Python analysis detects more tricky quality issues: unused assigned variables, infinite loops, ignored parameters initial value and more

Hello Python developers,

The latest updates to the Python analyzer allow you to catch these additional issues in your code:

15 Bugs and Code Smell Detection Rules

Bug Detection:

  • S3827: Variables, classes and functions should be defined before being used (Bug)
  • S2190: Recursion should not be infinite (Bug)
  • S2757: “=+” should not be used instead of “+=” (Bug)
  • S3923: All branches in a conditional structure should not have exactly the same implementation (Bug)
  • S3981: Collection sizes and array length comparisons should make sense (Bug)
  • S4143: Collection content should not be replaced unconditionally (Bug)
  • S1226: Method parameters initial values should not be ignored (Bug)

Code Smell Detection:

  • S3516: Methods returns should not be invariant (Code Smell)
  • S1192: String literals should not be duplicated (Code Smell)
  • S1186: Methods should not be empty (Code Smell)
  • S1854: Unused assignments should be removed (Code Smell)
  • S5603: Unused scope-limited definitions should be removed (Code Smell)
  • S4144: Methods should not have identical implementations (Code Smell)
  • S3358: Conditional expressions should not be nested (Code Smell)
  • S2737: “catch” clauses should do more than rethrow (Code Smell)

In total, there are now 88 Python rules available to bring Code Quality and Security to your projects.

Here are examples of these rules in action:

  • S3923: All branches in a conditional structure should not have exactly the same implementation

  • S4143: Collection content should not be replaced unconditionally

  • S3516: Functions returns should not be invariant

New API for Custom Rules

For SonarQube users, we added a Java API so you can write your own Python checks. This comes as a replacement of the template rule S140 that allowed the creation of simple XPath rules. An example of a Custom Python Plugin created with the Java API is available here: https://github.com/SonarSource/sonar-custom-rules-examples/tree/master/python-custom-rules.

Noteworthy

  • The deprecated “sonar.python.coverage.itReportPath” property has been removed (SONARPY-308)

For more information you can read the 2.0 and 2.1 changelogs.

You can already enjoy these new features on SonarCloud. As for SonarQube, this will be built-in the next version (8.1). If you’re eager to try this functionality now, simply install v2.1 of the Python analysis engine!

We really hope you will love these new rules at the same level we enjoyed developing them.

Alex

2 Likes