SonarPython 4.1.0.11333

Release notes - SonarPython - 4.1

New Feature

SONARPY-1253 Support IPython line-magic commands syntax
SONARPY-1287 Introduce a new sensor for IPython notebook files
SONARPY-1290 Remove noisy rules from IPython quality profile
SONARPY-1291 Support dynamic object information syntax
SONARPY-1292 Support system shell access syntax
SONARPY-1293 Support line continuation in line-magic commands
SONARPY-1294 Support parsing of cell-magic commands

Task

SONARPY-1295 Improve integration tests for IPython notebooks
SONARPY-1296 Update quickfix metadata for Python rules
SONARPY-1299 Ensure rules unit tests can run on IPython files

SonarPython 4.0.0.11155

Release notes - SonarPython - 4.0

Bug

SONARPY-726 Fix parsing errors on f-strings formatted expressions
SONARPY-1074 S5717: Quickfix should not change the initial value of the parameter
SONARPY-1281 Do not add redundant white spaces for quick fix S1940 (BooleanCheckNotInvertedCheck)

New Feature

SONARPY-1083 Add quick fix for S5712 (NotImplementedErrorInOperatorMethodsCheck)
SONARPY-1084 Add quick fixes for S5795 (IdentityComparisonWithCachedTypesCheck)
SONARPY-1089 Add quick fix for S108 (EmptyNestedBlockCheck)
SONARPY-1090 Add quick fixes for S5754 (IgnoredSystemExitCheck)
SONARPY-1092 Add quick fixes for S5806 (BuiltinShadowingAssignmentCheck)
SONARPY-1260 Add quick fix for S6353 (VerboseRegexCheck)
SONARPY-1261 Add quick fix for S5905 (AssertOnTupleLiteralCheck)
SONARPY-1262 Add quick fix for S5713 (ChildAndParentExceptionCaughtCheck)
SONARPY-1263 Add quick fix for S5915 (AssertAfterRaiseCheck)
SONARPY-1268 Add quick fix for S5796 (IdentityComparisonWithNewObjectCheck)

False Negative

SONARPY-727 Enable S3457 for f-strings

Task

SONARPY-1282 Update sonar-python version to 4.0
SONARPY-1283 Remove Deprecated APIs Improvement
SONARPY-790 S5890: Improve issue message when "Optional" should be used
SONARPY-1192 Provide quick fix for chained assignment in S1854 (DeadStoreCheck)
SONARPY-1265 Add quick fix for S5714 (BooleanExpressionInExceptCheck)
SONARPY-1266 Add quick fix for S5708 (CaughtExceptionsCheck)
SONARPY-1277 Add quick fix for S108 (EmptyNestedBlockCheck) in case of inline statements
SONARPY-1278 Make the quick fix creation part of the public API

SonarPython 3.25.0.10992

Release notes - SonarPython - 3.25

Bug

SONARPY-1250 Fix handling of test files in PR analysis

SONARPY-1272 Symbol FQN resolution should work correctly on double import

False-Positive

SONARPY-863 Fix FP on S3516 when return values are different kind of comparisons

SONARPY-1115 S1854 Fix FPs on import statements

SONARPY-1255 S5886 should not raise issues when the yield expression is part of an assignment statement

SONARPY-1257 S1144: Should not raise on methods/classes with unknown decorator

New Feature

SONARPY-1049 Add quick-fix for S1110 (UselessParenthesisCheck)

SONARPY-1080 Add quick fixes for S3626 (RedundantJumpCheck)

SONARPY-1085 Add quick fixes for S3984 (ExceptionNotThrownCheck)

SONARPY-1087 Add quick fixes for S2772 (NeedlessPassCheck)

False Negative

SONARPY-794 FN on S4830 & S5527 when “ssl._create_unverified_context()” is provided as keyword argument

SONARPY-1036 S2245 covers more methods of "random"

SONARPY-1100 S1045 should raise an issue when the same unknown exception is caught twice

SONARPY-1242 Modify rule S5332: False positive for LoadBalancer construct with listeners set as dict (AWS CDK)

Task

SONARPY-1259 Soften issue message for S1110

Improvement

SONARPY-1096 Add secondary message for S3923 (AllBranchesAreIdenticalCheck)

SONARPY-1097 S1226: Add secondary locations on the parameter re-assignments

SONARPY-1098 S1854: Add secondary locations on the variable re-assignments

SONARPY-1164 Resolve unpacking expression when analyzing call arguments

SonarPython 3.24.0.10784

Release notes - SonarPython - 3.24

Bug

SONARPY-1227 Fix parse error when multiple unpack in for loop

SONARPY-1237 Use file hashes to determine file modification status in PR analysis

Improvement

SONARPY-1216 PR Analysis: Avoid running regular rules for transitively impacted files

SONARPY-1238 Deduplicate strings in CPD token serialization

SonarPython 3.23.0.10732

Release notes - SonarPython - 3.23

Bug

SONARPY-1234 Disable cache when sonar.modules is used

New Feature

SONARPY-1231 Cache CPD tokens

SONARPY-1232 Load all Typeshed symbols used by the project in PR analysis context

Improvement

SONARPY-1235 Prevent executing the same rule again in case of successful scanWithoutParsing

