SONARPY-4018 Silence main-scope issues on test files when sonar.tests is not set

Introduce TestFileClassifier to heuristically identify test files based on
naming conventions when sonar.tests is not configured. PythonScanner now
resolves an effective file type for rules so that issues raised by
test-specific rules (e.g. S2699) are silenced on main-scope files that look
like tests.

Update IT orchestrator and ruling tests to cover the new behaviour.

GitOrigin-RevId: 750d41a38353850d9b10e5b369eadbda66c8482e

Author: guillaume-dequenne

its/plugin/it-python-plugin-test/projects/test_code/main_src/.gitkeep

@@ -20,7 +20,9 @@
 import com.sonar.python.it.ConcurrentOrchestratorExtension;
 import com.sonar.python.it.TestsUtils;
 import java.io.File;
+import java.util.Comparator;
 import java.util.List;
+import java.util.stream.Collectors;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
@@ -38,13 +40,14 @@ public class TestRulesTest {
   private static final String PROJECT_KEY = "test-rules";
   private static final String PROJECT_NAME = "Test Rules";
 
-  private static SonarScanner BUILD;
-
   @BeforeAll
   static void prepare() {
     orchestrator.getServer().provisionProject(PROJECT_KEY, PROJECT_NAME);
     orchestrator.getServer().associateProjectToQualityProfile(PROJECT_KEY, "py", "python-test-rules-profile");
-    BUILD = orchestrator.createSonarScanner()
+  }
+
+  private SonarScanner newBuild() {
+    return orchestrator.createSonarScanner()
       .setProjectDir(new File("projects/test_code"))
       .setProjectKey(PROJECT_KEY)
       .setProjectName(PROJECT_NAME)
@@ -53,9 +56,9 @@ static void prepare() {
 
   @Test
   void test_rules_run_on_test_files() {
-    BUILD.setSourceDirs("src")
-      .setTestDirs("tests");
-    orchestrator.executeBuild(BUILD);
+    orchestrator.executeBuild(newBuild()
+      .setSourceDirs("src")
+      .setTestDirs("tests"));
 
     List<Issues.Issue> assertOnTupleIssues = issues("python:S5905");
     List<Issues.Issue> dedicatedAssertionIssues = issues("python:S5906");
@@ -70,9 +73,12 @@ void test_rules_run_on_test_files() {
   }
 
   @Test
-  void declare_all_files_as_test_files() {
-    BUILD.setTestDirs(".");
-    orchestrator.executeBuild(BUILD);
+  void main_rules_suppressed_when_all_files_declared_as_test() {
+    // main_src/ is an empty placeholder so sonar.sources points to a valid path with no Python files.
+    // All actual Python files are under sonar.tests=src,tests → classified as TEST → S3923 (MAIN-scoped) fires nowhere.
+    orchestrator.executeBuild(newBuild()
+      .setSourceDirs("main_src")
+      .setTestDirs("src,tests"));
 
     List<Issues.Issue> testRuleIssues = issues("python:S5905");
     List<Issues.Issue> mainRuleIssues = issues("python:S3923");
@@ -81,13 +87,79 @@ void declare_all_files_as_test_files() {
     assertThat(mainRuleIssues).isEmpty();
   }
 
