SONARPY-4028 Fix valueAsLong() in NumericLiteralImpl to work for floating point values such as 0.0 (#1056)

marc-jasper-sonarsource · sonartech · commit 387356320f13 · 2026-04-13T07:17:33.000Z
GitOrigin-RevId: 715a6f8d99450bb09dedf604154c7090107998e1
diff --git a/python-checks/src/main/java/org/sonar/python/checks/FastAPIHTTPExceptionDocumentedCheck.java b/python-checks/src/main/java/org/sonar/python/checks/FastAPIHTTPExceptionDocumentedCheck.java
@@ -261,7 +261,11 @@ private static Optional<Integer> extractStatusCode(Expression statusCodeExpr) {
         return extractStatusCode(singleAssignedValue);
       }
     } else if (statusCodeExpr instanceof NumericLiteral numericLiteral) {
-      return Optional.of((int) numericLiteral.valueAsLong());
+      try {
+        return Optional.of((int) numericLiteral.valueAsLong());
+      } catch (NumberFormatException e) {
+        return Optional.empty();
+      }
     } else if (statusCodeExpr instanceof StringLiteral stringLiteral) {
       try {
         return Optional.of(Integer.parseInt(stringLiteral.trimmedQuotesValue()));
diff --git a/python-checks/src/main/java/org/sonar/python/checks/FilePermissionsCheck.java b/python-checks/src/main/java/org/sonar/python/checks/FilePermissionsCheck.java
@@ -99,7 +99,11 @@ private static boolean isUnsafeExpression(Expression expression, int safeModulo,
     }
     if (expression.is(Tree.Kind.NUMERIC_LITERAL)) {
       NumericLiteral numericLiteral = (NumericLiteral) expression;
-      return numericLiteral.valueAsLong() % 8 != safeModulo;
+      try {
+        return numericLiteral.valueAsLong() % 8 != safeModulo;
+      } catch (NumberFormatException nfe) {
+        return false;
+      }
     }
     if (expression.is(Tree.Kind.NAME)) {
       Expression singleAssignedValue = Expressions.singleAssignedValue(((Name) expression));
diff --git a/python-checks/src/main/java/org/sonar/python/checks/IncorrectParameterDatetimeConstructorsCheck.java b/python-checks/src/main/java/org/sonar/python/checks/IncorrectParameterDatetimeConstructorsCheck.java
@@ -102,16 +102,20 @@ public Tree expression() {
   }
 
   private static ValueWithExpression getValue(Expression expression) {
-    if (expression.is(Tree.Kind.NUMERIC_LITERAL)) {
-      return new ValueWithExpression(((NumericLiteral) expression).valueAsLong(), expression);
-    } else if (expression.is(Tree.Kind.UNARY_MINUS)) {
-      UnaryExpression unaryExpression = (UnaryExpression) expression;
-      if (!unaryExpression.expression().is(Tree.Kind.NUMERIC_LITERAL)) {
-        return null;
+    try {
+      if (expression.is(Tree.Kind.NUMERIC_LITERAL)) {
+        return new ValueWithExpression(((NumericLiteral) expression).valueAsLong(), expression);
+      } else if (expression.is(Tree.Kind.UNARY_MINUS)) {
+        UnaryExpression unaryExpression = (UnaryExpression) expression;
+        if (!unaryExpression.expression().is(Tree.Kind.NUMERIC_LITERAL)) {
+          return null;
+        }
+        return new ValueWithExpression(-((NumericLiteral) unaryExpression.expression()).valueAsLong(), unaryExpression);
+      } else if (expression.is(Tree.Kind.NAME)) {
+        return Expressions.singleAssignedNonNameValue((Name) expression).map(IncorrectParameterDatetimeConstructorsCheck::getValue).orElse(null);
       }
-      return new ValueWithExpression(-((NumericLiteral) unaryExpression.expression()).valueAsLong(), unaryExpression);
-    } else if (expression.is(Tree.Kind.NAME)) {
-      return Expressions.singleAssignedNonNameValue((Name) expression).map(IncorrectParameterDatetimeConstructorsCheck::getValue).orElse(null);
+    } catch (NumberFormatException nfe) {
+      return null;
     }
     return null;
   }
diff --git a/python-checks/src/main/java/org/sonar/python/checks/UnnecessarySubscriptReversalCheck.java b/python-checks/src/main/java/org/sonar/python/checks/UnnecessarySubscriptReversalCheck.java
@@ -88,15 +88,19 @@ private boolean isSensitiveCall(CallExpression callExpression) {
   }
 
