SONARPY-1769: Scikit-Learn random_state check (#1785)

Author: joke1196

python-checks/src/main/java/org/sonar/python/checks/CheckList.java

@@ -234,6 +234,7 @@ public static Iterable<Class> getChecks() {
       IncompatibleOperandsCheck.class,
       InconsistentTypeHintCheck.class,
       IncorrectExceptionTypeCheck.class,
+      IncorrectParameterDatetimeConstructorsCheck.class,
       IndexMethodCheck.class,
       InequalityUsageCheck.class,
       InfiniteRecursionCheck.class,
@@ -282,7 +283,6 @@ public static Iterable<Class> getChecks() {
       NumpyWeekMaskValidationCheck.class,
       NumpyIsNanCheck.class,
       NumpyListOverGeneratorCheck.class,
-      NumpyRandomSeedCheck.class,
       NumpyRandomStateCheck.class,
       NumpyWhereOneConditionCheck.class,
       UnusedGroupNamesCheck.class,
@@ -304,13 +304,13 @@ public static Iterable<Class> getChecks() {
       ProcessSignallingCheck.class,
       PropertyAccessorParameterCountCheck.class,
       PytzUsageCheck.class,
-      IncorrectParameterDatetimeConstructorsCheck.class,
       PseudoRandomCheck.class,
       PublicApiIsSecuritySensitiveCheck.class,
       PubliclyWritableDirectoriesCheck.class,
       PublicNetworkAccessToCloudResourcesCheck.class,
       PytzTimeZoneInDatetimeConstructorCheck.class,
       RaiseOutsideExceptCheck.class,
+      RandomSeedCheck.class,
       RedosCheck.class,
       RedundantJumpCheck.class,
       PossessiveQuantifierContinuationCheck.class,

