SONARPY-1639 S6882: Constructor attributes of date and time objects should be in the range of possible values (#1734)

ghislainpiot · web-flow · commit 79e4649fc915 · 2024-03-07T12:02:44.000+01:00
diff --git a/python-checks/src/main/java/org/sonar/python/checks/CheckList.java b/python-checks/src/main/java/org/sonar/python/checks/CheckList.java
@@ -301,6 +301,7 @@ public static Iterable<Class> getChecks() {
       PrivilegePolicyCheck.class,
       ProcessSignallingCheck.class,
       PropertyAccessorParameterCountCheck.class,
+      IncorrectParameterDatetimeConstructorsCheck.class,
       PseudoRandomCheck.class,
       PublicApiIsSecuritySensitiveCheck.class,
       PubliclyWritableDirectoriesCheck.class,
diff --git a/python-checks/src/main/java/org/sonar/python/checks/IncorrectParameterDatetimeConstructorsCheck.java b/python-checks/src/main/java/org/sonar/python/checks/IncorrectParameterDatetimeConstructorsCheck.java
@@ -0,0 +1,149 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks;
+
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.PythonSubscriptionCheck;
+import org.sonar.plugins.python.api.SubscriptionContext;
+import org.sonar.plugins.python.api.symbols.Symbol;
+import org.sonar.plugins.python.api.tree.CallExpression;
+import org.sonar.plugins.python.api.tree.Expression;
+import org.sonar.plugins.python.api.tree.Name;
+import org.sonar.plugins.python.api.tree.NumericLiteral;
+import org.sonar.plugins.python.api.tree.RegularArgument;
+import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.plugins.python.api.tree.UnaryExpression;
+import org.sonar.python.checks.utils.Expressions;
+import org.sonar.python.tree.TreeUtils;
+
+@Rule(key = "S6882")
+public class IncorrectParameterDatetimeConstructorsCheck extends PythonSubscriptionCheck {
+  private static final int MIN_YEAR = 1;
+  private static final int MAX_YEAR = 9999;
+  private static final String MESSAGE = "Provide a correct value for the `%s` parameter.";
+  private static final String MESSAGE_SECONDARY_LOCATION = "An invalid value is assigned here.";
+
+  @Override
+  public void initialize(Context context) {
+    context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, IncorrectParameterDatetimeConstructorsCheck::checkCallExpr);
+  }
+
+  private static void checkCallExpr(SubscriptionContext context) {
+    CallExpression callExpression = (CallExpression) context.syntaxNode();
+    Symbol calleeSymbol = callExpression.calleeSymbol();
+    if (calleeSymbol == null) {
+      return;
+    }
+    if ("datetime.date".equals(calleeSymbol.fullyQualifiedName())) {
+      checkDate(context, callExpression);
+    } else if ("datetime.time".equals(calleeSymbol.fullyQualifiedName())) {
+      checkTime(context, callExpression);
+    } else if ("datetime.datetime".equals(calleeSymbol.fullyQualifiedName())) {
+      checkDate(context, callExpression);
+      checkTime(context, callExpression, 3);
+    }
+  }
+
+  private static void checkTime(SubscriptionContext context, CallExpression callExpression) {
+    checkTime(context, callExpression, 0);
+  }
+
+  private static void checkTime(SubscriptionContext context, CallExpression callExpression, int parameterOffset) {
+    RegularArgument hourArgument = TreeUtils.nthArgumentOrKeyword(parameterOffset, "hour", callExpression.arguments());
+    RegularArgument minuteArgument = TreeUtils.nthArgumentOrKeyword(parameterOffset + 1, "minute", callExpression.arguments());
