SonarPython 3.15.0.9787

    Release Notes - SonarPython - Version 3.15

New Feature

• [SONARPY-1020] - Update analyzer to Java 11
• [SONARPY-1023] - Add support for SonarLint quick fixes in the Python analyzer
• [SONARPY-1024] - Add quick fixes for S5799 (ImplicitStringConcatenationCheck)
• [SONARPY-1025] - Add quick fix for S5719 (InstanceAndClassMethodsAtLeastOnePositionalCheck)
• [SONARPY-1027] - Add quick fix for S1940 (BooleanCheckNotInvertedCheck)
• [SONARPY-1029] - Add quick fixes for S5717 (ModifiedParameterValueCheck)
• [SONARPY-1030] - Add quick fixes for S2710 (ClassMethodFirstArgumentNameCheck)
• [SONARPY-1031] - Add quick fix for S1854 (DeadStoreCheck)
• [SONARPY-1032] - Add quick fix for S3923 (AllBranchesAreIdenticalCheck)
• [SONARPY-1034] - Add verifier support for testing quick-fixes

SonarPython 3.14

    Release Notes - SonarPython - Version 3.14

Bug

• [SONARPY-1017] - Avoid parsing errors when SonarLint sends events for non python files

New Feature

• [SONARPY-1011] - Rule S6265: Granting access to S3 buckets to all or authenticated users is security-sensitive
• [SONARPY-1013] - Rule S6252: Disabling versioning of S3 buckets is security-sensitive
• [SONARPY-1014] - Rule S6245: Disabling server-side encryption of S3 buckets is security-sensitive
• [SONARPY-1015] - Rule S6281: Allowing public ACLs or policies on a S3 bucket is security-sensitive

SonarPython 3.13

    Release Notes - SonarPython - Version 3.13

False-Positive

• [SONARPY-997] - Fix FP on S5632 for nonlocal variables
• [SONARPY-1000] - Fix FP on S1172 when the parameter is a pytest fixture
• [SONARPY-1006] - S1172: Avoid raising issues when the parameter name starts with "_"
• [SONARPY-1007] - S5644 (ItemOperationsTypeCheck) should not raise should not raise when accessing type with generics
• [SONARPY-1008] - S5607 (IncompatibleOperandsCheck) should not raise on union of type hints

SonarPython 3.12

    Release Notes - SonarPython - Version 3.12

New Feature

• [SONARPY-976] - Rule S6396: Superfluous curly brace quantifiers should be avoided
• [SONARPY-977] - Rule S6323: Alternation in regular expressions should not contain empty alternatives
• [SONARPY-978] - Rule S6397: Character classes in regular expressions should not contain only one character
• [SONARPY-979] - Rule S6326: Regular expressions should not contain multiple spaces
• [SONARPY-980] - Rule S6353: Regular expression quantifiers and character classes should be used concisely
• [SONARPY-981] - Rule S6328: Replacement strings should reference existing regular expression groups
• [SONARPY-982] - Rule S6331: Regular expressions should not contain empty groups
• [SONARPY-983] - Rule S6395: Non-capturing groups without quantifier should not be used

Improvement

• [SONARPY-985] - Show UI warning when errors occur in coverage report parsing

False-Positive

• [SONARPY-994] - S5361 should not create false positives when case-insensitive flag is set

SonarPython 3.11.0.9522

    Release Notes - SonarPython - Version 3.11

New Feature

• [SONARPY-212] - Rule S3801: Functions should use "return" consistently
• [SONARPY-215] - Rule S3699: The output of functions that don't return anything should not be used
• [SONARPY-234] - Rule S1291: Track uses of "NOSONAR" comments
• [SONARPY-253] - Rule S2761: Doubled prefix operators "not" and "~" should not be used
• [SONARPY-259] - Rule S138: Functions should not have too many lines of code
• [SONARPY-264] - Rule S1135: Track uses of "TODO" tags
• [SONARPY-267] - Rule S1172: Unused function parameters should be removed
• [SONARPY-272] - Rule S1451: Track lack of copyright and license headers
• [SONARPY-282] - Rule S1940: Boolean checks should not be inverted
• [SONARPY-989] - Provide OWASP Top 10 2021 security standards for rules metadata

Task

• [SONARPY-988] - Upgrade the gh-action_release/main GitHub action to version 4

False-Positive

• [SONARPY-986] - S5644 should not raise issues on "collections" symbols

SonarPython 3.10.0.9380

    Release Notes - SonarPython - Version 3.10

New Feature

• [SONARPY-944] - Use precomputed Typeshed symbols for third-party libraries in the Python analyzer
• [SONARPY-945] - Use precomputed Typeshed symbols for custom stub files

Task

• [SONARPY-967] - Handle Typeshed Python2 modules whose name differ from their Python 3 counterpart by capitalization only
• [SONARPY-970] - Serialize class members to Protobuf
• [SONARPY-972] - Remove Typeshed parsing logic

Improvement

• [SONARPY-960] - Typeshed serializer: resolve type of alias variables to overloaded symbols
• [SONARPY-961] - Typeshed: serialize only public import
• [SONARPY-973] - Typeshed serialization should be platform independent

False-Positive

• [SONARPY-896] - NOSONAR annotation should silence issues on multiline strings
• [SONARPY-900] - S5886 (FunctionReturnTypeCheck) should not report on async function having return type AsyncGenerator / AsyncIterator
• [SONARPY-902] - RSPEC-930 should not report on instance methods called from class methods
• [SONARPY-904] - S1066 (CollapsibleIfStatements): Reduce noise when breaking line length limit, when using walrus operator and when a comment is present
• [SONARPY-905] - S139: Avoid raising issues on common pragma comments
• [SONARPY-906] - S5864: Fix FP when calling coroutines

