Feature: Port Sonar's Python scanner checks

[thejcannon]

More of a challenge than porting flake8 plugins, because these are written in Java: https://github.com/SonarSource/sonar-python

But some of them are somewhat useful and I didn't see equivalent code in any flake8 plugins.

(Feel free to edit this to make it a checklist)

[qdegraaf]

Can you give a few examples of rules unique to Sonar you'd like to see in Ruff? If not already present in Ruff, and not on the TODO of other plugins, I can start from there and we can make a checklist of all leftover rules (minus duplicates) after.

[Avasam]

For a bit more context about rules and how I was using Sonar:

• VSCode extension: https://github.com/SonarSource/sonarlint-vscode (I only stopped using it because it was not configurable per-workspace. Not CI-enforcable, but I'm still using https://sonarcloud.io as a non-blocking check)
• SonarQube Python plugin: https://github.com/SonarSource/sonar-python
• SonarSource python rules: https://rules.sonarsource.com/python/

List of Rules

- [Credentials should not be hard-coded Vulnerability `RSPEC-6437`](https://rules.sonarsource.com/python/RSPEC-6437/) - [Server-side templates should not be vulnerable to injection attacks Vulnerability `RSPEC-5496`](https://rules.sonarsource.com/python/RSPEC-5496/) - [Dynamic code execution should not be vulnerable to injection attacks Vulnerability `RSPEC-5334`](https://rules.sonarsource.com/python/RSPEC-5334/) - [NoSQL operations should not be vulnerable to injection attacks Vulnerability `RSPEC-5147`](https://rules.sonarsource.com/python/RSPEC-5147/) - [HTTP request redirections should not be open to forging attacks Vulnerability `RSPEC-5146`](https://rules.sonarsource.com/python/RSPEC-5146/) - [Deserialization should not be vulnerable to injection attacks Vulnerability `RSPEC-5135`](https://rules.sonarsource.com/python/RSPEC-5135/) - [Endpoints should not be vulnerable to reflected cross-site scripting (XSS) attacks Vulnerability `RSPEC-5131`](https://rules.sonarsource.com/python/RSPEC-5131/) - [Database queries should not be vulnerable to injection attacks Vulnerability `RSPEC-3649`](https://rules.sonarsource.com/python/RSPEC-3649/) - [XML parsers should not be vulnerable to XXE attacks Vulnerability `RSPEC-2755`](https://rules.sonarsource.com/python/RSPEC-2755/) - [A secure password should be used when connecting to a database Vulnerability `RSPEC-2115`](https://rules.sonarsource.com/python/RSPEC-2115/) - [XPath expressions should not be vulnerable to injection attacks Vulnerability `RSPEC-2091`](https://rules.sonarsource.com/python/RSPEC-2091/) - [I/O function calls should not be vulnerable to path injection attacks Vulnerability `RSPEC-2083`](https://rules.sonarsource.com/python/RSPEC-2083/) - [LDAP queries should not be vulnerable to injection attacks Vulnerability `RSPEC-2078`](https://rules.sonarsource.com/python/RSPEC-2078/) - [OS commands should not be vulnerable to command injection attacks Vulnerability `RSPEC-2076`](https://rules.sonarsource.com/python/RSPEC-2076/) - [Functions and methods should only return expected values Bug `RSPEC-935`](https://rules.sonarsource.com/python/RSPEC-935/) - [The number and name of arguments passed to a function should match its parameters Bug `RSPEC-930`](https://rules.sonarsource.com/python/RSPEC-930/) - [Equality checks should not be made against "numpy.nan" Bug `RSPEC-6725`](https://rules.sonarsource.com/python/RSPEC-6725/) - [Assert should not be called on a tuple literal Bug `RSPEC-5905`](https://rules.sonarsource.com/python/RSPEC-5905/) - [The "open" builtin function should be called with a valid mode Bug `RSPEC-5828`](https://rules.sonarsource.com/python/RSPEC-5828/) - [Only defined names should be listed in "__all__" Bug `RSPEC-5807`](https://rules.sonarsource.com/python/RSPEC-5807/) - [Calls should not be made to non-callable values Bug `RSPEC-5756`](https://rules.sonarsource.com/python/RSPEC-5756/) - [Property getter, setter and deleter methods should have the expected number of parameters Bug `RSPEC-5724`](https://rules.sonarsource.com/python/RSPEC-5724/) - [Special methods should have an expected number of parameters Bug `RSPEC-5722`](https://rules.sonarsource.com/python/RSPEC-5722/) - [Instance and class methods should have at least one positional parameter Bug `RSPEC-5719`](https://rules.sonarsource.com/python/RSPEC-5719/) - [Boolean expressions of exceptions should not be used in "except" statements Bug `RSPEC-5714`](https://rules.sonarsource.com/python/RSPEC-5714/) - [Caught Exceptions must derive from BaseException Bug `RSPEC-5708`](https://rules.sonarsource.com/python/RSPEC-5708/) - [Item operations should be done on objects supporting them Bug `RSPEC-5644`](https://rules.sonarsource.com/python/RSPEC-5644/) - ["in" and "not in" operators should be used on objects supporting them Bug `RSPEC-5642`](https://rules.sonarsource.com/python/RSPEC-5642/) - [Dictionary unpacking should only be done with "mapping" objects Bug `RSPEC-5633`](https://rules.sonarsource.com/python/RSPEC-5633/) - [Raised Exceptions must derive from BaseException Bug `RSPEC-5632`](https://rules.sonarsource.com/python/RSPEC-5632/) - [Operators should be used on compatible types Bug `RSPEC-5607`](https://rules.sonarsource.com/python/RSPEC-5607/) - [Function arguments should be passed only once Bug `RSPEC-5549`](https://rules.sonarsource.com/python/RSPEC-5549/) - [Iterable unpacking, "for-in" loops and "yield from" should use an Iterable object Bug `RSPEC-3862`](https://rules.sonarsource.com/python/RSPEC-3862/) - [Variables, classes and functions should be defined before being used Bug `RSPEC-3827`](https://rules.sonarsource.com/python/RSPEC-3827/) - [Identity operators should not be used with dissimilar types Bug `RSPEC-3403`](https://rules.sonarsource.com/python/RSPEC-3403/) - ["__iter__" should return an iterator Bug `RSPEC-2876`](https://rules.sonarsource.com/python/RSPEC-2876/) - [Only strings should be listed in "__all__" Bug `RSPEC-2823`](https://rules.sonarsource.com/python/RSPEC-2823/) - ["__init__" should not return a value Bug `RSPEC-2734`](https://rules.sonarsource.com/python/RSPEC-2734/) - ["yield" and "return" should not be used outside functions Bug `RSPEC-2711`](https://rules.sonarsource.com/python/RSPEC-2711/) - [String formatting should not lead to runtime errors Bug `RSPEC-2275`](https://rules.sonarsource.com/python/RSPEC-2275/) - [Recursion should not be infinite Bug `RSPEC-2190`](https://rules.sonarsource.com/python/RSPEC-2190/) - [Silly equality checks should not be made Bug `RSPEC-2159`](https://rules.sonarsource.com/python/RSPEC-2159/) - [Creating public APIs is security-sensitive Security Hotspot `RSPEC-6333`](https://rules.sonarsource.com/python/RSPEC-6333/) - [Allowing public network access to cloud resources is security-sensitive Security Hotspot `RSPEC-6329`](https://rules.sonarsource.com/python/RSPEC-6329/) - [Policies granting access to all resources of an account are security-sensitive Security Hotspot `RSPEC-6304`](https://rules.sonarsource.com/python/RSPEC-6304/) - [Policies granting all privileges are security-sensitive Security Hotspot `RSPEC-6302`](https://rules.sonarsource.com/python/RSPEC-6302/) - [Policies authorizing public access to resources are security-sensitive Security Hotspot `RSPEC-6270`](https://rules.sonarsource.com/python/RSPEC-6270/) - [Granting access to S3 buckets to all or authenticated users is security-sensitive Security Hotspot `RSPEC-6265`](https://rules.sonarsource.com/python/RSPEC-6265/) - [Hard-coded credentials are security-sensitive Security Hotspot `RSPEC-2068`](https://rules.sonarsource.com/python/RSPEC-2068/) - [Functions returns should not be invariant Code Smell `RSPEC-3516`](https://rules.sonarsource.com/python/RSPEC-3516/) - [The "exec" statement should not be used Code Smell `RSPEC-2317`](https://rules.sonarsource.com/python/RSPEC-2317/) - [Backticks should not be used Code Smell `RSPEC-2316`](https://rules.sonarsource.com/python/RSPEC-2316/) - [Methods and field names should not differ only by capitalization Code Smell `RSPEC-1845`](https://rules.sonarsource.com/python/RSPEC-1845/) - [AWS IAM policies should limit the scope of permissions given Vulnerability `RSPEC-6317`](https://rules.sonarsource.com/python/RSPEC-6317/) - [JWT should be signed and verified Vulnerability `RSPEC-5659`](https://rules.sonarsource.com/python/RSPEC-5659/) - [Cipher algorithms should be robust Vulnerability `RSPEC-5547`](https://rules.sonarsource.com/python/RSPEC-5547/) - [Encryption algorithms should be used with secure mode and padding scheme Vulnerability `RSPEC-5542`](https://rules.sonarsource.com/python/RSPEC-5542/) - [Server hostnames should be verified during SSL/TLS connections Vulnerability `RSPEC-5527`](https://rules.sonarsource.com/python/RSPEC-5527/) - [Insecure temporary file creation methods should not be used Vulnerability `RSPEC-5445`](https://rules.sonarsource.com/python/RSPEC-5445/) - [Server certificates should be verified during SSL/TLS connections Vulnerability `RSPEC-4830`](https://rules.sonarsource.com/python/RSPEC-4830/) - [LDAP connections should be authenticated Vulnerability `RSPEC-4433`](https://rules.sonarsource.com/python/RSPEC-4433/) - [Cryptographic key generation should be based on strong parameters Vulnerability `RSPEC-4426`](https://rules.sonarsource.com/python/RSPEC-4426/) - [Weak SSL/TLS protocols should not be used Vulnerability `RSPEC-4423`](https://rules.sonarsource.com/python/RSPEC-4423/) - [Cipher Block Chaining IVs should be unpredictable Vulnerability `RSPEC-3329`](https://rules.sonarsource.com/python/RSPEC-3329/) - [Regular expressions should not be vulnerable to Denial of Service attacks Vulnerability `RSPEC-2631`](https://rules.sonarsource.com/python/RSPEC-2631/) - [Hashes