+    RegularArgument secondArgument = TreeUtils.nthArgumentOrKeyword(parameterOffset + 2, "second", callExpression.arguments());
+    RegularArgument microsecondArgument = TreeUtils.nthArgumentOrKeyword(parameterOffset + 3, "microsecond", callExpression.arguments());
+
+    if (hourArgument != null) {
+      checkArgument(context, hourArgument, 0, 23, "hour");
+    }
+    if (minuteArgument != null) {
+      checkArgument(context, minuteArgument, 0, 59, "minute");
+    }
+    if (secondArgument != null) {
+      checkArgument(context, secondArgument, 0, 59, "second");
+    }
+    if (microsecondArgument != null) {
+      checkArgument(context, microsecondArgument, 0, 999_999, "microsecond");
+    }
+  }
+
+  private static class ValueWithExpression {
+    private final long value;
+    private final Tree expression;
+
+    public ValueWithExpression(long value, Tree expression) {
+      this.value = value;
+      this.expression = expression;
+    }
+
+    public long value() {
+      return value;
+    }
+
+    public Tree expression() {
+      return expression;
+    }
+  }
+
+  private static ValueWithExpression getValue(Expression expression) {
+    if (expression.is(Tree.Kind.NUMERIC_LITERAL)) {
+      return new ValueWithExpression(((NumericLiteral) expression).valueAsLong(), expression);
+    } else if (expression.is(Tree.Kind.UNARY_MINUS)) {
+      UnaryExpression unaryExpression = (UnaryExpression) expression;
+      if (!unaryExpression.expression().is(Tree.Kind.NUMERIC_LITERAL)) {
+        return null;
+      }
+      return new ValueWithExpression(-((NumericLiteral) unaryExpression.expression()).valueAsLong(), unaryExpression);
+    } else if (expression.is(Tree.Kind.NAME)) {
+      return Expressions.singleAssignedNonNameValue((Name) expression).map(IncorrectParameterDatetimeConstructorsCheck::getValue).orElse(null);
+    }
+    return null;
+  }
+
+  private static void checkArgument(SubscriptionContext context, RegularArgument argument, long min, long max, String name) {
+    ValueWithExpression valueWithExpression = getValue(argument.expression());
+    if (valueWithExpression == null) {
+      return;
+    }
+    long value = valueWithExpression.value();
+    Tree secondaryLocation = argument.expression() == valueWithExpression.expression() ? null : valueWithExpression.expression();
+    if (value < min || value > max) {
+      PreciseIssue issue = context.addIssue(argument, String.format(MESSAGE, name));
+      if (secondaryLocation != null) {
+        issue.secondary(secondaryLocation, MESSAGE_SECONDARY_LOCATION);
+      }
+    }
+  }
+
+  private static void checkDate(SubscriptionContext context, CallExpression callExpression) {
+    RegularArgument yearArgument = TreeUtils.nthArgumentOrKeyword(0, "year", callExpression.arguments());
+    RegularArgument monthArgument = TreeUtils.nthArgumentOrKeyword(1, "month", callExpression.arguments());
+    RegularArgument dayArgument = TreeUtils.nthArgumentOrKeyword(2, "day", callExpression.arguments());
+
+    if (yearArgument == null || monthArgument == null || dayArgument == null) {
+      return;
+    }
+
+    checkArgument(context, yearArgument, MIN_YEAR, MAX_YEAR, "year");
+    checkArgument(context, monthArgument, 1, 12, "month");
+    checkArgument(context, dayArgument, 1, 31, "day");
+  }
+}
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6882.html b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6882.html
@@ -0,0 +1,23 @@
+<p>This rule raises an issue when an incorrect value is set as an attribute of <code>datetime.date</code>, <code>datetime.time</code>, or