False Negative

• [SONARPY-901] - S5886 (FunctionReturnTypeCheck) should report on async function having return type Generator / Iterator

SonarPython 3.9.0.9230

    Release Notes - SonarPython - Version 3.9

Bug

• [SONARPY-935] - Ensure there are no deprecated rules in the default quality profile
• [SONARPY-942] - Serialize unanalyzed overloaded items when regular ones are missing
• [SONARPY-962] - Fix fully qualified name of methods of class symbols inheriting from private typeshed symbols
• [SONARPY-963] - Custom stubs should have precedence over protobuf typeshed symbols

New Feature

• [SONARPY-939] - Use precomputed Typeshed symbols for stdlib in the Python analyzer
• [SONARPY-947] - SonarLint: support medium-big projects having up to 300K lines

Task

• [SONARPY-657] - Rework Project-level Symbol Table
• [SONARPY-940] - Reduce size of sonar-python plugin
• [SONARPY-943] - Clean and reset builtins symbol at each Typeshed unit test
• [SONARPY-965] - Update license headers for 2022
• [SONARPY-966] - Update rules metadata

Improvement

• [SONARPY-938] - Protobuf typeshed symbols should contain information about imported modules
• [SONARPY-941] - Handle conflicting symbols having the same name across Python versions
• [SONARPY-951] - Translate starred parameter types to descriptors

False-Positive

• [SONARPY-949] - S5756 (NonCallableCalled): avoid reporting on typeshed symbols having type "Callable[T]"
• [SONARPY-950] - S5708 (CaughtExceptionCheck) should not report on Ambiguous Symbols that might inherit from BaseException

False Negative

• [SONARPY-937] - S5655 (ArgumentTypeCheck) should report also on incompatible ambiguous or overloaded functions
• [SONARPY-957] - Protobuf Typeshed should serialize information about variables

SonarPython 3.8.0.8883

    Release Notes - SonarPython - Version 3.8

Bug

• [SONARPY-898] - Avoid failing on older SonarLint
• [SONARPY-925] - Project Python version should be set to `MAX_SUPPORTED_VERSION` when setting 'sonar.python.version=3.11 or more'
• [SONARPY-931] - Fix parse error: assignment expression within subscription
• [SONARPY-932] - Fix parse error: decorators can be any valid expression
• [SONARPY-933] - Fix parse error: lambda parameter list can have a trailing comma

New Feature

• [SONARPY-908] - Basic support of match / case statement
• [SONARPY-914] - Match / case statement: support sequence patterns
• [SONARPY-915] - Match / case statement: support mapping patterns
• [SONARPY-916] - Match / case statement: support class patterns
• [SONARPY-917] - Match / case statement: support wildcard and group patterns
• [SONARPY-918] - Match / case statement: as patterns
• [SONARPY-919] - Match / case statement: OR patterns
• [SONARPY-924] - Add Python 3.10 to supported versions
• [SONARPY-929] - Match / case statement: support value patterns
• [SONARPY-934] - Support syntax highlighting for match / case keyword

False-Positive

• [SONARPY-909] - S5953 (Undefined symbols) Avoid FP with names bound in match/case statements
• [SONARPY-913] - S1854 (DeadStore): take into account statements inside match / case

SonarPython 3.7.0.8753

Bug

• [SONARPY-860] - Parse error on `with` statements with parens

New Feature

• [SONARPY-882] - Rule S5850: Alternatives in regular expressions should be grouped when used with anchors
• [SONARPY-883] - Rule S6019 Reluctant quantifiers in regular expressions should be followed by an expression that can't match the empty string
• [SONARPY-884] - Rule S6035 Single-character alternations in regular expressions should be replaced with character classes
• [SONARPY-885] - Rule S5996 Regex boundaries should not be used in a way that can never be matched
• [SONARPY-886] - Rule S5855 Regex alternatives should not be redundant
• [SONARPY-887] - Extend existing RegexParser to parse Python regular expressions
• [SONARPY-888] - Rule S5868 Unicode Grapheme Clusters should be avoided inside regex character classes
• [SONARPY-889] - Rule S5869 Character classes in regular expressions should not contain the same character twice
• [SONARPY-891] - Rule S5857 Character classes should be preferred over reluctant quantifiers in regular expressions
• [SONARPY-892] - Rule S6002 Regex lookahead assertions should not be contradictory
• [SONARPY-893] - Rule S5843 Regular expressions should not be too complicated
• [SONARPY-894] - Rule S5842 Regex repetition pattern's body should not match the empty String
• [SONARPY-895] - Rule S5361 "str.replace" should be preferred to "re.sub"
• [SONARPY-923] - Analyze regex in variables whose values we can infer

Task

• [SONARPY-911] - Provide global regex flags to the parser

SonarPython 3.6.0.8488

    Release Notes - SonarPython - Version 3.6

New Feature

• [SONARPY-631] - Add a python version parameter and raise a warning when it is not set
• [SONARPY-867] - Use serialized "annoy" library from TypeShed
• [SONARPY-870] - Use serialized version of TypeShed core modules (builtins and its dependencies)

Improvement

• [SONARPY-881] - Support medium-size projects accurate analysis in SonarLint

Documentation

• [SONARPY-861] - Show "custom rules" documentation only in SonarQube
• [SONARPY-875] - Fix broken links in embedded documentation