+  @Test
+  void auto_detect_test_files_when_sonar_tests_not_configured() {
+    // When sonar.tests is not set, all files get InputFile.Type.MAIN from the platform.
+    // The plugin's path-based heuristic detects files in the `tests/` directory and
+    // suppresses MAIN-scoped rules on them, while CheckScope.ALL and TEST-scoped rules still fire.
+    orchestrator.executeBuild(newBuild()
+      .setProperty("sonar.sources", "src,tests"));  // all files are MAIN — no sonar.tests configured
+
+    List<Issues.Issue> mainRuleIssues = issues("python:S3923");
+    List<Issues.Issue> allFilesRuleIssues = issues("python:S5905");
+    List<Issues.Issue> testScopedRuleIssues = issues("python:S5906");
+
+    // S3923 (MAIN-scoped): fires only on src/some_code.py; heuristic silences it on tests/
+    assertThat(mainRuleIssues).hasSize(1);
+    assertIssue(mainRuleIssues.get(0), 3,
+      "Remove this if statement or edit its code blocks so that they're not all the same.",
+      "test-rules:src/some_code.py");
+
+    // S5905 (CheckScope.ALL): fires on both files regardless of effective type
+    assertThat(allFilesRuleIssues).hasSize(2);
+    assertIssue(allFilesRuleIssues.get(0), 2,
+      "Fix this assertion on a tuple literal.", "test-rules:src/some_code.py");
+    assertIssue(allFilesRuleIssues.get(1), 3,
+      "Fix this assertion on a tuple literal.", "test-rules:tests/test_my_code.py");
+
+    // S5906 (TEST-scoped): fires on heuristic-detected test file
+    assertThat(testScopedRuleIssues).hasSize(1);
+    assertIssue(testScopedRuleIssues.get(0), 14,
+      "Consider using \"assertEqual\" instead.", "test-rules:tests/test_my_code.py");
+  }
+
+  @Test
+  void sonar_tests_configured_bypasses_heuristic() {
+    // When sonar.tests is explicitly configured, the path-based heuristic is inactive.
+    // Platform typing governs: files under tests/ are TEST because sonar.tests=tests.
+    // Setting sonar.tests is the recommended approach — it gives explicit, predictable
+    // control and produces the same isolation as the heuristic.
+    orchestrator.executeBuild(newBuild()
+      .setProperty("sonar.sources", "src")
+      .setProperty("sonar.tests", "tests"));
+
+    List<Issues.Issue> mainRuleIssues = issues("python:S3923");
+    List<Issues.Issue> allFilesRuleIssues = issues("python:S5905");
+    List<Issues.Issue> testScopedRuleIssues = issues("python:S5906");
+
+    // S3923 (MAIN-scoped): tests/ files are TEST by platform typing — same suppression as heuristic
+    assertThat(mainRuleIssues).hasSize(1);
+    assertIssue(mainRuleIssues.get(0), 3,
+      "Remove this if statement or edit its code blocks so that they're not all the same.",
+      "test-rules:src/some_code.py");
+
+    assertThat(allFilesRuleIssues).hasSize(2);
+    assertIssue(allFilesRuleIssues.get(0), 2,
+      "Fix this assertion on a tuple literal.", "test-rules:src/some_code.py");
+    assertIssue(allFilesRuleIssues.get(1), 3,
+      "Fix this assertion on a tuple literal.", "test-rules:tests/test_my_code.py");
+
+    // S5906 (TEST-scoped): fires on the explicit test file
+    assertThat(testScopedRuleIssues).hasSize(1);
+    assertIssue(testScopedRuleIssues.get(0), 14,
+      "Consider using \"assertEqual\" instead.", "test-rules:tests/test_my_code.py");
+  }
+
   private void assertIssue(Issues.Issue issue, int expectedLine, String expectedMessage, String expectedComponent) {
     assertThat(issue.getLine()).isEqualTo(expectedLine);
     assertThat(issue.getMessage()).isEqualTo(expectedMessage);
     assertThat(issue.getComponent()).isEqualTo(expectedComponent);
   }
 
   private static List<Issues.Issue> issues(String rulekey) {
-    return newWsClient().issues().search(new SearchRequest().setRules(singletonList(rulekey))).getIssuesList();
+    return newWsClient().issues().search(new SearchRequest().setRules(singletonList(rulekey))).getIssuesList()
+      .stream()
+      .sorted(Comparator.comparing(Issues.Issue::getComponent).thenComparingInt(Issues.Issue::getLine))
+      .collect(Collectors.toList());
   }
 }

its/plugin/it-python-plugin-test/src/test/java/com/sonar/python/it/plugin/TestRulesTest.java

@@ -42,6 +42,7 @@
 import org.sonar.plugins.python.indexer.SonarQubePythonIndexer;
 import org.sonar.plugins.python.nosonar.NoSonarLineInfoCollector;
 import org.sonar.plugins.python.telemetry.SensorTelemetryStorage;
+import org.sonar.plugins.python.warnings.AnalysisWarningsWrapper;
 import org.sonar.plugins.python.telemetry.TelemetryMetricKey;
 import org.sonar.python.caching.CacheContextImpl;
 import org.sonar.python.parser.PythonParser;
@@ -119,7 +120,7 @@ public void execute(SensorContext context) {
     }
     if (isInSonarLintRuntime(context)) {
       PythonScanner scanner = new PythonScanner(context, checks, fileLinesContextFactory, noSonarFilter, PythonParser::createIPythonParser,
-        indexer, new DummyArchitectureCallback(), noSonarLineInfoCollector);
+        indexer, new DummyArchitectureCallback(), noSonarLineInfoCollector, new AnalysisWarningsWrapper());
       scanner.execute(pythonFiles, context);
     } else {
       processNotebooksFiles(pythonFiles, context);
@@ -139,7 +140,7 @@ private void processNotebooksFiles(List<PythonInputFile> pythonFiles, SensorCont
     CacheContext cacheContext = CacheContextImpl.dummyCache();
     PythonIndexer pythonIndexer = new SonarQubePythonIndexer(pythonFiles, cacheContext, context, projectConfigurationBuilder);
     PythonScanner scanner = new PythonScanner(context, checks, fileLinesContextFactory, noSonarFilter, PythonParser::createIPythonParser,
-      pythonIndexer, new DummyArchitectureCallback(), noSonarLineInfoCollector);
+      pythonIndexer, new DummyArchitectureCallback(), noSonarLineInfoCollector, new AnalysisWarningsWrapper());
     scanner.execute(pythonFiles, context);
     sensorTelemetryStorage.updateMetric(TelemetryMetricKey.NOTEBOOK_RECOGNITION_ERROR_KEY, scanner.getRecognitionErrorCount());
     updateDatabricksTelemetry(scanner);

