feat(python): add decorator support

pkg/languages/python/.snapshots/TestDecorator-main.yml

@@ -0,0 +1,30 @@
+high:
+    - rule:
+        cwe_ids:
+            - "42"
+        id: decorator_test
+        title: Test detection decorator
+        description: Test detection decorator
+        documentation_url: ""
+      line_number: 5
+      full_filename: main.py
+      filename: main.py
+      source:
+        location:
+            start: 5
+            end: 5
+            column:
+                start: 1
+                end: 36
+      sink:
+        location:
+            start: 5
+            end: 5
+            column:
+                start: 1
+                end: 36
+        content: ""
+      parent_line_number: 5
+      fingerprint: ef78dd44bd75400d30c41311ac03b870_0
+      old_fingerprint: ef78dd44bd75400d30c41311ac03b870_0
+

pkg/languages/python/.snapshots/TestPattern-catch_function_decorator

@@ -0,0 +1,15 @@
+(*builder.Result)({
+  Query: (string) (len=220) "([(decorated_definition . [(decorator  . [(call . [(attribute . object: (_)  . [ (identifier )] @param1 .)] . [ (argument_list )] .)] .)] @match [(function_definition  . name: (_) [ (parameters )]  [ (block )])])] @root)",
+  VariableNames: ([]string) (len=1) {
+    (string) (len=1) "_"
+  },
+  ParamToVariable: (map[string]string) {
+  },
+  EqualParams: ([][]string) <nil>,
+  ParamToContent: (map[string]map[string]string) (len=1) {
+    (string) (len=6) "param1": (map[string]string) (len=1) {
+      (string) (len=10) "identifier": (string) (len=5) "route"
+    }
+  },
+  RootVariable: (*language.PatternVariable)(<nil>)
+})

pkg/languages/python/pattern/pattern.go

@@ -22,6 +22,8 @@ var (
 		"typed_parameter",
 		"typed_default_parameter",
 		"default_parameter",
+		"decorated_definition",
+		"module",
 	}
 
 	allowedPatternQueryTypes = []string{"_"}

pkg/languages/python/python_test.go

@@ -6,6 +6,8 @@ import (
 
 	"github.com/bearer/bearer/pkg/languages/python"
 	"github.com/bearer/bearer/pkg/languages/testhelper"
+	patternquerybuilder "github.com/bearer/bearer/pkg/scanner/detectors/customrule/patternquery/builder"
+	"github.com/bradleyjkemp/cupaloy"
 )
 
 //go:embed testdata/datatypes_rule.yml
@@ -26,6 +28,9 @@ var subscriptRule []byte
 //go:embed testdata/pair_rule.yml
 var pairRule []byte
 
+//go:embed testdata/decorator_rule.yml
+var decoratorRule []byte
+
 func TestDatatypes(t *testing.T) {
 	testhelper.GetRunner(t, datatypesRule, python.Get()).RunTest(t, "./testdata/datatypes", ".snapshots/")
 }
@@ -49,3 +54,25 @@ func TestSubscript(t *testing.T) {
 func TestPair(t *testing.T) {
 	testhelper.GetRunner(t, pairRule, python.Get()).RunTest(t, "./testdata/pair", ".snapshots/")
 }
+
+func TestDecorator(t *testing.T) {
+	testhelper.GetRunner(t, decoratorRule, python.Get()).RunTest(t, "./testdata/decorator", ".snapshots/")
+}
+
+func TestPattern(t *testing.T) {
+	for _, test := range []struct{ name, pattern string }{
+		{"catch function decorator", `
+				$<!>@$<_>.route()
+				def $<_>():
+		`},
+	} {
+		t.Run(test.name, func(tt *testing.T) {
+			result, err := patternquerybuilder.Build(python.Get(), test.pattern, "")
+			if err != nil {
+				tt.Fatalf("failed to build pattern: %s", err)
+			}
+
+			cupaloy.SnapshotT(tt, result)
+		})
+	}
+}

pkg/languages/python/testdata/decorator/main.py

@@ -0,0 +1,12 @@
+from flask import Flask, make_response
+
+app = Flask(__name__)
+
+@app.route("/api/v2/test_response")
+def users():
+    headers = {"Content-Type": "application/json"}
+    return make_response(
+        'Test worked!',
+        200,
+        headers=headers
+    )

pkg/languages/python/testdata/decorator_rule.yml

@@ -0,0 +1,14 @@
+languages:
+  - python
+patterns:
+  - pattern: |
+      $<!>@$<_>.route()
+      def $<_>():
+
+severity: high
+metadata:
+  description: Test detection decorator
+  remediation_message: Test detection decorator
+  cwe_id:
+    - 42
+  id: decorator_test