SONARPY-1770 Rule S6971 : Transformers should not be accessed directly when a Scikit-Learn Pipeline uses caching (#1779)

Author: ghislainpiot

python-checks/src/main/java/org/sonar/python/checks/CheckList.java

@@ -348,6 +348,7 @@ public static Iterable<Class> getChecks() {
       StringLiteralDuplicationCheck.class,
       StringReplaceCheck.class,
       StrongCryptographicKeysCheck.class,
+      SklearnCachedPipelineDontAccessTransformersCheck.class,
       SuperfluousCurlyBraceCheck.class,
       TempFileCreationCheck.class,
       ImplicitlySkippedTestCheck.class,

python-checks/src/main/java/org/sonar/python/checks/SklearnCachedPipelineDontAccessTransformersCheck.java

@@ -0,0 +1,227 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.stream.Stream;
+import javax.annotation.Nullable;
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.PythonSubscriptionCheck;
+import org.sonar.plugins.python.api.SubscriptionContext;
+import org.sonar.plugins.python.api.quickfix.PythonQuickFix;
+import org.sonar.plugins.python.api.symbols.Symbol;
+import org.sonar.plugins.python.api.tree.AssignmentStatement;
+import org.sonar.plugins.python.api.tree.CallExpression;
+import org.sonar.plugins.python.api.tree.Expression;
+import org.sonar.plugins.python.api.tree.ListLiteral;
+import org.sonar.plugins.python.api.tree.Name;
+import org.sonar.plugins.python.api.tree.QualifiedExpression;
+import org.sonar.plugins.python.api.tree.RegularArgument;
+import org.sonar.plugins.python.api.tree.StringLiteral;
+import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.plugins.python.api.tree.Tuple;
+import org.sonar.plugins.python.api.tree.UnpackingExpression;
+import org.sonar.python.quickfix.TextEditUtils;
+import org.sonar.python.semantic.SymbolUtils;
+import org.sonar.python.tree.TreeUtils;
+import org.sonar.python.tree.TupleImpl;
+import org.sonar.python.types.InferredTypes;
+
+@Rule(key = "S6971")
+public class SklearnCachedPipelineDontAccessTransformersCheck extends PythonSubscriptionCheck {
+
+  public static final String MESSAGE = "Avoid accessing transformers in a cached pipeline.";
+  public static final String MESSAGE_SECONDARY = "The transformer is accessed here";
+  public static final String MESSAGE_SECONDARY_CREATION = "The Pipeline is created here";
+
+  @Override
+  public void initialize(Context context) {
+    context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, SklearnCachedPipelineDontAccessTransformersCheck::checkCallExpr);
+  }
+
+  private static void checkCallExpr(SubscriptionContext subscriptionContext) {
+    CallExpression callExpression = (CallExpression) subscriptionContext.syntaxNode();
+    Optional<PipelineCreation> pipelineCreationOptional = isPipelineCreation(callExpression);
+    if (pipelineCreationOptional.isEmpty()) {
+      return;
+    }
+    PipelineCreation pipelineCreation = pipelineCreationOptional.get();
+
+    var memoryArgument = TreeUtils.argumentByKeyword("memory", callExpression.arguments());
+    if (memoryArgument == null || memoryArgument.expression().is(Tree.Kind.NONE) || memoryArgument.expression().type() == InferredTypes.anyType()) {
+      return;
+    }
+    var stepsArgument = TreeUtils.nthArgumentOrKeyword(0, "steps", callExpression.arguments());
