add integration test

pixee · Nov 20, 2023 · b45b257 · b45b257
1 parent e5dc664
commit b45b257
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 0 deletions.
diff --git a/integration_tests/test_secure_flask_session_config.py b/integration_tests/test_secure_flask_session_config.py
@@ -0,0 +1,16 @@
+from core_codemods.secure_flask_session_config import SecureFlaskSessionConfig
+from integration_tests.base_test import (
+    BaseIntegrationTest,
+    original_and_expected_from_code_path,
+)
+
+
+class TestSecureFlaskSessionConfig(BaseIntegrationTest):
+    codemod = SecureFlaskSessionConfig
+    code_path = "tests/samples/flask_app.py"
+    original_code, expected_new_code = original_and_expected_from_code_path(
+        code_path, [(2, "app.config['SESSION_COOKIE_HTTPONLY'] = True\n")]
+    )
+    expected_diff = "--- \n+++ \n@@ -1,6 +1,6 @@\n from flask import Flask\n app = Flask(__name__)\n-app.config['SESSION_COOKIE_HTTPONLY'] = False\n+app.config['SESSION_COOKIE_HTTPONLY'] = True\n @app.route('/')\n def hello_world():\n     return 'Hello World!'\n"
+    expected_line_change = "3"
+    change_description = SecureFlaskSessionConfig.CHANGE_DESCRIPTION
diff --git a/src/core_codemods/__init__.py b/src/core_codemods/__init__.py
@@ -27,6 +27,7 @@
 from .use_generator import UseGenerator
 from .use_walrus_if import UseWalrusIf
 from .with_threading_lock import WithThreadingLock
+from .secure_flask_session_config import SecureFlaskSessionConfig
 
 registry = CodemodCollection(
     origin="pixee",
@@ -60,5 +61,6 @@
         UseWalrusIf,
         WithThreadingLock,
         SQLQueryParameterization,
+        SecureFlaskSessionConfig,
     ],
 )
diff --git a/src/core_codemods/docs/pixee_python_secure-flask-session-configuration.md b/src/core_codemods/docs/pixee_python_secure-flask-session-configuration.md
@@ -0,0 +1,13 @@
+Flask applications can configure sessions behavior at the application level. 
+This codemod looks for Flask application configuration that set `SESSION_COOKIE_HTTPONLY`, `SESSION_COOKIE_SECURE`, or `SESSION_COOKIE_SAMESITE` to an insecure value and changes it to a secure one.
+
+The changes from this codemod look like this:
+
+```diff
+  from flask import Flask
+  app = Flask(__name__)
+- app.config['SESSION_COOKIE_HTTPONLY'] = False
+- app.config.update(SESSION_COOKIE_SECURE=False)
++ app.config['SESSION_COOKIE_HTTPONLY'] = True
++ app.config.update(SESSION_COOKIE_SECURE=True)
+```
diff --git a/tests/samples/flask_app.py b/tests/samples/flask_app.py
@@ -0,0 +1,6 @@
+from flask import Flask
+app = Flask(__name__)
+app.config['SESSION_COOKIE_HTTPONLY'] = False
+@app.route('/')
+def hello_world():
+    return 'Hello World!'