Start Free
Latest | Analyzing source code | Languages | Python

Python

On this page

Language-specific properties

Discover and update the Python-specific properties in Administration > Configuration > General Settings > Languages > Python

Handling project Python version

Python code is analyzed by default as compatible with python 2 and python 3. Some issues will be automatically silenced to avoid raising False Positives. In order to get a more precise analysis you can specify the Python versions your code supports via the sonar.python.version parameter.

The accepted format is a comma-separated list of versions having the format "X.Y". Here are some examples:

  • sonar.python.version=2.7
  • sonar.python.version=3.8
  • sonar.python.version=2.7, 3.7, 3.8, 3.9

This parameter can be used in the sonar-project.properties file or the SonarScanner CLI command.

Custom rules

Overview

The Python analyzer parses the source code, creates an abstract syntax tree (AST), and then walks through the entire tree. A coding rule is a visitor that is able to visit nodes from this AST.

As soon as the coding rule visits a node, it can navigate its children and log issues if necessary.

Writing a plugin

Custom rules for Python can be added by writing a SonarQube Plugin and using Python analyzer APIs. Here are the steps to follow:

Create a SonarQube plugin

  • Create a standard SonarQube plugin project.
  • Attach this plugin to the SonarQube Python analyzer through the pom.xml:
    • Add the dependency to the Python analyzer.
    • Add the following line in the sonar-packaging-maven-plugin configuration. <requirePlugins>python:2.0-SNAPSHOT</requirePlugins>
  • Implement the following extension points:
  • Declare the RulesDefinition as an extension in the Plugin extension point.

Implement a rule

  • Create a class that will hold the implementation of the rule, it should:
    • extend PythonVisitorCheck or PythonSubscriptionCheck.
    • define the rule name, key, tags, etc. with Java annotations.
  • declare this class in the RulesDefinition.

Example plugin

A sample plugin can be found here: python-custom-rules to help you get started.

Implementation details

Using PythonVisitorCheck

To explore a part of the AST, override a method from PythonVisitorCheck. For example, if you want to explore "if statement" nodes, override the visitIfStatement method that will be called each time an ifStatement node is encountered in the AST.

Using PythonSubscriptionCheck

To explore a part of the AST, override PythonSubscriptionCheck#initialize and call SubscriptionCheck.Context#registerSyntaxNodeConsumer with the Tree#Kind of node you want to visit. For example, if you want to explore "if statement", you should register to the kind Tree#Kind#IF_STATEMENT and then provide a lambda that will consume a SubscriptionContext to act on such nodes.

Create issues

From the check, an issue can be created by calling the SubscriptionContext#addIssue method or a PythonVisitorCheck #addIssue method.

Testing checks

You can use the PythonCheckVerifier#verify method to test custom checks. Don't forget to add the testkit dependency to access this class from your project:

  <dependency>
      <groupId>org.sonarsource.python</groupId>
      <artifactId>python-checks-testkit</artifactId>
      <version>${project.version}</version>
      <scope>test</scope>
  </dependency>

You should end each line having an issue with a comment in the following form:

# Noncompliant {{Message}}

Comment syntax is described here.

Configuring plugins for analyzer loading optimization

By default, the loading of analyzers is optimized (see Improving performance), SonarQube will only download analyzers and third-party plugins for the detected languages before running an analysis. 

When creating custom plugins, to prevent errors when projects are analyzed, you must use the requiredForLanguages property in your plugin's pom.xml file to specify the languages your plugin supports. Without this property, your plugin will be executed unconditionally during analysis, even when its language-specific dependencies are unavailable. See Plugin basics for details on this behavior and the requiredForLanguages property.

<configuration>
   [...]
   <requiredForLanguages>python</requiredForLanguages>
</configuration>

Jupyter Notebooks

Jupyter Notebooks are an open document format based on JSON. They are used for all sorts of data science tasks: data cleaning and transformation, data visualization, statistical modeling, machine learning, deep learning, etc.

Supported versions

SonarQube can analyze Jupyter Notebooks nbformat.v4 and later.

Specific properties

Discover and update the Jupyter Notebooks-specific properties in Administration > Configuration > General Settings > Languages > Python > Jupyter Notebooks.

Managing rules

Jupyter Notebook rules can be enabled and disabled in your quality profile

Jupyter Notebooks in SonarLint for VSCode

You can analyze your Jupyter Notebooks projects directly in VS Code. Note that Connected Mode will be ignored when working with Jupyter Notebooks (if this feature is important to you, you can submit the idea on SonarQube's portal).

Important notes

  • Only Python code is analyzed in Jupyter Notebooks.
  • Only primary locations are shown (see Issues to learn more about primary vs. secondary locations).
  • Analysis does not measure code duplication at this time.

Was this page helpful?

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License