SONARPY-3946 Rule S8508 Mutable default values should not be used with "dict.fromkeys()" or "ContextVar()" (#992)

Co-authored-by: Sonar Vibe Bot <vibe-bot@sonarsource.com>
Co-authored-by: Guillaume Dequenne <guillaume.dequenne@sonarsource.com>
GitOrigin-RevId: eb0532027b854abc510c3de930187e950d00f720

Author: 3 people

python-checks/src/main/java/org/sonar/python/checks/MutableDefaultValueCheck.java

@@ -0,0 +1,111 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2025 SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.checks;
+
+import java.util.List;
+import java.util.Set;
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.PythonSubscriptionCheck;
+import org.sonar.plugins.python.api.SubscriptionContext;
+import org.sonar.plugins.python.api.tree.Argument;
+import org.sonar.plugins.python.api.tree.CallExpression;
+import org.sonar.plugins.python.api.tree.Expression;
+import org.sonar.plugins.python.api.tree.Name;
+import org.sonar.plugins.python.api.tree.QualifiedExpression;
+import org.sonar.plugins.python.api.tree.RegularArgument;
+import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatcher;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatchers;
+import org.sonar.python.tree.TreeUtils;
+
+@Rule(key = "S8508")
+public class MutableDefaultValueCheck extends PythonSubscriptionCheck {
+
+  private static final String MESSAGE = "Replace this mutable value with an immutable default to avoid shared state.";
+
+  private static final TypeMatcher IS_DICT_TYPE = TypeMatchers.isType("builtins.dict");
+  private static final TypeMatcher IS_CONTEXT_VAR = TypeMatchers.isType("contextvars.ContextVar");
+  private static final TypeMatcher IS_MUTABLE_CONSTRUCTOR = TypeMatchers.any(
+    TypeMatchers.isType("builtins.list"),
+    TypeMatchers.isType("builtins.dict"),
+    TypeMatchers.isType("builtins.set"),
+    TypeMatchers.isType("builtins.bytearray")
+  );
+
+  @Override
+  public void initialize(Context context) {
+    context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, MutableDefaultValueCheck::checkCall);
+  }
+
+  private static void checkCall(SubscriptionContext ctx) {
+    CallExpression callExpression = (CallExpression) ctx.syntaxNode();
+    Expression callee = callExpression.callee();
+    if (isDictFromkeys(callee, ctx)) {
+      checkDictFromkeys(ctx, callExpression);
+    } else if (IS_CONTEXT_VAR.isTrueFor(callee, ctx)) {
+      checkContextVar(ctx, callExpression);
+    }
+  }
+
+  private static boolean isDictFromkeys(Expression callee, SubscriptionContext ctx) {
+    if (!(callee instanceof QualifiedExpression qualifiedExpr)) {
+      return false;
+    }
+    return "fromkeys".equals(qualifiedExpr.name().name())
+      && IS_DICT_TYPE.isTrueFor(qualifiedExpr.qualifier(), ctx);
+  }
+
+  private static void checkDictFromkeys(SubscriptionContext ctx, CallExpression callExpression) {
+    List<Argument> arguments = callExpression.arguments();
+    if (arguments.size() < 2) {
+      return;
+    }
+    Argument secondArg = arguments.get(1);
+    if (secondArg instanceof RegularArgument regularArg && regularArg.keywordArgument() == null) {
+      checkAndReportIfMutable(regularArg.expression(), ctx);
+    }
+  }
+
+  private static void checkContextVar(SubscriptionContext ctx, CallExpression callExpression) {
+    RegularArgument defaultArg = TreeUtils.argumentByKeyword("default", callExpression.arguments());
+    if (defaultArg != null) {
+      checkAndReportIfMutable(defaultArg.expression(), ctx);
+    }
+  }
+
+  private static void checkAndReportIfMutable(Expression value, SubscriptionContext ctx) {
+    if (isMutableValue(value, ctx)) {
+      ctx.addIssue(value, MESSAGE);
+    }
+  }
+
+  private static boolean isMutableValue(Expression expression, SubscriptionContext ctx) {
+    if (expression.is(Tree.Kind.LIST_LITERAL)
+      || expression.is(Tree.Kind.DICTIONARY_LITERAL)
+      || expression.is(Tree.Kind.SET_LITERAL)) {
+      return true;
+    }
+    if (expression instanceof CallExpression callExpr) {
+      return IS_MUTABLE_CONSTRUCTOR.isTrueFor(callExpr.callee(), ctx);
+    }
+    if (expression instanceof Name name) {
+      Set<Expression> values = ctx.valuesAtLocation(name);
+      return !values.isEmpty() && values.stream().allMatch(v -> isMutableValue(v, ctx));
+    }
+    return false;
+  }
+}

python-checks/src/main/java/org/sonar/python/checks/OpenSourceCheckList.java

@@ -316,6 +316,7 @@ public Stream<Class<?>> getChecks() {
       ModifiedParameterValueCheck.class,
       ModuleNameCheck.class,
       MultipleWhitespaceCheck.class,
+      MutableDefaultValueCheck.class,
       NeedlessPassCheck.class,
       NestedCollectionsCreationCheck.class,
       NestedConditionalExpressionCheck.class,

