sonar-python 3.1

    Release Notes - SonarPython - Version 3.1

Bug

• [SONARPY-783] - Fix parse error on explicit line joining with empty line and dedent
• [SONARPY-788] - Fix parse error on annotated assignment for Python 3.8

New Feature

• [SONARPY-740] - RSPEC-5864 Equality between incompatible types
• [SONARPY-741] - RSPEC-5864 Identity check between incompatible types
• [SONARPY-742] - RSPEC-5864 Operations on incompatible types
• [SONARPY-743] - RSPEC-5864 Calling a non-callable type
• [SONARPY-744] - RSPEC-5864 Item operations should be done on objects supporting them
• [SONARPY-745] - RSPEC-5864 Iteration operation on a non-iterable type
• [SONARPY-747] - RSPEC-5864 'raise' used with a non-exception type
• [SONARPY-751] - RSPEC-5886 Function return types should be consistent with their type hint
• [SONARPY-778] - RSPEC-5890 Values assigned to variables should match their type annotations
• [SONARPY-786] - RSPEC-3827 Extract detection of never defined variable in a separate rule (RSPEC-5953)

False-Positive

• [SONARPY-689] - Update the default regex of rule S100 and S1542 to not raise on short names
• [SONARPY-690] - Update the default regular expression of rule S101 to not raise on valid PEP-8 class names
• [SONARPY-700] - Fix FP on S905 when contextlib.supress is used
• [SONARPY-716] - Rule S3516 raises False Positives on methods which have an implicit return None.
• [SONARPY-719] - S107 default threshold is too low and it miscounts parameters
• [SONARPY-720] - Fix FP on S5953 when using wildcard imports
• [SONARPY-777] - Fix FP on S1764 when expressions contain function calls
• [SONARPY-780] - Fix FP on ArgumentTypeCheck when parameter is declared as object
• [SONARPY-785] - Fix FP on S1764 for expressions in try/except blocks
• [SONARPY-789] - S5953: Avoid raising on names prefixed with underscore

sonar-python 3.0

    Release Notes - SonarPython - Version 3.0

Bug

• [SONARPY-756] - Fix FP on S1656 when using deprecated built-in functions

New Feature

• [SONARPY-710] - Add API to access symbols generated from stub files
• [SONARPY-748] - Disable Pylint execution mode
• [SONARPY-749] - Update import of Pylint issues and enable Pylint plugins reports
• [SONARPY-752] - Update documentation for Pylint report importing

Improvement

• [SONARPY-693] - S5122 should support "response.headers.add" syntax
• [SONARPY-694] - S3330 should raise a Security Hotpost when Flask is configured to create session cookie with HttpOnly=False
• [SONARPY-724] - Introduce type declarations for third-party Python libraries using custom Python stub files

sonar-python 2.13

    Release Notes - SonarPython - Version 2.13

Bug

• [SONARPY-734] - Fix Memory Leak in S5806 (BuiltinShadowingAssignment) implementation

New Feature

• [SONARPY-470] - Rule S5756: Calls should not be made to non-callable values
• [SONARPY-504] - Rule S5607: Operators should be used on compatible types
• [SONARPY-514] - Rule S2755: XML parsers should not be vulnerable to XXE attacks
• [SONARPY-517] - Rule S5644: Item operations should be done on objects supporting them
• [SONARPY-591] - Rule S3862: Iterable unpacking, "for-in" loops and "yield from" should use an Iterable object
• [SONARPY-722] - Flow sensitive type inference

Improvement

• [SONARPY-723] - Update vulnerable dependencies
• [SONARPY-728] - Improve secondary locations for type inference issues

