Added Independent Finding Execution Behavior (#1030)

* Codemods will now execute once for each finding independently

* Adjusted tests to account for individual changes diff

* Fixed a few more unit tests

* Fixed a few more tests

* Fixed more unit tests

* Fixed more unit tests

* Added hardening script

* Added integration tests for new behavior

* Added file rewritten check

* Fixed some integration tests

* More integration tests converted

* Fixed a few more tests

* Remove leftover debugging code

* Fixed broken dependency and some docstrings

* Fixed pygoat workflow file

* Fixed some intermittent tests

* Some refactoring

* More refactoring

* Small refactoring

* Reverted default behavior to hardening

* Fixed pygoat test

* Refactored hardening and remediation behavior

* Fixed skipping logic

* Fixed asserts in integration tests with sonar issues

* Removed debugging code

* Downgraded pydantic version and bumped sarif-pydantic

* Added method to create ResultSets from the same type

Author: andrecsilva

integration_tests/sonar/test_sonar_fix_missing_self_or_cls.py

@@ -1,38 +1,17 @@
-from codemodder.codemods.test import SonarIntegrationTest
+from codemodder.codemods.test.integration_utils import SonarRemediationIntegrationTest
 from core_codemods.fix_missing_self_or_cls import FixMissingSelfOrClsTransformer
 from core_codemods.sonar.sonar_fix_missing_self_or_cls import SonarFixMissingSelfOrCls
 
 
-class TestSonarFixMissingSelfOrCls(SonarIntegrationTest):
+class TestSonarFixMissingSelfOrCls(SonarRemediationIntegrationTest):
     codemod = SonarFixMissingSelfOrCls
     code_path = "tests/samples/fix_missing_self_or_cls.py"
-    replacement_lines = [
-        (
-            2,
-            """    def instance_method(self):\n""",
-        ),
-        (
-            6,
-            """    def class_method(cls):\n""",
-        ),
+
+    expected_diff_per_change = [
+        '--- \n+++ \n@@ -1,5 +1,5 @@\n class MyClass:\n-    def instance_method():\n+    def instance_method(self):\n         print("instance_method")\n \n     @classmethod\n',
+        '--- \n+++ \n@@ -3,5 +3,5 @@\n         print("instance_method")\n \n     @classmethod\n-    def class_method():\n+    def class_method(cls):\n         print("class_method")\n',
     ]
-    # fmt: off
-    expected_diff = (
-    """--- \n"""
-    """+++ \n"""
-    """@@ -1,7 +1,7 @@\n"""
-    """ class MyClass:\n"""
-    """-    def instance_method():\n"""
-    """+    def instance_method(self):\n"""
-    """         print("instance_method")\n"""
-    """ \n"""
-    """     @classmethod\n"""
-    """-    def class_method():\n"""
-    """+    def class_method(cls):\n"""
-    """         print("class_method")\n"""
-    )
-    # fmt: on
 
-    expected_line_change = "2"
+    expected_lines_changed = [2, 6]
     change_description = FixMissingSelfOrClsTransformer.change_description
     num_changes = 2

integration_tests/sonar/test_sonar_jinja2_autoescape.py

@@ -1,18 +1,18 @@
-from codemodder.codemods.test import SonarIntegrationTest
+from codemodder.codemods.test.integration_utils import SonarRemediationIntegrationTest
 from core_codemods.enable_jinja2_autoescape import EnableJinja2AutoescapeTransformer
 from core_codemods.sonar.sonar_enable_jinja2_autoescape import (
     SonarEnableJinja2Autoescape,
 )
 
