SONARPY-3707 S8412: Add quick fix (#821)

Seppli11 · sonartech · commit c5ff601e8a80 · 2026-02-02T08:16:18.000Z
GitOrigin-RevId: 4e8b2b2e3b117ffb93105f051a384bf93e941572
diff --git a/python-checks/src/main/java/org/sonar/python/checks/FastAPIGenericRouteDecoratorCheck.java b/python-checks/src/main/java/org/sonar/python/checks/FastAPIGenericRouteDecoratorCheck.java
@@ -17,39 +17,45 @@
 package org.sonar.python.checks;
 
 import java.util.List;
+import java.util.Locale;
+import java.util.Optional;
 import java.util.Set;
 import javax.annotation.CheckForNull;
 import org.sonar.check.Rule;
 import org.sonar.plugins.python.api.PythonSubscriptionCheck;
 import org.sonar.plugins.python.api.SubscriptionContext;
+import org.sonar.plugins.python.api.quickfix.PythonQuickFix;
+import org.sonar.plugins.python.api.tree.Argument;
 import org.sonar.plugins.python.api.tree.CallExpression;
 import org.sonar.plugins.python.api.tree.Decorator;
 import org.sonar.plugins.python.api.tree.Expression;
 import org.sonar.plugins.python.api.tree.FunctionDef;
 import org.sonar.plugins.python.api.tree.ListLiteral;
+import org.sonar.plugins.python.api.tree.Name;
+import org.sonar.plugins.python.api.tree.QualifiedExpression;
 import org.sonar.plugins.python.api.tree.RegularArgument;
 import org.sonar.plugins.python.api.tree.StringLiteral;
 import org.sonar.plugins.python.api.tree.Tree;
 import org.sonar.plugins.python.api.types.v2.matchers.TypeMatcher;
 import org.sonar.plugins.python.api.types.v2.matchers.TypeMatchers;
 import org.sonar.python.checks.utils.Expressions;
+import org.sonar.python.quickfix.TextEditUtils;
 import org.sonar.python.tree.TreeUtils;
 
 @Rule(key = "S8412")
 public class FastAPIGenericRouteDecoratorCheck extends PythonSubscriptionCheck {
 
-  private static final String MESSAGE =
-    "Replace this generic \"route()\" decorator with a specific HTTP method decorator.";
+  private static final String MESSAGE = "Replace this generic \"route()\" decorator with a specific HTTP method decorator.";
+
+  private static final String QUICK_FIX_MESSAGE = "Replace with \"%s\"";
 
   private static final TypeMatcher ROUTE_DECORATOR_MATCHER = TypeMatchers.any(
     TypeMatchers.isType("fastapi.applications.FastAPI.route"),
-    TypeMatchers.isType("fastapi.routing.APIRouter.route")
-  );
+    TypeMatchers.isType("fastapi.routing.APIRouter.route"));
 
   private static final Set<String> SINGLE_HTTP_METHODS = Set.of(
     "GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS", "HEAD", "TRACE",
-    "get", "post", "put", "delete", "patch", "options", "head", "trace"
-  );
+    "get", "post", "put", "delete", "patch", "options", "head", "trace");
 
   @Override
   public void initialize(Context context) {
@@ -81,31 +87,77 @@ private static void checkDecorator(SubscriptionContext ctx, Decorator decorator)
     }
 
     Expression methodsExpr = methodsArg.expression();
-    if (methodsExpr instanceof ListLiteral listLiteral && isSingleHttpMethod(listLiteral)) {
-      ctx.addIssue(callExpr.callee(), MESSAGE);
+    if (!(methodsExpr instanceof ListLiteral listLiteral)) {
+      return;
+    }
+
+    Optional<String> httpMethod = getSingleHttpMethod(listLiteral);
+    if (httpMethod.isPresent()) {
+      PreciseIssue issue = ctx.addIssue(callExpr.callee(), MESSAGE);
+      addQuickFix(issue, callExpr, methodsArg, httpMethod.get());
     }
   }
 
-  private static boolean isSingleHttpMethod(ListLiteral listLiteral) {
+  private static Optional<String> getSingleHttpMethod(ListLiteral listLiteral) {
     List<Expression> elements = listLiteral.elements().expressions();
 
     if (elements.size() != 1) {
-      return false;
+      return Optional.empty();
     }
 
     Expression element = elements.get(0);
     StringLiteral stringLiteral = Expressions.extractStringLiteral(element);
     if (stringLiteral == null) {
-      return false;
+      return Optional.empty();
     }
 
     String methodName = stringLiteral.trimmedQuotesValue();
-    return SINGLE_HTTP_METHODS.contains(methodName);
+    if (SINGLE_HTTP_METHODS.contains(methodName)) {
+      return Optional.of(methodName.toLowerCase(Locale.ROOT));
+    }
+    return Optional.empty();
   }
 
