Releases: SonarSource/sonar-python
SonarPython 4.9.0.13528
Release notes - SonarPython - 4.9
New Feature
SONARPY-1455 Rule S6741: The 'pandas.DataFrame.to_numpy()' method should be preferred to the 'pandas.DataFrame.values' attribute
SONARPY-1456 Rule S6734: inplace=True should not be used when modifying a Pandas DataFrame
SONARPY-1458 Rule S6742: pandas.pipe method should be preferred over long chains of instructions
SONARPY-1459 Rule S6735: When using pandas.merge or pandas.join, the parameters on, how and validate should be specified
SONARPY-1460 Rule S6740: dtype parameter should be provided when using pandas.read_csv or pandas.read_table
SONARPY-1495 Expand the scope of rule S6735 to calls to merge and join on the DataFrame object.
SonarPython 4.8.0.12420
Release notes - SonarPython - 4.8
New Feature
SONARPY-1443 Rule S6725: Equality checks should not be made against "numpy.nan"
SONARPY-1445 Rule S6709: Results that depend on random number generation should be reproducible
SONARPY-1446 Rule S6711: numpy.random.Generator should be preferred to numpy.random.RandomState
SONARPY-1447 Rule S6727: The abs_tol parameter should be provided when using math.isclose to compare values to 0
SONARPY-1448 Rule S6730: Deprecated NumPy aliases of built-in types should not be used
SONARPY-1449 Rule S1244: Floating point numbers should not be tested for equality
SONARPY-1462 Rule S6725: Add quick fix for equality checks against "np.nan"
False Negative
SONARPY-750 S1192 (StringLiteralDuplicationCheck) shouldn't exclude capitalized strings
SONARPY-1364 S2638 Argument number check should correctly detect tzname number of parameters
SONARPY-1368 Fix FNs on S5655 for calls to len
SONARPY-1370 S5655: Fix FN on math.acos calls
SONARPY-1375 Fix FN: S2638 should report on ambiguous symbols when no definition contract is respected
SONARPY-1452 S930: Fix FN on math.acos calls
Improvement
SONARPY-1348 Support type inference in presence of augmented assignments
SONARPY-1363 S2638 ChangeMethodContract: Should properly state the missing parameter name and not null.
SONARPY-1386 Avoid running Typeshed serializer tests when mvn has -DskipTests argument
SONARPY-1389 Fix parse error when an unpacking expression is used as subscript
SONARPY-1393 S6540: Avoid raising issues on args and kwargs
SONARPY-1436 Rule S6729: np.nonzero should be preferred over np.where when only the condition parameter is set.
SONARPY-1437 Rule S6714: Passing a list to np.array should be preferred over passing a generator.
SONARPY-1463 Rule S6725: Fix issue message to be imperative
SONARPY-1467 Rule S6729: Add quick fix to turn np.where into np.nonzero
SONARPY-1470 ReachingDefinitionAnalysis should work with annotated assignments
SonarPython 4.7.0.12181
Release notes - SonarPython - 4.7
False-Positive
SONARPY-1058 Rule S1313: Exclude local IPv4-mapped IPv6 address
SONARPY-1198 Fix FP on S930 due to outdated Typeshed stubs
SONARPY-1339 Fix FP on S5644 on ModuleType.__path__
SONARPY-1376 Fix FP on S5886 when the function is a context manager
SONARPY-1394 S6553: Avoid reporting when the "managed" flag is set to False
SONARPY-1416 Modify S6330: Default Queue encryption is now SSE-SQS
SONARPY-1419 FP on S6463 when using AWS `from_security_group_id` function
New Feature
SONARPY-1422 Add support for importing Ruff reports
Task
SONARPY-1423 Update sonar-plugin-api to latest version (10.1.0.809)
SONARPY-1424 Update sonar-analyzer-commons to latest version (2.6.0.1473)
SONARPY-1425 Update rules metadata
SONARPY-1428 Migrate from JUnit4 to JUnit5
SONARPY-1431 Update sonar-analyzer-commons to latest version (2.7.0.1482)
SonarPython 4.6.0.12071
Release notes - SonarPython - 4.6
Bug
SONARPY-1417 Serialize symbols for Python 3.11
New Feature
SONARPY-427 Rule S1128: Unnecessary imports should be removed
SONARPY-1402 Rule S6658: Special methods should have an expected return type
SONARPY-1404 Rule S5642: "in" and "not in" operators should be used on objects supporting them
SONARPY-1406 Rule S2876: "__iter__" should return an iterator
SONARPY-1410 Rule S6659: 'startsWith' or 'endsWith' methods should be used instead of string slicing in condition expressions
SONARPY-1411 Rule S6660: isinstance() should be preferred to direct type comparisons
SONARPY-1412 Rule S6661: Assignments of lambdas to variables should be replaced by function definitions.
