Cannot create custom rule for Python with XPath


(RNZ) #1

Hello everyone,

I’ve been trying for days to create my first custom rule, for SonarPython, in the XPath language and I haven’t got anything yet. I’m using the SSLR Python Toolkit 1.5, since later versions show an error, but even for two lines of code the resulting AST and XML are huge.

Please, can someone tell me if it is possible and how?

Thank you.

(Pierre-Yves Nicolas) #2


Your question seems quite vague.
Yes, it is possible to create custom rules using XPath and there’s a documentation page which tries to explain how.
Did you manage to come up with an XPath expression or not?
If not, what are you trying to achieve?


(RNZ) #3

In this case, I want to create a custom rule for Python in order to detect if the analyzed code contains an input() function. As you probably know, input() is not sanitized in Python 2.X, so you must use raw_input() instead. I have 2 issues to solve:

1. I’m ussing SSLR Python Toolkit 1.5 because later versions give a Java exception at opening it. I’ve tried to open it on Linux and Windows but it keep showing that exception. Screenshots below:

2. I’ve managed to write an Xpath query to detect the input() function, I’ve tested it and it works but I’m not sure if it’s the best way to do it. In screenshot below, you can see the Python code on the left side, the AST on the right side and the XPath query on the bottom. What I want is a XPath query which detects the input word and if there is a left parenthesis right next to it. The problem is that my XPath query points to both the left parenthesis and everything next to it instead of just the left parenthesis.


(Pierre-Yves Nicolas) #4

Your XPath expression as well as the following one should detect what you want:


However, I don’t see how to highlight both “input” and the left parenthesis without highlighting everything until the right parenthesis: that’s not a node of the tree.

Anyway, when you look at the issues in SonarQube, you will see that Python rules based on XPath raise issues at line level, not on a precise text range…

(RNZ) #5

Thank you a lot for your answer. You’ve helped me so much with my bachelor thesis. :sweat_smile:

(vicky) #6

Hi @pynicolas,

Sorry for jumping in middle of the conversation but i have one query. Through xpath will we be able to raise the issue if something is not present. For example: I want to check whether input() is present in the particular file or not, if not then raise the issue although it will raise on the whole line in that file but that’s okay. Like adding negation in this query (//ATOM[@tokenValue=‘input’][following-sibling::*[@tokenValue=’(’]]) would work or any other way.
Any help would be highly apreciated.

(Pierre-Yves Nicolas) #7

@vicky It would have been better to open a new thread for your question.

If the XPath expression returns a boolean true value, then an issue is raised at file level.
You can therefore raise an issue when you don’t find a given node in the tree, e.g.:

count(//ATOM[@tokenValue='input'][following-sibling::*[@tokenValue='(']]) = 0