 
-class TestSonarEnableJinja2Autoescape(SonarIntegrationTest):
+class TestSonarEnableJinja2Autoescape(SonarRemediationIntegrationTest):
     codemod = SonarEnableJinja2Autoescape
     code_path = "tests/samples/jinja2_autoescape.py"
-    replacement_lines = [
-        (3, "env = Environment(autoescape=True)\n"),
-        (4, "env = Environment(autoescape=True)\n"),
+    expected_diff_per_change = [
+        "--- \n+++ \n@@ -1,4 +1,4 @@\n from jinja2 import Environment\n \n-env = Environment()\n+env = Environment(autoescape=True)\n env = Environment(autoescape=False)\n",
+        "--- \n+++ \n@@ -1,4 +1,4 @@\n from jinja2 import Environment\n \n env = Environment()\n-env = Environment(autoescape=False)\n+env = Environment(autoescape=True)\n",
     ]
-    expected_diff = "--- \n+++ \n@@ -1,4 +1,4 @@\n from jinja2 import Environment\n \n-env = Environment()\n-env = Environment(autoescape=False)\n+env = Environment(autoescape=True)\n+env = Environment(autoescape=True)\n"
-    expected_line_change = "3"
+
+    expected_lines_changed = [3, 4]
     num_changes = 2
     change_description = EnableJinja2AutoescapeTransformer.change_description

integration_tests/sonar/test_sonar_jwt_decode_verify.py

@@ -1,25 +1,19 @@
-from codemodder.codemods.test import SonarIntegrationTest
+from codemodder.codemods.test.integration_utils import SonarRemediationIntegrationTest
 from core_codemods.sonar.sonar_jwt_decode_verify import (
     JwtDecodeVerifySASTTransformer,
     SonarJwtDecodeVerify,
 )
 
 
-class TestJwtDecodeVerify(SonarIntegrationTest):
+class TestJwtDecodeVerify(SonarRemediationIntegrationTest):
     codemod = SonarJwtDecodeVerify
     code_path = "tests/samples/jwt_decode_verify.py"
-    replacement_lines = [
-        (
-            11,
-            """decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], verify=True)\n""",
-        ),
-        (
-            12,
-            """decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], options={"verify_signature": True})\n""",
-        ),
+
+    expected_diff_per_change = [
+        '--- \n+++ \n@@ -8,7 +8,7 @@\n \n encoded_jwt = jwt.encode(payload, SECRET_KEY, algorithm="HS256")\n \n-decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], verify=False)\n+decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], verify=True)\n decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], options={"verify_signature": False})\n \n var = "something"\n',
+        '--- \n+++ \n@@ -9,6 +9,6 @@\n encoded_jwt = jwt.encode(payload, SECRET_KEY, algorithm="HS256")\n \n decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], verify=False)\n-decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], options={"verify_signature": False})\n+decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], options={"verify_signature": True})\n \n var = "something"\n',
     ]
 
-    expected_diff = '--- \n+++ \n@@ -8,7 +8,7 @@\n \n encoded_jwt = jwt.encode(payload, SECRET_KEY, algorithm="HS256")\n \n-decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], verify=False)\n-decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], options={"verify_signature": False})\n+decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], verify=True)\n+decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], options={"verify_signature": True})\n \n var = "something"\n'
-    expected_line_change = "11"
+    expected_lines_changed = [11, 12]
     num_changes = 2
     change_description = JwtDecodeVerifySASTTransformer.change_description

integration_tests/sonar/test_sonar_secure_cookie.py

@@ -1,19 +1,18 @@
-from codemodder.codemods.test import SonarIntegrationTest
+from codemodder.codemods.test.integration_utils import SonarRemediationIntegrationTest
 from core_codemods.sonar.sonar_secure_cookie import (
     SonarSecureCookie,
     SonarSecureCookieTransformer,
 )
 
 
-class TestSonarSecureCookie(SonarIntegrationTest):
+class TestSonarSecureCookie(SonarRemediationIntegrationTest):
     codemod = SonarSecureCookie
     code_path = "tests/samples/secure_cookie.py"
-    replacement_lines = [
-        (
-            8,
-            """    resp.set_cookie('custom_cookie', 'value', secure=True, httponly=True, samesite='Lax')\n""",
-        ),
+    expected_diff_per_change = [
+        "--- \n+++ \n@@ -5,5 +5,5 @@\n @app.route('/')\n def index():\n     resp = make_response('Custom Cookie Set')\n-    resp.set_cookie('custom_cookie', 'value')\n+    resp.set_cookie('custom_cookie', 'value', secure=True, httponly=True, samesite='Lax')\n     return resp\n",
+        "--- \n+++ \n@@ -5,5 +5,5 @@\n @app.route('/')\n def index():\n     resp = make_response('Custom Cookie Set')\n-    resp.set_cookie('custom_cookie', 'value')\n+    resp.set_cookie('custom_cookie', 'value', secure=True, httponly=True, samesite='Lax')\n     return resp\n",
     ]
-    expected_diff = "--- \n+++ \n@@ -5,5 +5,5 @@\n @app.route('/')\n def index():\n     resp = make_response('Custom Cookie Set')\n-    resp.set_cookie('custom_cookie', 'value')\n+    resp.set_cookie('custom_cookie', 'value', secure=True, httponly=True, samesite='Lax')\n     return resp\n"
-    expected_line_change = "8"
+
+    expected_lines_changed = [8, 8]
+    num_changes = 2
     change_description = SonarSecureCookieTransformer.change_description