   private static boolean isSubscriptReversal(@Nullable Tree expression) {
-    return expression instanceof SliceExpression sliceExpression
-           && sliceExpression.sliceList().slices().size() == 1
-           && sliceExpression.sliceList().slices().get(0) instanceof SliceItem sliceItem
-           && sliceItem.lowerBound() == null
-           && sliceItem.upperBound() == null
-           && sliceItem.stride() instanceof UnaryExpression unaryExpression
-           && unaryExpression.is(Tree.Kind.UNARY_MINUS)
-           && unaryExpression.expression() instanceof NumericLiteral numericLiteral
-           && numericLiteral.valueAsLong() == 1;
+    try {
+      return expression instanceof SliceExpression sliceExpression
+             && sliceExpression.sliceList().slices().size() == 1
+             && sliceExpression.sliceList().slices().get(0) instanceof SliceItem sliceItem
+             && sliceItem.lowerBound() == null
+             && sliceItem.upperBound() == null
+             && sliceItem.stride() instanceof UnaryExpression unaryExpression
+             && unaryExpression.is(Tree.Kind.UNARY_MINUS)
+             && unaryExpression.expression() instanceof NumericLiteral numericLiteral
+             && numericLiteral.valueAsLong() == 1;
+    } catch (NumberFormatException nfe) {
+      return false;
+    }
   }
 
   private static int getUsageCount(Name name) {
diff --git a/python-checks/src/main/java/org/sonar/python/checks/UseStartsWithEndsWithCheck.java b/python-checks/src/main/java/org/sonar/python/checks/UseStartsWithEndsWithCheck.java
@@ -123,9 +123,7 @@ private static SliceType fromSliceItem(SliceItem sliceItem) {
       // then we don't check the rule.
       if (stride != null &&
         !stride.type().mustBeOrExtend(BuiltinTypes.NONE_TYPE) &&
-        !(stride.is(Tree.Kind.NUMERIC_LITERAL) &&
-          stride.type().mustBeOrExtend(BuiltinTypes.INT) &&
-          ((NumericLiteral) stride).valueAsLong() == 1)) {
+        !isIntLiteralEqualTo(stride, 1)) {
         return SliceType.COMPLEX;
       }
 
@@ -153,6 +151,16 @@ private static boolean isEmptyBound(@CheckForNull Expression bound) {
     }
   }
 
+  private static boolean isIntLiteralEqualTo(Expression expression, long expected) {
+    try {
+      return expression.is(Tree.Kind.NUMERIC_LITERAL)
+        && expression.type().mustBeOrExtend(BuiltinTypes.INT)
+        && ((NumericLiteral) expression).valueAsLong() == expected;
+    } catch (NumberFormatException nfe) {
+      return false;
+    }
+  }
+
   private enum OperatorType {
     EQUALS,
     NOT_EQUALS,
diff --git a/python-checks/src/main/java/org/sonar/python/checks/VerifiedSslTlsCertificateCheck.java b/python-checks/src/main/java/org/sonar/python/checks/VerifiedSslTlsCertificateCheck.java
@@ -433,7 +433,11 @@ private static boolean isFalsyRange(CallExpression callExpr, String fqn) {
         Expression firstArgExpr = regArg.expression();
         if (firstArgExpr.is(Tree.Kind.NUMERIC_LITERAL)) {
           NumericLiteral num = (NumericLiteral) firstArgExpr;
-          return num.valueAsLong() == 0L;
+          try {
+            return num.valueAsLong() == 0L;
+          } catch (NumberFormatException nfe) {
+            return false;
+          }
         }
       }
     }
diff --git a/python-checks/src/main/java/org/sonar/python/checks/cdk/CdkPredicate.java b/python-checks/src/main/java/org/sonar/python/checks/cdk/CdkPredicate.java
@@ -194,7 +194,16 @@ private static boolean anyValueInInterval(Collection<Long> values, long min, lon
   }
 