   @CheckForNull
   private static CallExpression getDecoratorCallExpression(Decorator decorator) {
     Expression decoratorExpr = decorator.expression();
     return decoratorExpr instanceof CallExpression callExpr ? callExpr : null;
   }
+
+  private static void addQuickFix(PreciseIssue issue, CallExpression callExpr,
+    RegularArgument methodsArg, String httpMethod) {
+    Expression callee = callExpr.callee();
+    if (!(callee instanceof QualifiedExpression qualifiedExpr)) {
+      return;
+    }
+    Name routeName = qualifiedExpr.name();
+
+    var builder = PythonQuickFix.newQuickFix(String.format(QUICK_FIX_MESSAGE, httpMethod));
+    builder.addTextEdit(TextEditUtils.replace(routeName, httpMethod));
+    addRemoveMethodArgumentEdit(builder, callExpr, methodsArg);
+
+    issue.addQuickFix(builder.build());
+  }
+
+  private static void addRemoveMethodArgumentEdit(PythonQuickFix.Builder builder,
+    CallExpression callExpr,
+    RegularArgument methodsArg) {
+    List<Argument> arguments = callExpr.arguments();
+    int argIndex = arguments.indexOf(methodsArg);
+
+    if (argIndex == -1) {
+      return;
+    }
+
+    if (arguments.size() == 1) {
+      builder.addTextEdit(TextEditUtils.remove(methodsArg));
+    } else if (argIndex == arguments.size() - 1) {
+      Argument previousArg = arguments.get(argIndex - 1);
+      var lastToken = previousArg.lastToken();
+      builder.addTextEdit(TextEditUtils.replaceRange(lastToken, methodsArg.lastToken(), lastToken.value()));
+    } else {
+      Argument nextArg = arguments.get(argIndex + 1);
+      builder.addTextEdit(TextEditUtils.removeUntil(methodsArg, nextArg));
+    }
+  }
 }
diff --git a/python-checks/src/test/java/org/sonar/python/checks/FastAPIGenericRouteDecoratorCheckTest.java b/python-checks/src/test/java/org/sonar/python/checks/FastAPIGenericRouteDecoratorCheckTest.java
@@ -16,7 +16,12 @@
  */
 package org.sonar.python.checks;
 
+import java.util.stream.Stream;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+import org.sonar.python.checks.quickfix.PythonQuickFixVerifier;
 import org.sonar.python.checks.utils.PythonCheckVerifier;
 
 class FastAPIGenericRouteDecoratorCheckTest {
@@ -27,4 +32,141 @@ class FastAPIGenericRouteDecoratorCheckTest {
   void test() {
     PythonCheckVerifier.verify("src/test/resources/checks/fastAPIGenericRouteDecorator.py", check);
   }
+
+  @ParameterizedTest
+  @MethodSource("quickFixWithMessageTestCases")
+  void quickFixWithMessage(String testName, String before, String after, String expectedMessage) {
+    PythonQuickFixVerifier.verify(check, before, after);
+    PythonQuickFixVerifier.verifyQuickFixMessages(check, before, expectedMessage);
+  }
+
+  @ParameterizedTest
+  @MethodSource("quickFixTestCases")
+  void quickFix(String testName, String before, String after) {
+    PythonQuickFixVerifier.verify(check, before, after);
+  }
+
+  static Stream<Arguments> quickFixWithMessageTestCases() {
+    return Stream.of(
+      Arguments.of(
+        "basic GET",
+        """
+          from fastapi import FastAPI
+          app = FastAPI()
+          @app.route("/users", methods=["GET"])
+          def get_users():
+              return {"users": []}""",
+        """
+          from fastapi import FastAPI
+          app = FastAPI()
+          @app.get("/users")
+          def get_users():
+              return {"users": []}""",
+        "Replace with \"get\""),
+      Arguments.of(
+        "POST method",
+        """
+          from fastapi import FastAPI
+          app = FastAPI()
+          @app.route("/users", methods=["POST"])
+          def create_user():
+              return {}""",
+        """
+          from fastapi import FastAPI
+          app = FastAPI()
+          @app.post("/users")
+          def create_user():
+              return {}""",
+        "Replace with \"post\""),
+      Arguments.of(
+        "router DELETE",
+        """
+          from fastapi import APIRouter
+          router = APIRouter()
+          @router.route("/items", methods=["DELETE"])
+          def delete_item():
+              return {}""",
+        """
+          from fastapi import APIRouter
+          router = APIRouter()
+          @router.delete("/items")
+          def delete_item():
+              return {}""",
+        "Replace with \"delete\""),
+      Arguments.of(
+        "lowercase method",
+        """
+          from fastapi import FastAPI
+          app = FastAPI()
+          @app.route("/lower", methods=["get"])
+          def lower_method():
+              return {}""",
+        """
+          from fastapi import FastAPI
+          app = FastAPI()
+          @app.get("/lower")
+          def lower_method():
+              return {}""",
+        "Replace with \"get\""));
+  }
+
+  static Stream<Arguments> quickFixTestCases() {
+    return Stream.of(
+      Arguments.of(
+        "methods first",
+        """
+          from fastapi import FastAPI
+          app = FastAPI()
+          @app.route(methods=["GET"], path="/users")
+          def get_users():
+              return {}""",
+        """
+          from fastapi import FastAPI
+          app = FastAPI()
+          @app.get(path="/users")
+          def get_users():
+              return {}"""),
+      Arguments.of(
+        "with additional params",
+        """
+          from fastapi import FastAPI
+          app = FastAPI()
+          @app.route("/users", methods=["GET"], response_model=None)
+          def get_users():
+              return {}""",
+        """
+          from fastapi import FastAPI
+          app = FastAPI()
+          @app.get("/users", response_model=None)
+          def get_users():
+              return {}"""),
+      Arguments.of(
+        "methods middle position",
+        """
+          from fastapi import FastAPI
+          app = FastAPI()
+          @app.route("/users", methods=["PUT"], status_code=200, response_model=None)
+          def update_user():
+              return {}""",
+        """
+          from fastapi import FastAPI
+          app = FastAPI()
+          @app.put("/users", status_code=200, response_model=None)
+          def update_user():
+              return {}"""),
+      Arguments.of(
+        "only one arg",
+        """
+          from fastapi import FastAPI
+          app = FastAPI()
+          @app.route(methods=["GET"])
+          def get_users():
+              return {}""",
+        """
+          from fastapi import FastAPI
+          app = FastAPI()
+          @app.get()
+          def get_users():
+              return {}"""));
+  }
 }