integration_tests/sonar/test_sonar_secure_random.py

@@ -1,29 +1,16 @@
-from codemodder.codemods.test import SonarIntegrationTest
+from codemodder.codemods.test.integration_utils import SonarRemediationIntegrationTest
 from core_codemods.secure_random import SecureRandomTransformer
 from core_codemods.sonar.sonar_secure_random import SonarSecureRandom
 
 
-class TestSonarDjangoJsonResponseType(SonarIntegrationTest):
+class TestSonarSecureRandom(SonarRemediationIntegrationTest):
     codemod = SonarSecureRandom
     code_path = "tests/samples/secure_random.py"
-    replacement_lines = [
-        (1, """import secrets\n"""),
-        (3, """secrets.SystemRandom().random()\n"""),
-        (4, """secrets.SystemRandom().getrandbits(1)\n"""),
+    expected_diff_per_change = [
+        "--- \n+++ \n@@ -1,4 +1,5 @@\n import random\n+import secrets\n \n-random.random()\n+secrets.SystemRandom().random()\n random.getrandbits(1)\n",
+        "--- \n+++ \n@@ -1,4 +1,5 @@\n import random\n+import secrets\n \n random.random()\n-random.getrandbits(1)\n+secrets.SystemRandom().getrandbits(1)\n",
     ]
-    # fmt: off
-    expected_diff = (
-        """--- \n"""
-        """+++ \n"""
-        """@@ -1,4 +1,4 @@\n"""
-        """-import random\n"""
-        """+import secrets\n"""
-        """ \n"""
-        """-random.random()\n"""
-        """-random.getrandbits(1)\n"""
-        """+secrets.SystemRandom().random()\n"""
-        """+secrets.SystemRandom().getrandbits(1)\n""")
-    # fmt: on
-    expected_line_change = "3"
+
+    expected_lines_changed = [3, 4]
     change_description = SecureRandomTransformer.change_description
     num_changes = 2

integration_tests/test_add_requests_timeout.py

@@ -1,13 +1,13 @@
 from requests.exceptions import ConnectionError
 
-from codemodder.codemods.test import BaseIntegrationTest
+from codemodder.codemods.test.integration_utils import BaseRemediationIntegrationTest
 from core_codemods.add_requests_timeouts import (
     AddRequestsTimeouts,
     TransformAddRequestsTimeouts,
 )
 
 
-class TestAddRequestsTimeouts(BaseIntegrationTest):
+class TestAddRequestsTimeouts(BaseRemediationIntegrationTest):
     codemod = AddRequestsTimeouts
     original_code = """
     import requests
@@ -18,27 +18,13 @@ class TestAddRequestsTimeouts(BaseIntegrationTest):
     requests.post("https://example.com", verify=False)
     """
 
-    replacement_lines = [
-        (3, 'requests.get("https://example.com", timeout=60)\n'),
-        (6, 'requests.post("https://example.com", verify=False, timeout=60)\n'),
+    expected_diff_per_change = [
+        '--- \n+++ \n@@ -1,6 +1,6 @@\n import requests\n \n-requests.get("https://example.com")\n+requests.get("https://example.com", timeout=60)\n requests.get("https://example.com", timeout=1)\n requests.get("https://example.com", timeout=(1, 10), verify=False)\n requests.post("https://example.com", verify=False)',
+        '--- \n+++ \n@@ -3,4 +3,4 @@\n requests.get("https://example.com")\n requests.get("https://example.com", timeout=1)\n requests.get("https://example.com", timeout=(1, 10), verify=False)\n-requests.post("https://example.com", verify=False)\n+requests.post("https://example.com", verify=False, timeout=60)',
     ]
 
