
-    }
-    if ("datetime.date".equals(calleeSymbol.fullyQualifiedName())) {
+    Expression callee = callExpression.callee();
+    if (DATE_MATCHER.isTrueFor(callee, context)) {
       checkDate(context, callExpression);
-    } else if ("datetime.time".equals(calleeSymbol.fullyQualifiedName())) {
+    } else if (TIME_MATCHER.isTrueFor(callee, context)) {
       checkTime(context, callExpression);
-    } else if ("datetime.datetime".equals(calleeSymbol.fullyQualifiedName())) {
+    } else if (DATETIME_MATCHER.isTrueFor(callee, context)) {
       checkDate(context, callExpression);
       checkTime(context, callExpression, 3);
     }

python-checks/src/main/java/org/sonar/python/checks/InvalidOpenModeCheck.java

@@ -23,7 +23,6 @@
 import org.sonar.check.Rule;
 import org.sonar.plugins.python.api.PythonSubscriptionCheck;
 import org.sonar.plugins.python.api.SubscriptionContext;
-import org.sonar.plugins.python.api.symbols.Symbol;
 import org.sonar.plugins.python.api.tree.Argument;
 import org.sonar.plugins.python.api.tree.CallExpression;
 import org.sonar.plugins.python.api.tree.Expression;
@@ -32,6 +31,8 @@
 import org.sonar.plugins.python.api.tree.StringElement;
 import org.sonar.plugins.python.api.tree.StringLiteral;
 import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatcher;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatchers;
 import org.sonar.python.checks.utils.Expressions;
 import org.sonar.python.tree.TreeUtils;
 
@@ -41,13 +42,13 @@ public class InvalidOpenModeCheck extends PythonSubscriptionCheck {
   private static final String VALID_MODES = "rwatb+Ux";
   private static final Pattern INVALID_CHARACTERS = Pattern.compile("[^" + VALID_MODES + "]");
   private static final String MESSAGE = "Fix this invalid mode string.";
+  private static final TypeMatcher OPEN_MATCHER = TypeMatchers.isType("open");
 
   @Override
   public void initialize(Context context) {
     context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, ctx -> {
       CallExpression callExpression = (CallExpression) ctx.syntaxNode();
-      Symbol calleeSymbol = callExpression.calleeSymbol();
-      if (calleeSymbol == null || !"open".equals(calleeSymbol.fullyQualifiedName())) {
+      if (!OPEN_MATCHER.isTrueFor(callExpression.callee(), ctx)) {
         return;
       }
       List<Argument> arguments = callExpression.arguments();

python-checks/src/main/java/org/sonar/python/checks/IsCloseAbsTolCheck.java

@@ -22,13 +22,14 @@
 import org.sonar.plugins.python.api.PythonSubscriptionCheck;
 import org.sonar.plugins.python.api.SubscriptionContext;
 import org.sonar.plugins.python.api.quickfix.PythonQuickFix;
-import org.sonar.plugins.python.api.symbols.Symbol;
 import org.sonar.plugins.python.api.tree.CallExpression;
 import org.sonar.plugins.python.api.tree.Expression;
 import org.sonar.plugins.python.api.tree.Name;
 import org.sonar.plugins.python.api.tree.NumericLiteral;
 import org.sonar.plugins.python.api.tree.RegularArgument;
 import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatcher;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatchers;
 import org.sonar.python.checks.utils.Expressions;
 import org.sonar.python.quickfix.TextEditUtils;
 import org.sonar.python.tree.TreeUtils;
@@ -39,6 +40,7 @@ public class IsCloseAbsTolCheck extends PythonSubscriptionCheck {
   private static final String MESSAGE = "Provide the \"abs_tol\" parameter when using \"math.isclose\" to compare a value to 0.";
   private static final String SECONDARY_LOCATION_MESSAGE = "This argument evaluates to zero.";
   private static final String QUICK_FIX_MESSAGE = "Add the \"abs_tol\" parameter.";
+  private static final TypeMatcher MATH_ISCLOSE = TypeMatchers.isType("math.isclose");
 
   @Override
   public void initialize(Context context) {
@@ -47,8 +49,7 @@ public void initialize(Context context) {
   }
 
   private static void checkForIsCloseAbsTolArgument(SubscriptionContext ctx, CallExpression call) {
-    Symbol symbol = call.calleeSymbol();
-    if (symbol != null && "math.isclose".equals(symbol.fullyQualifiedName())
+    if (MATH_ISCLOSE.isTrueFor(call.callee(), ctx)
       && TreeUtils.argumentByKeyword("abs_tol", call.arguments()) == null) {
       RegularArgument firstArg = TreeUtils.nthArgumentOrKeyword(0, "a", call.arguments());
       RegularArgument secondArg = TreeUtils.nthArgumentOrKeyword(1, "b", call.arguments());

python-checks/src/main/java/org/sonar/python/checks/PytzTimeZoneInDatetimeConstructorCheck.java

