Skip to content

Releases: SonarSource/sonar-python

SonarPython 3.5.0.8244

26 May 07:40
@guillaume-dequenne-sonarsource guillaume-dequenne-sonarsource
3.5.0.8244
7992d2a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
SonarPython 3.5.0.8244 
    Release Notes - SonarPython - Version 3.5

Sub-task

  • [SONARPY-851] - Introduce PythonIndexer to wrap Project Symbol Table
  • [SONARPY-852] - Declare PythonIndexer as SonarLint component with module scope

New Feature

  • [SONARPY-845] - Create and persist project symbols in SonarLint analyses
  • [SONARPY-847] - Activate Project Symbol Table in SonarLint only for small/medium projects
  • [SONARPY-848] - Update project-level symbols when a file is changed in SonarLint
  • [SONARPY-857] - Add cross-file secondary location for SonarLint

Task

False-Positive

  • [SONARPY-859] - Fix FP on S2325 for decorated methods
Loading

SonarPython 3.4.1.8066

29 Apr 15:28
@andrea-guarino-sonarsource andrea-guarino-sonarsource
3.4.1.8066
22139ec
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
SonarPython 3.4.1.8066 
    Release Notes - SonarPython - Version 3.4.1

Task

  • [SONARPY-843] - Update dependencies to latest version when possible
Loading

SonarPython 3.4.1.8063

29 Apr 14:46
@andrea-guarino-sonarsource andrea-guarino-sonarsource
3.4.1.8063
510f24f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
SonarPython 3.4.1.8063 
    Release Notes - SonarPython - Version 3.4.1

Task

  • [SONARPY-843] - Update dependencies to latest version when possible
Loading

SonarPython 3.4.1

29 Apr 12:16
@andrea-guarino-sonarsource andrea-guarino-sonarsource
3.4.1.8056
e488dbd
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
SonarPython 3.4.1 
    Release Notes - SonarPython - Version 3.4.1

Task

  • [SONARPY-843] - Update dependencies to latest version when possible
Loading

SonarPython 3.4

24 Mar 10:20
@andrea-guarino-sonarsource andrea-guarino-sonarsource
3.4.0.7980
ed304c1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
SonarPython 3.4 
    Release Notes - SonarPython - Version 3.4

Improvement

  • [SONARPY-839] - Upgrade Apache commons-io dependency to 2.8
Loading

sonar-python 3.3

01 Mar 12:22
@guillaume-dequenne-sonarsource guillaume-dequenne-sonarsource
3.3.0.7945
d4d2e37
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
sonar-python 3.3 
    Release Notes - SonarPython - Version 3.3

New Feature

  • [SONARPY-825] - Rule S2257: Using non-standard cryptographic algorithms is security-sensitive
  • [SONARPY-826] - Rule S2612: Setting loose POSIX file permissions is security-sensitive
  • [SONARPY-828] - Rule S3329: Cipher Block Chaining IV's should be random and unique
  • [SONARPY-829] - Rule S5659: JWT should be signed and verified with strong cipher algorithms
  • [SONARPY-831] - Rule S3752: Allowing both safe and unsafe HTTP methods is security-sensitive

Improvement

Loading

SonarPython 3.2

01 Feb 13:21
@andrea-guarino-sonarsource andrea-guarino-sonarsource
3.2.0.7856
d0e59d3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
SonarPython 3.2 
    Release Notes - SonarPython - Version 3.2

Bug

  • [SONARPY-799] - Avoid StackOverflow Error in presence of loop in class inheritance
  • [SONARPY-827] - Rule S5780 (DictionaryDuplicateKeyCheck) should not fail when comparing hex long integers

New Feature

  • [SONARPY-791] - S4790 should support "cryptography.hazmat.primitives.hashes"
  • [SONARPY-818] - Parser should allow decorators to be any valid expression
  • [SONARPY-819] - Update Typeshed to support Python 3.9
  • [SONARPY-820] - Type inference: standard collections as generics
  • [SONARPY-822] - Type inference: support typing.Annotated

Task

  • [SONARPY-798] - S4784 should be deprecated because it's too noisy
  • [SONARPY-821] - Update license file headers

