Page tree

The technology documentation is no longer updated here, see

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

On this page:



  • TCC rules defining default entry/end points corrected from previous changes (1.3.1-funcrel) so that their effect is bounded to Python objects only.
  • TCC rule for default entry-points on Python Script objects only applies when scripts are not called from elsewhere.
  • TCC rule on SQL-related objects in Python (Standard End Point - Python - Query) now applies to "Python Query", "Python ORM Mapping" and "Python File Query" objects (removed previous reference to "SQL Named Query").
  • Change from 'callLink' to 'useLink' between Python File Query objects and Dml Script (or SQL Script in older versions of the sqlanalyzer extension) objects.



  • Reference list in quality rule 1021044 (Avoid Python string interpolations to prevent SQL injections) is updated.
  • Support for Python super(). This feature corrects a number of incorrect call-links  to methods out of the enclosing class hierarchy.
  • URL resolution of web services involving global variables are improved.
  • TCC default entry/end points from specific types to general categories (concerning web services) are generalized.

New rule

Following rule has been added in this release: 

1021076Avoid mutable default parameter values



  • Support for urllib3 (creation of objects). Partial support for quality rules (see Limitations main text)
  • Corrected code line counting of objects using decorators
  • Improved resolution of method calls


New features

  • A Python discoverer is shipped together with the extension to automatically create Python analysis units when .py files are present.

Resolved issues

Following table lists the bugs resolved in the current release.

Internal IDTicket IDSummary
Update quality rule description (1021016): 'Avoid weak encryption algorithm (Python)''
Improvements in robustness based on analysis performed in diverse Python applications.
Incorrect link from Flask Operation to Python Class (now the link is correctly created to the method)


Resolved issues

Following table lists the bugs resolved in the current release.

Internal IDTicket IDSummary
Detect SQL queries coming from SQL files
SQLAlchemy (Python SQL toolkit) support
Enhance detection of Python Flask web services



New rules

The following rules have been added in this release: 

1021072Avoid shadowing class variables
1021074Avoid manipulating a list while iterating over it

For the complete list of rules in 1.3.0-alpha1, see||1.3.0-alpha1

Resolved issues

Internal IDTicket IDSummary
Links between Python and SQL for raw() calls used in Django framework
  • No labels