Releases: SonarSource/sonar-python
Releases · SonarSource/sonar-python
SonarPython 3.15.0.9787
    Release Notes - SonarPython - Version 3.15
New Feature
- [SONARPY-1020] - Update analyzer to Java 11
- [SONARPY-1023] - Add support for SonarLint quick fixes in the Python analyzer
- [SONARPY-1024] - Add quick fixes for S5799 (ImplicitStringConcatenationCheck)
- [SONARPY-1025] - Add quick fix for S5719 (InstanceAndClassMethodsAtLeastOnePositionalCheck)
- [SONARPY-1027] - Add quick fix for S1940 (BooleanCheckNotInvertedCheck)
- [SONARPY-1029] - Add quick fixes for S5717 (ModifiedParameterValueCheck)
- [SONARPY-1030] - Add quick fixes for S2710 (ClassMethodFirstArgumentNameCheck)
- [SONARPY-1031] - Add quick fix for S1854 (DeadStoreCheck)
- [SONARPY-1032] - Add quick fix for S3923 (AllBranchesAreIdenticalCheck)
- [SONARPY-1034] - Add verifier support for testing quick-fixes
SonarPython 3.14
    Release Notes - SonarPython - Version 3.14
Bug
- [SONARPY-1017] - Avoid parsing errors when SonarLint sends events for non python files
New Feature
- [SONARPY-1011] - Rule S6265: Granting access to S3 buckets to all or authenticated users is security-sensitive
- [SONARPY-1013] - Rule S6252: Disabling versioning of S3 buckets is security-sensitive
- [SONARPY-1014] - Rule S6245: Disabling server-side encryption of S3 buckets is security-sensitive
- [SONARPY-1015] - Rule S6281: Allowing public ACLs or policies on a S3 bucket is security-sensitive
SonarPython 3.13
    Release Notes - SonarPython - Version 3.13
False-Positive
- [SONARPY-997] - Fix FP on S5632 for nonlocal variables
- [SONARPY-1000] - Fix FP on S1172 when the parameter is a pytest fixture
- [SONARPY-1006] - S1172: Avoid raising issues when the parameter name starts with "_"
- [SONARPY-1007] - S5644 (ItemOperationsTypeCheck) should not raise should not raise when accessing type with generics
- [SONARPY-1008] - S5607 (IncompatibleOperandsCheck) should not raise on union of type hints
SonarPython 3.12
    Release Notes - SonarPython - Version 3.12
New Feature
- [SONARPY-976] - Rule S6396: Superfluous curly brace quantifiers should be avoided
- [SONARPY-977] - Rule S6323: Alternation in regular expressions should not contain empty alternatives
- [SONARPY-978] - Rule S6397: Character classes in regular expressions should not contain only one character
- [SONARPY-979] - Rule S6326: Regular expressions should not contain multiple spaces
- [SONARPY-980] - Rule S6353: Regular expression quantifiers and character classes should be used concisely
- [SONARPY-981] - Rule S6328: Replacement strings should reference existing regular expression groups
- [SONARPY-982] - Rule S6331: Regular expressions should not contain empty groups
- [SONARPY-983] - Rule S6395: Non-capturing groups without quantifier should not be used
Improvement
- [SONARPY-985] - Show UI warning when errors occur in coverage report parsing
False-Positive
- [SONARPY-994] - S5361 should not create false positives when case-insensitive flag is set
SonarPython 3.11.0.9522
    Release Notes - SonarPython - Version 3.11
New Feature
- [SONARPY-212] - Rule S3801: Functions should use "return" consistently
- [SONARPY-215] - Rule S3699: The output of functions that don't return anything should not be used
- [SONARPY-234] - Rule S1291: Track uses of "NOSONAR" comments
- [SONARPY-253] - Rule S2761: Doubled prefix operators "not" and "~" should not be used
- [SONARPY-259] - Rule S138: Functions should not have too many lines of code
- [SONARPY-264] - Rule S1135: Track uses of "TODO" tags
- [SONARPY-267] - Rule S1172: Unused function parameters should be removed
- [SONARPY-272] - Rule S1451: Track lack of copyright and license headers
- [SONARPY-282] - Rule S1940: Boolean checks should not be inverted
- [SONARPY-989] - Provide OWASP Top 10 2021 security standards for rules metadata
Task
- [SONARPY-988] - Upgrade the gh-action_release/main GitHub action to version 4
False-Positive
- [SONARPY-986] - S5644 should not raise issues on "collections" symbols
SonarPython 3.10.0.9380
    Release Notes - SonarPython - Version 3.10
New Feature
- [SONARPY-944] - Use precomputed Typeshed symbols for third-party libraries in the Python analyzer
- [SONARPY-945] - Use precomputed Typeshed symbols for custom stub files
Task
- [SONARPY-967] - Handle Typeshed Python2 modules whose name differ from their Python 3 counterpart by capitalization only
- [SONARPY-970] - Serialize class members to Protobuf
- [SONARPY-972] - Remove Typeshed parsing logic
Improvement
- [SONARPY-960] - Typeshed serializer: resolve type of alias variables to overloaded symbols
- [SONARPY-961] - Typeshed: serialize only public import
- [SONARPY-973] - Typeshed serialization should be platform independent
False-Positive
- [SONARPY-896] - NOSONAR annotation should silence issues on multiline strings
- [SONARPY-900] - S5886 (FunctionReturnTypeCheck) should not report on async function having return type AsyncGenerator / AsyncIterator
- [SONARPY-902] - RSPEC-930 should not report on instance methods called from class methods
- [SONARPY-904] - S1066 (CollapsibleIfStatements): Reduce noise when breaking line length limit, when using walrus operator and when a comment is present
- [SONARPY-905] - S139: Avoid raising issues on common pragma comments
