Releases: SonarSource/sonar-python
SonarPython 4.6.0.12071
Release notes - SonarPython - 4.6
Bug
SONARPY-1417 Serialize symbols for Python 3.11
New Feature
SONARPY-427 Rule S1128: Unnecessary imports should be removed
SONARPY-1402 Rule S6658: Special methods should have an expected return type
SONARPY-1404 Rule S5642: "in" and "not in" operators should be used on objects supporting them
SONARPY-1406 Rule S2876: "__iter__" should return an iterator
SONARPY-1410 Rule S6659: 'startsWith' or 'endsWith' methods should be used instead of string slicing in condition expressions
SONARPY-1411 Rule S6660: isinstance() should be preferred to direct type comparisons
SONARPY-1412 Rule S6661: Assignments of lambdas to variables should be replaced by function definitions.
SONARPY-1413 Rule S6662: Set members and dictionary keys should be hashable
SONARPY-1414 Rule S6663: Sequence indexes must have an __index__ method
SonarPython 4.5.0.11949
Release notes - SonarPython - 4.5
Documentation
SONARPY-1399 Migrate the description of 37 rules to the education format
SonarPython 4.4.1.11938
SonarPython 3.24.1.11916
Release notes - SonarPython - 3.24.1
Bug
SONARPY-1345 Fix stack overflow when a nested class inherits from a class with the same name
SonarPython 4.4.0.11907
Release notes - SonarPython - 4.4
Bug
SONARPY-1361 S5607 should report issues when all variants of an ambiguous method are unsuitable
SONARPY-1362 Ensure parameter names are optional in Typeshed serializer
False-Positive
SONARPY-832 S930 should not report on pymssql.connect() as all parameters have default value
SONARPY-1365 Fix FP on S3699 for win32pdh.MakeCounterPath
False Negative
SONARPY-1369 Fix FN on S5655 when the method is an abstract method
SONARPY-1372 S5644: Fix FN on calls when a class has a known metaclass
New Feature
SONARPY-1354 Use mypy to generate stubs for typed Python libraries
SONARPY-1355 Update Typeshed revision
Improvement
SONARPY-1378 S5549: Import emoji library for up-to-date stubs generation
SONARPY-1379 Add basic support for TypeVar
SONARPY-1380 Typeshed protobufs serialization should remove older version of protobufs
SONARPY-1384 Ensure submodule imports doesn't prevent parent module import
SONARPY-1387 S5144 and S5135: Import python2 stubs as custom stubs, to mitigate security FNs on urllib2 and Cookie libraries
SonarPython 4.3.0.11660
Release notes - SonarPython - 4.3
Bug
SONARPY-1341 Fix broken formatting when applying quick fix for S2772
False-Positive
SONARPY-1279 S1144 (UnreadPrivateMethodsCheck) should take into account usages apart from `self`
SONARPY-1285 Fix FP on S1451 when shebang head lines are used
SONARPY-1298 Fix FP on S2245 when using random.SystemRandom
SONARPY-1300 Fix FP on S5953 when an inner class is used as type hint
SONARPY-1338 Fix FP on S5655 when the argument is a valid TypedDict
False Negative
SONARPY-1326 S1481 / UnusedLocalVariableCheck should raise with sequence unpacking
New Feature
SONARPY-1297 Rule S6437: Credentials should not be hard-coded
SONARPY-1317 S6538: Add quick fix for '__init__' return type hint
SONARPY-1320 S6538: Add quick fix for return type hints
SONARPY-1330 Rule S6556: 'locals()' should not be passed to a Django 'render()' function
SONARPY-1331 S6545: Add quick fix to replace typing module type hints with built-in types
SONARPY-1332 Rule S6560: The "safe" flag should be set to "False" when serializing non-dictionary objects in Django JSON-encoded responses
SONARPY-1333 Rule S6559: Fields of a Django ModelForm should be defined explicitly
SONARPY-1334 Rule S6554: Django models should define a "__str__" method
SONARPY-1335 Rule S6553: "null=True": should not be used on string-based fields in Django models
SONARPY-1336 Rule S6552: Django signal handler functions should have the '@receiver' decorator on top of all other decorators
Improvement
SONARPY-1327 S1481 / UnusedLocalVariable shouldn't report multiple times on the same variable
SONARPY-1328 S1481 / UnusedLocalVariable: add quick fixes for redundant exception bindings
SONARPY-1342 Improve typeshed unit test to avoid serializing typeshed
SONARPY-1344 Fix FP on S1721: Avoid raising an issue on all single element tuples
SONARPY-1346 Support type inference of unary plus and minus
SONARPY-1347 Add quick fix for S6552 (DjangoReceiverDecoratorCheck)
Contributors
Assets 2
SonarPython 4.2.0.11487
Release notes - SonarPython - 4.2
New Feature
SONARPY-1233 Allow import of mypy reports
SONARPY-1301 Rule S5994: Regex patterns following a possessive quantifier should not always fail
SONARPY-1302 Rule S5860: Names of regular expressions named groups should be used
SONARPY-1303 Rule S6001: Back references in regular expressions should only refer to capturing groups that are matched before the reference
SONARPY-1310 Add support of possessive quantifiers in regex parser for Python
SONARPY-1311 Add support of atomic groups in regex parser for Python
SONARPY-1312 Rule S5852: Using slow regular expressions is security-sensitive
SONARPY-1314 Rule S6538: Function returns should have type hints
SONARPY-1315 S6540: Function parameters should have type hints
SONARPY-1316 Rule S6542: Any should not be used as a type hint
SONARPY-1318 Rule S6545: Built-in generic types should be preferred over the typing module in type hints
SONARPY-1319 Rule S6543: Type hints of generic types should have a type parameter
SONARPY-1321 S6546: Union type expressions should be preferred over "typing.Union" in type hints
Task
SONARPY-1324 Update sonar-analyzer-commons dependency to a released version
Improvement
SONARPY-1304 Add quick fix for S6326 (MultipleWhitespaceCheck)
SONARPY-1305 Add quick fix for S6395 (UnquantifiedNonCapturingGroupCheck)
SONARPY-1306 Add quick fix for S6397 (SingleCharCharacterClassCheck)
SONARPY-1307 Add character range validation to S6353 (VerboseRegexCheck)
SONARPY-1308 Add repetition validation to S6353 (VerboseRegexCheck)
SONARPY-1313 Rule S6537: Octal escape sequences should not be used in regular expressions.