python-checks/src/main/java/org/sonar/python/checks/NumpyRandomSeedCheck.java

@@ -0,0 +1,134 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.python.checks;
+
+import java.util.Map;
+import java.util.Optional;
+import java.util.Set;
+import java.util.function.Predicate;
+import javax.annotation.Nullable;
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.PythonSubscriptionCheck;
+import org.sonar.plugins.python.api.SubscriptionContext;
+import org.sonar.plugins.python.api.symbols.FunctionSymbol;
+import org.sonar.plugins.python.api.symbols.Symbol;
+import org.sonar.plugins.python.api.symbols.Symbol.Kind;
+import org.sonar.plugins.python.api.tree.CallExpression;
+import org.sonar.plugins.python.api.tree.Expression;
+import org.sonar.plugins.python.api.tree.Name;
+import org.sonar.plugins.python.api.tree.RegularArgument;
+import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.python.cfg.fixpoint.ReachingDefinitionsAnalysis;
+import org.sonar.python.semantic.ClassSymbolImpl;
+import org.sonar.python.semantic.SymbolUtils;
+import org.sonar.python.tree.TreeUtils;
+
+@Rule(key = "S6709")
+public class RandomSeedCheck extends PythonSubscriptionCheck {
+
+  private static final String NUMPY_SEED_ARG_NAME = "seed";
+
+  private static final Map<String, String> SEED_METHODS_TO_CHECK = Map.of(
+    "numpy.seed", NUMPY_SEED_ARG_NAME,
+    "numpy.random.seed", NUMPY_SEED_ARG_NAME,
+    "numpy.random.default_rng", NUMPY_SEED_ARG_NAME,
+    "numpy.random.SeedSequence", "entropy",
+    "numpy.random.PCG64", NUMPY_SEED_ARG_NAME,
+    "numpy.random.PCG64DXSM", NUMPY_SEED_ARG_NAME,
+    "numpy.random.MT19937", NUMPY_SEED_ARG_NAME,
+    "numpy.random.SFC64", NUMPY_SEED_ARG_NAME,
+    "numpy.random.Philox", NUMPY_SEED_ARG_NAME);
+
+  private static final String SKLEARN_FQN = "sklearn";
+  private static final String SKLEARN_ARG_NAME = "random_state";
+
+  private static final String MESSAGE = "Provide a seed for this random generator.";
+  private static final String SKLEARN_MESSAGE = "Provide a seed for the random_state parameter.";
+
+  private ReachingDefinitionsAnalysis reachingDefinitionsAnalysis;
+
+  @Override
+  public void initialize(Context context) {
+    context.registerSyntaxNodeConsumer(Tree.Kind.FILE_INPUT,
+      ctx -> this.reachingDefinitionsAnalysis = new ReachingDefinitionsAnalysis(ctx.pythonFile()));
+    context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, this::checkEmptySeedCall);
+  }
+
+  private void checkEmptySeedCall(SubscriptionContext ctx) {
+    CallExpression call = (CallExpression) ctx.syntaxNode();
+
+    Optional<Symbol> maybeCalleeSymbol = Optional.ofNullable(call.calleeSymbol());
+
+    maybeCalleeSymbol
+      .map(Symbol::fullyQualifiedName)
+      .map(SEED_METHODS_TO_CHECK::get)
+      .filter(argName -> isArgumentAbsentOrNone(TreeUtils.nthArgumentOrKeyword(0, argName, call.arguments())))
+      .map(arg -> MESSAGE)
+      .or(() -> maybeCalleeSymbol
+        .filter(symbol -> symbol.fullyQualifiedName() != null && symbol.fullyQualifiedName().startsWith(SKLEARN_FQN))
+        .filter(RandomSeedCheck::hasRandomStateParameter)
+        .filter(symbol -> isArgumentAbsentOrNone(TreeUtils.argumentByKeyword(SKLEARN_ARG_NAME, call.arguments())))
+        .map(symbol -> SKLEARN_MESSAGE))
+      .ifPresent(message -> ctx.addIssue(call.callee(), message));
+  }
+
+  private static boolean hasRandomStateParameter(Symbol calleeSymbol) {
+    return isClassInstantiationWithRandomStateParameter(calleeSymbol)
+      .or(() -> isFunctionWithRandomStateParameter(calleeSymbol))
+      .orElse(false);
+  }
+
+  private static Optional<Boolean> isClassInstantiationWithRandomStateParameter(Symbol calleeSymbol) {
+    return Optional.of(calleeSymbol)
+      .filter(s -> s.is(Kind.CLASS))
+      .map(ClassSymbolImpl.class::cast)
+      .map(classSymbol -> classSymbol.declaredMembers()
+        .stream()
+        .filter(member -> "__init__".equals(member.name()))
+        .toList())
+      .filter(members -> members.size() == 1)
+      .map(members -> members.get(0))
+      .map(RandomSeedCheck::hasRandomStateParameter);
+  }
+
+  private static Optional<Boolean> isFunctionWithRandomStateParameter(Symbol calleeSymbol) {
+    return Optional.of(calleeSymbol)
+      .filter(s1 -> s1.is(Kind.FUNCTION))
+      .map(SymbolUtils::getFunctionSymbols)
+      .filter(symbols -> symbols.size() == 1)
+      .map(symbols -> symbols.get(0))
+      .map(symbol -> symbol.parameters()
+        .stream()
+        .map(FunctionSymbol.Parameter::name)
+        .anyMatch(SKLEARN_ARG_NAME::equals));
+  }
+
+  private boolean isArgumentAbsentOrNone(@Nullable RegularArgument arg) {
+    return arg == null || arg.expression().is(Tree.Kind.NONE) || isAssignedNone(arg.expression());
+  }
+
+  private boolean isAssignedNone(Expression exp) {
+    return Optional.of(exp)
+      .flatMap(TreeUtils.toOptionalInstanceOfMapper(Name.class))
+      .map(reachingDefinitionsAnalysis::valuesAtLocation)
+      .filter(Predicate.not(Set::isEmpty))
+      .filter(values -> values.stream().allMatch(value -> value.is(Tree.Kind.NONE))).isPresent();
+  }
+}

python-checks/src/main/java/org/sonar/python/checks/RandomSeedCheck.java

@@ -22,11 +22,17 @@
 import org.junit.jupiter.api.Test;
 import org.sonar.python.checks.utils.PythonCheckVerifier;
 
