SONARPY-4043 Rule S8554 Logging statements should follow Python best practices (#1085)

Co-authored-by: Sonar Vibe Bot <vibe-bot@sonarsource.com>
Co-authored-by: Sebastian Zumbrunn <sebastian.zumbrunn@sonarsource.com>
GitOrigin-RevId: c27ebb0da4f66b0bb54a3429d55eb262654b80a0

Author: 3 people

python-checks/src/main/java/org/sonar/python/checks/LoggingBestPracticesCheck.java

@@ -0,0 +1,148 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * You can redistribute and/or modify this program under the terms of
+ * the Sonar Source-Available License Version 1, as published by SonarSource Sàrl.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.checks;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Locale;
+import java.util.Set;
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.PythonSubscriptionCheck;
+import org.sonar.plugins.python.api.SubscriptionContext;
+import org.sonar.plugins.python.api.tree.BinaryExpression;
+import org.sonar.plugins.python.api.tree.CallExpression;
+import org.sonar.plugins.python.api.tree.DictionaryLiteral;
+import org.sonar.plugins.python.api.tree.DictionaryLiteralElement;
+import org.sonar.plugins.python.api.tree.Expression;
+import org.sonar.plugins.python.api.tree.KeyValuePair;
+import org.sonar.plugins.python.api.tree.RegularArgument;
+import org.sonar.plugins.python.api.tree.StringLiteral;
+import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatcher;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatchers;
+import org.sonar.python.tree.TreeUtils;
+
+@Rule(key = "S8554")
+public class LoggingBestPracticesCheck extends PythonSubscriptionCheck {
+
+  private static final TypeMatcher LOGGING_CALL_MATCHER = TypeMatchers.any(
+    TypeMatchers.isType("logging.debug"),
+    TypeMatchers.isType("logging.info"),
+    TypeMatchers.isType("logging.warning"),
+    TypeMatchers.isType("logging.warn"),
+    TypeMatchers.isType("logging.error"),
+    TypeMatchers.isType("logging.exception"),
+    TypeMatchers.isType("logging.critical"),
+    TypeMatchers.isType("logging.Logger.debug"),
+    TypeMatchers.isType("logging.Logger.info"),
+    TypeMatchers.isType("logging.Logger.warning"),
+    TypeMatchers.isType("logging.Logger.warn"),
+    TypeMatchers.isType("logging.Logger.error"),
+    TypeMatchers.isType("logging.Logger.exception"),
+    TypeMatchers.isType("logging.Logger.critical")
+  );
+
+  private static final TypeMatcher DEPRECATED_WARN_MATCHER = TypeMatchers.any(
+    TypeMatchers.isType("logging.warn"),
+    TypeMatchers.isType("logging.Logger.warn")
+  );
+
+  private static final TypeMatcher STR_FORMAT_MATCHER = TypeMatchers.isType("str.format");
+
+  private static final Set<String> LOG_RECORD_ATTRIBUTES = new HashSet<>(Arrays.asList(
+    "name", "msg", "args", "created", "filename", "funcName", "levelname", "levelno",
+    "lineno", "module", "msecs", "message", "pathname", "process", "processName",
+    "relativeCreated", "thread", "threadName", "exc_info", "exc_text", "stack_info",
+    "taskName", "asctime"
+  ));
+
+  private static final String EAGER_FORMAT_MESSAGE =
