SONARPY-3177 Implement S1309 for noqa (#390)

GitOrigin-RevId: 1c63c394268b3a586c428e2578289b6bdd6fb3a6

Author: Seppli11

its/plugin/it-python-plugin-test/profiles/nosonar.xml

@@ -17,5 +17,10 @@
       <key>OneStatementPerLine</key>
       <priority>INFO</priority>
     </rule>
+    <rule>
+      <repositoryKey>python</repositoryKey>
+      <key>S1309</key>
+      <priority>INFO</priority>
+    </rule>
   </rules>
 </profile>

its/plugin/it-python-plugin-test/projects/nosonar/noqa-project/main.py

@@ -0,0 +1,22 @@
+print "Hello"
+print "Hello"  # noqa
+print "Hello"  # noqa: PrintStatementUsage
+print "Hello"  # noqa: PrintStatementUsage, S1309
+
+# noqa with comments
+print "Hello"  # noqa This is a comment
+print "Hello"  # noqa: PrintStatementUsage This is a comment
+
+# multiple issues
+print "Hello"; print "World"
+print "Hello"; print "World"  # noqa
+print "Hello"; print "World"  # noqa: OneStatementPerLine,PrintStatementUsage
+print "Hello"; print "World"  # noqa: OneStatementPerLine, PrintStatementUsage
+
+# invalid noqa formats
+print "Hello"  # noqa:
+print "Hello"  # noqa: Invalid_Rule_Name
+print "Hello"  # noqa PrintStatementUsage (missing colon)
+
+# noqa at the end of file
+print "Hello"  # noqa: PrintStatementUsage

its/plugin/it-python-plugin-test/src/test/java/com/sonar/python/it/plugin/NoSonarTest.java

@@ -30,6 +30,7 @@ public class NoSonarTest {
 
   private static final String NO_SONAR_PROJECT_KEY = "nosonar";
   private static final String EXTERNAL_ISSUE_PROJECT_KEY = "external-issues";
+  private static final String NOQA_PROJECT_KEY = "noqa";
 
   private static final String PROFILE_NAME = "nosonar";
 
@@ -95,6 +96,42 @@ void test_nosonar() {
         .doesNotContainIssue(20, "python:OneStatementPerLine");
   }
 
+  @Test
+  void test_noqa() {
+    analyzeProject(createScanner(NOQA_PROJECT_KEY, "projects/nosonar/noqa-project"));
+
+    IssueListAssert.assertThat(issues(NOQA_PROJECT_KEY))
+        .hasSize(20)
+        // basic noqa checks
+        .containsIssue(1, "python:PrintStatementUsage")
+        .containsIssue(2, "python:S1309").doesNotContainIssue(2, "python:PrintStatementUsage")
+        .containsIssue(3, "python:S1309").doesNotContainIssue(3, "python:PrintStatementUsage")
+        .containsIssue(4, "python:S1309").doesNotContainIssue(4, "python:PrintStatementUsage")
+        
+        // noqa with specific rules
+        .containsIssue(6, "python:S1309")
+        .containsIssue(7, "python:S1309").doesNotContainIssue(6, "python:PrintStatementUsage")
+        .containsIssue(8, "python:S1309").doesNotContainIssue(7, "python:PrintStatementUsage")
+        
+        // noqa with multiple rules
+        .containsIssue(11, "python:OneStatementPerLine").containsIssue(11, "python:PrintStatementUsage")
+        .containsIssue(12, "python:S1309").doesNotContainIssue(12, "python:PrintStatementUsage")
+        .doesNotContainIssue(12, "python:OneStatementPerLine")
+        .containsIssue(13, "python:S1309").doesNotContainIssue(13, "python:PrintStatementUsage")
+        .doesNotContainIssue(13, "python:OneStatementPerLine")
+        .containsIssue(14, "python:S1309").doesNotContainIssue(14, "python:PrintStatementUsage")
+        .doesNotContainIssue(14, "python:OneStatementPerLine")
+
+        // invalid noqa
+        .containsIssue(17, "python:S1309").doesNotContainIssue(17, "python:PrintStatementUsage")
+        .containsIssue(18, "python:S1309").containsIssue(18, "python:PrintStatementUsage")
+        .containsIssue(19, "python:S1309").doesNotContainIssue(19, "python:PrintStatementUsage").doesNotContainIssue(19, "python:PrintStatementUsage")
+        
+        // noqa at the end of file
+        .containsIssue(21, "python:S1309")
+        .containsIssue(22, "python:S1309").doesNotContainIssue(22, "python:PrintStatementUsage");
+  }
+
   private void analyzeProject(SonarScanner scanner) {
     String projectKey = scanner.getProperty("sonar.projectKey");
     ORCHESTRATOR.getServer().provisionProject(projectKey, projectKey);