-    expected_diff = """\
---- 
-+++ 
-@@ -1,6 +1,6 @@
- import requests
- 
--requests.get("https://example.com")
-+requests.get("https://example.com", timeout=60)
- requests.get("https://example.com", timeout=1)
- requests.get("https://example.com", timeout=(1, 10), verify=False)
--requests.post("https://example.com", verify=False)
-+requests.post("https://example.com", verify=False, timeout=60)
-"""
-
     num_changes = 2
-    expected_line_change = "3"
+    expected_lines_changed = [3, 6]
     change_description = TransformAddRequestsTimeouts.change_description
     # expected because requests are made
     allowed_exceptions = (ConnectionError,)

integration_tests/test_harden_ruamel.py

@@ -1,20 +1,20 @@
-from codemodder.codemods.test import BaseIntegrationTest
+from codemodder.codemods.test.integration_utils import BaseRemediationIntegrationTest
 from core_codemods.harden_ruamel import HardenRuamel
 
 
-class TestHardenRuamel(BaseIntegrationTest):
+class TestHardenRuamel(BaseRemediationIntegrationTest):
     codemod = HardenRuamel
     original_code = """
     from ruamel.yaml import YAML
 
     serializer = YAML(typ="unsafe")
     serializer = YAML(typ="base")
     """
-    replacement_lines = [
-        (3, 'serializer = YAML(typ="safe")\n'),
-        (4, 'serializer = YAML(typ="safe")\n'),
+    expected_diff_per_change = [
+        '--- \n+++ \n@@ -1,4 +1,4 @@\n from ruamel.yaml import YAML\n \n-serializer = YAML(typ="unsafe")\n+serializer = YAML(typ="safe")\n serializer = YAML(typ="base")',
+        '--- \n+++ \n@@ -1,4 +1,4 @@\n from ruamel.yaml import YAML\n \n serializer = YAML(typ="unsafe")\n-serializer = YAML(typ="base")\n+serializer = YAML(typ="safe")',
     ]
-    expected_diff = '--- \n+++ \n@@ -1,4 +1,4 @@\n from ruamel.yaml import YAML\n \n-serializer = YAML(typ="unsafe")\n-serializer = YAML(typ="base")\n+serializer = YAML(typ="safe")\n+serializer = YAML(typ="safe")\n'
-    expected_line_change = "3"
+
+    expected_lines_changed = [3, 4]
     num_changes = 2
     change_description = HardenRuamel.change_description

integration_tests/test_jinja2_autoescape.py

@@ -1,23 +1,24 @@
-from codemodder.codemods.test import BaseIntegrationTest
+from codemodder.codemods.test.integration_utils import BaseRemediationIntegrationTest
 from core_codemods.enable_jinja2_autoescape import (
     EnableJinja2Autoescape,
     EnableJinja2AutoescapeTransformer,
 )
 
 
-class TestEnableJinja2Autoescape(BaseIntegrationTest):
+class TestEnableJinja2Autoescape(BaseRemediationIntegrationTest):
     codemod = EnableJinja2Autoescape
     original_code = """
     from jinja2 import Environment
 
     env = Environment()
     env = Environment(autoescape=False)
     """
-    replacement_lines = [
-        (3, "env = Environment(autoescape=True)\n"),
-        (4, "env = Environment(autoescape=True)\n"),
+
+    expected_diff_per_change = [
+        "--- \n+++ \n@@ -1,4 +1,4 @@\n from jinja2 import Environment\n \n-env = Environment()\n+env = Environment(autoescape=True)\n env = Environment(autoescape=False)",
+        "--- \n+++ \n@@ -1,4 +1,4 @@\n from jinja2 import Environment\n \n env = Environment()\n-env = Environment(autoescape=False)\n+env = Environment(autoescape=True)",
     ]
-    expected_diff = "--- \n+++ \n@@ -1,4 +1,4 @@\n from jinja2 import Environment\n \n-env = Environment()\n-env = Environment(autoescape=False)\n+env = Environment(autoescape=True)\n+env = Environment(autoescape=True)\n"
-    expected_line_change = "3"
+
+    expected_lines_changed = [3, 4]
     num_changes = 2
     change_description = EnableJinja2AutoescapeTransformer.change_description

integration_tests/test_jwt_decode_verify.py

@@ -1,8 +1,8 @@
-from codemodder.codemods.test import BaseIntegrationTest
+from codemodder.codemods.test.integration_utils import BaseRemediationIntegrationTest
 from core_codemods.jwt_decode_verify import JwtDecodeVerify, JwtDecodeVerifyTransformer
 
