Page tree

The technology documentation is no longer updated here, see

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Current »

On this page:


Other Updates

Remove false positive for rule: "Avoid using exec (Python)", Rule ID: 1021038.


Rule IdNew RuleDetails
1021038FALSEAvoid using exec (Python)


Other Updates

Error during Full parsing of files. Fix diverse parsing errors and bug during database analysis.
Python Analyzer is not Linux compliant. Linux compliant extension version.


Resolved Issues

Customer Ticket IdDetails
28660Improve rule "Avoid hard-coded network resource names (Python)"
28661Avoid artifacts having recursive (includeLink) calls
28612Better support of python (namespace) packages (without "" files). Fixes missing links between python methods.
29690Fix bug when parsing empty dictionary definitions
29822Fix bug in program call interpreter leading to inner crash

Other Updates

Skip analysis of folders containing external libraries: python code in "site-packages" and "dist-packages" is skipped by default by the analyzer


Resolved Issues

Customer Ticket IdDetails
25623Python rule (Rule ID:1021030): "Avoid hardcoded network resource names" does not operate as described.
27785False Violation on Python Analysis for the rule (Rule ID:1021004): "Avoid using a web service with Python requests inside a loop".

Other Updates

Scope not correctly configured for rule (Rule ID:1021054): "Avoid long docstring lines".
Minor update of description for the rule (Rule ID:1021042): "Avoid hard-coded passwords (Python)".


Resolved Issues

Customer Ticket IdDetails
26122Corrects resolution of imported classes, inherited classes, and calls inside inherited methods for classes inheriting from "themselves". It also corrects an internal error showed in a warning message.



Python - 1.3.4 is now in LTS (Long Term Support).


Resolved Issues

Customer Ticket IdDetails
23067Correct internal error when handling ternary conditional expression in loops.

Other Updates

Fixed issues on method names and calls with (possibly deprecated) keywords: print, exec and await.
Fix internal error (minor impact).



  • Corrected configuration for the common rule "Avoid Too Many Copy Pasted Artifacts". Now new violations in Python code might be visible in the dashboard.

Resolved issues

Internal IDTicket IDSummary
PYTHON-19722189Corrected bug on string evaluation leading to a crash with message "Analysis Runner has stopped working .."



  • TCC rules defining default entry/end points corrected from previous changes (1.3.1-funcrel) so that their effect is bounded to Python objects only.
  • TCC rule for default entry-points on Python Script objects only applies when scripts are not called from elsewhere.
  • TCC rule on SQL-related objects in Python (Standard End Point - Python - Query) now applies to "Python Query", "Python ORM Mapping" and "Python File Query" objects (removed previous reference to "SQL Named Query").
  • Change from 'callLink' to 'useLink' between Python File Query objects and Dml Script (or SQL Script in older versions of the sqlanalyzer extension) objects.



  • Reference list in quality rule 1021044 (Avoid Python string interpolations to prevent SQL injections) is updated.
  • Support for Python super(). This feature corrects a number of incorrect call-links  to methods out of the enclosing class hierarchy.
  • URL resolution of web services involving global variables are improved.
  • TCC default entry/end points from specific types to general categories (concerning web services) are generalized.

New rule

Following rule has been added in this release: 

1021076Avoid mutable default parameter values



  • Support for urllib3 (creation of objects). Partial support for quality rules (see Limitations main text)
  • Corrected code line counting of objects using decorators
  • Improved resolution of method calls


New features

  • A Python discoverer is shipped together with the extension to automatically create Python analysis units when .py files are present.

Resolved issues

Following table lists the bugs resolved in the current release.

Internal IDTicket IDSummary
Update quality rule description (1021016): 'Avoid weak encryption algorithm (Python)''
Improvements in robustness based on analysis performed in diverse Python applications.
Incorrect link from Flask Operation to Python Class (now the link is correctly created to the method)


Resolved issues

Following table lists the bugs resolved in the current release.

Internal IDTicket IDSummary
Detect SQL queries coming from SQL files
SQLAlchemy (Python SQL toolkit) support
Enhance detection of Python Flask web services



New rules

The following rules have been added in this release: 

1021072Avoid shadowing class variables
1021074Avoid manipulating a list while iterating over it

For the complete list of rules in 1.3.0-alpha1, see||1.3.0-alpha1

Resolved issues

Internal IDTicket IDSummary
Links between Python and SQL for raw() calls used in Django framework
  • No labels