SONARPY-1184 Rule S6468 : ExceptionGroup and BaseExceptionGroup should not be caught in except* clauses (#1298)

Author: rudy-regazzoni-sonarsource

its/ruling/src/test/java/org/sonar/python/it/RulingHelper.java

@@ -134,6 +134,7 @@ static List<String> bugRuleKeys() {
       "S6002",
       "S6323",
       "S6328",
+      "S6468",
       "S905",
       "S930"
     );

python-checks/src/main/java/org/sonar/python/checks/CheckList.java

@@ -168,6 +168,7 @@ public static Iterable<Class> getChecks() {
       EmptyFunctionCheck.class,
       EmptyNestedBlockCheck.class,
       EmptyStringRepetitionCheck.class,
+      ExceptionGroupCheck.class,
       ExceptionCauseTypeCheck.class,
       ExceptionNotThrownCheck.class,
       ExceptionSuperClassDeclarationCheck.class,

python-checks/src/main/java/org/sonar/python/checks/ExceptionGroupCheck.java

@@ -0,0 +1,66 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks;
+
+import java.util.Set;
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.PythonSubscriptionCheck;
+import org.sonar.plugins.python.api.SubscriptionContext;
+import org.sonar.plugins.python.api.tree.ExceptClause;
+import org.sonar.plugins.python.api.tree.Expression;
+import org.sonar.plugins.python.api.tree.Name;
+import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.plugins.python.api.tree.Tuple;
+
+import static org.sonar.plugins.python.api.tree.Tree.Kind.EXCEPT_GROUP_CLAUSE;
+
+@Rule(key = "S6468")
+public class ExceptionGroupCheck extends PythonSubscriptionCheck {
+  private static final Set<String> EXCEPTION_GROUP = Set.of("ExceptionGroup", "BaseExceptionGroup");
+  private static final String MESSAGE = "Avoid catching %s exception with 'except*'";
+
+  @Override
+  public void initialize(Context context) {
+    context.registerSyntaxNodeConsumer(EXCEPT_GROUP_CLAUSE, ctx -> {
+      ExceptClause exceptClause = (ExceptClause) ctx.syntaxNode();
+      Expression exception = exceptClause.exception();
+
+      if (isExceptionGroup(exception)) {
+        raiseIssue(ctx, exception);
+      } else if (exception.is(Tree.Kind.TUPLE)) {
+        Tuple exceptionTuple = (Tuple) exception;
+        for (Expression exceptionEl : exceptionTuple.elements()) {
+          if (isExceptionGroup(exceptionEl)) {
+            raiseIssue(ctx, exceptionEl);
+          }
+        }
+      }
+    });
+  }
+
+  private static boolean isExceptionGroup(Expression exception) {
+    // TODO : replace this logic by using type/symbol from typeshed
+    return exception.is(Tree.Kind.NAME) && EXCEPTION_GROUP.contains(((Name) exception).name());
+  }
+
+  private static void raiseIssue(SubscriptionContext ctx, Expression exception) {
+    ctx.addIssue(exception, String.format(MESSAGE, ((Name) exception).name()));
+  }
+}

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6468.html

@@ -0,0 +1,24 @@
+<p>Python 3.11 introduced <code>except*</code> and <code>ExceptionGroup</code>. While it’s possible to catch the ExceptionGroup and BaseExceptionGroup
+types with <code>except`</code>, a Runtime error will be raised when this is done with <code>except*</code>.</p>
+<h2>Noncompliant Code Example</h2>
+<pre>
+try:
+    ...
+except* ExceptionGroup:  # Noncompliant
+    pass
+
+try:
+    ...
+except* (TypeError, ExceptionGroup):  # Noncompliant
+    pass
+</pre>
+<h2>Compliant Solution</h2>
+<pre>
+try:
+    ...
+except ExceptionGroup:
+    pass
+</pre>
+<h2>See</h2>
+<p><a href="https://peps.python.org/pep-0654/#forbidden-combinations">PEP-654</a></p>
+

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S6468.json

@@ -0,0 +1,15 @@
+{
+  "title": "ExceptionGroup and BaseExceptionGroup should not be caught with except*",
+  "type": "BUG",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-6468",
+  "sqKey": "S6468",
+  "scope": "All",
+  "quickfix": "unknown"
+}

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json

@@ -182,6 +182,7 @@
     "S6395",
     "S6396",
     "S6397",
-    "S6463"
+    "S6463",
+    "S6468"
   ]
 }

python-checks/src/test/java/org/sonar/python/checks/ExceptionGroupCheckTest.java

@@ -0,0 +1,32 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks;
+
+import org.junit.Test;
+import org.sonar.python.checks.utils.PythonCheckVerifier;
+
+public class ExceptionGroupCheckTest {
+
+  @Test
+  public void test() {
+    PythonCheckVerifier.verify("src/test/resources/checks/exceptionGroup.py", new ExceptionGroupCheck());
+  }
+
+}

python-checks/src/test/resources/checks/exceptionGroup.py

@@ -0,0 +1,54 @@
+def except_star_caught_exception_group():
+    try:
+        ...
+    except* ExceptionGroup: # Noncompliant {{Avoid catching ExceptionGroup exception with 'except*'}}
+#           ^^^^^^^^^^^^^^
+        ...
+    except* BaseExceptionGroup: # Noncompliant {{Avoid catching BaseExceptionGroup exception with 'except*'}}
+        ...
+
+def except_star_caught_exception_group_multiple():
+    try:
+        ...
+    except* (TypeError, ExceptionGroup): # Noncompliant
+        ...
+    except* (ExceptionGroup, BaseExceptionGroup): # Noncompliant 2
+        ...
+    except* (TypeError, ValueError):
+        ...
+
+def except_star_caught_valid_exception():
+    try:
+        ...
+    except* ValueError:
+        ...
+
+def except_caught_exception_group():
+    try:
+        ...
+    except ValueError:
+        ...
+    except ExceptionGroup:
+        ...
+    except BaseExceptionGroup:
+        ...
+    except (TypeError, ExceptionGroup):
+        ...
+    except (ExceptionGroup, BaseExceptionGroup):
+        ...
+    except (TypeError, ValueError):
+        ...
+
+def except_caught_global():
+    try:
+        ...
+    except:
+        ...
+
+def exception_group_replaced():
+    ExceptionGroup = 5
+    try:
+        ...
+    # FP : should not be raised as it is no more the original ExceptionGroup class
+    except* ExceptionGroup: # Noncompliant
+        ...