SONARPY-2953 Rule S7490: Cancellation scopes should contain checkpoints (#283)

GitOrigin-RevId: c313d78d895a9348a728fe30ccbc2f339dfacba3

Author: guillaume-dequenne

python-checks/src/main/java/org/sonar/python/checks/CancellationScopeNoCheckpointCheck.java

@@ -0,0 +1,165 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.checks;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import javax.annotation.Nullable;
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.PythonSubscriptionCheck;
+import org.sonar.plugins.python.api.SubscriptionContext;
+import org.sonar.plugins.python.api.tree.AwaitExpression;
+import org.sonar.plugins.python.api.tree.BaseTreeVisitor;
+import org.sonar.plugins.python.api.tree.CallExpression;
+import org.sonar.plugins.python.api.tree.Expression;
+import org.sonar.plugins.python.api.tree.ForStatement;
+import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.plugins.python.api.tree.WithItem;
+import org.sonar.plugins.python.api.tree.WithStatement;
+import org.sonar.plugins.python.api.tree.YieldExpression;
+import org.sonar.plugins.python.api.types.v2.TriBool;
+import org.sonar.python.types.v2.TypeCheckBuilder;
+import org.sonar.python.types.v2.TypeCheckMap;
+
+@Rule(key = "S7490")
+public class CancellationScopeNoCheckpointCheck extends PythonSubscriptionCheck {
+
+  private static final String MESSAGE = "Add a checkpoint inside this cancellation scope.";
+  private static final String SECONDARY_MESSAGE = "This checkpoint is not awaited.";
+
+  private static final String TRIO_CHECKPOINT = "trio.lowlevel.checkpoint";
+  private static final Map<String, String> TYPE_WITH_FQN_MAP = Map.of(
+    "trio.CancelScope", TRIO_CHECKPOINT,
+    "trio.move_on_after", TRIO_CHECKPOINT,
+    "trio.move_on_at", TRIO_CHECKPOINT
+  );
+
+  private static final String ANYIO_CHECKPOINT = "anyio.lowlevel.checkpoint";
+  private static final Map<String, String> TYPE_WITH_NAME_MAP = Map.of(
+    "asyncio.timeout", "asyncio.sleep",
+    "anyio.CancelScope", ANYIO_CHECKPOINT,
+    "anyio.move_on_after", ANYIO_CHECKPOINT,
+    "anyio.move_on_at", ANYIO_CHECKPOINT
+  );
+
+  private TypeCheckMap<TypeCheckBuilder> typeCheckMap;
+
+  @Override
+  public void initialize(Context context) {
+    context.registerSyntaxNodeConsumer(Tree.Kind.FILE_INPUT, this::initializeTypeCheckers);
+    context.registerSyntaxNodeConsumer(Tree.Kind.WITH_STMT, this::checkCancellationScope);
+  }
+
+  private void initializeTypeCheckers(SubscriptionContext ctx) {
+    typeCheckMap = new TypeCheckMap<>();
+
+    TYPE_WITH_FQN_MAP.forEach((typeName, checkpointFunction) ->
+      typeCheckMap.put(
+        ctx.typeChecker().typeCheckBuilder().isTypeWithFqn(typeName),
+        ctx.typeChecker().typeCheckBuilder().isTypeWithFqn(checkpointFunction)
+      )
+    );
+
+    TYPE_WITH_NAME_MAP.forEach((typeName, checkpointFunction) ->
+      typeCheckMap.put(
