SONARPY-2966 Rule S7512: Inefficient dictionary iteration method (#293)

GitOrigin-RevId: 8003cf4855dee239dc1f9ae8ddadd9288109e602

Author: maksim-grebeniuk-sonarsource

python-checks/src/main/java/org/sonar/python/checks/InefficientDictIterationCheck.java

@@ -0,0 +1,91 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.checks;
+
+import java.util.List;
+import java.util.Optional;
+import javax.annotation.Nullable;
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.PythonSubscriptionCheck;
+import org.sonar.plugins.python.api.SubscriptionContext;
+import org.sonar.plugins.python.api.tree.CallExpression;
+import org.sonar.plugins.python.api.tree.Expression;
+import org.sonar.plugins.python.api.tree.ForStatement;
+import org.sonar.plugins.python.api.tree.Name;
+import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.plugins.python.api.types.v2.TriBool;
+import org.sonar.python.checks.utils.Expressions;
+import org.sonar.python.semantic.v2.SymbolV2;
+import org.sonar.python.types.v2.TypeCheckBuilder;
+
+@Rule(key = "S7512")
+public class InefficientDictIterationCheck extends PythonSubscriptionCheck {
+  private TypeCheckBuilder dictItemsTypeCheck;
+
+  @Override
+  public void initialize(Context context) {
+    context.registerSyntaxNodeConsumer(Tree.Kind.FILE_INPUT, this::initChecks);
+    context.registerSyntaxNodeConsumer(Tree.Kind.FOR_STMT, this::check);
+  }
+
+  private void initChecks(SubscriptionContext ctx) {
+    dictItemsTypeCheck = ctx.typeChecker().typeCheckBuilder().isTypeWithName("dict.items");
+  }
+
+  private void check(SubscriptionContext ctx) {
+    var forStatement = (ForStatement) ctx.syntaxNode();
+    var hasIgnoredKey = hasIgnoredKey(forStatement);
+    var hasIgnoredValue = hasIgnoredValue(forStatement);
+    if (forStatement.testExpressions().size() == 1
+        && (hasIgnoredKey || hasIgnoredValue)
+        && (isSensitiveMethodCall(forStatement.testExpressions().get(0)) || isAssignedToSensitiveMethodCall(forStatement.testExpressions().get(0)))) {
+      var message = hasIgnoredKey ? "Make this loop to iterate over the dict values." : "Make this loop to iterate directly over the dict.";
+      ctx.addIssue(forStatement.testExpressions().get(0), message);
+    }
+  }
+
+  private static boolean hasIgnoredKey(ForStatement forStatement) {
+    return forStatement.expressions().size() == 2
+           && forStatement.expressions().get(0) instanceof Name keyName
+           && "_".equals(keyName.name());
+  }
+
+  private static boolean hasIgnoredValue(ForStatement forStatement) {
+    return forStatement.expressions().size() == 2
+           && forStatement.expressions().get(1) instanceof Name keyName
+           && "_".equals(keyName.name());
+  }
+
+
+  private boolean isSensitiveMethodCall(@Nullable Expression expression) {
+    return expression instanceof CallExpression callExpression
+           && dictItemsTypeCheck.check(callExpression.callee().typeV2()) == TriBool.TRUE;
+  }
+
+  private boolean isAssignedToSensitiveMethodCall(Expression argumentExpression) {
+    return argumentExpression instanceof Name name
+           && getUsageCount(name) == 2
+           && isSensitiveMethodCall(Expressions.singleAssignedValue(name));
+  }
+
+  private static int getUsageCount(Name name) {
+    return Optional.ofNullable(name.symbolV2())
+      .map(SymbolV2::usages)
+      .map(List::size)
+      .orElse(0);
+  }
+}

python-checks/src/main/java/org/sonar/python/checks/OpenSourceCheckList.java

@@ -245,6 +245,7 @@ public Stream<Class<?>> getChecks() {
       IncorrectExceptionTypeCheck.class,
       IncorrectParameterDatetimeConstructorsCheck.class,
       IndexMethodCheck.class,
+      InefficientDictIterationCheck.class,
       InequalityUsageCheck.class,
       InfiniteRecursionCheck.class,
       InitReturnsValueCheck.class,