   public static Predicate<Expression> isNumeric(Set<Long> vals) {
-    return expression -> expression.is(Tree.Kind.NUMERIC_LITERAL) && vals.contains(((NumericLiteral) expression).valueAsLong());
+    return expression -> {
+      if (!expression.is(Tree.Kind.NUMERIC_LITERAL)) {
+        return false;
+      }
+      try {
+        return vals.contains(((NumericLiteral) expression).valueAsLong());
+      } catch (NumberFormatException nfe) {
+        return false;
+      }
+    };
   }
 
 }
diff --git a/python-checks/src/main/java/org/sonar/python/checks/cdk/CdkUtils.java b/python-checks/src/main/java/org/sonar/python/checks/cdk/CdkUtils.java
@@ -55,7 +55,7 @@ private CdkUtils() {
   public static Optional<Integer> getInt(Expression expression) {
     try {
       return Optional.of((int)((NumericLiteral) expression).valueAsLong());
-    } catch (ClassCastException e) {
+    } catch (ClassCastException | NumberFormatException e) {
       return Optional.empty();
     }
   }
diff --git a/python-checks/src/main/java/org/sonar/python/checks/hotspots/CommonValidationUtils.java b/python-checks/src/main/java/org/sonar/python/checks/hotspots/CommonValidationUtils.java
@@ -61,8 +61,12 @@ public static boolean isMoreThan(Expression expression, int number) {
   static boolean isLessThanExponent(Expression expression, int exponent) {
     if (expression.is(Tree.Kind.SHIFT_EXPR)) {
       var shiftExpression = (BinaryExpression) expression;
-      return shiftExpression.leftOperand().is(Tree.Kind.NUMERIC_LITERAL) && (((NumericLiteral) shiftExpression.leftOperand()).valueAsLong() == 1)
-        && isLessThan(shiftExpression.rightOperand(), exponent);
+      try {
+        return shiftExpression.leftOperand().is(Tree.Kind.NUMERIC_LITERAL) && (((NumericLiteral) shiftExpression.leftOperand()).valueAsLong() == 1)
+          && isLessThan(shiftExpression.rightOperand(), exponent);
+      } catch (NumberFormatException nfe) {
+        return false;
+      }
     }
     if (expression.is(Tree.Kind.NAME)) {
       return Expressions.singleAssignedNonNameValue(((Name) expression))
diff --git a/python-checks/src/main/java/org/sonar/python/checks/tests/UnconditionalAssertionCheck.java b/python-checks/src/main/java/org/sonar/python/checks/tests/UnconditionalAssertionCheck.java
@@ -103,7 +103,11 @@ private static boolean isFalseOrZeroLiteral(Expression expression) {
       return "False".equals(((Name) expression).name());
     }
     if (expression.is(NUMERIC_LITERAL)) {
-      return ((NumericLiteral) expression).valueAsLong() == 0;
+      try {
+        return ((NumericLiteral) expression).valueAsLong() == 0;
+      } catch (NumberFormatException nfe) {
+        return false;
+      }
     }
     return false;
   }
diff --git a/python-checks/src/test/resources/checks/cdk/unrestrictedAdministration_Connections.py b/python-checks/src/test/resources/checks/cdk/unrestrictedAdministration_Connections.py
@@ -62,6 +62,7 @@ def test_bad_port_variant(var):
 
         conn.allow_from(ec2.Peer.any_ipv4(), ec2.Port.all_tcp)
         conn.allow_from(ec2.Peer.any_ipv4(), ec2.Port.tcp(50))
+        conn.allow_from(ec2.Peer.any_ipv4(), ec2.Port.tcp(9223372036854775808))  # Compliant (port literal does not parse to long)
         conn.allow_from(ec2.Peer.any_ipv4(), ec2.Port.tcp(variable=3389))
         conn.allow_from(ec2.Peer.any_ipv4(), ec2.Port.tcp(port="3389"))
         conn.allow_from(ec2.Peer.any_ipv4(), ec2.Port.tcp_range(start_port=30, end_port=40))
diff --git a/python-checks/src/test/resources/checks/fastAPIHTTPExceptionDocumented.py b/python-checks/src/test/resources/checks/fastAPIHTTPExceptionDocumented.py
@@ -76,6 +76,11 @@ def positional_status_code_argument():
 #         ^^^^^^^^^^^^^
 