+    "Pass formatting arguments to the logging call instead of pre-formatting the message string.";
+  private static final String DEPRECATED_WARN_MESSAGE =
+    "Use \"warning\" instead of the deprecated \"warn\" method.";
+  private static final String EXTRA_COLLISION_MESSAGE =
+    "Remove or rename this key; it overrides a built-in LogRecord attribute.";
+
+  @Override
+  public void initialize(Context context) {
+    context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, LoggingBestPracticesCheck::checkLoggingCall);
+  }
+
+  private static void checkLoggingCall(SubscriptionContext ctx) {
+    CallExpression call = (CallExpression) ctx.syntaxNode();
+    if (!LOGGING_CALL_MATCHER.isTrueFor(call.callee(), ctx)) {
+      return;
+    }
+
+    if (DEPRECATED_WARN_MATCHER.isTrueFor(call.callee(), ctx)) {
+      ctx.addIssue(call.callee(), DEPRECATED_WARN_MESSAGE);
+    }
+
+    List<RegularArgument> positionalArgs = call.arguments().stream()
+      .flatMap(TreeUtils.toStreamInstanceOfMapper(RegularArgument.class))
+      .filter(arg -> arg.keywordArgument() == null)
+      .toList();
+
+    if (!positionalArgs.isEmpty()) {
+      checkEagerFormatting(ctx, positionalArgs.get(0).expression());
+    }
+
+    checkExtraAttributeCollision(ctx, call);
+  }
+
+  private static void checkEagerFormatting(SubscriptionContext ctx, Expression expr) {
+    if (expr instanceof StringLiteral literal) {
+      boolean isFString = literal.stringElements().stream()
+        .anyMatch(e -> e.prefix().toLowerCase(Locale.ENGLISH).contains("f") && !e.formattedExpressions().isEmpty());
+      if (isFString) {
+        ctx.addIssue(expr, EAGER_FORMAT_MESSAGE);
+      }
+    } else if (expr instanceof CallExpression innerCall && STR_FORMAT_MATCHER.isTrueFor(innerCall.callee(), ctx)) {
+      ctx.addIssue(expr, EAGER_FORMAT_MESSAGE);
+    } else if (expr.is(Tree.Kind.MODULO) && containsStringLiteral(((BinaryExpression) expr).leftOperand())) {
+      ctx.addIssue(expr, EAGER_FORMAT_MESSAGE);
+    } else if (expr.is(Tree.Kind.PLUS) && containsStringLiteral(expr)) {
+      ctx.addIssue(expr, EAGER_FORMAT_MESSAGE);
+    }
+  }
+
+  private static boolean containsStringLiteral(Expression expr) {
+    if (expr instanceof StringLiteral) {
+      return true;
+    }
+    if (expr.is(Tree.Kind.PLUS)) {
+      BinaryExpression plus = (BinaryExpression) expr;
+      return containsStringLiteral(plus.leftOperand()) || containsStringLiteral(plus.rightOperand());
+    }
+    return false;
+  }
+
+  private static void checkExtraAttributeCollision(SubscriptionContext ctx, CallExpression call) {
+    RegularArgument extraArg = TreeUtils.argumentByKeyword("extra", call.arguments());
+    if (extraArg == null || !(extraArg.expression() instanceof DictionaryLiteral dict)) {
+      return;
+    }
+    for (DictionaryLiteralElement element : dict.elements()) {
+      if (element instanceof KeyValuePair kvp
+        && kvp.key() instanceof StringLiteral key
+        && LOG_RECORD_ATTRIBUTES.contains(key.trimmedQuotesValue())) {
+        ctx.addIssue(key, EXTRA_COLLISION_MESSAGE);
+      }
+    }
+  }
+}