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S8508.html

@@ -0,0 +1,60 @@
+<p>This rule raises an issue when a mutable object is used as the default value in <code>dict.fromkeys()</code> or <code>contextvars.ContextVar()</code>.</p>
+<h2>Why is this an issue?</h2>
+<p>In Python, when you pass a mutable object as a default value to certain constructs, all instances share the same object reference rather than getting
+independent copies. This creates unintended shared state that leads to subtle mutation bugs.</p>
+<p>Python evaluates the default value expression once when the code is defined, not each time it is used. The same object instance is then reused
+across all keys or contexts.</p>
+<h3>The problem with <code>dict.fromkeys()</code></h3>
+<p>The <code>dict.fromkeys(keys, value)</code> method creates a dictionary with all specified keys pointing to the <em>same</em> <code>value</code>
+object. When this value is mutable (like a list or dictionary), all keys share the same object reference:</p>
+<pre>
+keys = ['a', 'b', 'c']
+my_dict = dict.fromkeys(keys, [])
+my_dict['a'].append(1)
+print(my_dict)  # {'a': [1], 'b': [1], 'c': [1]}
+</pre>
+<h3>The problem with <code>ContextVar()</code></h3>
+<p>When you create a <code>ContextVar</code> with a mutable default value, that same object is shared across all contexts, which is particularly
+problematic in concurrent code.</p>
+<h3>What is the potential impact?</h3>
+<ul>
+  <li><strong>Data corruption</strong>: changes intended for one key or context accidentally affect others</li>
+  <li><strong>Concurrency issues</strong>: in the case of <code>ContextVar</code>, shared mutable defaults can cause race conditions</li>
+  <li><strong>Test flakiness</strong>: tests may pass or fail inconsistently depending on execution order</li>
+</ul>
+<h2>How to fix it</h2>
+<p>For <code>dict.fromkeys()</code>, replace it with a dictionary comprehension that creates a new instance for each key. For
+<code>ContextVar()</code>, use a factory pattern or omit the mutable default.</p>
+<h3>Code examples</h3>
+<h4>Noncompliant code example</h4>
+<pre data-diff-id="1" data-diff-type="noncompliant">
+keys = ['a', 'b', 'c']
+my_dict = dict.fromkeys(keys, [])  # Noncompliant
+</pre>
+<h4>Compliant solution</h4>
+<pre data-diff-id="1" data-diff-type="compliant">
+keys = ['a', 'b', 'c']
+my_dict = {key: [] for key in keys}
+</pre>
+<h4>Noncompliant code example</h4>
+<pre data-diff-id="2" data-diff-type="noncompliant">
+from contextvars import ContextVar
+
+my_var = ContextVar('my_var', default=[])  # Noncompliant
+</pre>
+<h4>Compliant solution</h4>
+<pre data-diff-id="2" data-diff-type="compliant">
+from contextvars import ContextVar
+
+my_var: ContextVar[list] = ContextVar('my_var')
+</pre>
+<h2>Resources</h2>
+<h3>Documentation</h3>
+<ul>
+  <li>Python Documentation - <a href="https://docs.python.org/3/library/stdtypes.html#dict.fromkeys"><code>dict.fromkeys()</code> method</a></li>
+  <li>Python Documentation - <a href="https://docs.python.org/3/library/contextvars.html#contextvars.ContextVar"><code>contextvars.ContextVar</code></a></li>
+</ul>
+<h3>Related rules</h3>
+<ul>
+  <li>S2824 - Function parameters should not have mutable default values</li>
+</ul>

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S8508.json

@@ -0,0 +1,21 @@
+{
+  "title": "Mutable default values should not be used with \"dict.fromkeys()\" or \"ContextVar()\"",
+  "type": "BUG",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5 min"
+  },
+  "tags": [],
+  "defaultSeverity": "Blocker",
+  "ruleSpecification": "RSPEC-8508",
+  "sqKey": "S8508",
+  "scope": "All",
+  "quickfix": "unknown",
+  "code": {
+    "impacts": {
+      "RELIABILITY": "BLOCKER"
+    },
+    "attribute": "LOGICAL"
+  }
+}

python-checks/src/test/java/org/sonar/python/checks/MutableDefaultValueCheckTest.java

@@ -0,0 +1,29 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2025 SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.checks;
+
+import org.junit.jupiter.api.Test;
+import org.sonar.python.checks.utils.PythonCheckVerifier;
+
+class MutableDefaultValueCheckTest {
+
+  @Test
+  void test() {
+    PythonCheckVerifier.verify("src/test/resources/checks/mutableDefaultValueCheck.py", new MutableDefaultValueCheck());
+  }
+
+}