False-Positive

  • [SONARPY-704] - Rule S4790 should raise only for weak hashs
  • [SONARPY-814] - RSPEC-1481 (UnusedLocalVars) should not raise on annotated assignments without RHS
  • [SONARPY-815] - RSPEC-1481 (UnusedLocalVars) should not raise on vars used inside f-strings containing conditional expressions
  • [SONARPY-816] - S1720 should not raise on empty __init__.py
  • [SONARPY-817] - InsufficientLineCoverage shouldn't raise issues on empty __init__.py
  • [SONARPY-823] - RSPEC-5607 should not report on Python 3.9 dict union operator
Loading

sonar-python 3.1

28 Aug 14:49
@andrea-guarino-sonarsource andrea-guarino-sonarsource
3.1.0.7619
afa4cc5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
sonar-python 3.1 
    Release Notes - SonarPython - Version 3.1

Bug

  • [SONARPY-783] - Fix parse error on explicit line joining with empty line and dedent
  • [SONARPY-788] - Fix parse error on annotated assignment for Python 3.8

New Feature

  • [SONARPY-740] - RSPEC-5864 Equality between incompatible types
  • [SONARPY-741] - RSPEC-5864 Identity check between incompatible types
  • [SONARPY-742] - RSPEC-5864 Operations on incompatible types
  • [SONARPY-743] - RSPEC-5864 Calling a non-callable type
  • [SONARPY-744] - RSPEC-5864 Item operations should be done on objects supporting them
  • [SONARPY-745] - RSPEC-5864 Iteration operation on a non-iterable type
  • [SONARPY-747] - RSPEC-5864 'raise' used with a non-exception type
  • [SONARPY-751] - RSPEC-5886 Function return types should be consistent with their type hint
  • [SONARPY-778] - RSPEC-5890 Values assigned to variables should match their type annotations
  • [SONARPY-786] - RSPEC-3827 Extract detection of never defined variable in a separate rule (RSPEC-5953)

False-Positive

  • [SONARPY-689] - Update the default regex of rule S100 and S1542 to not raise on short names
  • [SONARPY-690] - Update the default regular expression of rule S101 to not raise on valid PEP-8 class names
  • [SONARPY-700] - Fix FP on S905 when contextlib.supress is used
  • [SONARPY-716] - Rule S3516 raises False Positives on methods which have an implicit return None.
  • [SONARPY-719] - S107 default threshold is too low and it miscounts parameters
  • [SONARPY-720] - Fix FP on S5953 when using wildcard imports
  • [SONARPY-777] - Fix FP on S1764 when expressions contain function calls
  • [SONARPY-780] - Fix FP on ArgumentTypeCheck when parameter is declared as object
  • [SONARPY-785] - Fix FP on S1764 for expressions in try/except blocks
  • [SONARPY-789] - S5953: Avoid raising on names prefixed with underscore
Loading

sonar-python 3.0

17 Jul 13:04
@guillaume-dequenne-sonarsource guillaume-dequenne-sonarsource
3.0.0.7330
9ab987d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
sonar-python 3.0 
    Release Notes - SonarPython - Version 3.0

Bug

  • [SONARPY-756] - Fix FP on S1656 when using deprecated built-in functions

New Feature

  • [SONARPY-710] - Add API to access symbols generated from stub files
  • [SONARPY-748] - Disable Pylint execution mode
  • [SONARPY-749] - Update import of Pylint issues and enable Pylint plugins reports
  • [SONARPY-752] - Update documentation for Pylint report importing

Improvement

  • [SONARPY-693] - S5122 should support "response.headers.add" syntax
  • [SONARPY-694] - S3330 should raise a Security Hotpost when Flask is configured to create session cookie with HttpOnly=False
  • [SONARPY-724] - Introduce type declarations for third-party Python libraries using custom Python stub files
Loading

sonar-python 2.13

25 Jun 07:35
@guillaume-dequenne-sonarsource guillaume-dequenne-sonarsource
2.13.0.7236
474d913
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
sonar-python 2.13 
    Release Notes - SonarPython - Version 2.13

Bug

  • [SONARPY-734] - Fix Memory Leak in S5806 (BuiltinShadowingAssignment) implementation

New Feature

  • [SONARPY-470] - Rule S5756: Calls should not be made to non-callable values
  • [SONARPY-504] - Rule S5607: Operators should be used on compatible types
  • [SONARPY-514] - Rule S2755: XML parsers should not be vulnerable to XXE attacks
  • [SONARPY-517] - Rule S5644: Item operations should be done on objects supporting them
  • [SONARPY-591] - Rule S3862: Iterable unpacking, "for-in" loops and "yield from" should use an Iterable object
  • [SONARPY-722] - Flow sensitive type inference

Improvement

  • [SONARPY-723] - Update vulnerable dependencies
  • [SONARPY-728] - Improve secondary locations for type inference issues
Loading