105 lines
3.5 KiB
YAML
105 lines
3.5 KiB
YAML
rules:
|
|
- id: celery-missing-code-owner-function
|
|
# We can't link directly to the howto doc in question because
|
|
# semgrep has a bug around long lines:
|
|
# https://github.com/returntocorp/semgrep/issues/8608
|
|
#
|
|
# Here's the intended URL, for reference:
|
|
# https://docs.openedx.org/projects/edx-django-utils/en/latest/monitoring/how_tos/add_code_owner_custom_attribute_to_an_ida.html#handling-celery-tasks
|
|
message: |
|
|
Celery tasks need to be decorated with `@set_code_owner_attribute`
|
|
(from the `edx_django_utils.monitoring` module) in order for us
|
|
to correctly track code-owners for errors and in other monitoring.
|
|
|
|
For more information, see the Celery section of "Add Code_Owner
|
|
Custom Attributes to an IDA" in the Monitoring How-Tos of
|
|
<https://docs.openedx.org/projects/edx-django-utils/en/latest/>.
|
|
languages:
|
|
- python
|
|
patterns:
|
|
# Find functions with decorators containing the substring "task"
|
|
# in their name. This might end up with false positives, but
|
|
# there are a lot of variations on how we decorate Celery tasks.
|
|
|
|
# This pattern should match all decorators, whether or not
|
|
# they're called as a function (both `@foo(...)` and `@foo`)
|
|
# and whether or not there are other decorators above or below.
|
|
- pattern-either:
|
|
- pattern: |
|
|
@$TASK
|
|
def $F(...):
|
|
...
|
|
- pattern: |
|
|
@$TASK(...)
|
|
def $F(...):
|
|
...
|
|
|
|
# Restrict the decorators of interest to just ones with "task"
|
|
# in the name.
|
|
- metavariable-pattern:
|
|
metavariable: $TASK
|
|
patterns:
|
|
- pattern-regex: >-
|
|
[^\(]*task(\(|$)
|
|
|
|
# Filter out all of the properly annotated functions, leaving
|
|
# just the ones of interest.
|
|
- pattern-not: |
|
|
@set_code_owner_attribute
|
|
def $F(...):
|
|
...
|
|
# This is an alternative approach that we have needed in rare cases.
|
|
- pattern-not: |
|
|
def $F(...):
|
|
...
|
|
set_code_owner_attribute_from_module(...)
|
|
|
|
severity: WARNING
|
|
|
|
# This is like celery-missing-code-owner-function but for the `run`
|
|
# method of Task classes.
|
|
- id: celery-missing-code-owner-class
|
|
message: |
|
|
Celery task classes need to decorate their `run` method with
|
|
`@set_code_owner_attribute` (imported from `edx_django_utils.monitoring`)
|
|
in order for us to correctly track code-owners for errors and in other
|
|
monitoring. Alternatively, the `run` method can call
|
|
`set_code_owner_attribute_from_module`.
|
|
|
|
For more information, see the Celery section of "Add Code_Owner
|
|
Custom Attributes to an IDA" in the Monitoring How-Tos of
|
|
<https://docs.openedx.org/projects/edx-django-utils/en/latest/>.
|
|
languages:
|
|
- python
|
|
patterns:
|
|
- pattern: |
|
|
class $C(..., $SUPER, ...):
|
|
def run(...):
|
|
...
|
|
- metavariable-pattern:
|
|
metavariable: $SUPER
|
|
patterns:
|
|
- pattern-regex: "Task$"
|
|
|
|
- pattern-not: |
|
|
class $C(..., $SUPER, ...):
|
|
|
|
@set_code_owner_attribute
|
|
def run(...):
|
|
...
|
|
|
|
- pattern-not: |
|
|
class $C(..., $SUPER, ...):
|
|
|
|
@set_code_owner_attribute
|
|
def run(...):
|
|
...
|
|
- pattern-not: |
|
|
class $C(..., $SUPER, ...):
|
|
|
|
def run(...):
|
|
...
|
|
set_code_owner_attribute_from_module(...)
|
|
|
|
severity: WARNING
|