Releases: SonarSource/sonar-python
SonarPython 3.17.0.10029
Release notes - SonarPython - Version 3.17
Bug
SONARPY-1112 Python sensor should be executed also on TEST files
SONARPY-1075 Quickfix for S3923 should not break the code
False-Positive
SONARPY-1107 Adapt S5918 message when returning a call to a skip test method
SONARPY-1106 Fix wrong issue message on S5906 for NOT IN statement
SONARPY-1102 Fix FP on S5914 for nonlocal variables
SONARPY-1101 Fix FP on S5899 for helper methods
SONARPY-1086 Fix FP on S1764 for left bitwise shift
SONARPY-1073 Rule S1313: Exclude reserved documentation IP ranges
SONARPY-1067 Fix FP on S125 when the comment is not actual code
SONARPY-1061 Rule S2068: Add Flask config exceptions
SONARPY-1040 S1854 (DeadStoreCheck) should not raise FP with assignment expressions
SONARPY-1039 Fix FP on S5806 when the name is an IPython builtin
SONARPY-1037 S1481 should not report on dummy variables
SONARPY-1021 Fix FP on S1721 when using the walrus operator
SONARPY-1009 Fix FP on S5607 when using operator on hex value
SONARPY-990 S1481 should not raise when variable is assigned inside decorator
SONARPY-876 S5795 (IdentityComparisonWithCachedTypesCheck) shouldn't raise on 'is not None'
SONARPY-797 FP on S4426: mismatch between key length and key exponent
Improvement
SONARPY-1109 Update protobuf-java to 3.19.2
SonarPython 3.16.0.9967
Release notes - SonarPython - Version 3.16
New Feature
SONARPY-1064 Enable test checks to run on project test files
SONARPY-766 Rule S5918: Tests should be skipped explicitly
SONARPY-765 Rule S5915: Assertions should not be made at the end of blocks expecting an exception
SONARPY-764 Rule S5914: Assertions should not fail or succeed unconditionally
SONARPY-762 Rule S5906: The most specific assertion should be preferred
SONARPY-761 Rule S5845: Assertions of dissimilar types should not be made
SONARPY-760 Rule S5905: Assert should not be called on a tuple literal
SONARPY-758 Rule S5899: Test methods should be discoverable
SonarPython 3.15.1.9817
Release Notes - SonarPython - Version 3.15.1
Bug
- [SONARPY-1041] - Fix the quick-fix for S1940 (BooleanCheckNotInvertedCheck)
- [SONARPY-1042] - Fix the quick-fix for S3923 (AllBranchesAreIdenticalCheck)
- [SONARPY-1043] - Fix NPE in quick-fix for S1854 (DeadStoreCheck)
- [SONARPY-1046] - Regression of "NOSONAR" issue suppression
SonarPython 3.15.0.9787
Release Notes - SonarPython - Version 3.15
New Feature
- [SONARPY-1020] - Update analyzer to Java 11
- [SONARPY-1023] - Add support for SonarLint quick fixes in the Python analyzer
- [SONARPY-1024] - Add quick fixes for S5799 (ImplicitStringConcatenationCheck)
- [SONARPY-1025] - Add quick fix for S5719 (InstanceAndClassMethodsAtLeastOnePositionalCheck)
- [SONARPY-1027] - Add quick fix for S1940 (BooleanCheckNotInvertedCheck)
- [SONARPY-1029] - Add quick fixes for S5717 (ModifiedParameterValueCheck)
- [SONARPY-1030] - Add quick fixes for S2710 (ClassMethodFirstArgumentNameCheck)
- [SONARPY-1031] - Add quick fix for S1854 (DeadStoreCheck)
- [SONARPY-1032] - Add quick fix for S3923 (AllBranchesAreIdenticalCheck)
- [SONARPY-1034] - Add verifier support for testing quick-fixes
SonarPython 3.14
Release Notes - SonarPython - Version 3.14
Bug
- [SONARPY-1017] - Avoid parsing errors when SonarLint sends events for non python files
New Feature
- [SONARPY-1011] - Rule S6265: Granting access to S3 buckets to all or authenticated users is security-sensitive
- [SONARPY-1013] - Rule S6252: Disabling versioning of S3 buckets is security-sensitive
- [SONARPY-1014] - Rule S6245: Disabling server-side encryption of S3 buckets is security-sensitive
- [SONARPY-1015] - Rule S6281: Allowing public ACLs or policies on a S3 bucket is security-sensitive
SonarPython 3.13
Release Notes - SonarPython - Version 3.13
False-Positive
- [SONARPY-997] - Fix FP on S5632 for nonlocal variables
- [SONARPY-1000] - Fix FP on S1172 when the parameter is a pytest fixture
- [SONARPY-1006] - S1172: Avoid raising issues when the parameter name starts with "_"
- [SONARPY-1007] - S5644 (ItemOperationsTypeCheck) should not raise should not raise when accessing type with generics
- [SONARPY-1008] - S5607 (IncompatibleOperandsCheck) should not raise on union of type hints
SonarPython 3.12
Release Notes - SonarPython - Version 3.12
New Feature
- [SONARPY-976] - Rule S6396: Superfluous curly brace quantifiers should be avoided
- [SONARPY-977] - Rule S6323: Alternation in regular expressions should not contain empty alternatives
- [SONARPY-978] - Rule S6397: Character classes in regular expressions should not contain only one character
- [SONARPY-979] - Rule S6326: Regular expressions should not contain multiple spaces