SonarPython 2.12

    Release Notes - SonarPython - Version 2.12

New Feature

• [SONARPY-675] - Rule S5799: Implicit string and byte concatenations should not be confusing
• [SONARPY-676] - Rule S5806: Builtins should not be shadowed
• [SONARPY-678] - Rule S5807: Only defined names should be listed in "__all__"
• [SONARPY-679] - Rule S2823: Only strings should be listed in "__all__"
• [SONARPY-685] - Rule S3457: Strings should be formatted correctly
• [SONARPY-686] - Rule S2275: String formatting should not fail
• [SONARPY-688] - Rule S5828: The "open" builtin should be called with a valid mode
• [SONARPY-695] - Typeshed: Support packages without transitive module resolution
• [SONARPY-696] - Typeshed: Support importing of submodules

False-Positive

• [SONARPY-699] - Fix FP on S1481: variables used as a nested format specification in f-string
• [SONARPY-713] - RSPEC-5708 (CaughtExceptionsCheck) shouldn't raise on variables holding tuples

sonar-python 2.11

    Release Notes - SonarPython - Version 2.11

Bug

• [SONARPY-687] - Analysis stuck when computing type of a long sequence of binary expressions

New Feature

• [SONARPY-216] - Rule S2201: Return values from functions without side effects should not be ignored
• [SONARPY-467] - Rule S5549: Function arguments should be passed only once
• [SONARPY-650] - Rule S2836 - Loops without "break" should not have "else" clauses
• [SONARPY-663] - Rule S5780: Expressions creating dictionaries should not have duplicate keys
• [SONARPY-664] - Rule S5781: Expressions creating sets should not have duplicate values
• [SONARPY-666] - Rule S3984: Exceptions should not be created without being raised
• [SONARPY-667] - Rule S905: Non-empty statements should change control flow or have at least one side-effect
• [SONARPY-669] - Rule S2208: Wildcard imports should not be used
• [SONARPY-672] - Rule S5797 Constants should not be used as conditions
• [SONARPY-673] - Rule S5795: Identity comparisons should not rely on interpreter's cache
• [SONARPY-674] - Rule S5796: New objects should not be created just to check their identity

Improvement

• [SONARPY-684] - Count module-level docstrings as comments

sonar-python 2.10.0.6571

    Release Notes - SonarPython - Version 2.10

False-Positive

• [SONARPY-637] - FP on S5720 when using the method as a decorator
• [SONARPY-665] - FP raised by S1192 on type hints

New Feature

• [SONARPY-357] - Rule S4830: Server certificates should be verified during SSL⁄TLS connections
• [SONARPY-469] - Rule S5547: Cipher algorithms should be robust
• [SONARPY-651] - Rule S4433: LDAP connections should be authenticated
• [SONARPY-652] - Import Flake8 external issues: core rules
• [SONARPY-653] - Import Flake8 external issues: plugins rules
• [SONARPY-655] - Add property to import flake8 report paths
• [SONARPY-661] - Deprecate S5439 in favor of S5247
• [SONARPY-662] - Rule S5542 Encryption algorithms should be used with secure mode and padding scheme
• [SONARPY-668] - Rule S4502: Disabling CSRF protection is security-sensitive
• [SONARPY-682] - Add parser for Python code to plugin API

Task

• [SONARPY-648] - Declare Typeshed as git submodule
• [SONARPY-660] - Show a deprecation warning in SonarQube/SonarCloud when Pylint rules are activated

Improvement

• [SONARPY-646] - Update branding to drop 'SonarPython'

SonarPython 2.9

    Release Notes - SonarPython - Version 2.9

New Feature

• [SONARPY-525] - Rule S5655: Arguments given to functions should be of an expected type
• [SONARPY-587] - Rule S1515: functions and lambdas should not reference variables defined in enclosing loops
• [SONARPY-607] - Type inference: include types defined in "typings.pyi" ("generator", "iterator", ...)
• [SONARPY-642] - Add standard library type definitions from Typeshed

Improvement

• [SONARPY-616] - FN on S5632: raise an issue when inferred type is "str"
• [SONARPY-618] - FN on S2159: Builtin functions with overloading
• [SONARPY-619] - FN on S2159: builtin functions returning generic types
• [SONARPY-639] - FN on S1045 due to missing type hierarchy for Python Builtin Exceptions