 
+@app.get("/overflow-status")
+def positional_status_code_overflow_literal():
+    raise HTTPException(9223372036854775808, detail="not a representable status code")
+
+
 @app.post("/create")
 def post_method_undocumented():
     raise HTTPException(status_code=409, detail="Conflict")  # Noncompliant
diff --git a/python-checks/src/test/resources/checks/fastHashingOrPlainText/fastHashingOrPlainText.py b/python-checks/src/test/resources/checks/fastHashingOrPlainText/fastHashingOrPlainText.py
@@ -8,6 +8,7 @@ def non_hashlib():
     scrypt.hash(password, salt, buflen=31)  # Noncompliant
     scrypt.hash(password, salt, buflen=32)
     scrypt.hash(password, salt, N=1 << 12)  # Noncompliant
+    scrypt.hash(password, salt, N=9223372036854775808 << 1)  # Compliant (invalid long: isLessThanExponent handles NFE)
     exp = 7
     scrypt.hash(password, salt, N=1 << exp)  # Noncompliant
     exp_2 = 1 << 3
diff --git a/python-checks/src/test/resources/checks/hotspots/filePermissions.py b/python-checks/src/test/resources/checks/hotspots/filePermissions.py
@@ -62,6 +62,8 @@
 os.chmod("/tmp/fs", 256)  # Compliant -r--------
 os.chmod("/tmp/fs", 0)    # Compliant ----------
 
+os.chmod("/tmp/fs", 9223372036854775808)  # Compliant (mode literal does not parse to long)
+
 os.chmod("/tmp/fs", 4)     # Noncompliant
 os.chmod("/tmp/fs", 260)   # Noncompliant
 
diff --git a/python-checks/src/test/resources/checks/incorrectParameterDatetimeConstructorsCheck.py b/python-checks/src/test/resources/checks/incorrectParameterDatetimeConstructorsCheck.py
@@ -4,6 +4,7 @@ def compliant_examples():
     datetime.time(12, 30, 0, 0)
     datetime.date(2024, 3, 1)
     datetime.datetime(2024, 3, 1, 12, 30, 0, 0)
+    datetime.date(9223372036854775808, 1, 1)  # Compliant (year literal does not parse to long)
 
 def non_compliant_examples():
     datetime.date(2024, 3, 32) # Noncompliant {{Provide a correct value for the `day` parameter.}}
diff --git a/python-checks/src/test/resources/checks/unconditionalAssertion/unconditionalAssertion.py b/python-checks/src/test/resources/checks/unconditionalAssertion/unconditionalAssertion.py
@@ -59,6 +59,8 @@ def test_assert_statement_used_for_test_failure(self):
         # Should be raised by another rule
         assert False
         assert 0
+        assert 9223372036854775808  # Noncompliant {{Replace this expression; its boolean value is constant.}}
+    #          ^^^^^^^^^^^^^^^^^^^
 
 
     def test_constant_assert_true_with_unpacking(self):
diff --git a/python-checks/src/test/resources/checks/unnecessarySubscriptReversal.py b/python-checks/src/test/resources/checks/unnecessarySubscriptReversal.py
@@ -35,6 +35,7 @@ def case4():
   set(data[::-2])
   set(data[::1])
   set(data[::-b])
+  sorted(data[::-9223372036854775808])  # Compliant (stride literal does not parse to long)
   list(data[::-1])
 
 def case5():
diff --git a/python-checks/src/test/resources/checks/useStartsWithEndsWithCheck.py b/python-checks/src/test/resources/checks/useStartsWithEndsWithCheck.py
@@ -61,6 +61,7 @@ def f():
   foobar[3:6:0x1] == 'bar' # Same
   foobar[-3:] == 'bar' # Noncompliant {{Use `endswith` here.}}
   foobar[:-3] == 'foo' # Noncompliant {{Use `startswith` here.}}
+  foobar[::9223372036854775808] == 'foo'  # Compliant (stride literal: isIntLiteralEqualTo handles NFE)
 