SONARPY-1236 Improve serialization method used for CPD tokens

SonarPython 3.22.0.10674

Release notes - SonarPython - 3.22

Bug

SONARPY-1226 Fix NumberFormatException error

Task

SONARPY-1194 Serialize and cache the project level symbol table

SONARPY-1195 Build a dependency graph in the project-level symbol table

SONARPY-1196 Compute impacted files from deleted files

SONARPY-1197 Load project-level symbol table entries from cache

SONARPY-1199 Avoid scanning files that don't need to be analyzed

SONARPY-1201 Add integeration tests for incremental PR analysis

SonarPython 3.21.0.10628

Release notes - SonarPython - 3.21

False-Positive

SONARPY-1179 Update S5747 (RaiseOutsideExceptCheck) to not report an issue inside a 'except*'

SONARPY-1193 FP on rule S6304: "Granting access to all resources" should not be raised on actions without resource-level permissions

False Negative

SONARPY-1181 S5708 (CaughtExceptionsCheck) should report on except*

SONARPY-1183 S5713 (ChildAndParentExceptionCaughtCheck) should report on except*

New Feature

SONARPY-1091 Add quick fix for S4144 (DuplicatedMethodImplementationCheck)

SONARPY-1169 Support except* syntax

SONARPY-1184 Rule S6468 : ExceptionGroup and BaseExceptionGroup should not be caught in `except*` clauses

SONARPY-1217 Update API to expose data related to caching

Task

SONARPY-1194 Serialize and cache the project level symbol table

SONARPY-1195 Build a dependency graph in the project-level symbol table

SONARPY-1196 Compute impacted files from deleted files

SONARPY-1197 Load project-level symbol table entries from cache

SONARPY-1199 Avoid scanning files that don't need to be analyzed

SONARPY-1200 Upgrade protobuf version to 3.21.7

SONARPY-1201 Add integeration tests for incremental PR analysis

Improvement

SONARPY-1210 except* can not contain continue, break or return instruction

SonarPython 3.20.0.10345

Release notes - SonarPython - 3.20

Bug

SONARPY-1071 Quickfixes for S1854 should not change code execution

SONARPY-1072 S5799: Quickfixes should not change formatting

SONARPY-1077 S5719: Fix quick fix message and improve ordering

SONARPY-1188 S5717 should not provide a quick fix if the default value is not trivial

SONARPY-1191 The quick fix of S1854 (DeadStoreCheck) should remove indent before removed line

False-Positive

SONARPY-1186 S6317 should not on any wildcard identifier in resources

New Feature

SONARPY-1078 Add quick fixes for S1186 (EmptyFunctionCheck)

SONARPY-1081 Add quick fixes for S1131 (TrailingWhitespaceCheck)

SONARPY-1082 Add quick fixes for S139 (TrailingCommentCheck)

SONARPY-1088 Add quick fixes for S2316 (BackticksUsageCheck)

Improvement

SONARPY-1076 S2710: Suggest alternative quick fix to rename the first parameter

SONARPY-1176 Make use of the PolicyStatement data class for applicable CDK-related checks

SONARPY-1177 Apply default parameter annotation to CDK checks

SONARPY-1189 Improve Readme or add CONTRIBUTING.md

SonarPython 3.19.0.10254

Release notes - SonarPython - Version 3.19

Bug

SONARPY-1170 Fix the stub for aws_cdk.aws_ec2 recently added methods to have *args/**kwargs as additional parameters

New Feature

SONARPY-1162 Rule S6304: Policies granting access to all resources of an account are security-sensitive

SONARPY-1159 Rule S6463: Allowing unrestricted outbound communications is security-sensitive

SONARPY-1153 Rule S6302: Policies granting all privileges are security-sensitive

SONARPY-1145 Rule S6329: Allowing public network access to cloud resources is security-sensitive

SONARPY-1144 Rule S6270: Policies authorizing public access to resources are security-sensitive

SONARPY-1138 Rule S6333: Creating public APIs is security-sensitive

SONARPY-1135 Rule S6321: Administration services access should be restricted to specific IP addresses

SONARPY-1063 Rules support PCI DSS Security Standard

Task

SONARPY-1185 Update analyzer-commons to version 2.0

SonarPython 3.18.0.10116

Release notes - SonarPython - Version 3.18

Documentation

SONARPY-1134 Fix broken link in documentation

New Feature

SONARPY-1130 Rule S6319: Using unencrypted SageMaker notebook instances is security-sensitive

SONARPY-1127 Rule S4423: Weak SSL/TLS protocols should not be used

SONARPY-1119 Rule S5332: Using clear-text protocols is security-sensitive - Adding python CDK

SONARPY-1118 Rule S6332: Using unencrypted EFS file systems is security-sensitive

SONARPY-1117 Rule S6303: Using unencrypted RDS databases is security-sensitive

SONARPY-1116 Rule S6308: Using unencrypted OpenSearch domains is security-sensitive

SONARPY-1114 Rule S6327: Using unencrypted SNS topics is security-sensitive

SONARPY-1113 Rule S6330: Using unencrypted SQS queues is security-sensitive

SONARPY-1110 Rule S6275: Using unencrypted EBS volumes is security-sensitive