SONARPY-3960 Rule S8502 "set.update()" should be used instead of a for-loop with "add()" (#997)

Co-authored-by: Marc Jasper <marc.jasper@sonarsource.com>
GitOrigin-RevId: fe167c270ae6ebb80df1f9e804c3671a1680c168

Author: 2 people

python-checks/src/main/java/org/sonar/python/checks/OpenSourceCheckList.java

@@ -397,6 +397,7 @@ public Stream<Class<?>> getChecks() {
       SecureModeEncryptionAlgorithmsCheck.class,
       SelfAssignmentCheck.class,
       SetDuplicateKeyCheck.class,
+      SetUpdateOverForLoopCheck.class,
       SideEffectInTfFunctionCheck.class,
       SillyEqualityCheck.class,
       SillyIdentityCheck.class,

python-checks/src/main/java/org/sonar/python/checks/SetUpdateOverForLoopCheck.java

@@ -0,0 +1,142 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * You can redistribute and/or modify this program under the terms of
+ * the Sonar Source-Available License Version 1, as published by SonarSource Sàrl.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.checks;
+
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.PythonSubscriptionCheck;
+import org.sonar.plugins.python.api.SubscriptionContext;
+import org.sonar.plugins.python.api.quickfix.PythonQuickFix;
+import org.sonar.plugins.python.api.symbols.v2.SymbolV2;
+import org.sonar.plugins.python.api.tree.CallExpression;
+import org.sonar.plugins.python.api.tree.Expression;
+import org.sonar.plugins.python.api.tree.ExpressionStatement;
+import org.sonar.plugins.python.api.tree.ForStatement;
+import org.sonar.plugins.python.api.tree.Name;
+import org.sonar.plugins.python.api.tree.QualifiedExpression;
+import org.sonar.plugins.python.api.tree.RegularArgument;
+import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.plugins.python.api.tree.UnpackingExpression;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatcher;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatchers;
+import org.sonar.python.quickfix.TextEditUtils;
+import org.sonar.python.tree.TreeUtils;
+
+@Rule(key = "S8502")
+public class SetUpdateOverForLoopCheck extends PythonSubscriptionCheck {
+
+  private static final TypeMatcher SET_TYPE_MATCHER = TypeMatchers.isObjectOfType("builtins.set");
+
+  private static final String MESSAGE = "Use \"set.update()\" instead of a for-loop with \"add()\".";
+
+  @Override
+  public void initialize(Context context) {
+    context.registerSyntaxNodeConsumer(Tree.Kind.FOR_STMT, SetUpdateOverForLoopCheck::checkForStatement);
+  }
+
+  private static void checkForStatement(SubscriptionContext ctx) {
+    ForStatement forStatement = (ForStatement) ctx.syntaxNode();
+
+    if (forStatement.expressions().size() != 1) {
+      return;
+    }
+    if (forStatement.elseClause() != null) {
+      return;
+    }
+    Expression loopVarExpr = forStatement.expressions().get(0);
+    if (!(loopVarExpr instanceof Name loopVar)) {
+      return;
+    }
+    if (forStatement.testExpressions().size() != 1) {
+      return;
+    }
+    Expression iterable = forStatement.testExpressions().get(0);
+
+    CallExpression callExpr = extractSingleBodyCallExpression(forStatement);
+    if (callExpr == null) {
+      return;
+    }
+    if (!(callExpr.callee() instanceof QualifiedExpression qualifiedExpr)) {
+      return;
+    }
+    // TypeMatchers operate on types, not method names; the callee name must be checked syntactically
+    if (!"add".equals(qualifiedExpr.name().name())) {
+      return;
+    }
+    Expression receiver = qualifiedExpr.qualifier();
+
+    // Exclude transient objects like get_set().add(item)
+    if (receiver instanceof CallExpression) {
+      return;
+    }
+    if (!SET_TYPE_MATCHER.isTrueFor(receiver, ctx)) {
+      return;
+    }
+    if (!isLoopVariableTheOnlyArgument(callExpr, loopVar)) {
+      return;
+    }
+
+    PreciseIssue issue = ctx.addIssue(qualifiedExpr, MESSAGE);
+    addQuickFix(issue, forStatement, receiver, iterable);
+  }
+
+  private static boolean isLoopVariableTheOnlyArgument(CallExpression callExpr, Name loopVar) {
+    if (callExpr.arguments().size() != 1) {
+      return false;
+    }
+    if (!(callExpr.arguments().get(0) instanceof RegularArgument regularArgument)) {
+      return false;
+    }
+    if (regularArgument.keywordArgument() != null) {
+      return false;
+    }
+    Expression argExpr = regularArgument.expression();
+    if (argExpr instanceof UnpackingExpression || !(argExpr instanceof Name argName)) {
+      return false;
+    }
+    SymbolV2 loopVarSymbol = loopVar.symbolV2();
+    return loopVarSymbol != null && loopVarSymbol.equals(argName.symbolV2());
+  }
+
+  private static CallExpression extractSingleBodyCallExpression(ForStatement forStatement) {
+    if (forStatement.body().statements().size() != 1) {
+      return null;
+    }
+    if (!(forStatement.body().statements().get(0) instanceof ExpressionStatement exprStmt)) {
+      return null;
+    }
+    if (exprStmt.expressions().size() != 1) {
+      return null;
+    }
+    if (!(exprStmt.expressions().get(0) instanceof CallExpression callExpr)) {
+      return null;
+    }
+    return callExpr;
+  }
+
+  private static void addQuickFix(PreciseIssue issue, ForStatement forStatement, Expression receiver, Expression iterable) {
+    String receiverText = TreeUtils.treeToString(receiver, false);
+    String iterableText = TreeUtils.treeToString(iterable, false);
+    if (receiverText == null || iterableText == null) {
+      return;
+    }
+
+    String replacement = receiverText + ".update(" + iterableText + ")";
+
+    PythonQuickFix quickFix = PythonQuickFix.newQuickFix("Use \"set.update()\" instead", TextEditUtils.replace(forStatement, replacement));
+    issue.addQuickFix(quickFix);
+  }
+}