   # If an index is not a plain number, we can not say for sure if it is negative/positive. Hence, we should suggest startswith and endswith
   foobar[:unknownA()] == 'foo' # Noncompliant {{Use `startswith` here.}}
diff --git a/python-checks/src/test/resources/checks/verifiedSslTlsCertificateCheck.py b/python-checks/src/test/resources/checks/verifiedSslTlsCertificateCheck.py
@@ -89,6 +89,7 @@ def requestsTests():
   #                                                        ^^^^^
   requests.request('GET', 'https://example.domain', verify=range(0)) # Noncompliant {{Enable server certificate validation on this SSL/TLS connection.}}
   #                                                        ^^^^^^^^
+  requests.request('GET', 'https://example.domain', verify=range(9223372036854775808)) # Compliant (stop literal does not parse to long)
   requests.request(verify=False, method='GET', url='https://example.domain') # Noncompliant {{Enable server certificate validation on this SSL/TLS connection.}}
   #                       ^^^^^
 
diff --git a/python-frontend/src/main/java/org/sonar/python/tree/NumericLiteralImpl.java b/python-frontend/src/main/java/org/sonar/python/tree/NumericLiteralImpl.java
@@ -16,6 +16,7 @@
  */
 package org.sonar.python.tree;
 
+import java.math.BigDecimal;
 import java.util.Collections;
 import java.util.List;
 import java.util.Locale;
@@ -61,6 +62,17 @@ public long valueAsLong() {
       return Integer.valueOf(literalValue.substring(2), 8);
     } else if (literalValue.startsWith("0x") || literalValue.startsWith("0X")) {
       return Integer.valueOf(literalValue.substring(2), 16);
+    } else if (numericKind() == NumericKind.FLOAT) {
+      // Decimal floats (e.g. 0.0, 1e3) must be handled before legacy octal (0-prefixed),
+      // otherwise tokens like "0.0" match the octal branch and ".0" is parsed as base 8.
+      try {
+        return new BigDecimal(literalValue).longValueExact();
+      } catch (ArithmeticException e) {
+        NumberFormatException nfe = new NumberFormatException(
+          "Not an integral floating-point literal: " + literalValue);
+        nfe.initCause(e);
+        throw nfe;
+      }
     } else if (literalValue.startsWith("0") && literalValue.length() > 1) {
       // Python 2 syntax (https://www.python.org/dev/peps/pep-3127/#removal-of-old-octal-syntax)
       return Integer.valueOf(literalValue.substring(1), 8);
diff --git a/python-frontend/src/test/java/org/sonar/python/tree/PythonTreeMakerTest.java b/python-frontend/src/test/java/org/sonar/python/tree/PythonTreeMakerTest.java
@@ -2070,6 +2070,18 @@ void numeric_literal_expression() {
     testNumericLiteral("0777", 511L);
     testNumericLiteral("0x28", 0x28L);
     testNumericLiteral("0X28", 0x28L);
+    testNumericLiteral("0.0", 0L);
+    testNumericLiteral("42.0", 42L);
+    testNumericLiteral("1e3", 1000L);
+    testNumericLiteral("3_0.0", 30L);
+  }
+
+  @Test
+  void numeric_literal_float_non_integral_valueAsLong_throws() {
+    setRootRule(PythonGrammar.ATOM);
+    Expression expression = parse("0.5", treeMaker::expression);
+    assertThat(expression.is(Tree.Kind.NUMERIC_LITERAL)).isTrue();
+    assertThatThrownBy(((NumericLiteral) expression)::valueAsLong).isInstanceOf(NumberFormatException.class);
   }
 