python-commons/src/main/java/org/sonar/plugins/python/IPynbSensor.java

@@ -19,6 +19,7 @@
 import com.sonar.sslr.api.AstNode;
 import com.sonar.sslr.api.RecognitionException;
 import java.io.File;
+import javax.annotation.Nullable;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -56,6 +57,7 @@
 import org.sonar.plugins.python.telemetry.collectors.TestFileTelemetryCollector;
 import org.sonar.plugins.python.telemetry.collectors.TypeInferenceTelemetry;
 import org.sonar.plugins.python.telemetry.collectors.TypeInferenceTelemetryCollector;
+import org.sonar.plugins.python.warnings.AnalysisWarningsWrapper;
 import org.sonar.python.IPythonLocation;
 import org.sonar.python.SubscriptionVisitor;
 import org.sonar.python.parser.PythonParser;
@@ -85,15 +87,24 @@ public class PythonScanner extends Scanner {
   private final Lock lock;
   private final TypeInferenceTelemetryCollector typeInferenceTelemetryCollector;
   private final TestFileTelemetryCollector testFileTelemetryCollector;
+  private final boolean testSourcesConfigured;
+  private final AnalysisWarningsWrapper analysisWarnings;
+  private final AtomicBoolean heuristicWarningEmitted = new AtomicBoolean(false);
+  static final String UNSET_SONAR_TESTS_WARNING = "SonarPython detected files that look like test code " +
+    "but 'sonar.tests' is not configured. Rules targeting production code were not executed on these files. " +
+    "Configure 'sonar.tests' in your project properties for a more accurate analysis.";
 
   public PythonScanner(
     SensorContext context, PythonChecks checks, FileLinesContextFactory fileLinesContextFactory, NoSonarFilter noSonarFilter,
-    Supplier<PythonParser> parserSupplier, PythonIndexer indexer, PythonFileConsumer architectureCallback, NoSonarLineInfoCollector noSonarLineInfoCollector) {
+    Supplier<PythonParser> parserSupplier, PythonIndexer indexer, PythonFileConsumer architectureCallback,
+    NoSonarLineInfoCollector noSonarLineInfoCollector, AnalysisWarningsWrapper analysisWarnings) {
     super(context);
     this.checks = checks;
     this.parserSupplier = parserSupplier;
     this.indexer = indexer;
     this.noSonarLineInfoCollector = noSonarLineInfoCollector;
+    this.analysisWarnings = analysisWarnings;
+    this.testSourcesConfigured = TestFileClassifier.isTestSourceConfigured(context.config());
     this.indexer.buildOnce(context);
     this.architectureCallback = architectureCallback;
     this.checksExecutedWithoutParsingByFiles = new ConcurrentHashMap<>();
@@ -125,9 +136,14 @@ protected void scanFile(PythonInputFile inputFile) throws IOException {
     var pythonFile = SonarQubePythonFile.create(inputFile);
     InputFile.Type fileType = inputFile.wrappedFile().type();
     PythonVisitorContext visitorContext = createVisitorContext(inputFile, pythonFile);
+    InputFile.Type effectiveTypeForRules = resolveEffectiveTypeForRules(
+      fileType, projectRelativePath(inputFile), visitorContext.rootTree());
+    if (!testSourcesConfigured && fileType == InputFile.Type.MAIN) {
+      indexer.writeEffectiveFileType(inputFile.wrappedFile().key(), effectiveTypeForRules);
+    }
 
