- Version used: SonarQube Developer Edition Version 8.4.2 (build 36762)
- Online documentation used: Python static code analysis: HTTP responses should not be vulnerable to session fixation
I’m finding several rules on the online documentation site for Python that say they are available in SonarQube, but then when I got to enable them in our on-premise install of SonarQube Developer Edition, they do not appear in any of the search results for rules that can be enabled.
I have tried several variations of the rule names and keywords (in addition to the Snnnn number when I can find it), but they just plain seem to be missing in our SonarQube install, despite the entry for the rule on rules.sonarsource.com saying that it is in SonarQube.
In particular, 3 Python rules that show up when I search for them in rules.sonarsource.com are:
- Values assigned to variables should match their type annotations
- Function return types should be consistent with their type hint
- Type checks shouldn’t be confusing
Searching for type annotations, type hint, etc in the rules to activate in our SonarQube install doesn’t show any of these rules, or any that are functionally equivalent even though the website says they are supported in SonarQube.
However, I have found some of the rules listed in GitHub - SonarSource/sonar-python: SonarQube Python plugin though the most recent SonarQube update seems to have been more recent than when that file in the repository was added/updated.
What’s going on? It would be useful if the docs at least mentioned what version a rule was added in or if it’s an upcoming feature.