   private void testNumericLiteral(String code, Long expectedValue) {

Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,11 @@ private static boolean isUnsafeExpression(Expression expression, int safeModulo,`
`99`	`99`	`}`
`100`	`100`	`if (expression.is(Tree.Kind.NUMERIC_LITERAL)) {`
`101`	`101`	`NumericLiteral numericLiteral = (NumericLiteral) expression;`
`102`		`- return numericLiteral.valueAsLong() % 8 != safeModulo;`
	`102`	`+ try {`
	`103`	`+ return numericLiteral.valueAsLong() % 8 != safeModulo;`
	`104`	`+ } catch (NumberFormatException nfe) {`
	`105`	`+ return false;`
	`106`	`+ }`
`103`	`107`	`}`
`104`	`108`	`if (expression.is(Tree.Kind.NAME)) {`
`105`	`109`	`Expression singleAssignedValue = Expressions.singleAssignedValue(((Name) expression));`
Original file line number	Diff line number	Diff line change
`@@ -433,7 +433,11 @@ private static boolean isFalsyRange(CallExpression callExpr, String fqn) {`
`433`	`433`	`Expression firstArgExpr = regArg.expression();`
`434`	`434`	`if (firstArgExpr.is(Tree.Kind.NUMERIC_LITERAL)) {`
`435`	`435`	`NumericLiteral num = (NumericLiteral) firstArgExpr;`
`436`		`- return num.valueAsLong() == 0L;`
	`436`	`+ try {`
	`437`	`+ return num.valueAsLong() == 0L;`
	`438`	`+ } catch (NumberFormatException nfe) {`
	`439`	`+ return false;`
	`440`	`+ }`
`437`	`441`	`}`
`438`	`442`	`}`
`439`	`443`	`}`
Original file line number	Diff line number	Diff line change
`@@ -194,7 +194,16 @@ private static boolean anyValueInInterval(Collection<Long> values, long min, lon`
`194`	`194`	`}`
`195`	`195`
`196`	`196`	`public static Predicate<Expression> isNumeric(Set<Long> vals) {`
`197`		`- return expression -> expression.is(Tree.Kind.NUMERIC_LITERAL) && vals.contains(((NumericLiteral) expression).valueAsLong());`
	`197`	`+ return expression -> {`
	`198`	`+ if (!expression.is(Tree.Kind.NUMERIC_LITERAL)) {`
	`199`	`+ return false;`
	`200`	`+ }`
	`201`	`+ try {`
	`202`	`+ return vals.contains(((NumericLiteral) expression).valueAsLong());`
	`203`	`+ } catch (NumberFormatException nfe) {`
	`204`	`+ return false;`
	`205`	`+ }`
	`206`	`+ };`
`198`	`207`	`}`
`199`	`208`
`200`	`209`	`}`
Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ private CdkUtils() {`
`55`	`55`	`public static Optional<Integer> getInt(Expression expression) {`
`56`	`56`	`try {`
`57`	`57`	`return Optional.of((int)((NumericLiteral) expression).valueAsLong());`
`58`		`- } catch (ClassCastException e) {`
	`58`	`+ } catch (ClassCastException \| NumberFormatException e) {`
`59`	`59`	`return Optional.empty();`
`60`	`60`	`}`
`61`	`61`	`}`
Original file line number	Diff line number	Diff line change
`@@ -103,7 +103,11 @@ private static boolean isFalseOrZeroLiteral(Expression expression) {`
`103`	`103`	`return "False".equals(((Name) expression).name());`
`104`	`104`	`}`
`105`	`105`	`if (expression.is(NUMERIC_LITERAL)) {`
`106`		`- return ((NumericLiteral) expression).valueAsLong() == 0;`
	`106`	`+ try {`
	`107`	`+ return ((NumericLiteral) expression).valueAsLong() == 0;`
	`108`	`+ } catch (NumberFormatException nfe) {`
	`109`	`+ return false;`
	`110`	`+ }`
`107`	`111`	`}`
`108`	`112`	`return false;`
`109`	`113`	`}`