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S7512.html

@@ -0,0 +1,55 @@
+<p>This rule raises an issue when <code>.items()</code> is used to iterate over a dictionary and then either the key or the value is discarded.</p>
+<h2>Why is this an issue?</h2>
+<p>Using <code>.items()</code> to iterate over a dictionary and then discarding either the key or the value in each iteration is less efficient than
+directly iterating over only the keys or values needed.</p>
+<p>Python dictionaries provide efficient ways to iterate over their contents:</p>
+<ul>
+  <li> Iterating directly over the dictionary yields the keys: </li>
+</ul>
+<pre>
+for k in my_dict:
+  ...
+</pre>
+<ul>
+  <li> Using <code>my_dict.keys()</code> explicitly yields the keys. </li>
+  <li> Using <code>my_dict.values()</code> yields the values. </li>
+  <li> Using <code>my_dict.items()</code> yields key-value pairs (as tuples). </li>
+</ul>
+<p>The <code>.items()</code> method is useful when you need both the key and the value within the loop. However, if your loop only uses the key,
+discarding the value, often with <code>_</code>, or only uses the value, discarding the key, calling <code>.items()</code> performs unnecessary work
+retrieving the part you don’t use.</p>
+<p>While the performance difference might be minor for small dictionaries, using the more specific method is clearer, more idiomatic, and avoids
+retrieving and unpacking data that is immediately ignored, like`.keys()` for keys, or <code>.values()</code> for values.</p>
+<h2>How to fix it</h2>
+<p>Adjust the loop to use the most appropriate dictionary view method based on whether you need keys, values, or both: * If only values are needed,
+iterate over <code>my_dict.values()</code>. * If only keys are needed, iterate directly over the dictionary (<code>for key in my_dict:</code>) or use
+<code>my_dict.keys()</code>. * If both key and value are needed, continue using <code>my_dict.items()</code>.</p>
+<h3>Code examples</h3>
+<h4>Noncompliant code example</h4>
+<pre data-diff-id="1" data-diff-type="noncompliant">
+fruit = {'a': 'Apple', 'b': 'Banana'}
+for _, value in fruit.items(): # Discards key
+    print(value)
+</pre>
+<pre data-diff-id="2" data-diff-type="noncompliant">
+fruit = {'a': 'Apple', 'b': 'Banana'}
+for key, _ in fruit.items(): # Discards value
+    print(key)
+</pre>
+<h4>Compliant solution</h4>
+<pre data-diff-id="1" data-diff-type="compliant">
+fruit = {'a': 'Apple', 'b': 'Banana'}
+for value in fruit.values(): # Iterates only on values
+    print(value)
+</pre>
+<pre data-diff-id="2" data-diff-type="compliant">
+fruit = {'a': 'Apple', 'b': 'Banana'}
+for key in fruit: # Iterates directly over dictionary (yields keys)
+    print(key)
+</pre>
+<h3>Documentation</h3>
+<ul>
+  <li> Python Documentation - <a href="https://docs.python.org/3/library/stdtypes.html#dictionary-view-objects">Dictionary View Objects
+  (<code>.keys()</code>, <code>.values()</code>, <code>.items()</code>)</a> </li>
+</ul>
+

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S7512.json

@@ -0,0 +1,21 @@
+{
+  "title": "Using \".items()\" to iterate over a dictionary should be avoided if possible.",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "1min"
+  },
+  "tags": [],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-7512",
+  "sqKey": "S7512",
+  "scope": "All",
+  "quickfix": "targeted",
+  "code": {
+    "impacts": {
+      "MAINTAINABILITY": "LOW"
+    },
+    "attribute": "CONVENTIONAL"
+  }
+}

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json

@@ -278,6 +278,7 @@
     "S7506",
     "S7507",
     "S7510",
-    "S7511"
+    "S7511",
+    "S7512"
   ]
 }

python-checks/src/test/java/org/sonar/python/checks/InefficientDictIterationCheckTest.java

@@ -0,0 +1,29 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.checks;
+
+import org.junit.jupiter.api.Test;
+import org.sonar.python.checks.utils.PythonCheckVerifier;
+
+class InefficientDictIterationCheckTest {
+
+  @Test
+  void test() {
+    PythonCheckVerifier.verify("src/test/resources/checks/inefficientDictIteration.py", new InefficientDictIterationCheck());
+  }
+
+}

python-checks/src/test/resources/checks/inefficientDictIteration.py

@@ -0,0 +1,39 @@
+def case1():
+    fruit = {'a': 'Apple', 'b': 'Banana'}
+
+    for _, value in fruit.items():  # Noncompliant
+        ...
+
+    for key, _ in fruit.items():  # Noncompliant
+        ...
+
+    items1 = fruit.items()
+    for _, value in items1:  # Noncompliant
+        ...
+
+    items2 = fruit.items()
+    for key, _ in items2:  # Noncompliant
+        ...
+
+def case2():
+    fruit = {'a': 'Apple', 'b': 'Banana'}
+
+    for key, value in fruit.items():
+        ...
+
+    for key, _ in fruit.something():
+        ...
+
+    items1 = fruit.items()
+    something(items1)
+    for _, value in items1:
+        ...
+
+    for key, _ in fruit.items(), fruit.items():
+        ...
+
+    for v, v, v in fruit.items():
+        ...
+
+    for k.v, v.v in fruit.items():
+        ...