-class NumpyRandomSeedCheckTest {
+class RandomSeedCheckTest {
+  RandomSeedCheck check = new RandomSeedCheck();
+
   @Test
-  void test() {
-    PythonCheckVerifier.verify("src/test/resources/checks/numpyRandomSeedCheck.py", new NumpyRandomSeedCheck());
+  void test_numpy() {
+    PythonCheckVerifier.verify("src/test/resources/checks/randomSeedNumpy.py", check );
+  }
+  
+  @Test
+  void test_sklearn() {
+    PythonCheckVerifier.verify("src/test/resources/checks/randomSeedSKlearn.py", check);
   }
-
 }
 

python-checks/src/test/java/org/sonar/python/checks/NumpyRandomSeedCheckTest.java renamed to python-checks/src/test/java/org/sonar/python/checks/RandomSeedCheckTest.java

@@ -2,35 +2,35 @@
 
 def failure():
     gen = np.random.default_rng()  # Noncompliant {{Provide a seed for this random generator.}}
-    #     ^^^^^^^^^^^^^^^^^^^^^^^
+    #     ^^^^^^^^^^^^^^^^^^^^^
 
     gen = np.random.SeedSequence()  # Noncompliant
-    #     ^^^^^^^^^^^^^^^^^^^^^^^^
+    #     ^^^^^^^^^^^^^^^^^^^^^^
 
     gen = np.random.SeedSequence(entropy=None)  # Noncompliant
-    #     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+    #     ^^^^^^^^^^^^^^^^^^^^^^
     gen = np.random.SeedSequence(spawn_key=[123])  # Noncompliant
-    #     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+    #     ^^^^^^^^^^^^^^^^^^^^^^
 
     from numpy.random import SFC64, MT19937, PCG64, PCG64DXSM, Philox
 
     gen = SFC64()  # Noncompliant
-    #     ^^^^^^^
+    #     ^^^^^
     gen = MT19937(seed=None)  # Noncompliant
-    #     ^^^^^^^^^^^^^^^^^^
-    gen = PCG64()  # Noncompliant
     #     ^^^^^^^
+    gen = PCG64()  # Noncompliant
+    #     ^^^^^
 
     gen = PCG64DXSM()  # Noncompliant
-    #     ^^^^^^^^^^^
+    #     ^^^^^^^^^
     a = None
     gen = Philox(a)  # Noncompliant
-    #     ^^^^^^^^^
+    #     ^^^^^^
 
     gen = np.random.seed()  # Noncompliant
-    #     ^^^^^^^^^^^^^^^^
+    #     ^^^^^^^^^^^^^^
     gen = np.seed(None)  # Noncompliant
-    #     ^^^^^^^^^^^^^
+    #     ^^^^^^^
 
 
 def success():

python-checks/src/test/resources/checks/numpyRandomSeedCheck.py renamed to python-checks/src/test/resources/checks/randomSeedNumpy.py

@@ -0,0 +1,34 @@
+from sklearn.model_selection import train_test_split
+from sklearn.svm import SVC
+from sklearn.datasets import load_iris, make_blobs
+
+def failure():
+    X, y = load_iris(return_X_y=True)
+    X_train, X_test, y_train, y_test = train_test_split(X, y) # Noncompliant {{Provide a seed for the random_state parameter.}}
+    #                                  ^^^^^^^^^^^^^^^^
+    svc = SVC() # Noncompliant
+    #     ^^^
+
+    X, y = make_blobs(n_samples=1300, random_state=None) # Noncompliant
+    #      ^^^^^^^^^^
+
+def success():
+    from sklearn.ensemble import RandomForestClassifier
+    rfc = RandomForestClassifier(random_state=0) # Compliant
+    from sklearn.linear_model import SGDClassifier 
+    sgd = SGDClassifier(random_state=foo()) # Compliant
+    
+    def sklearn_seed(rng):
+        svc = SVC(random_state=rng) # Compliant
+
+    def foo(random_state=None):
+        pass
+
+    foo() # Compliant
+
+def ambiguous():
+    from sklearn.svm import SVC as something
+    from sklearn.datasets import make_blobs as something
+
+    something = something() # FN 
+