+
+    StepsFromPipeline stepsFromPipeline = getStepsFromPipeline(stepsArgument, pipelineCreation);
+
+    handleStepNames(subscriptionContext, stepsFromPipeline, pipelineCreation, callExpression);
+  }
+
+  private static StepsFromPipeline getStepsFromPipeline(@Nullable RegularArgument stepsArgument, PipelineCreation pipelineCreation) {
+    Map<Name, String> nameToStepName = new HashMap<>();
+    Optional<Expression> stepArgumentExpression = Optional.ofNullable(stepsArgument)
+      .map(RegularArgument::expression);
+
+    var stepNames = stepArgumentExpression.map(
+      e -> pipelineCreation == PipelineCreation.PIPELINE ? extractFromPipeline(e, nameToStepName) : extractFromMakePipeline(e))
+      .orElse(Stream.empty());
+    return new StepsFromPipeline(nameToStepName, stepNames);
+  }
+
+  private record StepsFromPipeline(Map<Name, String> nameToStepName, Stream<Name> stepNames) {
+  }
+
+  private static void handleStepNames(SubscriptionContext subscriptionContext, StepsFromPipeline stepsFromPipeline, PipelineCreation pipelineCreation,
+    CallExpression callExpression) {
+    stepsFromPipeline.stepNames()
+      .map(name -> Map.entry(name, symbolIsUsedInQualifiedExpression(name))).forEach(entry -> {
+        Name name = entry.getKey();
+        Map<Tree, QualifiedExpression> uses = entry.getValue();
+
+        if (!uses.isEmpty()) {
+          createIssue(subscriptionContext, stepsFromPipeline, pipelineCreation, callExpression, name, uses);
+        }
+      });
+  }
+
+  private static void createIssue(SubscriptionContext subscriptionContext, StepsFromPipeline stepsFromPipeline, PipelineCreation pipelineCreation, CallExpression callExpression,
+    Name name, Map<Tree, QualifiedExpression> uses) {
+    var issue = subscriptionContext.addIssue(name, MESSAGE);
+    uses.forEach((useTree, qualExpr) -> issue.secondary(useTree, MESSAGE_SECONDARY));
+    if (pipelineCreation == PipelineCreation.PIPELINE) {
+      issue.secondary(callExpression.callee(), MESSAGE_SECONDARY_CREATION);
+      uses
+        .forEach(
+          (useTree, qualExpr) -> getAssignedName(callExpression)
+            .flatMap(pipelineBindingVariable -> getQuickFix(pipelineBindingVariable, name, qualExpr, stepsFromPipeline.nameToStepName()))
+            .ifPresent(issue::addQuickFix));
+    }
+  }
+
+  private static Stream<Name> extractFromMakePipeline(Expression stepArgumentExpression) {
+    return Optional.of(stepArgumentExpression)
+      .filter(e -> e.is(Tree.Kind.NAME))
+      .map(Name.class::cast)
+      .stream();
+  }
+
+  private static Stream<Name> extractFromPipeline(Expression stepArgumentExpression, Map<Name, String> nameToStepName) {
+    return Optional.of(stepArgumentExpression)
+      .filter(e -> e.is(Tree.Kind.LIST_LITERAL))
+      .map(e -> ((ListLiteral) e).elements().expressions())
+      .stream()
+      .flatMap(Collection::stream)
+      .filter(e -> e.is(Tree.Kind.TUPLE))
+      .map(t -> ((TupleImpl) t).elements())
+      .filter(e -> e.size() == 2)
+      .filter(e -> e.get(1).is(Tree.Kind.NAME))
+      .map(elements -> {
+        if (elements.get(0).is(Tree.Kind.STRING_LITERAL)) {
+          nameToStepName.put((Name) elements.get(1), ((StringLiteral) elements.get(0)).trimmedQuotesValue());