@@ -18,22 +18,24 @@
 
 import java.util.Comparator;
 import java.util.List;
-import java.util.Optional;
 import org.sonar.check.Rule;
 import org.sonar.plugins.python.api.PythonSubscriptionCheck;
 import org.sonar.plugins.python.api.SubscriptionContext;
-import org.sonar.plugins.python.api.symbols.Symbol;
 import org.sonar.plugins.python.api.tree.CallExpression;
 import org.sonar.plugins.python.api.tree.Name;
 import org.sonar.plugins.python.api.tree.RegularArgument;
 import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatcher;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatchers;
 import org.sonar.python.tree.TreeUtils;
 
 @Rule(key = "S6887")
 public class PytzTimeZoneInDatetimeConstructorCheck extends PythonSubscriptionCheck {
 
   private static final String MESSAGE = "Don't pass a \"pytz.timezone\" to the \"datetime.datetime\" constructor.";
   private static final String SECONDARY_MESSAGE = "The pytz.timezone is created here.";
+  private static final TypeMatcher DATETIME_DATETIME = TypeMatchers.isType("datetime.datetime");
+  private static final TypeMatcher PYTZ_TIMEZONE = TypeMatchers.isType("pytz.timezone");
 
   @Override
   public void initialize(Context context) {
@@ -42,9 +44,8 @@ public void initialize(Context context) {
 
   private static void checkCallExpression(SubscriptionContext context) {
     CallExpression callExpression = (CallExpression) context.syntaxNode();
-    Symbol calleeSymbol = callExpression.calleeSymbol();
 
-    if (calleeSymbol != null && "datetime.datetime".equals(calleeSymbol.fullyQualifiedName())) {
+    if (DATETIME_DATETIME.isTrueFor(callExpression.callee(), context)) {
       RegularArgument argument = TreeUtils.nthArgumentOrKeyword(7, "tzinfo", callExpression.arguments());
       if (argument == null) {
         return;
@@ -56,16 +57,15 @@ private static void checkCallExpression(SubscriptionContext context) {
   private static void checkArgument(RegularArgument argument, SubscriptionContext context) {
     if (argument.expression().is(Tree.Kind.CALL_EXPR)) {
       CallExpression callExpression = (CallExpression) argument.expression();
-      Symbol calleeSymbol = callExpression.calleeSymbol();
-      if (!(calleeSymbol != null && "pytz.timezone".equals(calleeSymbol.fullyQualifiedName()))) {
+      if (!PYTZ_TIMEZONE.isTrueFor(callExpression.callee(), context)) {
         return;
       }
       context.addIssue(argument, MESSAGE);
     } else if (argument.expression().is(Tree.Kind.NAME)) {
       List<CallExpression> allSecondaryLocations = context.valuesAtLocation((Name) argument.expression()).stream()
         .filter(expression -> expression.is(Tree.Kind.CALL_EXPR))
         .map(CallExpression.class::cast)
-        .filter(call -> Optional.ofNullable(call.calleeSymbol()).map(symbol ->"pytz.timezone".equals(symbol.fullyQualifiedName())).orElse(false))
+        .filter(call -> PYTZ_TIMEZONE.isTrueFor(call.callee(), context))
         .sorted(Comparator.comparingInt(call -> call.firstToken().line()))
         .toList();
 

python-frontend/src/main/resources/org/sonar/python/types/custom_protobuf/pg.connection.protobuf

@@ -0,0 +1,20 @@
+
+pg.connection�
+
+Connectionpg.connection.Connection"*SonarPythonAnalyzerFakeStub.CustomStubBase*�

+querypg.connection.Connection.query"
+None*>
+self
4
+pg.connection.Connection"pg.connection.Connection*)
+command

+builtins.str"builtins.str*
+args
+Any*q
+closepg.connection.Connection.close"
+None*>
+self
4
+pg.connection.Connection"pg.connection.Connection*�

+__annotations__pg.connection.__annotations__W
+builtins.dict[builtins.str,Any]
+builtins.str"builtins.str
+Any"builtins.dict

python-frontend/src/main/resources/org/sonar/python/types/custom_protobuf/pg.db.protobuf

@@ -0,0 +1,45 @@
+
+pg.db�
+DBpg.db.DB"*SonarPythonAnalyzerFakeStub.CustomStubBase*�
+__init__pg.db.DB.__init__"
+None*
+self

+pg.db.DB"pg.db.DB*R
+dbname
D
+Union[builtins.str,None]

+builtins.str"builtins.str
+None 
*P
+host
D
+Union[builtins.str,None]

+builtins.str"builtins.str
+None 
*(
+port

+builtins.int"builtins.int 
*O
+opt
D
+Union[builtins.str,None]

+builtins.str"builtins.str
+None 
*P
+user
D
+Union[builtins.str,None]

+builtins.str"builtins.str
+None 
*R
+passwd
D
+Union[builtins.str,None]

+builtins.str"builtins.str
+None 
*
+querypg.db.DB.query"
+None*
+self

+pg.db.DB"pg.db.DB*)
+command

+builtins.str"builtins.str*
+args
+Any*A
+closepg.db.DB.close"
+None*
+self

+pg.db.DB"pg.db.DB*�

+__annotations__pg.db.__annotations__W
+builtins.dict[builtins.str,Any]
+builtins.str"builtins.str
+Any"builtins.dict