python-checks/src/main/java/org/sonar/python/checks/NoQaCommentCheck.java

@@ -0,0 +1,43 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.checks;
+
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.PythonSubscriptionCheck;
+import org.sonar.plugins.python.api.nosonar.NoSonarInfoParser;
+import org.sonar.plugins.python.api.tree.Token;
+import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.plugins.python.api.tree.Trivia;
+
+@Rule(key = "S1309")
+public class NoQaCommentCheck extends PythonSubscriptionCheck {
+
+  private static final String MESSAGE = "Is #noqa used to exclude false-positive or to hide real quality flaw?";
+
+  @Override
+  public void initialize(Context context) {
+    context.registerSyntaxNodeConsumer(Tree.Kind.TOKEN, ctx -> {
+      Token token = (Token) ctx.syntaxNode();
+      for (Trivia trivia : token.trivia()) {
+        String commentLine = trivia.token().value();
+        if (NoSonarInfoParser.isValidNoQa(commentLine)) {
+          ctx.addIssue(trivia.token(), MESSAGE);
+        }
+      }
+    });
+  }
+}

python-checks/src/main/java/org/sonar/python/checks/OpenSourceCheckList.java

@@ -292,6 +292,7 @@ public Stream<Class<?>> getChecks() {
       NonStringInAllPropertyCheck.class,
       NonSingletonTfVariableCheck.class,
       NoPersonReferenceInTodoCheck.class,
+      NoQaCommentCheck.class,
       NoReRaiseInExitCheck.class,
       NoSonarCommentCheck.class,
       NoSonarCommentFormatCheck.class,

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1309.html

@@ -0,0 +1,7 @@
+<h2>Why is this an issue?</h2>
+<p>This rule allows you to track the usage of <code>noqa</code> comments used to suppress specific linting issues.</p>
+<h3>Noncompliant code example</h3>
+<pre>
+... # noqa: S100
+</pre>
+

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S1309.json

@@ -0,0 +1,21 @@
+{
+  "title": "Track uses of noqa comments",
+  "type": "CODE_SMELL",
+  "code": {
+    "impacts": {
+      "MAINTAINABILITY": "INFO"
+    },
+    "attribute": "CLEAR"
+  },
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "10min"
+  },
+  "tags": [],
+  "defaultSeverity": "Info",
+  "ruleSpecification": "RSPEC-1309",
+  "sqKey": "S1309",
+  "scope": "All",
+  "quickfix": "unknown"
+}

python-checks/src/test/java/org/sonar/python/checks/NoQaCommentCheckTest.java

@@ -0,0 +1,29 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.checks;
+
+import org.junit.jupiter.api.Test;
+import org.sonar.python.checks.utils.PythonCheckVerifier;
+
+class NoQaCommentCheckTest {
+
+  @Test
+  void test() {
+    PythonCheckVerifier.verify("src/test/resources/checks/noqaComment.py", new NoQaCommentCheck());
+  }
+
+}

python-checks/src/test/resources/checks/noqaComment.py

@@ -0,0 +1,32 @@
+def divide(numerator, denominator):
+# Noncompliant@+1 {{Is #noqa used to exclude false-positive or to hide real quality flaw?}}
+    return numerator / denominator              # noqa denominator value might be 0
+#                                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+# Noncompliant@+1
+#noqa
+
+# Noncompliant@+1
+    # noqa: E501
+
+# Noncompliant@+1
+# noqa: E501,W503
+
+# a noqa just mixed in should not be detected
+
+# NOQA should not be detected 
+# NOSONAR should not be detected (different rule)
+
+# NoQa in mixed case should not be detected (only lowercase noqa is valid)
+
+# no qa with space should not be detected
+
+# Invalid example
+# noqa:
+# Noncompliant@-1 
+
+#  something noqa: something, not valid since not at the beginning of the comment
+
+# this is not no qa
+a = "noqa-text"
+text = "noqa is mentioned here"

python-commons/src/main/java/org/sonar/plugins/python/MeasuresRepository.java

@@ -65,8 +65,6 @@ private void saveInternal(PythonInputFile inputFile, PythonVisitorContext visito
     FileMetrics fileMetrics = new FileMetrics(visitorContext, isNotebook(inputFile));
     FileLinesVisitor fileLinesVisitor = fileMetrics.fileLinesVisitor();
 
-    processNoSonarInFile(inputFile);
-
     if (!isInSonarLint) {
       Set<Integer> linesOfCode = fileLinesVisitor.getLinesOfCode();
       saveMetricOnFile(inputFile, CoreMetrics.NCLOC, linesOfCode.size());
@@ -90,16 +88,6 @@ private void saveInternal(PythonInputFile inputFile, PythonVisitorContext visito
     }
   }
 
-  private void processNoSonarInFile(PythonInputFile inputFile) {
-    try {
-      lock.lock();
-      var linesWithEmptyNosonar = noSonarLineInfoCollector.getLinesWithEmptyNoSonar(inputFile.wrappedFile().key());
-      noSonarFilter.noSonarInFile(inputFile.wrappedFile(), linesWithEmptyNosonar);
-    } finally {
-      lock.unlock();
-    }
-  }
-
   static boolean isNotebook(PythonInputFile inputFile) {
     return inputFile.kind() == PythonInputFile.Kind.IPYTHON;
   }