+        }
+        return elements;
+      })
+      .map(e -> e.get(1))
+      .map(Name.class::cast);
+  }
+
+  private static Optional<PythonQuickFix> getQuickFix(Name pipelineBindingVariable, Tree name, QualifiedExpression qualifiedExpression, Map<Name, String> nameToStepName) {
+    return Optional.ofNullable(nameToStepName.get(name))
+      .map(stepName -> PythonQuickFix.newQuickFix("Access the property through the ")
+        .addTextEdit(TextEditUtils.replace(qualifiedExpression.qualifier(), String.format("%s.named_steps[\"%s\"]", pipelineBindingVariable.name(), stepName)))
+        .build());
+  }
+
+  private static Map<Tree, QualifiedExpression> symbolIsUsedInQualifiedExpression(Name name) {
+    Symbol symbol = name.symbol();
+    if (symbol == null) {
+      return new HashMap<>();
+    }
+    Map<Tree, QualifiedExpression> qualifiedExpressions = new HashMap<>();
+    symbol.usages().stream()
+      .filter(u -> u.tree().parent().is(Tree.Kind.QUALIFIED_EXPR))
+      .forEach(u -> qualifiedExpressions.put(((QualifiedExpression) u.tree().parent()).qualifier(), ((QualifiedExpression) u.tree().parent())));
+
+    return qualifiedExpressions;
+  }
+
+  private enum PipelineCreation {
+    PIPELINE,
+    MAKE_PIPELINE
+  }
+
+  private static Optional<PipelineCreation> isPipelineCreation(CallExpression callExpression) {
+    return Optional.ofNullable(callExpression.calleeSymbol()).map(Symbol::fullyQualifiedName)
+      .map(fqn -> {
+        if ("sklearn.pipeline.Pipeline".equals(fqn)) {
+          return PipelineCreation.PIPELINE;
+        }
+        if ("sklearn.pipeline.make_pipeline".equals(fqn)) {
+          return PipelineCreation.MAKE_PIPELINE;
+        }
+        return null;
+      });
+  }
+
+  private static Optional<Name> getAssignedName(Expression expression) {
+    if (expression.is(Tree.Kind.NAME)) {
+      return Optional.of((Name) expression);
+    }
+    if (expression.is(Tree.Kind.QUALIFIED_EXPR)) {
+      return getAssignedName(((QualifiedExpression) expression).name());
+    }
+
+    var assignment = (AssignmentStatement) TreeUtils.firstAncestorOfKind(expression, Tree.Kind.ASSIGNMENT_STMT);
+    if (assignment == null) {
+      return Optional.empty();
+    }
+
+    var expressions = SymbolUtils.assignmentsLhs(assignment);
+    if (expressions.size() != 1) {
+      List<Expression> rhsExpressions = getExpressionsFromRhs(assignment.assignedValue());
+      var rhsIndex = rhsExpressions.indexOf(expression);
+      if (rhsIndex != -1) {
+        return getAssignedName(expressions.get(rhsIndex));
+      } else {
+        return Optional.empty();
+      }
+    }
+
+    return getAssignedName(expressions.get(0));
+  }
+
+  private static List<Expression> getExpressionsFromRhs(Expression rhs) {
+    List<Expression> expressions = new ArrayList<>();
+    if (rhs.is(Tree.Kind.TUPLE)) {
+      expressions.addAll(((Tuple) rhs).elements());
+    } else if (rhs.is(Tree.Kind.LIST_LITERAL)) {
+      expressions.addAll(((ListLiteral) rhs).elements().expressions());
+    } else if (rhs.is(Tree.Kind.UNPACKING_EXPR)) {
+      return getExpressionsFromRhs(((UnpackingExpression) rhs).expression());
+    }
+    return expressions;
+  }
+}

