Make risky-file-permissions rule does not ignore FQCN (#1528)

Address the bug that the risky-file-permissions rule ignores the modules
passed as FQCN like ansible.builtin.copy.

Signed-Off-By: Satoru SATOH <satoru.satoh@gmail.com>

src/ansiblelint/rules/MissingFilePermissionsRule.py

@@ -17,7 +17,8 @@
 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
-from typing import TYPE_CHECKING, Any, Dict, Union
+import itertools
+from typing import TYPE_CHECKING, Any, Dict, List, Tuple, Union
 
 from ansiblelint.rules import AnsibleLintRule
 
@@ -33,6 +34,63 @@
     'template',
 )
 
+_FQCN_MODS_MAP: List[Tuple[str, List[str]]] = [
+    (
+        # fqcn prefix:
+        'ansible.builtin',
+        # modules:
+        [
+            # _modules:
+            'assemble',
+            'copy',
+            'file',
+            'replace',
+            'template',
+            # _modules_with_create:
+            'blockinfile',
+            'lineinfile',
+        ],
+    ),
+    (
+        'community.general',
+        [
+            # _modules:
+            'archive',
+            # _modules_with_create:
+            'htpasswd',
+            'ini_file',
+        ],
+    ),
+]
+_MOD_FQCN_PREFIX_MAP: Dict[str, str] = dict(
+    itertools.chain.from_iterable(
+        ((mod, prefix) for mod in modules) for prefix, modules in _FQCN_MODS_MAP
+    )
+)
+
+_MODULES = {
+    'archive',
+    'assemble',
+    'copy',  # supports preserve
+    'file',
+    'replace',  # implicit preserve behavior but mode: preserve is invalid
+    'template',  # supports preserve
+    # 'unarchive',  # disabled because .tar.gz files can have permissions inside
+}
+for mod in _MODULES.copy():
+    _MODULES.add(f'{_MOD_FQCN_PREFIX_MAP[mod]}.{mod}')
+
+_MODULES_WITH_CREATE = {
+    'blockinfile': False,
+    'htpasswd': True,
+    'ini_file': True,
+    'lineinfile': False,
+}
+for mod in _MODULES_WITH_CREATE.copy():
+    _MODULES_WITH_CREATE[f'{_MOD_FQCN_PREFIX_MAP[mod]}.{mod}'] = _MODULES_WITH_CREATE[
+        mod
+    ]
+
 
 class MissingFilePermissionsRule(AnsibleLintRule):
     id = "risky-file-permissions"
@@ -49,22 +107,8 @@ class MissingFilePermissionsRule(AnsibleLintRule):
     tags = ['unpredictability', 'experimental']
     version_added = 'v4.3.0'
 
-    _modules = {
-        'archive',
-        'assemble',
-        'copy',  # supports preserve
-        'file',
-        'replace',  # implicit preserve behavior but mode: preserve is invalid
-        'template',  # supports preserve
-        # 'unarchive',  # disabled because .tar.gz files can have permissions inside
-    }
-
-    _modules_with_create = {
-        'blockinfile': False,
-        'htpasswd': True,
-        'ini_file': True,
-        'lineinfile': False,
-    }
+    _modules = _MODULES
+    _modules_with_create = _MODULES_WITH_CREATE
 
     def matchtask(
         self, task: Dict[str, Any], file: 'Optional[Lintable]' = None

test/TestMissingFilePermissionsRule.py

@@ -54,6 +54,15 @@
       file:
         state: directory
         recurse: yes
+    - name: permissions not missing and numeric (fqcn)
+      ansible.builtin.file:
+        path: bar
+        mode: 755
+    - name: file edit when create is false (fqcn)
+      ansible.builtin.lineinfile:
+        path: foo
+        create: false
+        line: some content here
 '''
 
 FAIL_TASKS = '''\
@@ -90,6 +99,14 @@
     #     path: foo
     #     create: true
     #     mode: preserve
+    - name: permissions are missing (fqcn)
+      ansible.builtin.file:
+        path: bar
+    - name: lineinfile when create is true (fqcn)
+      ansible.builtin.lineinfile:
+        path: foo
+        create: true
+        line: some content here
 '''
 
 
@@ -108,11 +125,13 @@ def test_success(rule_runner) -> None:
 def test_fail(rule_runner) -> None:
     """Validate that missing mode triggers the rule."""
     results = rule_runner.run_playbook(FAIL_TASKS)
-    assert len(results) == 5
+    assert len(results) == 7
     assert results[0].linenumber == 4
     assert results[1].linenumber == 8
     assert results[2].linenumber == 12
     # assert results[3].linenumber == 16
     assert results[3].linenumber == 20
     assert results[4].linenumber == 25
     # assert results[6].linenumber == 29
+    assert results[5].linenumber == 34
+    assert results[6].linenumber == 37