+        ctx.typeChecker().typeCheckBuilder().isTypeWithName(typeName),
+        ctx.typeChecker().typeCheckBuilder().isTypeWithName(checkpointFunction)
+      )
+    );
+  }
+
+  private void checkCancellationScope(SubscriptionContext ctx) {
+    WithStatement withStatement = (WithStatement) ctx.syntaxNode();
+
+    for (WithItem withItem : withStatement.withItems()) {
+      Expression test = withItem.test();
+      TypeCheckBuilder checkpointTypeChecker = getCheckpointTypeCheckerForScope(test);
+
+      if (checkpointTypeChecker != null) {
+        CheckpointVisitor visitor = new CheckpointVisitor(checkpointTypeChecker);
+        withStatement.statements().accept(visitor);
+
+        if (!visitor.hasCheckpoint()) {
+          PreciseIssue issue = ctx.addIssue(test, MESSAGE);
+          visitor.checkpointedTrees.forEach(t -> issue.secondary(t, SECONDARY_MESSAGE));
+        }
+      }
+    }
+  }
+
+  @Nullable
+  private TypeCheckBuilder getCheckpointTypeCheckerForScope(Expression expression) {
+    if (expression.is(Tree.Kind.CALL_EXPR)) {
+      CallExpression callExpression = (CallExpression) expression;
+      Expression callee = callExpression.callee();
+      return typeCheckMap.getOptionalForType(callee.typeV2()).orElse(null);
+    }
+    return typeCheckMap.getOptionalForType(expression.typeV2()).orElse(null);
+  }
+
+  private static class CheckpointVisitor extends BaseTreeVisitor {
+    private final TypeCheckBuilder checkpointTypeChecker;
+    private boolean checkpointFound = false;
+    private List<Tree> checkpointedTrees = new ArrayList<>();
+
+    CheckpointVisitor(TypeCheckBuilder checkpointTypeChecker) {
+      this.checkpointTypeChecker = checkpointTypeChecker;
+    }
+
+    boolean hasCheckpoint() {
+      return checkpointFound;
+    }
+
+    @Override
+    public void visitAwaitExpression(AwaitExpression awaitExpression) {
+      checkpointFound = true;
+    }
+
+    @Override
+    public void visitYieldExpression(YieldExpression yieldExpression) {
+      checkpointFound = true;
+    }
+
+    @Override
+    public void visitForStatement(ForStatement forStatement) {
+      if (forStatement.isAsync()) {
+        // async for loops implicitly create checkpoints at each iteration
+        checkpointFound = true;
+      }
+      if (!checkpointFound) {
+        super.visitForStatement(forStatement);
+      }
+    }
+
+    @Override
+    public void visitCallExpression(CallExpression callExpression) {
+      Expression callee = callExpression.callee();
+      if (checkpointTypeChecker.check(callee.typeV2()) == TriBool.TRUE) {
+        checkpointedTrees.add(callExpression);
+      }
+      super.visitCallExpression(callExpression);
+    }
+
+    @Override
+    protected void scan(@Nullable Tree tree) {
+      if (!checkpointFound && tree != null) {
+        tree.accept(this);
+      }
+    }
+  }
+}