should include an unpredictable salt Vulnerability `RSPEC-2053`](https://rules.sonarsource.com/python/RSPEC-2053/) - [Regex lookahead assertions should not be contradictory Bug `RSPEC-6002`](https://rules.sonarsource.com/python/RSPEC-6002/) - [Back references in regular expressions should only refer to capturing groups that are matched before the reference Bug `RSPEC-6001`](https://rules.sonarsource.com/python/RSPEC-6001/) - [Regex boundaries should not be used in a way that can never be matched Bug `RSPEC-5996`](https://rules.sonarsource.com/python/RSPEC-5996/) - [Regex patterns following a possessive quantifier should not always fail Bug `RSPEC-5994`](https://rules.sonarsource.com/python/RSPEC-5994/) - [Assertions comparing incompatible types should not be made Bug `RSPEC-5845`](https://rules.sonarsource.com/python/RSPEC-5845/) - [Exceptions' "__cause__" should be either an Exception or None Bug `RSPEC-5707`](https://rules.sonarsource.com/python/RSPEC-5707/) - [Zero should not be a possible denominator Bug `RSPEC-3518`](https://rules.sonarsource.com/python/RSPEC-3518/) - ["break" and "continue" should not be used outside a loop Bug `RSPEC-1716`](https://rules.sonarsource.com/python/RSPEC-1716/) - [Break, continue and return statements should not occur in "finally" blocks Bug `RSPEC-1143`](https://rules.sonarsource.com/python/RSPEC-1143/) - [Allowing public ACLs or policies on a S3 bucket is security-sensitive Security Hotspot `RSPEC-6281`](https://rules.sonarsource.com/python/RSPEC-6281/) - [Using slow regular expressions is security-sensitive Security Hotspot `RSPEC-5852`](https://rules.sonarsource.com/python/RSPEC-5852/) - [Using publicly writable directories is security-sensitive Security Hotspot `RSPEC-5443`](https://rules.sonarsource.com/python/RSPEC-5443/) - [Using clear-text protocols is security-sensitive Security Hotspot `RSPEC-5332`](https://rules.sonarsource.com/python/RSPEC-5332/) - [Expanding archive files without controlling resource consumption is security-sensitive Security Hotspot `RSPEC-5042`](https://rules.sonarsource.com/python/RSPEC-5042/) - [Signaling processes is security-sensitive Security Hotspot `RSPEC-4828`](https://rules.sonarsource.com/python/RSPEC-4828/) - [Configuring loggers is security-sensitive Security Hotspot `RSPEC-4792`](https://rules.sonarsource.com/python/RSPEC-4792/) - [Using weak hashing algorithms is security-sensitive Security Hotspot `RSPEC-4790`](https://rules.sonarsource.com/python/RSPEC-4790/) - [Disabling CSRF protections is security-sensitive Security Hotspot `RSPEC-4502`](https://rules.sonarsource.com/python/RSPEC-4502/) - [Using non-standard cryptographic algorithms is security-sensitive Security Hotspot `RSPEC-2257`](https://rules.sonarsource.com/python/RSPEC-2257/) - [Using pseudorandom number generators (PRNGs) is security-sensitive Security Hotspot `RSPEC-2245`](https://rules.sonarsource.com/python/RSPEC-2245/) - [Constants should not be used as conditions Code Smell `RSPEC-5797`](https://rules.sonarsource.com/python/RSPEC-5797/) - ["SystemExit" should be re-raised Code Smell `RSPEC-5754`](https://rules.sonarsource.com/python/RSPEC-5754/) - [Bare "raise" statements should only be used in "except" blocks Code Smell `RSPEC-5747`](https://rules.sonarsource.com/python/RSPEC-5747/) - [Comparison to None should not be constant Code Smell `RSPEC-5727`](https://rules.sonarsource.com/python/RSPEC-5727/) - ["self" should be the first argument to instance methods Code Smell `RSPEC-5720`](https://rules.sonarsource.com/python/RSPEC-5720/) - [Function parameters' default values should not be modified or assigned Code Smell `RSPEC-5717`](https://rules.sonarsource.com/python/RSPEC-5717/) - [Some special methods should return "NotImplemented" instead of raising "NotImplementedError" Code Smell `RSPEC-5712`](https://rules.sonarsource.com/python/RSPEC-5712/) - [Custom Exception classes should inherit from "Exception" or one of its subclasses Code Smell `RSPEC-5709`](https://rules.sonarsource.com/python/RSPEC-5709/) - [Bare "raise" statements should not be used in "finally" blocks Code Smell `RSPEC-5704`](https://rules.sonarsource.com/python/RSPEC-5704/) - [Arguments given to functions should be of an expected type Code Smell `RSPEC-5655`](https://rules.sonarsource.com/python/RSPEC-5655/) - [`str.replace` should be preferred to `re.sub` Code Smell `RSPEC-5361`](https://rules.sonarsource.com/python/RSPEC-5361/) - [Unread "private" attributes should be removed Code Smell `RSPEC-4487`](https://rules.sonarsource.com/python/RSPEC-4487/) - [Cognitive Complexity of functions should not be too high Code Smell `RSPEC-3776`](https://rules.sonarsource.com/python/RSPEC-3776/) - [The first argument to class methods should follow the naming convention Code Smell `RSPEC-2710`](https://rules.sonarsource.com/python/RSPEC-2710/) - [Method overrides should not change contracts Code