python-checks/src/main/java/org/sonar/python/checks/OpenSourceCheckList.java

@@ -314,6 +314,7 @@ public Stream<Class<?>> getChecks() {
       LocalVariableAndParameterNameConventionCheck.class,
       LoggersConfigurationCheck.class,
       LoggingExceptionCheck.class,
+      LoggingBestPracticesCheck.class,
       LongIntegerWithLowercaseSuffixUsageCheck.class,
       LoopExecutingAtMostOnceCheck.class,
       LoopOverDictKeyValuesCheck.class,

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S8554.html

@@ -0,0 +1,69 @@
+<p>This rule raises an issue when logging statements violate established Python logging best practices, including using eager string formatting,
+deprecated methods, or attribute name collisions in the 'extra' parameter.</p>
+<h2>Why is this an issue?</h2>
+<p>Python’s logging module has specific patterns that ensure correctness, performance, and maintainability. Violating these patterns can lead to
+several problems:</p>
+<h2>Eager String Formatting</h2>
+<p>When you format strings before passing them to logging methods (using f-strings, <code>.format()</code>, <code>%</code> operator, or <code>+</code>
+concatenation), Python performs the string formatting operation immediately, even if the log message won’t be output due to the current log level.
+This wastes CPU cycles on string operations that may never be used.</p>
+<p>The logging module supports lazy formatting by accepting format arguments as separate parameters. The formatting only occurs when the logging
+framework confirms the message will actually be logged based on the configured log level.</p>
+<h2>Deprecated Methods</h2>
+<p>The <code>logging.warn()</code> and <code>logging.Logger.warn()</code> methods are deprecated. While they still function, they may be removed in
+future Python versions. The recommended methods are <code>logging.warning()</code> and <code>logging.Logger.warning()</code>, which are functionally
+equivalent.</p>
+<h2>Attribute Name Collisions</h2>
+<p>The logging module’s <code>extra</code> keyword argument allows passing additional values to be included in log records. However, if the keys in
+the <code>extra</code> dictionary clash with built-in <code>LogRecord</code> attributes (such as 'name', 'msg', 'args', 'created', 'filename',
+'funcName', 'levelname', 'levelno', 'lineno', 'module', 'msecs', 'message', 'pathname', 'process', 'processName', 'relativeCreated', 'thread',
+'threadName'), a <code>KeyError</code> will be raised when the <code>LogRecord</code> is constructed, causing the logging statement to fail at
+runtime.</p>
+<h3>What is the potential impact?</h3>
+<h2>Performance Degradation</h2>
+<p>Eager string formatting can significantly impact application performance, especially in code paths with frequent logging statements. When log
+levels are configured to filter out certain messages (e.g., DEBUG messages in production), the application still pays the cost of formatting strings
+that will never be logged.</p>
+<h2>Runtime Errors</h2>
+<p>Attribute name collisions in the <code>extra</code> parameter raise <code>KeyError</code> exceptions, causing logging statements to fail
+unexpectedly.</p>
+<h2>Maintenance Issues</h2>
+<p>Using deprecated methods creates technical debt. When these methods are eventually removed from Python, code using them will break. Additionally,
+mixing deprecated and non-deprecated methods across a codebase creates inconsistency and confusion.</p>
+<h2>Inconsistent Logging</h2>
+<p>Eager formatting can lead to inconsistent behavior across different log handlers. When using lazy formatting with the <code>extra</code> parameter,
+all handlers receive the same structured data and can format it consistently according to their configuration.</p>
+<h2>How to fix it</h2>
+<p>Use lazy formatting by passing format arguments as separate parameters to logging methods instead of formatting strings before the call. Replace
+f-strings, <code>.format()</code>, <code>%</code> operator, and <code>+</code> concatenation with %-style placeholders and separate arguments.</p>
+<h3>Code examples</h3>
+<h4>Noncompliant code example</h4>
+<pre data-diff-id="1" data-diff-type="noncompliant">
+import logging
+
+user = "Maria"
+logging.info(f"{user} - Something happened")  # Noncompliant: f-string formatting
+
+logging.info("{} - Something happened".format(user))  # Noncompliant: .format() method
+
+logging.info("%s - Something happened" % user)  # Noncompliant: % operator formatting
+
+logging.info(user + " - Something happened")  # Noncompliant: string concatenation
+</pre>
+<h4>Compliant solution</h4>
+<pre data-diff-id="1" data-diff-type="compliant">
+import logging
+
+user = "Maria"
+logging.info("%s - Something happened", user)  # Compliant: lazy formatting with separate argument
+</pre>
+<h2>Resources</h2>
+<h3>Documentation</h3>
+<ul>
+  <li>Python Logging Documentation - <a href="https://docs.python.org/3/library/logging.html">Official Python documentation for the logging
+  module</a></li>
+  <li>Python Logging HOWTO - <a href="https://docs.python.org/3/howto/logging.html">Tutorial on using Python’s logging facility</a></li>
+  <li>LogRecord Attributes - <a href="https://docs.python.org/3/library/logging.html#logrecord-attributes">List of built-in LogRecord attributes that
+  should not be used in the extra parameter</a></li>
+</ul>
+

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S8554.json

@@ -0,0 +1,26 @@
+{
+  "title": "Logging statements should follow Python best practices",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+    "convention",
+    "performance",
+    "pitfall"
+  ],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-8554",
+  "sqKey": "S8554",
+  "scope": "All",
+  "quickfix": "unknown",
+  "code": {
+    "impacts": {
+      "RELIABILITY": "LOW",
+      "MAINTAINABILITY": "HIGH"
+    },
+    "attribute": "CONVENTIONAL"
+  }
+}

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json

@@ -344,6 +344,7 @@
     "S8519",
     "S8520",
     "S8521",
+    "S8554",
     "S8572"
   ]
 }

python-checks/src/test/java/org/sonar/python/checks/LoggingBestPracticesCheckTest.java

@@ -0,0 +1,28 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * You can redistribute and/or modify this program under the terms of
+ * the Sonar Source-Available License Version 1, as published by SonarSource Sàrl.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.checks;
+
+import org.junit.jupiter.api.Test;
+import org.sonar.python.checks.utils.PythonCheckVerifier;
+
+class LoggingBestPracticesCheckTest {
+
+  @Test
+  void test() {
+    PythonCheckVerifier.verify("src/test/resources/checks/loggingBestPractices.py", new LoggingBestPracticesCheck());
+  }
+}