From 241c6bbf5417e13781a229c7c1bf15a05d7c3071 Mon Sep 17 00:00:00 2001
From: Pierre-Loup
 <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com>
Date: Mon, 18 Dec 2023 11:17:43 +0100
Subject: [PATCH] Modify rule S6287: Add FastAPI support (APPSEC-1252) (#3390)

---
 .../header_names/allowed_framework_names.adoc |  1 +
 rules/S6287/python/how-to-fix-it/fastapi.adoc | 39 +++++++++++++++++++
 rules/S6287/python/rule.adoc                  |  2 +
 3 files changed, 42 insertions(+)
 create mode 100644 rules/S6287/python/how-to-fix-it/fastapi.adoc

diff --git a/docs/header_names/allowed_framework_names.adoc b/docs/header_names/allowed_framework_names.adoc
index ea51545e07b..56aa1dc6f64 100644
--- a/docs/header_names/allowed_framework_names.adoc
+++ b/docs/header_names/allowed_framework_names.adoc
@@ -99,6 +99,7 @@
 * pyDes
 * PyJWT
 * python-jwt
+* FastAPI
 * python-jose
 * ssl
 // Docker
diff --git a/rules/S6287/python/how-to-fix-it/fastapi.adoc b/rules/S6287/python/how-to-fix-it/fastapi.adoc
new file mode 100644
index 00000000000..f2ba5baee9c
--- /dev/null
+++ b/rules/S6287/python/how-to-fix-it/fastapi.adoc
@@ -0,0 +1,39 @@
+== How to fix it in FastAPI
+
+=== Code examples
+
+include::../../common/fix/code-rationale.adoc[]
+
+==== Noncompliant code example
+
+[source,python,diff-id=11,diff-type=noncompliant]
+----
+from fastapi import APIRouter
+from fastapi.responses import Response, RedirectResponse
+from fastapi.requests import Request
+
+router = APIRouter()
+
+@router.get('/check-cookie')
+async def check_cookie(request: Request, response: Response, cookie: str | None = None):
+    if "session" not in request.cookies.keys():
+        response.set_cookie("session", cookie)  # Noncompliant
+----
+
+==== Compliant solution
+
+[source,python,diff-id=11,diff-type=compliant]
+----
+from fastapi import APIRouter
+from fastapi.responses import Response, RedirectResponse
+from fastapi.requests import Request
+
+router = APIRouter()
+
+@router.get('/check-cookie')
+async def check_cookie(request: Request):
+    if "session" not in request.cookies.keys():
+        return RedirectResponse("/getcookie")
+----
+
+include::../../common/fix/how-does-this-work.adoc[]
diff --git a/rules/S6287/python/rule.adoc b/rules/S6287/python/rule.adoc
index 8c7c8baec86..b81eb46b104 100644
--- a/rules/S6287/python/rule.adoc
+++ b/rules/S6287/python/rule.adoc
@@ -8,6 +8,8 @@ include::../impact.adoc[]
 
 include::how-to-fix-it/django.adoc[]
 
+include::how-to-fix-it/fastapi.adoc[]
+
 == Resources
 
 include::../common/resources/standards.adoc[]