Smell `RSPEC-2638`](https://rules.sonarsource.com/python/RSPEC-2638/) - [Wildcard imports should not be used Code Smell `RSPEC-2208`](https://rules.sonarsource.com/python/RSPEC-2208/) - [String literals should not be duplicated Code Smell `RSPEC-1192`](https://rules.sonarsource.com/python/RSPEC-1192/) - [Functions and methods should not be empty Code Smell `RSPEC-1186`](https://rules.sonarsource.com/python/RSPEC-1186/) - [Applications should not create session cookies from untrusted input Vulnerability `RSPEC-6287`](https://rules.sonarsource.com/python/RSPEC-6287/) - [Server-side requests should not be vulnerable to forging attacks Vulnerability `RSPEC-5144`](https://rules.sonarsource.com/python/RSPEC-5144/) - [Non-empty statements should change control flow or have at least one side-effect Bug `RSPEC-905`](https://rules.sonarsource.com/python/RSPEC-905/) - [The abs_tol parameter should be provided when using math.isclose to compare values to 0 Bug `RSPEC-6727`](https://rules.sonarsource.com/python/RSPEC-6727/) - [Sequence indexes must have an __index__ method Bug `RSPEC-6663`](https://rules.sonarsource.com/python/RSPEC-6663/) - [Set members and dictionary keys should be hashable Bug `RSPEC-6662`](https://rules.sonarsource.com/python/RSPEC-6662/) - [The "safe" flag should be set to "False" when serializing non-dictionary objects in Django JSON-encoded responses. Bug `RSPEC-6560`](https://rules.sonarsource.com/python/RSPEC-6560/) - [Django signal handler functions should have the '@receiver' decorator on top of all other decorators Bug `RSPEC-6552`](https://rules.sonarsource.com/python/RSPEC-6552/) - [ExceptionGroup and BaseExceptionGroup should not be caught with except* Bug `RSPEC-6468`](https://rules.sonarsource.com/python/RSPEC-6468/) - [Accessing list elements should not trigger an IndexError Bug `RSPEC-6466`](https://rules.sonarsource.com/python/RSPEC-6466/) - [Unpacking should be done with the same number of elements of the iterable. Bug `RSPEC-6465`](https://rules.sonarsource.com/python/RSPEC-6465/) - [Non-existent dictionary keys should not be accessed Bug `RSPEC-6464`](https://rules.sonarsource.com/python/RSPEC-6464/) - [Collections should not be modified while they are iterated Bug `RSPEC-6417`](https://rules.sonarsource.com/python/RSPEC-6417/) - [Replacement strings should reference existing regular expression groups Bug `RSPEC-6328`](https://rules.sonarsource.com/python/RSPEC-6328/) - [Alternation in regular expressions should not contain empty alternatives Bug `RSPEC-6323`](https://rules.sonarsource.com/python/RSPEC-6323/) - [Unicode Grapheme Clusters should be avoided inside regex character classes Bug `RSPEC-5868`](https://rules.sonarsource.com/python/RSPEC-5868/) - [Regex alternatives should not be redundant Bug `RSPEC-5855`](https://rules.sonarsource.com/python/RSPEC-5855/) - [Alternatives in regular expressions should be grouped when used with anchors Bug `RSPEC-5850`](https://rules.sonarsource.com/python/RSPEC-5850/) - [New objects should not be created only to check their identity Bug `RSPEC-5796`](https://rules.sonarsource.com/python/RSPEC-5796/) - [Collection content should not be replaced unconditionally Bug `RSPEC-4143`](https://rules.sonarsource.com/python/RSPEC-4143/) - [Exceptions should not be created without being raised Bug `RSPEC-3984`](https://rules.sonarsource.com/python/RSPEC-3984/) - [Collection sizes and array length comparisons should make sense Bug `RSPEC-3981`](https://rules.sonarsource.com/python/RSPEC-3981/) - [All branches in a conditional structure should not have exactly the same implementation Bug `RSPEC-3923`](https://rules.sonarsource.com/python/RSPEC-3923/) - [The output of functions that don't return anything should not be used Bug `RSPEC-3699`](https://rules.sonarsource.com/python/RSPEC-3699/) - [Non-existent operators like "=+" should not be used Bug `RSPEC-2757`](https://rules.sonarsource.com/python/RSPEC-2757/) - [Conditionally executed code should be reachable Bug `RSPEC-2583`](https://rules.sonarsource.com/python/RSPEC-2583/) - [Increment and decrement operators should not be used Bug `RSPEC-2319`](https://rules.sonarsource.com/python/RSPEC-2319/) - [Attributes should not be accessed on "None" values Bug `RSPEC-2259`](https://rules.sonarsource.com/python/RSPEC-2259/) - [Return values from functions without side effects should not be ignored Bug `RSPEC-2201`](https://rules.sonarsource.com/python/RSPEC-2201/) - [Related "if/else if" statements should not have the same condition Bug `RSPEC-1862`](https://rules.sonarsource.com/python/RSPEC-1862/) - [Identical expressions should not be used on both sides of a binary operator Bug `RSPEC-1764`](https://rules.sonarsource.com/python/RSPEC-1764/) - [All code should be reachable Bug `RSPEC-1763`](https://rules.sonarsource.com/python/RSPEC-1763/) - [Loops with at most one iteration should be refactored Bug `RSPEC-1751`](https://rules.sonarsource.com/python/RSPEC-1751/) - [Variables should not be self-assigned Bug `RSPEC-1656`](https://rules.sonarsource.com/python/RSPEC-1656/) - [Floating point numbers should not be tested for equality Bug `RSPEC-1244`](https://rules.sonarsource.com/python/RSPEC-1244/) - [All "except" blocks should be able to catch exceptions Bug `RSPEC-1045`](https://rules.sonarsource.com/python/RSPEC-1045/) - [Allowing unrestricted outbound communications is security-sensitive Security Hotspot `RSPEC-6463`](https://rules.sonarsource.com/python/RSPEC-6463/) - [Constructing arguments of system commands from user input is security-sensitive Security Hotspot `RSPEC-6350`](https://rules.sonarsource.com/python/RSPEC-6350/) - [Using unencrypted EFS file systems is security-sensitive Security Hotspot `RSPEC-6332`](https://rules.sonarsource.com/python/RSPEC-6332/) - [Using unencrypted SQS queues is security-sensitive Security Hotspot `RSPEC-6330`](https://rules.sonarsource.com/python/RSPEC-6330/) - [Using unencrypted SNS topics is security-sensitive Security Hotspot `RSPEC-6327`](https://rules.sonarsource.com/python/RSPEC-6327/) - [Using unencrypted SageMaker notebook instances is security-sensitive Security Hotspot `RSPEC-6319`](https://rules.sonarsource.com/python/RSPEC-6319/) - [Using unencrypted OpenSearch domains is security-sensitive Security Hotspot `RSPEC-6308`](https://rules.sonarsource.com/python/RSPEC-6308/) - [Using unencrypted RDS DB resources is security-sensitive Security Hotspot `RSPEC-6303`](https://rules.sonarsource.com/python/RSPEC-6303/) - [Using unencrypted EBS volumes is security-sensitive Security Hotspot `RSPEC-6275`](https://rules.sonarsource.com/python/RSPEC-6275/) - [Disabling auto-escaping in template engines is security-sensitive Security Hotspot `RSPEC-5247`](https://rules.sonarsource.com/python/RSPEC-5247/) - [Setting loose POSIX file permissions is security-sensitive Security Hotspot `RSPEC-2612`](https://rules.sonarsource.com/python/RSPEC-2612/) - [Formatting SQL queries is security-sensitive Security Hotspot `RSPEC-2077`](https://rules.sonarsource.com/python/RSPEC-2077/) - [pandas.pipe method should be preferred over long chains of instructions Code Smell `RSPEC-6742`](https://rules.sonarsource.com/python/RSPEC-6742/) - [The "pandas.DataFrame.to_numpy()" method should be preferred to the "pandas.DataFrame.values" attribute Code Smell `RSPEC-6741`](https://rules.sonarsource.com/python/RSPEC-6741/) - [When using pandas.merge or pandas.join, the parameters on, how and validate should be provided Code Smell `RSPEC-6735`](https://rules.sonarsource.com/python/RSPEC-6735/) - [inplace=True should not be used when modifying a Pandas DataFrame Code Smell `RSPEC-6734`](https://rules.sonarsource.com/python/RSPEC-6734/) - [Deprecated NumPy aliases of built-in types should not be used Code Smell `RSPEC-6730`](https://rules.sonarsource.com/python/RSPEC-6730/) - [np.nonzero should be preferred over np.where when only the condition parameter is set Code Smell `RSPEC-6729`](https://rules.sonarsource.com/python/RSPEC-6729/) - [Passing a list to np.array should be preferred over passing a generator Code Smell `RSPEC-6714`](https://rules.sonarsource.com/python/RSPEC-6714/) - [numpy.random.Generator should be preferred to numpy.random.RandomState Code Smell `RSPEC-6711`](https://rules.sonarsource.com/python/RSPEC-6711/) - [Results that depend on random number generation should be reproducible Code Smell `RSPEC-6709`](https://rules.sonarsource.com/python/RSPEC-6709/) - [Fields of a Django ModelFom should be defined explicitly Code Smell `RSPEC-6559`](https://rules.sonarsource.com/python/RSPEC-6559/) - ["locals()" should not be passed to a Django "render()" function Code Smell `RSPEC-6556`](https://rules.sonarsource.com/python/RSPEC-6556/) - ['null=True' should not be used on string-based fields in Django models Code Smell `RSPEC-6553`](https://rules.sonarsource.com/python/RSPEC-6553/) - [Union type expressions should be preferred over "typing.Union" in type hints Code Smell `RSPEC-6546`](https://rules.sonarsource.com/python/RSPEC-6546/) - [Octal escape sequences should not be used in regular expressions Code Smell `RSPEC-6537`](https://rules.sonarsource.com/python/RSPEC-6537/) - [Character classes in regular expressions should not contain only one character Code Smell `RSPEC-6397`](https://rules.sonarsource.com/python/RSPEC-6397/) - [Superfluous curly brace quantifiers should be avoided Code Smell `RSPEC-6396`](https://rules.sonarsource.com/python/RSPEC-6396/) - [Non-capturing groups without quantifier should not be used Code Smell `RSPEC-6395`](https://rules.sonarsource.com/python/RSPEC-6395/) - [Regular expressions should not contain empty groups Code Smell `RSPEC-6331`](https://rules.sonarsource.com/python/RSPEC-6331/) - [Regular expressions should not contain multiple spaces Code Smell `RSPEC-6326`](https://rules.sonarsource.com/python/RSPEC-6326/) - [Single-character alternations in regular expressions should be replaced with character classes Code Smell `RSPEC-6035`](https://rules.sonarsource.com/python/RSPEC-6035/) - [Reluctant quantifiers in regular expressions should be followed by an expression that can't match the empty string Code Smell `RSPEC-6019`](https://rules.sonarsource.com/python/RSPEC-6019/) - [Assertions should not fail or succeed unconditionally Code Smell `RSPEC-5914`](https://rules.sonarsource.com/python/RSPEC-5914/) - [Values assigned to variables should match their type annotations Code Smell `RSPEC-5890`](https://rules.sonarsource.com/python/RSPEC-5890/) - [Function return types should be consistent with their type hint Code Smell `RSPEC-5886`](https://rules.sonarsource.com/python/RSPEC-5886/) - [Character classes in regular expressions should not contain the same character twice Code Smell `RSPEC-5869`](https://rules.sonarsource.com/python/RSPEC-5869/) - [Type checks shouldn't be confusing Code Smell `RSPEC-5864`](https://rules.sonarsource.com/python/RSPEC-5864/) - [Names of regular expressions named groups should be used Code Smell `RSPEC-5860`](https://rules.sonarsource.com/python/RSPEC-5860/) - [Regular expressions should not be too complicated Code Smell `RSPEC-5843`](https://rules.sonarsource.com/python/RSPEC-5843/) - [Builtins should not be shadowed by local variables Code Smell `RSPEC-5806`](https://rules.sonarsource.com/python/RSPEC-5806/) - [Implicit string and byte concatenations should not be confusing Code Smell `RSPEC-5799`](https://rules.sonarsource.com/python/RSPEC-5799/) - [Identity comparisons should not be used with cached types Code Smell `RSPEC-5795`](https://rules.sonarsource.com/python/RSPEC-5795/) - [Expressions creating sets should not have duplicate values Code Smell `RSPEC-5781`](https://rules.sonarsource.com/python/RSPEC-5781/) - [Expressions creating dictionaries should not have duplicate keys Code Smell `RSPEC-5780`](https://rules.sonarsource.com/python/RSPEC-5780/) - [Special method "__exit__" should not re-raise the provided exception Code Smell `RSPEC-5706`](https://rules.sonarsource.com/python/RSPEC-5706/) - [Unused scope-limited definitions should be removed Code Smell `RSPEC-5603`](https://rules.sonarsource.com/python/RSPEC-5603/) - [Functions and methods should not have identical implementations Code Smell `RSPEC-4144`](https://rules.sonarsource.com/python/RSPEC-4144/) - [Unused private nested classes should be removed Code Smell `RSPEC-3985`](https://rules.sonarsource.com/python/RSPEC-3985/) - [String formatting should be used correctly Code Smell `RSPEC-3457`](https://rules.sonarsource.com/python/RSPEC-3457/) - [Conditional expressions should not be nested Code Smell `RSPEC-3358`](https://rules.sonarsource.com/python/RSPEC-3358/) - [Loops without "break" should not have "else" clauses Code Smell `RSPEC-2836`](https://rules.sonarsource.com/python/RSPEC-2836/) - [Doubled prefix operators "not" and "~" should not be used Code Smell `RSPEC-2761`](https://rules.sonarsource.com/python/RSPEC-2761/) - [Boolean expressions should not be gratuitous Code Smell `RSPEC-2589`](https://rules.sonarsource.com/python/RSPEC-2589/) - [The "print" statement should not be used Code Smell `RSPEC-2320`](https://rules.sonarsource.com/python/RSPEC-2320/) - ["<>" should not be used to test inequality Code Smell `RSPEC-2318`](https://rules.sonarsource.com/python/RSPEC-2318/) - [Two branches in a conditional structure should not have exactly the same implementation Code Smell `RSPEC-1871`](https://rules.sonarsource.com/python/RSPEC-1871/) - [Unused assignments should be removed Code Smell `RSPEC-1854`](https://rules.sonarsource.com/python/RSPEC-1854/) - [A field should not duplicate the name of its containing class Code Smell `RSPEC-1700`](https://rules.sonarsource.com/python/RSPEC-1700/) - [A reason should be provided when skipping a test Code Smell `RSPEC-1607`](https://rules.sonarsource.com/python/RSPEC-1607/) - [Function names should comply with a naming convention Code Smell `RSPEC-1542`](https://rules.sonarsource.com/python/RSPEC-1542/) - [Functions and lambdas should not reference variables defined in enclosing loops Code Smell `RSPEC-1515`](https://rules.sonarsource.com/python/RSPEC-1515/) - [Sections of code should not be commented out Code Smell `RSPEC-125`](https://rules.sonarsource.com/python/RSPEC-125/) - [Unused function parameters should be removed Code Smell `RSPEC-1172`](https://rules.sonarsource.com/python/RSPEC-1172/) - [Unused class-private methods should be removed Code Smell `RSPEC-1144`](https://rules.sonarsource.com/python/RSPEC-1144/) - [Track uses of "FIXME" tags Code Smell `RSPEC-1134`](https://rules.sonarsource.com/python/RSPEC-1134/) - ["Exception" and "BaseException" should not be raised Code Smell `RSPEC-112`](https://rules.sonarsource.com/python/RSPEC-112/) - [Redundant