+<code>datetime.datetime</code></p>
+<h2>Why is this an issue?</h2>
+<p>Setting a date attribute value with a value which is out of the range of possible values will lead to a <code>ValueError</code>.</p>
+<h2>How to fix it</h2>
+<p>Set attribute values with values that are within the range of possible values.</p>
+<h3>Code examples</h3>
+<h4>Noncompliant code example</h4>
+<pre data-diff-id="1" data-diff-type="noncompliant">
+def foo():
+    dt = datetime(year=2024, day=66, month=1, hour=16, minute=1) # ValueError: day is out of range for month
+</pre>
+<h4>Compliant solution</h4>
+<pre data-diff-id="1" data-diff-type="compliant">
+def foo():
+    dt = datetime(year=2024, day=1, month=1, hour=16, minute=1)
+</pre>
+<h2>Resources</h2>
+<h3>Documentation</h3>
+<ul>
+  <li> Python documentation - <a href="https://docs.python.org/3/library/datetime.html#">datetime</a> </li>
+</ul>
+
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6882.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6882.json
@@ -0,0 +1,23 @@
+{
+  "title": "Constructor attributes of date and time objects should be in the range of possible values",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-6882",
+  "sqKey": "S6882",
+  "scope": "All",
+  "quickfix": "unknown",
+  "code": {
+    "impacts": {
+      "MAINTAINABILITY": "HIGH",
+      "RELIABILITY": "MEDIUM",
+      "SECURITY": "LOW"
+    },
+    "attribute": "CONVENTIONAL"
+  }
+}
diff --git a/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json b/python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json
@@ -225,6 +225,7 @@
     "S6794",
     "S6796",
     "S6799",
+    "S6882",
     "S6887",
     "S6903",
     "S6894"
diff --git a/python-checks/src/test/java/org/sonar/python/checks/IncorrectParameterDatetimeConstructorsCheckTest.java b/python-checks/src/test/java/org/sonar/python/checks/IncorrectParameterDatetimeConstructorsCheckTest.java
@@ -0,0 +1,30 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks;
+
+import org.junit.jupiter.api.Test;
+import org.sonar.python.checks.utils.PythonCheckVerifier;
+
+class IncorrectParameterDatetimeConstructorsCheckTest {
+  @Test
+  void test() {
+    PythonCheckVerifier.verify("src/test/resources/checks/incorrectParameterDatetimeConstructorsCheck.py", new IncorrectParameterDatetimeConstructorsCheck());
+  }
+}
diff --git a/python-checks/src/test/resources/checks/incorrectParameterDatetimeConstructorsCheck.py b/python-checks/src/test/resources/checks/incorrectParameterDatetimeConstructorsCheck.py
@@ -0,0 +1,101 @@
+import datetime
+
+def compliant_examples():
+    datetime.time(12, 30, 0, 0)
+    datetime.date(2024, 3, 1)
+    datetime.datetime(2024, 3, 1, 12, 30, 0, 0)
+
+def non_compliant_examples():
+    datetime.date(2024, 3, 32) # Noncompliant {{Provide a correct value for the `day` parameter.}}
+                          #^^
+    datetime.date(2024, 13, 1) # Noncompliant {{Provide a correct value for the `month` parameter.}}
+                       #^^
+    datetime.date(2024, 0, 1) # Noncompliant
+    datetime.date(2024, 3, 0) # Noncompliant
+    datetime.date(-5, 3, 1) # Noncompliant {{Provide a correct value for the `year` parameter.}}
+                 #^^
+    datetime.date(100000, 5, 3) # Noncompliant
+
+    datetime.time(-5, 30, 0, 0) # Noncompliant {{Provide a correct value for the `hour` parameter.}}
+                 #^^
+    datetime.time(12, 60, 0, 0) # Noncompliant {{Provide a correct value for the `minute` parameter.}}
