Python

Supported Versions

Python 3.X
Python 2.X

Language-Specific Properties

Discover and update the Python-specific Administration > General Settings > Python.

Pylint

Pylint is an external static source code analyzer, it can be used in conjunction with SonarPython.

You can enable Pylint rules directly in your Python Quality Profile. Their rule keys start with "Pylint:".

Once the rules are activated you should run Pylint and import its report:

pylint <module_or_package> -r n --msg-template="{path}:{line}: [{msg_id}({symbol}), {obj}] {msg}" > <report_file>

Then pass the generated report path to analysis via the sonar.python.pylint.reportPath property.

Custom Rules

Overview

The Python analyzer parses the source code, creates an Abstract Syntax Tree (AST) and then walks through the entire tree. A coding rule is a visitor that is able to visit nodes from this AST.

As soon as the coding rule visits a node, it can navigate its children and log issues if necessary.

Writing a Plugin

Custom rules for Python can be added by writing a SonarQube Plugin and using Python analyzer APIs. Here are the step to follow:

Create SonarQube Plugin

create a standard SonarQube plugin project
attach this plugin to the SonarQube Python analyzer through the pom.xml:
- add the dependency to the Python analyzer.
- add the following line in the sonar-packaging-maven-plugin configuration.
```
<requirePlugins>python:2.0-SNAPSHOT</requirePlugin>
```
implement the following extension points:
- Plugin
- RulesDefinition and PythonCustomRuleRepository, which can be implemented by a single class, to declare your custom rules
declare the RulesDefinition as an extension in the Plugin extension point.

Implement a Rule

create a class that will hold the implementation of the rule, it should:
- extend PythonCheckTree or PythonSubscriptionCheck
- define the rule name, key, tags, etc. with Java annotations.
declare this class in the RulesDefinition.

Example Plugin

To get started a sample plugin can be found here: python-custom-rules.

Implementation Details

Using PythonCheckTree

To explore a part of the AST, override a method from the PythonCheckTree. For example, if you want to explore "if statement" nodes, override PythonCheckTree#visitIfStatement method that will be called each time an ifStatement node is encountered in the AST.

When overriding a visit method, you must call the super method in order to allow the visitor to visit the children the node.

Using PythonSubscriptionCheck

To explore a part of the AST, override PythonSubscriptionCheck#initialize and call the SubscriptionCheck.Context#registerSyntaxNodeConsumer with the Tree#Kind of node you want to visit. For example, if you want to explore "if statement" you should register to the kind Tree#Kind#IF_STATEMENT and then provide a lambda that will consume a SubscriptionContext to act on such ndoes.

Create Issues

From the check, issue can be created by calling SubscriptionContext#addIssue method or PythonCheckTree#addIssue method.

Testing Checks

To test custom checks you can use method PythonCheckVerifier#verify. Don't forget to add the testkit dependency to access this class from your project :

  <dependency>
      <groupId>org.sonarsource.python</groupId>
      <artifactId>python-checks-testkit</artifactId>
      <version>${project.version}</version>
      <scope>test</scope>
  </dependency>

You should end each line with an issue with a comment in the following form:

# Noncompliant {{Message}}

Comment syntax is described here.

Importing External Issues (Pylint, Bandit)
Test Coverage & Execution (the Coverage Tool provided by Ned Batchelder, Nose, pytest)