SONARPY-1413 Rule S6662: Set members and dictionary keys should be hashable
SONARPY-1414 Rule S6663: Sequence indexes must have an __index__ method
SonarPython 4.5.0.11949
Release notes - SonarPython - 4.5
Documentation
SONARPY-1399 Migrate the description of 37 rules to the education format
SonarPython 4.4.1.11938
SonarPython 3.24.1.11916
Release notes - SonarPython - 3.24.1
Bug
SONARPY-1345 Fix stack overflow when a nested class inherits from a class with the same name
SonarPython 4.4.0.11907
Release notes - SonarPython - 4.4
Bug
SONARPY-1361 S5607 should report issues when all variants of an ambiguous method are unsuitable
SONARPY-1362 Ensure parameter names are optional in Typeshed serializer
False-Positive
SONARPY-832 S930 should not report on pymssql.connect() as all parameters have default value
SONARPY-1365 Fix FP on S3699 for win32pdh.MakeCounterPath
False Negative
SONARPY-1369 Fix FN on S5655 when the method is an abstract method
SONARPY-1372 S5644: Fix FN on calls when a class has a known metaclass
New Feature
SONARPY-1354 Use mypy to generate stubs for typed Python libraries
SONARPY-1355 Update Typeshed revision
Improvement
SONARPY-1378 S5549: Import emoji library for up-to-date stubs generation
SONARPY-1379 Add basic support for TypeVar
SONARPY-1380 Typeshed protobufs serialization should remove older version of protobufs
SONARPY-1384 Ensure submodule imports doesn't prevent parent module import
SONARPY-1387 S5144 and S5135: Import python2 stubs as custom stubs, to mitigate security FNs on urllib2 and Cookie libraries
SonarPython 4.3.0.11660
Release notes - SonarPython - 4.3
Bug
SONARPY-1341 Fix broken formatting when applying quick fix for S2772
False-Positive
SONARPY-1279 S1144 (UnreadPrivateMethodsCheck) should take into account usages apart from `self`
SONARPY-1285 Fix FP on S1451 when shebang head lines are used
SONARPY-1298 Fix FP on S2245 when using random.SystemRandom
SONARPY-1300 Fix FP on S5953 when an inner class is used as type hint
SONARPY-1338 Fix FP on S5655 when the argument is a valid TypedDict
False Negative
SONARPY-1326 S1481 / UnusedLocalVariableCheck should raise with sequence unpacking
New Feature
SONARPY-1297 Rule S6437: Credentials should not be hard-coded
SONARPY-1317 S6538: Add quick fix for '__init__' return type hint
SONARPY-1320 S6538: Add quick fix for return type hints
SONARPY-1330 Rule S6556: 'locals()' should not be passed to a Django 'render()' function
SONARPY-1331 S6545: Add quick fix to replace typing module type hints with built-in types
SONARPY-1332 Rule S6560: The "safe" flag should be set to "False" when serializing non-dictionary objects in Django JSON-encoded responses
SONARPY-1333 Rule S6559: Fields of a Django ModelForm should be defined explicitly
SONARPY-1334 Rule S6554: Django models should define a "__str__" method
SONARPY-1335 Rule S6553: "null=True": should not be used on string-based fields in Django models
SONARPY-1336 Rule S6552: Django signal handler functions should have the '@receiver' decorator on top of all other decorators
Improvement
SONARPY-1327 S1481 / UnusedLocalVariable shouldn't report multiple times on the same variable
SONARPY-1328 S1481 / UnusedLocalVariable: add quick fixes for redundant exception bindings
SONARPY-1342 Improve typeshed unit test to avoid serializing typeshed
SONARPY-1344 Fix FP on S1721: Avoid raising an issue on all single element tuples
SONARPY-1346 Support type inference of unary plus and minus
SONARPY-1347 Add quick fix for S6552 (DjangoReceiverDecoratorCheck)
SonarPython 4.2.0.11487
Release notes - SonarPython - 4.2
New Feature
SONARPY-1233 Allow import of mypy reports
SONARPY-1301 Rule S5994: Regex patterns following a possessive quantifier should not always fail
SONARPY-1302 Rule S5860: Names of regular expressions named groups should be used
SONARPY-1303 Rule S6001: Back references in regular expressions should only refer to capturing groups that are matched before the reference
SONARPY-1310 Add support of possessive quantifiers in regex parser for Python
SONARPY-1311 Add support of atomic groups in regex parser for Python
SONARPY-1312 Rule S5852: Using slow regular expressions is security-sensitive
SONARPY-1314 Rule S6538: Function returns should have type hints
SONARPY-1315 S6540: Function parameters should have type hints
SONARPY-1316 Rule S6542: Any should not be used as a type hint
SONARPY-1318 Rule S6545: Built-in generic types should be preferred over the typing module in type hints
SONARPY-1319 Rule S6543: Type hints of generic types should have a type parameter
SONARPY-1321 S6546: Union type expressions should be preferred over "typing.Union" in type hints
Task
SONARPY-1324 Update sonar-analyzer-commons dependency to a released version
Improvement
SONARPY-1304 Add quick fix for S6326 (MultipleWhitespaceCheck)
SONARPY-1305 Add quick fix for S6395 (UnquantifiedNonCapturingGroupCheck)
SONARPY-1306 Add quick fix for S6397 (SingleCharCharacterClassCheck)
SONARPY-1307 Add character range validation to S6353 (VerboseRegexCheck)
SONARPY-1308 Add repetition validation to S6353 (VerboseRegexCheck)
SONARPY-1313 Rule S6537: Octal escape sequences should not be used in regular expressions.