-    executeChecks(visitorContext, checks.sonarPythonChecks(), fileType, inputFile);
-    executeOtherChecks(inputFile, visitorContext, fileType);
+    executeChecks(visitorContext, checks.sonarPythonChecks(), effectiveTypeForRules, inputFile);
+    executeOtherChecks(inputFile, visitorContext, effectiveTypeForRules);
 
 
     runLockedByRepository(ARCHITECTURE_CALLBACK_LOCK_KEY, () -> architectureCallback.scanFile(visitorContext));
@@ -241,6 +257,11 @@ private static Map<Integer, IPythonLocation> getOffsetLocations(PythonInputFile
   @Override
   public boolean scanFileWithoutParsing(PythonInputFile inputFile) {
     InputFile.Type fileType = inputFile.wrappedFile().type();
+    InputFile.Type effectiveTypeForRules = resolveEffectiveTypeForRulesFromCache(
+      fileType, projectRelativePath(inputFile), inputFile.wrappedFile().key());
+    if (effectiveTypeForRules == null) {
+      return false;
+    }
     boolean result = true;
     PythonFile pythonFile = SonarQubePythonFile.create(inputFile.wrappedFile());
     PythonInputFileContext inputFileContext = new PythonInputFileContext(
@@ -251,13 +272,13 @@ public boolean scanFileWithoutParsing(PythonInputFile inputFile) {
       indexer.projectLevelSymbolTable()
     );
 
-    result = scanFileWithoutParsingSonarPython(inputFile, fileType, inputFileContext, result);
+    result = scanFileWithoutParsingSonarPython(inputFile, effectiveTypeForRules, inputFileContext, result);
 
     var atomicResult = new AtomicBoolean(result);
     var otherChecks = checks.noSonarPythonChecks();
     otherChecks.forEach((repositoryKey, repositoryChecks) -> runLockedByRepository(repositoryKey, () -> {
       for (var check : repositoryChecks) {
-        var scanResult = scanFileWithoutParsingNotSonarPython(inputFile, check, fileType, atomicResult.get(), inputFileContext);
+        var scanResult = scanFileWithoutParsingNotSonarPython(inputFile, check, effectiveTypeForRules, atomicResult.get(), inputFileContext);
         atomicResult.set(scanResult);
       }
     }));
@@ -322,6 +343,49 @@ private void endOfAnalysisForRepository(String repositoryKey, List<EndOfAnalysis
     runLockedByRepository(repositoryKey, () -> endOfAnalyses.forEach(c -> c.endOfAnalysis(indexer.cacheContext())));
   }
 
+  private String projectRelativePath(PythonInputFile inputFile) {
+    return context.fileSystem().baseDir().toURI()
+      .relativize(inputFile.wrappedFile().uri())
+      .toString();
+  }
+
+  private boolean isBypassed(InputFile.Type platformType) {
+    return testSourcesConfigured || platformType == InputFile.Type.TEST;
+  }
+
+  private InputFile.Type resolveEffectiveTypeForRules(InputFile.Type platformType, String filePath, @Nullable FileInput tree) {
+    if (isBypassed(platformType)) {
+      return platformType;
+    }
+    boolean isTest = TestFileClassifier.looksLikeTestFile(filePath, tree);
+    if (isTest) {
+      maybeEmitHeuristicWarning();
+      return InputFile.Type.TEST;
+    }
+    return InputFile.Type.MAIN;
+  }
+
+  @Nullable
+  private InputFile.Type resolveEffectiveTypeForRulesFromCache(InputFile.Type platformType, String filePath, String fileKey) {
+    if (isBypassed(platformType)) {
+      return platformType;
+    }
+    InputFile.Type cached = indexer.readEffectiveFileType(fileKey);
+    if (cached == null) {
+      // Cache entry is missing while the file is unchanged — the cache is in an inconsistent state
+      // This should never happen in normal operation. Fall back to a full parse rather than guessing the type.
+      LOG.debug("No cached effective file type for '{}': triggering full parse", filePath);
+    }
+    return cached;
+  }
+
+  private void maybeEmitHeuristicWarning() {
+    if (heuristicWarningEmitted.compareAndSet(false, true)) {
+      LOG.warn(UNSET_SONAR_TESTS_WARNING);
+      analysisWarnings.addUnique(UNSET_SONAR_TESTS_WARNING);
+    }
+  }
+
   boolean isCheckNotApplicable(PythonCheck pythonCheck, InputFile.Type fileType) {
     return fileType != InputFile.Type.MAIN && pythonCheck.scope() != PythonCheck.CheckScope.ALL;
   }

python-commons/src/main/java/org/sonar/plugins/python/PythonScanner.java

@@ -153,7 +153,7 @@ public void execute(SensorContext context) {
     pythonIndexer.setSonarLintCache(sonarLintCache);
     TypeShed.setProjectLevelSymbolTable(pythonIndexer.projectLevelSymbolTable());
     PythonScanner scanner = new PythonScanner(context, checks, fileLinesContextFactory, noSonarFilter, PythonParser::create,
-      pythonIndexer, architectureCallback, noSonarLineInfoCollector);
+      pythonIndexer, architectureCallback, noSonarLineInfoCollector, analysisWarnings);
     scanner.execute(pythonFiles, context);
     Duration sensorTime = Duration.between(sensorStartTime, Instant.now());