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S8502.html

@@ -0,0 +1,30 @@
+<p>This rule raises an issue when a for-loop is used to add all elements from one collection to a set using the <code>add()</code> method.</p>
+<h2>Why is this an issue?</h2>
+<p>Adding elements to a set one at a time in a loop is unnecessary when the <code>update()</code> method exists. The <code>update()</code> method
+combines all additions into a single call and avoids the overhead of repeated <code>add()</code> invocations. Using <code>update()</code> improves
+readability and removes redundant method call overhead. In loops or performance-critical code, the difference can become measurable.</p>
+<h2>How to fix it</h2>
+<p>Replace the for-loop with a single <code>update()</code> call. The method accepts any iterable.</p>
+<h3>Code examples</h3>
+<h4>Noncompliant code example</h4>
+<pre data-diff-id="1" data-diff-type="noncompliant">
+my_set = {1, 2, 3}
+other_collection = [4, 5, 6]
+
+for element in other_collection:
+    my_set.add(element)  # Noncompliant
+</pre>
+<h4>Compliant solution</h4>
+<pre data-diff-id="1" data-diff-type="compliant">
+my_set = {1, 2, 3}
+other_collection = [4, 5, 6]
+
+my_set.update(other_collection)
+</pre>
+<h2>Resources</h2>
+<h3>Documentation</h3>
+<ul>
+  <li>Python Documentation - <a href="https://docs.python.org/3/library/stdtypes.html#frozenset.update"><code>set.update()</code> method</a></li>
+  <li>Python Documentation - <a href="https://docs.python.org/3/library/stdtypes.html#set-types-set-frozenset">Set Types — <code>set</code>, <code>frozenset</code></a></li>
+</ul>
+

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S8502.json

@@ -0,0 +1,21 @@
+{
+  "title": "\"set.update()\" should be used instead of a for-loop with \"add()\"",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [],
+  "defaultSeverity": "Minor",
+  "ruleSpecification": "RSPEC-8502",
+  "sqKey": "S8502",
+  "scope": "All",
+  "quickfix": "targeted",
+  "code": {
+    "impacts": {
+      "MAINTAINABILITY": "LOW"
+    },
+    "attribute": "CONVENTIONAL"
+  }
+}

python-checks/src/test/java/org/sonar/python/checks/SetUpdateOverForLoopCheckTest.java

@@ -0,0 +1,78 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * You can redistribute and/or modify this program under the terms of
+ * the Sonar Source-Available License Version 1, as published by SonarSource Sàrl.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.checks;
+
+import org.junit.jupiter.api.Test;
+import org.sonar.python.checks.quickfix.PythonQuickFixVerifier;
+import org.sonar.python.checks.utils.PythonCheckVerifier;
+
+class SetUpdateOverForLoopCheckTest {
+
+  private static final SetUpdateOverForLoopCheck check = new SetUpdateOverForLoopCheck();
+
+  @Test
+  void test() {
+    PythonCheckVerifier.verify("src/test/resources/checks/setUpdateOverForLoop.py", check);
+  }
+
+  @Test
+  void test_quick_fix() {
+    String codeWithIssue = """
+      my_set = set()
+      other_collection = [4, 5, 6]
+      for element in other_collection:
+          my_set.add(element)
+      """;
+
+    PythonQuickFixVerifier.verifyQuickFixMessages(check, codeWithIssue, "Use \"set.update()\" instead");
+
+    String correctCode = """
+      my_set = set()
+      other_collection = [4, 5, 6]
+      my_set.update(other_collection)""";
+
+    PythonQuickFixVerifier.verify(check, codeWithIssue, correctCode);
+  }
+
+  @Test
+  void test_no_quick_fix_on_multiline_iterable() {
+    String codeWithIssue = """
+      my_set = set()
+      for element in [
+          1,
+          2,
+          3,
+      ]:
+          my_set.add(element)
+      """;
+
+    PythonQuickFixVerifier.verifyNoQuickFixes(check, codeWithIssue);
+  }
+
+  @Test
+  void test_no_quick_fix_on_multiline_receiver() {
+    String codeWithIssue = """
+      my_set = set()
+      items = [1, 2, 3]
+      for element in items:
+          (my_set
+           ).add(element)
+      """;
+
+    PythonQuickFixVerifier.verifyNoQuickFixes(check, codeWithIssue);
+  }
+}