+                     #^^
+    datetime.time(12, 30, 60, 0) # Noncompliant {{Provide a correct value for the `second` parameter.}}
+                         #^^
+    datetime.time(12, 30, 0, -1) # Noncompliant {{Provide a correct value for the `microsecond` parameter.}}
+                            #^^
+    datetime.time(12, 30, 0, 1000000) # Noncompliant
+    datetime.time(28) # Noncompliant
+    datetime.time(5, 61) # Noncompliant
+    datetime.time(5, 5, 61) # Noncompliant
+
+    datetime.datetime(2024, 3, 1, 12, 30, -2, 1) # Noncompliant {{Provide a correct value for the `second` parameter.}}
+                                         #^^
+    datetime.datetime(2024, 3, 1, 12, 30, 0, -1) # Noncompliant {{Provide a correct value for the `microsecond` parameter.}}
+                                            #^^
+    datetime.datetime(2024, 3, 1, 12, 30, 0, 1000000) # Noncompliant
+    datetime.datetime(2024, 3, 32, 12, 30, 0, 0) # Noncompliant {{Provide a correct value for the `day` parameter.}}
+                              #^^
+    datetime.datetime(2024, 13, 1, 12, 30, 0, 0) # Noncompliant {{Provide a correct value for the `month` parameter.}}
+                           #^^
+    datetime.datetime(2024, 0, 1, 12, 30, 0, 0) # Noncompliant
+    datetime.datetime(-5, 3, 1, 12, 30, 0, 0) # Noncompliant {{Provide a correct value for the `year` parameter.}}
+                     #^^
+    datetime.datetime(2024, 3, 1, 26, 30, 0, 4) # Noncompliant {{Provide a correct value for the `hour` parameter.}}
+                                 #^^
+    datetime.datetime(100000, 5, 3, 12, 30, 0, 0) # Noncompliant
+    datetime.datetime(2024, 3, 1, 12, 60, 0, 0) # Noncompliant
+    datetime.datetime(2024, 3, 1, 12, 30, 60, 0) # Noncompliant
+    datetime.datetime(2024, 3, 1, 12, 30, 0, -1) # Noncompliant
+
+def assigned_value():
+    y1 = 2024
+    m1 = 3
+    d1 = -2
+        #^^> 1 {{An invalid value is assigned here.}}
+    datetime.date(y1, m1, d1) # Noncompliant {{Provide a correct value for the `day` parameter.}}
+                         #^^
+    if cond():
+        y2 = -1
+    else:
+        y2 = 2024
+    datetime.date(y2, 3, 1) # FN limitation of singleAssignedValue
+def false_negatives_tuple_unpacking():
+    datetime.date(*(2024, -1, -1))
+
+def different_imported_name():
+    import datetime as dt
+    dt.date(2024, 3, 32) # Noncompliant
+    dt.time(12, 60, 0, 0) # Noncompliant
+    dt.datetime(2024, 3, 32, 12, 30, 0, 0) # Noncompliant
+
+    from datetime import date as d
+    from datetime import time as t
+    from datetime import datetime as dtt
+    d(2024, 3, 32) # Noncompliant
+    t(12, 60, 0, 0) # Noncompliant
+    dtt(2024, 3, 32, 12, 30, 0, 0) # Noncompliant
+
+def no_issue_on_syntax_errors():
+    datetime.time(12, 5, True)
+    datetime.date(2024, True, 5)
+    datetime.date()
+    datetime.time()
+    datetime.datetime()
+    datetime.date(19)
+    datetime.date(19, 5)
+    datetime.time()
+
+    datetime.datetime(2024, 3, 1, 12, 30, 0, True)
+    datetime.datetime(2024, 3, 1, 12, 30, True, 0)
+    datetime.datetime(2024, 3, 1, 12, True, 0, 0)
+    datetime.datetime(2024, 3, 1, True, 30, 0, 0)
+    datetime.datetime(2024, 3, True, 12, 30, 0, 0)
+    datetime.datetime(2024, True, 1, 12, 30, 0, 0)
+    datetime.datetime(True, 3, 1, 12, 30, 0, 0)
+
+    datetime.time(-random(), 12, 5, 0)
+    datetime.time(12 + 65, 12, 5, 0)
+
+def some_function(): ...
+some_function()