- [SONARPY-906] - S5864: Fix FP when calling coroutines
False Negative
- [SONARPY-901] - S5886 (FunctionReturnTypeCheck) should report on async function having return type Generator / Iterator
SonarPython 3.9.0.9230
    Release Notes - SonarPython - Version 3.9
Bug
- [SONARPY-935] - Ensure there are no deprecated rules in the default quality profile
- [SONARPY-942] - Serialize unanalyzed overloaded items when regular ones are missing
- [SONARPY-962] - Fix fully qualified name of methods of class symbols inheriting from private typeshed symbols
- [SONARPY-963] - Custom stubs should have precedence over protobuf typeshed symbols
New Feature
- [SONARPY-939] - Use precomputed Typeshed symbols for stdlib in the Python analyzer
- [SONARPY-947] - SonarLint: support medium-big projects having up to 300K lines
Task
- [SONARPY-657] - Rework Project-level Symbol Table
- [SONARPY-940] - Reduce size of sonar-python plugin
- [SONARPY-943] - Clean and reset builtins symbol at each Typeshed unit test
- [SONARPY-965] - Update license headers for 2022
- [SONARPY-966] - Update rules metadata
Improvement
- [SONARPY-938] - Protobuf typeshed symbols should contain information about imported modules
- [SONARPY-941] - Handle conflicting symbols having the same name across Python versions
- [SONARPY-951] - Translate starred parameter types to descriptors
False-Positive
- [SONARPY-949] - S5756 (NonCallableCalled): avoid reporting on typeshed symbols having type "Callable[T]"
- [SONARPY-950] - S5708 (CaughtExceptionCheck) should not report on Ambiguous Symbols that might inherit from BaseException
False Negative
- [SONARPY-937] - S5655 (ArgumentTypeCheck) should report also on incompatible ambiguous or overloaded functions
- [SONARPY-957] - Protobuf Typeshed should serialize information about variables
SonarPython 3.8.0.8883
    Release Notes - SonarPython - Version 3.8
Bug
- [SONARPY-898] - Avoid failing on older SonarLint
- [SONARPY-925] - Project Python version should be set to `MAX_SUPPORTED_VERSION` when setting 'sonar.python.version=3.11 or more'
- [SONARPY-931] - Fix parse error: assignment expression within subscription
- [SONARPY-932] - Fix parse error: decorators can be any valid expression
- [SONARPY-933] - Fix parse error: lambda parameter list can have a trailing comma
New Feature
- [SONARPY-908] - Basic support of match / case statement
- [SONARPY-914] - Match / case statement: support sequence patterns
- [SONARPY-915] - Match / case statement: support mapping patterns
- [SONARPY-916] - Match / case statement: support class patterns
- [SONARPY-917] - Match / case statement: support wildcard and group patterns
- [SONARPY-918] - Match / case statement: as patterns
- [SONARPY-919] - Match / case statement: OR patterns
- [SONARPY-924] - Add Python 3.10 to supported versions
- [SONARPY-929] - Match / case statement: support value patterns
- [SONARPY-934] - Support syntax highlighting for match / case keyword
False-Positive
- [SONARPY-909] - S5953 (Undefined symbols) Avoid FP with names bound in match/case statements
- [SONARPY-913] - S1854 (DeadStore): take into account statements inside match / case
SonarPython 3.7.0.8753
Bug
- [SONARPY-860] - Parse error on `with` statements with parens
New Feature
- [SONARPY-882] - Rule S5850: Alternatives in regular expressions should be grouped when used with anchors
- [SONARPY-883] - Rule S6019 Reluctant quantifiers in regular expressions should be followed by an expression that can't match the empty string
- [SONARPY-884] - Rule S6035 Single-character alternations in regular expressions should be replaced with character classes
- [SONARPY-885] - Rule S5996 Regex boundaries should not be used in a way that can never be matched
- [SONARPY-886] - Rule S5855 Regex alternatives should not be redundant
- [SONARPY-887] - Extend existing RegexParser to parse Python regular expressions
- [SONARPY-888] - Rule S5868 Unicode Grapheme Clusters should be avoided inside regex character classes
- [SONARPY-889] - Rule S5869 Character classes in regular expressions should not contain the same character twice
- [SONARPY-891] - Rule S5857 Character classes should be preferred over reluctant quantifiers in regular expressions
- [SONARPY-892] - Rule S6002 Regex lookahead assertions should not be contradictory
- [SONARPY-893] - Rule S5843 Regular expressions should not be too complicated
- [SONARPY-894] - Rule S5842 Regex repetition pattern's body should not match the empty String
- [SONARPY-895] - Rule S5361 "str.replace" should be preferred to "re.sub"
- [SONARPY-923] - Analyze regex in variables whose values we can infer
Task
- [SONARPY-911] - Provide global regex flags to the parser
SonarPython 3.6.0.8488
    Release Notes - SonarPython - Version 3.6
New Feature
- [SONARPY-631] - Add a python version parameter and raise a warning when it is not set
- [SONARPY-867] - Use serialized "annoy" library from TypeShed
- [SONARPY-870] - Use serialized version of TypeShed core modules (builtins and its dependencies)
Improvement
- [SONARPY-881] - Support medium-size projects accurate analysis in SonarLint
Documentation
- [SONARPY-861] - Show "custom rules" documentation only in SonarQube
- [SONARPY-875] - Fix broken links in embedded documentation