Python

Supported Versions

Python 3.X
Python 2.X

Language-Specific Properties

Discover and update the Python-specific properties in: Administration > General Settings > Python.

Handling Project Python Version

Python code is analyzed by default as compatible with python 2 and python 3. Some issues will be automatically silenced to avoid raising False Positives. In order to get a more precise analysis you can specify the python versions your code supports via the sonar.python.version parameter.

Accepted format are a comma separated list of versions having the format "X.Y"

Examples:

sonar.python.version=2.7
sonar.python.version=3.8
sonar.python.version=2.7, 3.7, 3.8, 3.9

Custom Rules

Overview

The Python analyzer parses the source code, creates an Abstract Syntax Tree (AST) and then walks through the entire tree. A coding rule is a visitor that is able to visit nodes from this AST.

As soon as the coding rule visits a node, it can navigate its children and log issues if necessary.

Writing a Plugin

Custom rules for Python can be added by writing a SonarQube Plugin and using Python analyzer APIs. Here are the steps to follow:

Create a SonarQube Plugin

create a standard SonarQube plugin project.
attach this plugin to the SonarQube Python analyzer through the pom.xml:
- add the dependency to the Python analyzer.
- add the following line in the sonar-packaging-maven-plugin configuration.
```
<requirePlugins>python:2.0-SNAPSHOT</requirePlugin>
```
implement the following extension points:
- Plugin
- RulesDefinition and PythonCustomRuleRepository, which can be implemented by a single class, to declare your custom rules.
declare the RulesDefinition as an extension in the Plugin extension point.

Implement a Rule

create a class that will hold the implementation of the rule, it should:
- extend PythonCheckTree or PythonSubscriptionCheck.
- define the rule name, key, tags, etc. with Java annotations.
declare this class in the RulesDefinition.

Example Plugin

To get started a sample plugin can be found here: python-custom-rules.

Implementation Details

Using PythonCheckTree

To explore a part of the AST, override a method from the PythonCheckTree. For example, if you want to explore "if statement" nodes, override PythonCheckTree#visitIfStatement method that will be called each time an ifStatement node is encountered in the AST.

When overriding a visit method, you must call the super method in order to allow the visitor to visit the children of the node.

Using PythonSubscriptionCheck

To explore a part of the AST, override PythonSubscriptionCheck#initialize and call the SubscriptionCheck.Context#registerSyntaxNodeConsumer with the Tree#Kind of node you want to visit. For example, if you want to explore "if statement" you should register to the kind Tree#Kind#IF_STATEMENT and then provide a lambda that will consume a SubscriptionContext to act on such ndoes.

Create Issues

From the check, issue can be created by calling SubscriptionContext#addIssue method or PythonCheckTree#addIssue method.

Testing Checks

To test custom checks you can use method PythonCheckVerifier#verify. Don't forget to add the testkit dependency to access this class from your project :

  <dependency>
      <groupId>org.sonarsource.python</groupId>
      <artifactId>python-checks-testkit</artifactId>
      <version>${project.version}</version>
      <scope>test</scope>
  </dependency>

You should end each line having an issue with a comment in the following form:

# Noncompliant {{Message}}

Comment syntax is described here.

Importing External Issues (Pylint, Bandit, Flake8)
Test Coverage & Execution (the Coverage Tool provided by Ned Batchelder, Nose, pytest)

Issue Tracker

Check the issue tracker for this language.