From 287ac6b645b0416bec03973972c5e4fca8e58330 Mon Sep 17 00:00:00 2001 From: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com> Date: Tue, 10 May 2022 11:03:09 +0200 Subject: [PATCH] SONARPY-1015 Remove unrelated argument check for S6281 (#1131) --- .../checks/cdk/S3BucketBlockPublicAccessCheck.java | 11 ----------- .../checks/cdk/s3BucketBlockPublicAccessCheck.py | 9 --------- 2 files changed, 20 deletions(-) diff --git a/python-checks/src/main/java/org/sonar/python/checks/cdk/S3BucketBlockPublicAccessCheck.java b/python-checks/src/main/java/org/sonar/python/checks/cdk/S3BucketBlockPublicAccessCheck.java index 939cda28fa..dcbe1df2bf 100644 --- a/python-checks/src/main/java/org/sonar/python/checks/cdk/S3BucketBlockPublicAccessCheck.java +++ b/python-checks/src/main/java/org/sonar/python/checks/cdk/S3BucketBlockPublicAccessCheck.java @@ -29,7 +29,6 @@ import org.sonar.plugins.python.api.tree.CallExpression; import org.sonar.plugins.python.api.tree.Expression; import org.sonar.plugins.python.api.tree.QualifiedExpression; -import org.sonar.plugins.python.api.tree.Token; import org.sonar.plugins.python.api.tree.Tree; @Rule(key = "S6281") @@ -48,12 +47,6 @@ public class S3BucketBlockPublicAccessCheck extends AbstractS3BucketCheck { @Override void visitBucketConstructor(SubscriptionContext ctx, CallExpression bucket) { - Optional publicReadAccess = getArgument(ctx, bucket, "public_read_access"); - if (publicReadAccess.isPresent()) { - publicReadAccess.get().addIssueIf(S3BucketBlockPublicAccessCheck::isTrue, MESSAGE); - return; - } - Optional blockPublicAccess = getArgument(ctx, bucket, "block_public_access"); if (blockPublicAccess.isPresent()) { checkBlockPublicAccess(ctx, blockPublicAccess.get()); @@ -94,8 +87,4 @@ private static boolean isBlockPublicAccessConstructor(CallExpression expression) return Optional.ofNullable(expression.calleeSymbol()).map(Symbol::fullyQualifiedName).filter(BLOCK_PUBLIC_ACCESS_FQN::equals).isPresent(); } - private static boolean isTrue(Expression expression) { - return Optional.ofNullable(expression.firstToken()).map(Token::value).filter("True"::equals).isPresent(); - } - } diff --git a/python-checks/src/test/resources/checks/cdk/s3BucketBlockPublicAccessCheck.py b/python-checks/src/test/resources/checks/cdk/s3BucketBlockPublicAccessCheck.py index 37cde3c391..8746d59f11 100644 --- a/python-checks/src/test/resources/checks/cdk/s3BucketBlockPublicAccessCheck.py +++ b/python-checks/src/test/resources/checks/cdk/s3BucketBlockPublicAccessCheck.py @@ -21,15 +21,6 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: block_public_access=public_access_only_block_acls_by_reference) # NonCompliant {{Make sure allowing public ACL/policies to be set is safe here.}} # ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - bucket = s3.Bucket(self, "AllowPublicReadAccess", - public_read_access=True) # NonCompliant {{Make sure allowing public ACL/policies to be set is safe here.}} - - public_read_access = True - # ^^^^^^^^^^^^^^^^^^^^^^^^^> {{Propagated setting.}} - bucket = s3.Bucket(self, "AllowPublicReadAccessByReference", - public_read_access=public_read_access) # NonCompliant {{Make sure allowing public ACL/policies to be set is safe here.}} - # ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - bucket = s3.Bucket(self, "SingleUnblockPublicAccesses", block_public_access=s3.BlockPublicAccess( block_public_acls=False, # NonCompliant {{Make sure allowing public ACL/policies to be set is safe here.}}