S6735 False positive when evaluating pandas.merge having right_on and left_on as parameters (take 2)

Rules and Languages Report False-positive / False-negative...
1

Please provide

  • Operating system: MacOS
  • SonarQube for VS Code plugin version: 4.25.1
  • Programming language you’re coding in: python
  • Is connected mode used:
    • SonarQube Server

And a thorough description of the problem / question:

In S6735 False positive when evaluating pandas.merge having right_on and left_on as parameters it was reported that rule S6735 “Specify the “validate” parameter of this merge” was raising a false positive when left_on or right_on was used, there was a reply stating that it had been fixed however I am getting the same issue today (screenshot provided so you can see the sonarqube message):

image
image651×240 28.3 KB

    merged_df = pd.merge(
        df,
        delivery_network_df,
        how="left",
        left_on=["delivery_time_handle", "postcode"],
        right_on=["handle", "postcode"],
    )

I notice that S6735 False positive when evaluating pandas.merge having right_on and left_on as parameters is regarding sonarlint whereas I am using SonorQube for IDE… however I believe it uses sonarlint under the covers.

Can anyone advise why I would still be getting this problem given it was apparently fixed in October 2023?

thanks in advance

2

Hey @jamiekt

Thanks for your report. I’ve moved your post to the section on reporting false-positives. Take a look at this post:

Basically, please provide a text-based sample of code rather than a screenshot. :slight_smile:

3

Thank you Colin, done. I’ve left the screenshot in there because it shows what SonarQube is reporting.

1 Like
6

Hi @jamiekt,
Thank you for reaching out to us.

In the particular code example you shared, the rule seems to be working as expected. The validate parameter is missing from your pd.merge() call. The S6735 rule encourages adding this parameter to ensure the uniqueness of your merge keys and prevent unexpected results. Adding the validate parameter to your merge should resolve the warning.

As to SonarLint vs SonarQube for IDE, SonarLint was renamed into SonarQube for IDE. If you’re curious, you can find more information here.

Hope this helps clarify things!

By the way, our Product Manager would love to speak to you about the Python analysis and any other feedback you have for us. Would you have 30 minutes to spare? We’d really appreciate it. If so, you can find a time that works for you on this calendar.

Cheers
Sebastian

1 Like
7

Thank you Sebastian. I didn’t realise that the validate argument would solve this. I probably should have tried that before posting, apologies.

8

No apologies necessary. We’re always glad to help :grinning_face_with_smiling_eyes:

1 Like