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6971.html

@@ -0,0 +1,54 @@
+<p>This rule raises an issue when trying to access a Scikit-Learn transformer used in a pipeline with caching directly.</p>
+<h2>Why is this an issue?</h2>
+<p>When using a pipeline with a cache and passing the transformer objects as an instance from a variable, it is possible to access them directly.</p>
+<p>This is an issue, since when the Pipeline is fitted, all the transformers are cloned. The objects outside the Pipeline are therefore not updated,
+and will yield unexpected results.</p>
+<h2>How to fix it</h2>
+<p>Replace the direct access to the transformer with an access to the <code>named_steps</code> attribute of the pipeline.</p>
+<h3>Code examples</h3>
+<h4>Noncompliant code example</h4>
+<pre data-diff-id="1" data-diff-type="noncompliant">
+from sklearn.datasets import load_diabetes
+from sklearn.preprocessing import RobustScaler
+from sklearn.neighbors import KNeighborsRegressor
+from sklearn.pipeline import Pipeline
+
+diabetes = load_diabetes()
+scaler = RobustScaler()
+knn = KNeighborsRegressor(n_neighbors=5)
+
+pipeline = Pipeline([
+    ('scaler', scaler),
+    ('knn', knn)
+], memory="cache")
+
+pipeline.fit(diabetes.data, diabetes.target)
+print(scaler.center_) # Noncompliant : raises an AttributeError
+</pre>
+<h4>Compliant solution</h4>
+<pre data-diff-id="1" data-diff-type="compliant">
+from sklearn.datasets import load_diabetes
+from sklearn.preprocessing import RobustScaler
+from sklearn.neighbors import KNeighborsRegressor
+from sklearn.pipeline import Pipeline
+
+diabetes = load_diabetes()
+scaler = RobustScaler()
+knn = KNeighborsRegressor(n_neighbors=5)
+
+pipeline = Pipeline([
+    ('scaler', scaler),
+    ('knn', knn)
+], memory="cache")
+
+pipeline.fit(diabetes.data, diabetes.target)
+print(pipeline.named_steps['scaler'].center_) # Compliant
+</pre>
+<h2>Resources</h2>
+<h3>Documentation</h3>
+<ul>
+  <li> Scikit-Learn - Pipelines and composite estimators : <a
+  href="https://scikit-learn.org/stable/modules/compose.html#warning:-side-effect-of-caching-transformers">Side effect of caching transformers</a>
+  </li>
+</ul>
+

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6971.json

@@ -0,0 +1,22 @@
+{
+  "title": "Transformers should not be accessed directly when a Scikit-Learn Pipeline uses caching",
+  "type": "BUG",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-6971",
+  "sqKey": "S6971",
+  "scope": "All",
+  "quickfix": "targeted",
+  "code": {
+    "impacts": {
+      "MAINTAINABILITY": "MEDIUM",
+      "RELIABILITY": "HIGH"
+    },
+    "attribute": "LOGICAL"
+  }
+}

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json

@@ -238,6 +238,7 @@
     "S6919",
     "S6925",
     "S6928",
-    "S6929"
+    "S6929",
+    "S6971"
   ]
 }

python-checks/src/test/java/org/sonar/python/checks/SklearnCachedPipelineDontAccessTransformersCheckTest.java

@@ -0,0 +1,62 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks;
+
+import org.junit.jupiter.api.Test;
+import org.sonar.python.checks.quickfix.PythonQuickFixVerifier;
+import org.sonar.python.checks.utils.PythonCheckVerifier;
+
+
+class SklearnCachedPipelineDontAccessTransformersCheckTest {
+
+  @Test
+  void test(){
+    PythonCheckVerifier.verify("src/test/resources/checks/sklearn_cached_pipeline_dont_access_transformers.py", new SklearnCachedPipelineDontAccessTransformersCheck());
+  }
+
+  @Test
+  void test_quickfix1(){
+    PythonQuickFixVerifier.verify(
+      new SklearnCachedPipelineDontAccessTransformersCheck(),
+      """
+        from sklearn.pipeline import Pipeline
+        scaler = RobustScaler()
+        knn = KNeighborsRegressor(n_neighbors=5)
+            
+        pipeline = Pipeline([
+            ('scaler', scaler),
+            ('knn', knn),
+        ], memory="cache")
+        print(scaler.center_)
+        """,
+      """
+        from sklearn.pipeline import Pipeline
+        scaler = RobustScaler()
+        knn = KNeighborsRegressor(n_neighbors=5)
+            
+        pipeline = Pipeline([
+            ('scaler', scaler),
+            ('knn', knn),
+        ], memory="cache")
+        print(pipeline.named_steps["scaler"].center_)
+        """
+    );
+  }
+}