Python Analyzer Updates -- April 2021

After the recent releases, the Python analyzer can detect 3 new issues and can automatically fix 10 more issues now.
We have also fixed some autofix failures and false positives that you reported to us.

Here is the detailed changelog:

New Issues:

• PY-A6004: Creating cookies without the “HttpOnly” flag

Cookie without httponly flag is suspect to theft from XSS attacks

Example:

some_response.set_cookie('sensitive', 'some_value')

While this issue mostly makes sense if you’re setting a sensitive cookie, DeepSource will flag all the cookies encountered without the httponly flag.
This is raised as an audit issue to ensure that you are aware of all the cookies being set and avoid false negatives.

• PTC-W0064: Private nested class declared but not used

class AS:
    class __NonPublicClass():  # Noncompliant
        ...
    
    # Rest of the class body where __NonPublicClass is never used.

Note: Since nothing is actually private in Python, this issue calls objects with dunder prefixes as private because of the convention.
For further reading, check these resources out:
→ Python documentation for Private Variables.
→ PEP 8 Style Guide: Designing for inheritance.

• PTC-W0065: Unused nested function or class detected

def run():
    def total_time():
        return Something

    class Runner:
        def __init__(time):
            pass
    
    # Rest of the body where neither `total_time` nor `Runner` is ever used.

New Autofixes:

• FLK-D202: No blank lines allowed after function docstring

The autofix will remove the blank lines present after the function/method docstring.

• PTC-W0064: Private nested class declared but not used

The autofix will remove the unused nested private classes.

• PTC-W0065: Unused nested function or class detected

The autofix will remove the unused nested definitions.

• PY-A6004: Audit required: Sensitive cookie without httponly attribute

The autofix sets the httponly flag to True while creating the cookie.

• PYL-C0325: Unnecessary parentheses after keyword

The autofix will remove unnecessary parentheses after the keywords.

• PYL-E0105: yield` used outside of function

The autofix will remove the yield statements present outside of functions.

• PYL-E0242: Class variable conflicts with slots

The autofix will remove __slots__ variables that conflict with the class variables.

• PYL-R1715: Use get() method to access values from a dictionary

# Replaces this snippet:
if key in my_mapping:
    value = my_mapping[key]
else:
    value = "Not Found"

# With this:
value = my_mapping.get(key, "Not Found")

• PYL-R1717: Consider using a dictionary comprehension

# Changes this code
mapping = dict([(num, str(num)) for num in my_magic_nums])

# to this:
mapping = {num: str(num) for num in my_magic_nums}

• PYL-W1301: Format string contains unused key

The autofix will remove unused key(s) from the format string dictionary.

Analyzer Improvements:

• Added support for spaced filenames for type checking.
• Replaced FLK-E711 and FLK-E712 with an improved PTC-W0068 check.
• Replaced PYL-W0611 with PY-W2000. This fixes all the previously reported false positives for unused imports.
• Fixed false positives in PTC-W0063 raised for unguarded next calls on iter method.
• Fixed false positives in PTC-W0049 and PYL-R0201 when a function is decorated with @overload from the typing module
• Fixed false positives in PYL-W0212 to not emit issues when the os._exit method is used.
• Improved doc-coverage issues

  Documentation issues are no longer raised for getters/setters and methods decorated with @typing.overload and @wraps
  Added a meta option to add an ability to skip docstrings for the non-public functions/methods.

• Fixed false positives in PTC-W0053 to not raise issues when the class inherits from abc.ABC.
• Fixed false positives in PY-D0003 to not raise issues for nested functions when nonpublic objects are asked to be ignored.
• Fixed known false positives for PTC-W0065 when a non-public method is used in a decorator.

Autofix Improvements:

• Fixed partial breakages in autofix for PTC-W0039.

  The autofix now takes care of dictionaries from 3rd party imports.

• Improved autofix for PYL-R0205 – Unnecessary object inheritance

  The autofix now removes trailing commas (if any) when a base class is removed

• Fixed autofix failures in PYL-E0237 when __slots__ was an empty sequence.
• Fixed autofix failures during fixing unused imports. The checker PY-W2000 has replaced PYL-W0611.