 
-class TestJwtDecodeVerify(BaseIntegrationTest):
+class TestJwtDecodeVerify(BaseRemediationIntegrationTest):
     codemod = JwtDecodeVerify
     original_code = """
     import jwt
@@ -20,17 +20,11 @@ class TestJwtDecodeVerify(BaseIntegrationTest):
     
     var = "something"
     """
-    replacement_lines = [
-        (
-            11,
-            """decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], verify=True)\n""",
-        ),
-        (
-            12,
-            """decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], options={"verify_signature": True})\n""",
-        ),
+    expected_diff_per_change = [
+        '--- \n+++ \n@@ -8,7 +8,7 @@\n \n encoded_jwt = jwt.encode(payload, SECRET_KEY, algorithm="HS256")\n \n-decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], verify=False)\n+decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], verify=True)\n decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], options={"verify_signature": False})\n \n var = "something"',
+        '--- \n+++ \n@@ -9,6 +9,6 @@\n encoded_jwt = jwt.encode(payload, SECRET_KEY, algorithm="HS256")\n \n decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], verify=False)\n-decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], options={"verify_signature": False})\n+decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], options={"verify_signature": True})\n \n var = "something"',
     ]
-    expected_diff = '--- \n+++ \n@@ -8,7 +8,7 @@\n \n encoded_jwt = jwt.encode(payload, SECRET_KEY, algorithm="HS256")\n \n-decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], verify=False)\n-decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], options={"verify_signature": False})\n+decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], verify=True)\n+decoded_payload = jwt.decode(encoded_jwt, SECRET_KEY, algorithms=["HS256"], options={"verify_signature": True})\n \n var = "something"\n'
-    expected_line_change = "11"
+
+    expected_lines_changed = [11, 12]
     num_changes = 2
     change_description = JwtDecodeVerifyTransformer.change_description

integration_tests/test_lazy_logging.py

@@ -1,32 +1,20 @@
-from codemodder.codemods.test import BaseIntegrationTest
+from codemodder.codemods.test.integration_utils import BaseRemediationIntegrationTest
 from core_codemods.lazy_logging import LazyLogging
 
 
-class TestLazyLogging(BaseIntegrationTest):
+class TestLazyLogging(BaseRemediationIntegrationTest):
     codemod = LazyLogging
     original_code = """
     import logging
     e = "Some error"
     logging.error("Error occurred: %s" % e)
     logging.error("Error occurred: " + e)
     """
-    replacement_lines = [
-        (3, """logging.error("Error occurred: %s", e)\n"""),
-        (4, """logging.error("Error occurred: %s", e)\n"""),
+    expected_diff_per_change = [
+        '--- \n+++ \n@@ -1,4 +1,4 @@\n import logging\n e = "Some error"\n-logging.error("Error occurred: %s" % e)\n+logging.error("Error occurred: %s", e)\n logging.error("Error occurred: " + e)',
+        '--- \n+++ \n@@ -1,4 +1,4 @@\n import logging\n e = "Some error"\n logging.error("Error occurred: %s" % e)\n-logging.error("Error occurred: " + e)\n+logging.error("Error occurred: %s", e)',
     ]
-    # fmt: off
-    expected_diff = (
-    """--- \n"""
-    """+++ \n"""
-    """@@ -1,4 +1,4 @@\n"""
-    """ import logging\n"""
-    """ e = "Some error"\n"""
-    """-logging.error("Error occurred: %s" % e)\n"""
-    """-logging.error("Error occurred: " + e)\n"""
-    """+logging.error("Error occurred: %s", e)\n"""
-    """+logging.error("Error occurred: %s", e)\n""")
-    # fmt: on
 
-    expected_line_change = "3"
+    expected_lines_changed = [3, 4]
     change_description = LazyLogging.change_description
     num_changes = 2