- [SONARPY-980] - Rule S6353: Regular expression quantifiers and character classes should be used concisely
- [SONARPY-981] - Rule S6328: Replacement strings should reference existing regular expression groups
- [SONARPY-982] - Rule S6331: Regular expressions should not contain empty groups
- [SONARPY-983] - Rule S6395: Non-capturing groups without quantifier should not be used
Improvement
- [SONARPY-985] - Show UI warning when errors occur in coverage report parsing
False-Positive
- [SONARPY-994] - S5361 should not create false positives when case-insensitive flag is set
SonarPython 3.11.0.9522
Release Notes - SonarPython - Version 3.11
New Feature
- [SONARPY-212] - Rule S3801: Functions should use "return" consistently
- [SONARPY-215] - Rule S3699: The output of functions that don't return anything should not be used
- [SONARPY-234] - Rule S1291: Track uses of "NOSONAR" comments
- [SONARPY-253] - Rule S2761: Doubled prefix operators "not" and "~" should not be used
- [SONARPY-259] - Rule S138: Functions should not have too many lines of code
- [SONARPY-264] - Rule S1135: Track uses of "TODO" tags
- [SONARPY-267] - Rule S1172: Unused function parameters should be removed
- [SONARPY-272] - Rule S1451: Track lack of copyright and license headers
- [SONARPY-282] - Rule S1940: Boolean checks should not be inverted
- [SONARPY-989] - Provide OWASP Top 10 2021 security standards for rules metadata
Task
- [SONARPY-988] - Upgrade the gh-action_release/main GitHub action to version 4
False-Positive
- [SONARPY-986] - S5644 should not raise issues on "collections" symbols
SonarPython 3.10.0.9380
Release Notes - SonarPython - Version 3.10
New Feature
- [SONARPY-944] - Use precomputed Typeshed symbols for third-party libraries in the Python analyzer
- [SONARPY-945] - Use precomputed Typeshed symbols for custom stub files
Task
- [SONARPY-967] - Handle Typeshed Python2 modules whose name differ from their Python 3 counterpart by capitalization only
- [SONARPY-970] - Serialize class members to Protobuf
- [SONARPY-972] - Remove Typeshed parsing logic
Improvement
- [SONARPY-960] - Typeshed serializer: resolve type of alias variables to overloaded symbols
- [SONARPY-961] - Typeshed: serialize only public import
- [SONARPY-973] - Typeshed serialization should be platform independent
False-Positive
- [SONARPY-896] - NOSONAR annotation should silence issues on multiline strings
- [SONARPY-900] - S5886 (FunctionReturnTypeCheck) should not report on async function having return type AsyncGenerator / AsyncIterator
- [SONARPY-902] - RSPEC-930 should not report on instance methods called from class methods
- [SONARPY-904] - S1066 (CollapsibleIfStatements): Reduce noise when breaking line length limit, when using walrus operator and when a comment is present
- [SONARPY-905] - S139: Avoid raising issues on common pragma comments
- [SONARPY-906] - S5864: Fix FP when calling coroutines
False Negative
- [SONARPY-901] - S5886 (FunctionReturnTypeCheck) should report on async function having return type Generator / Iterator
SonarPython 3.9.0.9230
Release Notes - SonarPython - Version 3.9
Bug
- [SONARPY-935] - Ensure there are no deprecated rules in the default quality profile
- [SONARPY-942] - Serialize unanalyzed overloaded items when regular ones are missing
- [SONARPY-962] - Fix fully qualified name of methods of class symbols inheriting from private typeshed symbols
- [SONARPY-963] - Custom stubs should have precedence over protobuf typeshed symbols
New Feature
- [SONARPY-939] - Use precomputed Typeshed symbols for stdlib in the Python analyzer
- [SONARPY-947] - SonarLint: support medium-big projects having up to 300K lines
Task
- [SONARPY-657] - Rework Project-level Symbol Table
- [SONARPY-940] - Reduce size of sonar-python plugin
- [SONARPY-943] - Clean and reset builtins symbol at each Typeshed unit test
- [SONARPY-965] - Update license headers for 2022
- [SONARPY-966] - Update rules metadata
Improvement
- [SONARPY-938] - Protobuf typeshed symbols should contain information about imported modules
- [SONARPY-941] - Handle conflicting symbols having the same name across Python versions
- [SONARPY-951] - Translate starred parameter types to descriptors
False-Positive
- [SONARPY-949] - S5756 (NonCallableCalled): avoid reporting on typeshed symbols having type "Callable[T]"
- [SONARPY-950] - S5708 (CaughtExceptionCheck) should not report on Ambiguous Symbols that might inherit from BaseException
False Negative
- [SONARPY-937] - S5655 (ArgumentTypeCheck) should report also on incompatible ambiguous or overloaded functions
- [SONARPY-957] - Protobuf Typeshed should serialize information about variables