SonarPython 4.1.0.11333
Release notes - SonarPython - 4.1
New Feature
SONARPY-1253 Support IPython line-magic commands syntax
SONARPY-1287 Introduce a new sensor for IPython notebook files
SONARPY-1290 Remove noisy rules from IPython quality profile
SONARPY-1291 Support dynamic object information syntax
SONARPY-1292 Support system shell access syntax
SONARPY-1293 Support line continuation in line-magic commands
SONARPY-1294 Support parsing of cell-magic commands
Task
SONARPY-1295 Improve integration tests for IPython notebooks
SONARPY-1296 Update quickfix metadata for Python rules
SONARPY-1299 Ensure rules unit tests can run on IPython files
SonarPython 4.0.0.11155
Release notes - SonarPython - 4.0
Bug
SONARPY-726 Fix parsing errors on f-strings formatted expressions
SONARPY-1074 S5717: Quickfix should not change the initial value of the parameter
SONARPY-1281 Do not add redundant white spaces for quick fix S1940 (BooleanCheckNotInvertedCheck)
New Feature
SONARPY-1083 Add quick fix for S5712 (NotImplementedErrorInOperatorMethodsCheck)
SONARPY-1084 Add quick fixes for S5795 (IdentityComparisonWithCachedTypesCheck)
SONARPY-1089 Add quick fix for S108 (EmptyNestedBlockCheck)
SONARPY-1090 Add quick fixes for S5754 (IgnoredSystemExitCheck)
SONARPY-1092 Add quick fixes for S5806 (BuiltinShadowingAssignmentCheck)
SONARPY-1260 Add quick fix for S6353 (VerboseRegexCheck)
SONARPY-1261 Add quick fix for S5905 (AssertOnTupleLiteralCheck)
SONARPY-1262 Add quick fix for S5713 (ChildAndParentExceptionCaughtCheck)
SONARPY-1263 Add quick fix for S5915 (AssertAfterRaiseCheck)
SONARPY-1268 Add quick fix for S5796 (IdentityComparisonWithNewObjectCheck)
False Negative
SONARPY-727 Enable S3457 for f-strings
Task
SONARPY-1282 Update sonar-python version to 4.0
SONARPY-1283 Remove Deprecated APIs Improvement
SONARPY-790 S5890: Improve issue message when "Optional" should be used
SONARPY-1192 Provide quick fix for chained assignment in S1854 (DeadStoreCheck)
SONARPY-1265 Add quick fix for S5714 (BooleanExpressionInExceptCheck)
SONARPY-1266 Add quick fix for S5708 (CaughtExceptionsCheck)
SONARPY-1277 Add quick fix for S108 (EmptyNestedBlockCheck) in case of inline statements
SONARPY-1278 Make the quick fix creation part of the public API
SonarPython 3.25.0.10992
Release notes - SonarPython - 3.25
Bug
SONARPY-1250 Fix handling of test files in PR analysis
SONARPY-1272 Symbol FQN resolution should work correctly on double import
False-Positive
SONARPY-863 Fix FP on S3516 when return values are different kind of comparisons
SONARPY-1115 S1854 Fix FPs on import statements
SONARPY-1255 S5886 should not raise issues when the yield expression is part of an assignment statement
SONARPY-1257 S1144: Should not raise on methods/classes with unknown decorator
New Feature
SONARPY-1049 Add quick-fix for S1110 (UselessParenthesisCheck)
SONARPY-1080 Add quick fixes for S3626 (RedundantJumpCheck)
SONARPY-1085 Add quick fixes for S3984 (ExceptionNotThrownCheck)
SONARPY-1087 Add quick fixes for S2772 (NeedlessPassCheck)
False Negative
SONARPY-794 FN on S4830 & S5527 when “ssl._create_unverified_context()” is provided as keyword argument
SONARPY-1036 S2245 covers more methods of "random"
SONARPY-1100 S1045 should raise an issue when the same unknown exception is caught twice
SONARPY-1242 Modify rule S5332: False positive for LoadBalancer construct with listeners set as dict (AWS CDK)
Task
SONARPY-1259 Soften issue message for S1110
Improvement
SONARPY-1096 Add secondary message for S3923 (AllBranchesAreIdenticalCheck)
SONARPY-1097 S1226: Add secondary locations on the parameter re-assignments
SONARPY-1098 S1854: Add secondary locations on the variable re-assignments
SONARPY-1164 Resolve unpacking expression when analyzing call arguments