Cannot create custom rule for Python with XPath

Hello everyone,

I’ve been trying for days to create my first custom rule, for SonarPython, in the XPath language and I haven’t got anything yet. I’m using the SSLR Python Toolkit 1.5, since later versions show an error, but even for two lines of code the resulting AST and XML are huge.

Please, can someone tell me if it is possible and how?

Thank you.

Hi,

Your question seems quite vague.
Yes, it is possible to create custom rules using XPath and there’s a documentation page which tries to explain how.
Did you manage to come up with an XPath expression or not?
If not, what are you trying to achieve?

Pierre-Yves

In this case, I want to create a custom rule for Python in order to detect if the analyzed code contains an input() function. As you probably know, input() is not sanitized in Python 2.X, so you must use raw_input() instead. I have 2 issues to solve:

1. I’m ussing SSLR Python Toolkit 1.5 because later versions give a Java exception at opening it. I’ve tried to open it on Linux and Windows but it keep showing that exception. Screenshots below:


2. I’ve managed to write an Xpath query to detect the input() function, I’ve tested it and it works but I’m not sure if it’s the best way to do it. In screenshot below, you can see the Python code on the left side, the AST on the right side and the XPath query on the bottom. What I want is a XPath query which detects the input word and if there is a left parenthesis right next to it. The problem is that my XPath query points to both the left parenthesis and everything next to it instead of just the left parenthesis.

Thanks!

Your XPath expression as well as the following one should detect what you want:

//ATOM[@tokenValue='input'][following-sibling::*[@tokenValue='(']]

However, I don’t see how to highlight both “input” and the left parenthesis without highlighting everything until the right parenthesis: that’s not a node of the tree.

Anyway, when you look at the issues in SonarQube, you will see that Python rules based on XPath raise issues at line level, not on a precise text range…

2 Likes

Thank you a lot for your answer. You’ve helped me so much with my bachelor thesis. :sweat_smile:

1 Like

Hi @pynicolas,

Sorry for jumping in middle of the conversation but i have one query. Through xpath will we be able to raise the issue if something is not present. For example: I want to check whether input() is present in the particular file or not, if not then raise the issue although it will raise on the whole line in that file but that’s okay. Like adding negation in this query (//ATOM[@tokenValue=‘input’][following-sibling::*[@tokenValue=’(’]]) would work or any other way.
Any help would be highly apreciated.

@vicky It would have been better to open a new thread for your question.

If the XPath expression returns a boolean true value, then an issue is raised at file level.
You can therefore raise an issue when you don’t find a given node in the tree, e.g.:

count(//ATOM[@tokenValue='input'][following-sibling::*[@tokenValue='(']]) = 0

i need to write the xpath query for the empty except block to be catch in the rule, kindly help on this
example:
try:
f = open(‘myfile.txt’)
s = f.readline()
i = int(s.strip())
except:
#This will never happen
pass

Hi @Manjunath_Bhat,

Firstly, could you please open a new thread?
Beware that xpath custom rules aren’t available anymore since SonarPython 2.0
They have been removed in favour of Java-based custom rules.

Please have a look at the documentation here: https://docs.sonarqube.org/latest/analysis/languages/python/

thanks for the update @Andrea_Guarino , i thought the following thread would related to my query so i have motioned it here, please guide me what can be done to add the custom rules in the Sonarqube

Please read the “Custom Rules” section of the documentation page suggested by Andrea and open a new thread if you have precise questions.