python-checks/src/main/java/org/sonar/python/checks/OpenSourceCheckList.java

@@ -133,6 +133,7 @@ public Stream<Class<?>> getChecks() {
       BreakContinueOutsideLoopCheck.class,
       BuiltinShadowingAssignmentCheck.class,
       BuiltinGenericsOverTypingModuleCheck.class,
+      CancellationScopeNoCheckpointCheck.class,
       CaughtExceptionsCheck.class,
       ChangeMethodContractCheck.class,
       ChildAndParentExceptionCaughtCheck.class,

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S7490.html

@@ -0,0 +1,98 @@
+<p>This rule raises an issue when a cancellation scope (timeout context) is used without any checkpoints making the timeout functionality
+ineffective.</p>
+<h2>Why is this an issue?</h2>
+<p>When using asynchronous programming with libraries like <code>trio</code> or <code>anyio</code>, cancellation scopes (timeout contexts) are used to
+implement timeouts and cancellation. However, these mechanisms only work when there are checkpoints within the scope where cancellation can occur.
+Without any checkpoints, the timeout will never be triggered, making it ineffective.</p>
+<p>A checkpoint is a point in the code where cancellation can be detected and acted upon. Common checkpoints include:</p>
+<ul>
+  <li> Explicit calls to the checkpoint method of the used framework </li>
+  <li> <code>yield</code> statements </li>
+  <li> <code>await</code> statements </li>
+</ul>
+<h3>What is the potential impact?</h3>
+<p>Without proper checkpoints in cancel scopes:</p>
+<ul>
+  <li> Timeouts won’t work as expected </li>
+  <li> Resources might be held longer than intended </li>
+  <li> The application might become unresponsive or hang </li>
+  <li> Cancellation operations won’t be honored </li>
+</ul>
+<h2>How to fix it in AsyncIO</h2>
+<p>There is no direct checkpoint method in <code>asyncio</code>, but you can use <code>await asyncio.sleep(0)</code> as a workaround.</p>
+<h3>Code examples</h3>
+<h4>Noncompliant code example</h4>
+<pre data-diff-id="3" data-diff-type="noncompliant">
+import asyncio
+
+async def process_data(data):
+    try:
+        async with asyncio.timeout(1.0):  # Noncompliant
+            result = expensive_computation(data)
+            return result
+    except asyncio.TimeoutError:
+        return None
+</pre>
+<h4>Compliant solution</h4>
+<pre data-diff-id="3" data-diff-type="compliant">
+import asyncio
+
+async def process_data(data):
+    try:
+        async with asyncio.timeout(1.0):  # Compliant
+            result = expensive_computation(data)
+            await asyncio.sleep(0)
+            return result
+    except asyncio.TimeoutError:
+        return None
+</pre>
+<h2>How to fix it in Trio</h2>
+<h3>Code examples</h3>
+<h4>Noncompliant code example</h4>
+<pre data-diff-id="1" data-diff-type="noncompliant">
+import trio
+
+async def process_data(data):
+    async with trio.move_on_after(1.0):  # Noncompliant
+        result = expensive_computation(data)
+        return result
+</pre>
+<h4>Compliant solution</h4>
+<pre data-diff-id="1" data-diff-type="compliant">
+import trio
+
+async def process_data(data):
+    async with trio.move_on_after(1.0):  # Compliant
+        result = expensive_computation(data)
+        await trio.lowlevel.checkpoint()
+        return result
+</pre>
+<h2>How to fix it in AnyIO</h2>
+<h3>Code examples</h3>
+<h4>Noncompliant code example</h4>
+<pre data-diff-id="2" data-diff-type="noncompliant">
+import anyio
+
+async def process_data(data):
+    async with anyio.move_on_after(1.0):  # Noncompliant
+        result = expensive_computation(data)
+        return result
+</pre>
+<h4>Compliant solution</h4>
+<pre data-diff-id="2" data-diff-type="compliant">
+import anyio
+
+async def process_data(data):
+    async with anyio.move_on_after(1.0):  # Compliant
+        result = expensive_computation(data)
+        await anyio.lowlevel.checkpoint()
+        return result
+</pre>
+<h2>Resources</h2>
+<h3>Documentation</h3>
+<ul>
+  <li> Trio documentation - <a href="https://trio.readthedocs.io/en/stable/reference-core.html#cancellation-and-timeouts">Cancellation and
+  timeouts</a> </li>
+  <li> AnyIO documentation - <a href="https://anyio.readthedocs.io/en/stable/cancellation.html#timeouts">Timeouts</a> </li>
+</ul>
+

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S7490.json

@@ -0,0 +1,26 @@
+{
+  "title": "Cancellation scopes should contain checkpoints",
+  "type": "BUG",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+    "async",
+    "asyncio",
+    "trio",
+    "anyio"
+  ],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-7490",
+  "sqKey": "S7490",
+  "scope": "All",
+  "quickfix": "unknown",
+  "code": {
+    "impacts": {
+      "RELIABILITY": "HIGH"
+    },
+    "attribute": "CONVENTIONAL"
+  }
+}

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json

@@ -259,6 +259,7 @@
     "S7487",
     "S7488",
     "S7489",
+    "S7490",
     "S7491",
     "S7492",
     "S7493",

python-checks/src/test/java/org/sonar/python/checks/CancellationScopeNoCheckpointCheckTest.java

@@ -0,0 +1,29 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.checks;
+
+import org.junit.jupiter.api.Test;
+import org.sonar.python.checks.utils.PythonCheckVerifier;
+
+class CancellationScopeNoCheckpointCheckTest {
+
+  @Test
+  void test() {
+    PythonCheckVerifier.verify("src/test/resources/checks/cancellationScopeNoCheckpoint.py", new CancellationScopeNoCheckpointCheck());
+  }
+
+}