SonarPython 2.8

    Release Notes - SonarPython - Version 2.8

False-Positive

• [SONARPY-628] - FP on S1226 and S1481 when the parameter is used in a raw f-string

Bug

• [SONARPY-623] - Parse error on backslash before empty line
• [SONARPY-624] - Parse error on non-ASCII character in identifier
• [SONARPY-625] - Exception thrown when highlighting symbols in nested f-string

New Feature

• [SONARPY-482] - Rule S4487 Unread "private" attributes should be removed
• [SONARPY-483] - Rule S1144: Unused class-private methods should be removed
• [SONARPY-484] - Rule S3985: Unused private nested classes should be removed
• [SONARPY-532] - Support assignment expression syntax (Python 3.8)
• [SONARPY-533] - Support positional-only parameters (Python 3.8)
• [SONARPY-534] - Iterable unpacking in yield and return statements no longer requires enclosing parentheses (Python 3.8)
• [SONARPY-540] - Assignment expressions: update LVA-based rules (Python 3.8)
• [SONARPY-541] - Assignment expressions: update rules targeting assignments (Python 3.8)
• [SONARPY-542] - Assignment expressions: update rules targeting arguments' expressions (Python 3.8)
• [SONARPY-543] - Rule S5685: Walrus operator should not make code confusing
• [SONARPY-579] - Rule S2638: Method overrides should not change contracts
• [SONARPY-583] - Rule S5717: Function parameters' default values should not be modified or assigned
• [SONARPY-584] - Rule S5719: Instance and class methods should have at least one parameter
• [SONARPY-585] - Rule S5720: "self" should be the first argument to instance methods
• [SONARPY-586] - Rule S2710: The first argument to class methods should follow the naming convention
• [SONARPY-588] - Rule S5722: Special methods should have an expected number of parameters
• [SONARPY-589] - Rule S5724: Property getter, setter and deleter methods should have the expected number of parameters

Improvement

• [SONARPY-621] - Update symbol table with assignment expressions
• [SONARPY-630] - Support equal specifiers in f-string (Python 3.8)

SonarPython 2.7

    Release Notes - SonarPython - Version 2.7

New Feature

• [SONARPY-562] - Rule S5747: Bare "raise" statements should only be used in "except" blocks
• [SONARPY-563] - Rule S5704: Bare "raise" should not be used in "finally" blocks
• [SONARPY-564] - Rule S1045: All "except" blocks should be able to catch exceptions
• [SONARPY-566] - Rule S5754: "SystemExit" should be re-raised
• [SONARPY-567] - Rule S5706: Special method "__exit__" should not re-raise the provided exception
• [SONARPY-568] - Rule S5708: Caught Exceptions must derive from BaseException
• [SONARPY-569] - Rule S5709: Custom Exception classes should inherit from "Exception" or one of its subclasses
• [SONARPY-570] - Rule S112: "Exception" and "BaseException" should not be raised
• [SONARPY-571] - Rule S5712: Some special methods should return "NotImplemented" instead of raising "NotImplementedError"
• [SONARPY-572] - Rule S5714: Boolean expressions of exceptions should not be used in "except" statements:
• [SONARPY-573] - Rule S1143: Break, continue and return statements should not occur in "finally" blocks
• [SONARPY-574] - Rule S5713: A subclass should not be in the same "except" statement as a parent class
• [SONARPY-575] - Rule S5707: Exceptions' "__cause__" should be either an Exception or None
• [SONARPY-615] - Rule S5727: Comparison to None should not be constant

SonarPython 1.8-RC1

This release brings 2 new rules:

• Variables should not be self-assigned
• Unused local variables should be removed

It also fixes 3 false positives.

Release notes: https://jira.sonarsource.com/jira/secure/ReleaseNote.jspa?projectId=10958&version=13676