This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.



1.3.9

Other Updates

Details
Remove false positive for rule: "Avoid using exec (Python)", Rule ID: 1021038.

Rules

Rule IdNew RuleDetails
1021038FALSEAvoid using exec (Python)

1.3.8

Other Updates

Details
Error during Full parsing of files. Fix diverse parsing errors and bug during database analysis.
Python Analyzer is not Linux compliant. Linux compliant extension version.

1.3.7

Resolved Issues

Customer Ticket IdDetails
28660Improve rule "Avoid hard-coded network resource names (Python)"
28661Avoid artifacts having recursive (includeLink) calls
28612Better support of python (namespace) packages (without "init.py" files). Fixes missing links between python methods.
29690Fix bug when parsing empty dictionary definitions
29822Fix bug in program call interpreter leading to inner crash

Other Updates

Details
Skip analysis of folders containing external libraries: python code in "site-packages" and "dist-packages" is skipped by default by the analyzer

1.3.6

Resolved Issues

Customer Ticket IdDetails
25623Python rule (Rule ID:1021030): "Avoid hardcoded network resource names" does not operate as described.
27785False Violation on Python Analysis for the rule (Rule ID:1021004): "Avoid using a web service with Python requests inside a loop".

Other Updates

Details
Scope not correctly configured for rule (Rule ID:1021054): "Avoid long docstring lines".
Minor update of description for the rule (Rule ID:1021042): "Avoid hard-coded passwords (Python)".

1.3.5

Resolved Issues

Customer Ticket IdDetails
26122Corrects resolution of imported classes, inherited classes, and calls inside inherited methods for classes inheriting from "themselves". It also corrects an internal error showed in a warning message.

1.3.4

Note

Python - 1.3.4 is now in LTS (Long Term Support).

1.3.4-funcrel

Resolved Issues

Customer Ticket IdDetails
23067Correct internal error when handling ternary conditional expression in loops.

Other Updates

Details
Fixed issues on method names and calls with (possibly deprecated) keywords: print, exec and await.
Fix internal error (minor impact).

1.3.3-funcrel

Updates

  • Corrected configuration for the common rule "Avoid Too Many Copy Pasted Artifacts". Now new violations in Python code might be visible in the dashboard.

Resolved issues

Internal IDTicket IDSummary
PYTHON-19722189Corrected bug on string evaluation leading to a crash with message "Analysis Runner has stopped working .."

1.3.2-funcrel

Updates

  • TCC rules defining default entry/end points corrected from previous changes (1.3.1-funcrel) so that their effect is bounded to Python objects only.
  • TCC rule for default entry-points on Python Script objects only applies when scripts are not called from elsewhere.
  • TCC rule on SQL-related objects in Python (Standard End Point - Python - Query) now applies to "Python Query", "Python ORM Mapping" and "Python File Query" objects (removed previous reference to "SQL Named Query").
  • Change from 'callLink' to 'useLink' between Python File Query objects and Dml Script (or SQL Script in older versions of the sqlanalyzer extension) objects.

1.3.1-funcrel

Updates

  • Reference list in quality rule 1021044 (Avoid Python string interpolations to prevent SQL injections) is updated.
  • Support for Python super(). This feature corrects a number of incorrect call-links  to methods out of the enclosing class hierarchy.
  • URL resolution of web services involving global variables are improved.
  • TCC default entry/end points from specific types to general categories (concerning web services) are generalized.

New rule

Following rule has been added in this release: 

1021076Avoid mutable default parameter values

1.3.0-funcrel

Updates

  • Support for urllib3 (creation of objects). Partial support for quality rules (see Limitations main text)
  • Corrected code line counting of objects using decorators
  • Improved resolution of method calls

1.3.0-beta1

New features

  • A Python discoverer is shipped together with the extension to automatically create Python analysis units when .py files are present.

Resolved issues

Following table lists the bugs resolved in the current release.

Internal IDTicket IDSummary
PYTHON-174
Update quality rule description (1021016): 'Avoid weak encryption algorithm (Python)''
PYTHON-175
Improvements in robustness based on analysis performed in diverse Python applications.
PYTHON-181
Incorrect link from Flask Operation to Python Class (now the link is correctly created to the method)

1.3.0-alpha2

Resolved issues

Following table lists the bugs resolved in the current release.

Internal IDTicket IDSummary
PYTHON-170
Detect SQL queries coming from SQL files
PYTHON-171
SQLAlchemy (Python SQL toolkit) support
PYTHON-172
Enhance detection of Python Flask web services

1.3.0-alpha1

Updates

New rules

The following rules have been added in this release: 

1021072Avoid shadowing class variables
1021074Avoid manipulating a list while iterating over it

For the complete list of rules in 1.3.0-alpha1, seehttps://technologies.castsoftware.com/rules?sec=srs_python&ref=||1.3.0-alpha1

Resolved issues

Internal IDTicket IDSummary
PYTHON-163
Links between Python and SQL for raw() calls used in Django framework