python.lang.correctness.pytest-assert_match-after-path-patch.pytest-assert_match-after-path-patch

returntocorp

Author

unknown

Download Count*

LGPL Commons Clause

License

snapshot.assert_match makes use of pathlib to create files. Patching $METHOD may result in unexpected snapshot behavior

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: pytest-assert_match-after-path-patch
    patterns:
      - pattern-inside: |
          import pytest
          ...
      - pattern-either:
          - pattern-inside: |
              mocker.patch("pathlib.Path", $MOCKED_VALUE)
              ...
          - pattern-inside: |
              mocker.patch.object(pathlib.Path, $METHOD, $MOCKED_VALUE)
              ...
      - pattern: snapshot.assert_match(...)
    message: snapshot.assert_match makes use of pathlib to create files. Patching
      $METHOD may result in unexpected snapshot behavior
    languages:
      - python
    severity: WARNING
    metadata:
      category: correctness
      technology:
        - python
      references:
        - https://github.com/returntocorp/semgrep/pull/5459
        - https://pypi.org/project/pytest-snapshot/
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

pytest-assert_match-after-path-patch.py

import pytest
from pathlib import Path

@pytest.mark.quick
def test_foo(snapshot, mocker):
    mocker.patch.object(Path, "open", mocker.mock_open(read_data=file_content))
    #ruleid: pytest-assert_match-after-path-patch
    snapshot.assert_match(foo(), "results.json")


@pytest.mark.quick
def test_fooooo(snapshot, mocker):
    mocker.patch("pathlib.Path", None)
    #ruleid: pytest-assert_match-after-path-patch
    snapshot.assert_match(foo(), "results.json")

@pytest.mark.quick
def test_bar(snapshot, mocker):
    #ok: pytest-assert_match-after-path-patch
    snapshot.assert_match(foo(), "results.json")

Short Link: https://sg.run/j4yD