pairs of parentheses should be removed Code Smell `RSPEC-1110`](https://rules.sonarsource.com/python/RSPEC-1110/) - [Nested blocks of code should not be left empty Code Smell `RSPEC-108`](https://rules.sonarsource.com/python/RSPEC-108/) - [Functions, methods and lambdas should not have too many parameters Code Smell `RSPEC-107`](https://rules.sonarsource.com/python/RSPEC-107/) - [Collapsible "if" statements should be merged Code Smell `RSPEC-1066`](https://rules.sonarsource.com/python/RSPEC-1066/) - [Administration services access should be restricted to specific IP addresses Vulnerability `RSPEC-6321`](https://rules.sonarsource.com/python/RSPEC-6321/) - [Logging should not be vulnerable to injection attacks Vulnerability `RSPEC-5145`](https://rules.sonarsource.com/python/RSPEC-5145/) - [Repeated patterns in regular expressions should not match the empty string Bug `RSPEC-5842`](https://rules.sonarsource.com/python/RSPEC-5842/) - [Function parameters initial values should not be ignored Bug `RSPEC-1226`](https://rules.sonarsource.com/python/RSPEC-1226/) - [Disabling versioning of S3 buckets is security-sensitive Security Hotspot `RSPEC-6252`](https://rules.sonarsource.com/python/RSPEC-6252/) - [Disabling server-side encryption of S3 buckets is security-sensitive Security Hotspot `RSPEC-6245`](https://rules.sonarsource.com/python/RSPEC-6245/) - [Having a permissive Cross-Origin Resource Sharing policy is security-sensitive Security Hotspot `RSPEC-5122`](https://rules.sonarsource.com/python/RSPEC-5122/) - [Delivering code in production with debug features activated is security-sensitive Security Hotspot `RSPEC-4507`](https://rules.sonarsource.com/python/RSPEC-4507/) - [Allowing both safe and unsafe HTTP methods is security-sensitive Security Hotspot `RSPEC-3752`](https://rules.sonarsource.com/python/RSPEC-3752/) - [Creating cookies without the "HttpOnly" flag is security-sensitive Security Hotspot `RSPEC-3330`](https://rules.sonarsource.com/python/RSPEC-3330/) - [Creating cookies without the "secure" flag is security-sensitive Security Hotspot `RSPEC-2092`](https://rules.sonarsource.com/python/RSPEC-2092/) - [Using hardcoded IP addresses is security-sensitive Security Hotspot `RSPEC-1313`](https://rules.sonarsource.com/python/RSPEC-1313/) - ['isinstance()' should be preferred to direct type comparisons Code Smell `RSPEC-6660`](https://rules.sonarsource.com/python/RSPEC-6660/) - ['startswith' or 'endswith' methods should be used instead of string slicing in condition expressions Code Smell `RSPEC-6659`](https://rules.sonarsource.com/python/RSPEC-6659/) - [Regular expression quantifiers and character classes should be used concisely Code Smell `RSPEC-6353`](https://rules.sonarsource.com/python/RSPEC-6353/) - [Character classes should be preferred over reluctant quantifiers in regular expressions Code Smell `RSPEC-5857`](https://rules.sonarsource.com/python/RSPEC-5857/) - [A subclass should not be in the same "except" statement as a parent class Code Smell `RSPEC-5713`](https://rules.sonarsource.com/python/RSPEC-5713/) - [Walrus operator should not make code confusing Code Smell `RSPEC-5685`](https://rules.sonarsource.com/python/RSPEC-5685/) - [Jump statements should not be redundant Code Smell `RSPEC-3626`](https://rules.sonarsource.com/python/RSPEC-3626/) - ["pass" should not be used needlessly Code Smell `RSPEC-2772`](https://rules.sonarsource.com/python/RSPEC-2772/) - ["except" clauses should do more than raise the same issue Code Smell `RSPEC-2737`](https://rules.sonarsource.com/python/RSPEC-2737/) - [Boolean checks should not be inverted Code Smell `RSPEC-1940`](https://rules.sonarsource.com/python/RSPEC-1940/) - [Unused local variables should be removed Code Smell `RSPEC-1481`](https://rules.sonarsource.com/python/RSPEC-1481/) - [Local variable and function parameter names should comply with a naming convention Code Smell `RSPEC-117`](https://rules.sonarsource.com/python/RSPEC-117/) - [Field names should comply with a naming convention Code Smell `RSPEC-116`](https://rules.sonarsource.com/python/RSPEC-116/) - [Class names should comply with a naming convention Code Smell `RSPEC-101`](https://rules.sonarsource.com/python/RSPEC-101/) - [Method names should comply with a naming convention Code Smell `RSPEC-100`](https://rules.sonarsource.com/python/RSPEC-100/) - [Track uses of "TODO" tags Code Smell `RSPEC-1135`](https://rules.sonarsource.com/python/RSPEC-1135/) - [HTML autoescape mechanism should not be globally disabled Vulnerability `RSPEC-5439`](https://rules.sonarsource.com/python/RSPEC-5439/) - [Variables, classes and functions should be either defined or imported Bug `RSPEC-5953`](https://rules.sonarsource.com/python/RSPEC-5953/) - ["__exit__" should accept type, value, and traceback arguments Bug `RSPEC-2733`](https://rules.sonarsource.com/python/RSPEC-2733/) - ["return" and "yield" should not be used in the same function Bug `RSPEC-2712`](https://rules.sonarsource.com/python/RSPEC-2712/) - [Track lack of copyright and license headers Code Smell `RSPEC-1451`](https://rules.sonarsource.com/python/RSPEC-1451/) - [HTTP response headers should not be vulnerable to injection attacks Vulnerability `RSPEC-5167`](https://rules.sonarsource.com/python/RSPEC-5167/) - [Assertions should not be made at the end of blocks expecting an exception Bug `RSPEC-5915`](https://rules.sonarsource.com/python/RSPEC-5915/) - [Regular expressions should be syntactically valid Bug `RSPEC-5856`](https://rules.sonarsource.com/python/RSPEC-5856/) - [Sending emails is security-sensitive Security Hotspot `RSPEC-5300`](https://rules.sonarsource.com/python/RSPEC-5300/) - [Reading the Standard Input is security-sensitive Security Hotspot `RSPEC-4829`](https://rules.sonarsource.com/python/RSPEC-4829/) - [Using command line arguments is security-sensitive Security Hotspot `RSPEC-4823`](https://rules.sonarsource.com/python/RSPEC-4823/) - [Encrypting data is security-sensitive Security Hotspot `RSPEC-4787`](https://rules.sonarsource.com/python/RSPEC-4787/) - [Using regular expressions is security-sensitive Security Hotspot `RSPEC-4784`](https://rules.sonarsource.com/python/RSPEC-4784/) - [Dynamically executing code is security-sensitive Security Hotspot `RSPEC-1523`](https://rules.sonarsource.com/python/RSPEC-1523/) - [Cyclomatic Complexity of functions should not be too high Code Smell `RSPEC-1541`](https://rules.sonarsource.com/python/RSPEC-1541/) - [Control flow statements "if", "for", "while", "try" and "with" should not be nested too deeply Code Smell `RSPEC-134`](https://rules.sonarsource.com/python/RSPEC-134/) - [Cyclomatic Complexity of classes should not be too high Code Smell `RSPEC-1311`](https://rules.sonarsource.com/python/RSPEC-1311/) - ["\" should only be used as an escape character outside of raw strings Bug `RSPEC-1717`](https://rules.sonarsource.com/python/RSPEC-1717/) - [Using shell interpreter when executing OS commands is security-sensitive Security Hotspot `RSPEC-4721`](https://rules.sonarsource.com/python/RSPEC-4721/) - ['dtype' parameter should be provided when using 'pandas.read_csv' or 'pandas.read_table' Code Smell `RSPEC-6740`](https://rules.sonarsource.com/python/RSPEC-6740/) - [Django models should define a "__str__" method Code Smell `RSPEC-6554`](https://rules.sonarsource.com/python/RSPEC-6554/) - [Type hints of generic types should specify their type parameters Code Smell `RSPEC-6543`](https://rules.sonarsource.com/python/RSPEC-6543/) - [Any should not be used as a type hint Code Smell `RSPEC-6542`](https://rules.sonarsource.com/python/RSPEC-6542/) - [Function parameters should have type hints Code Smell `RSPEC-6540`](https://rules.sonarsource.com/python/RSPEC-6540/) - [Function returns should have type hints Code Smell `RSPEC-6538`](https://rules.sonarsource.com/python/RSPEC-6538/) - [Test methods should be discoverable Code Smell `RSPEC-5899`](https://rules.sonarsource.com/python/RSPEC-5899/) - [Functions should use "return" consistently Code Smell `RSPEC-3801`](https://rules.sonarsource.com/python/RSPEC-3801/) - [Python parser failure Code Smell `RSPEC-2260`](https://rules.sonarsource.com/python/RSPEC-2260/) - [Files should not be too complex Code Smell `RSPEC-1908`](https://rules.sonarsource.com/python/RSPEC-1908/) - [Docstrings should be defined Code Smell `RSPEC-1720`](https://rules.sonarsource.com/python/RSPEC-1720/) - [Functions should not have too many lines of code Code Smell `RSPEC-138`](https://rules.sonarsource.com/python/RSPEC-138/) - [Track uses of "NOSONAR" comments Code Smell `RSPEC-1291`](https://rules.sonarsource.com/python/RSPEC-1291/) - [Track comments matching a regular expression Code Smell `RSPEC-124`](https://rules.sonarsource.com/python/RSPEC-124/) - [Statements should be on separate lines Code Smell `RSPEC-122`](https://rules.sonarsource.com/python/RSPEC-122/) - [Functions should not contain too many return statements Code Smell `RSPEC-1142`](https://rules.sonarsource.com/python/RSPEC-1142/) - [Files should not have too many lines of code Code Smell `RSPEC-104`](https://rules.sonarsource.com/python/RSPEC-104/) - [Lines should not be too long Code Smell `RSPEC-103`](https://rules.sonarsource.com/python/RSPEC-103/) - [Assignments of lambdas to variables should be replaced by function definitions Code Smell `RSPEC-6661`](https://rules.sonarsource.com/python/RSPEC-6661/) - [Built-in generic types should be preferred over the typing module in type hints Code Smell `RSPEC-6545`](https://rules.sonarsource.com/python/RSPEC-6545/) - [Tests should be skipped explicitly Code Smell `RSPEC-5918`](https://rules.sonarsource.com/python/RSPEC-5918/) - [The most specific "unittest" assertion should be used Code Smell `RSPEC-5906`](https://rules.sonarsource.com/python/RSPEC-5906/) - [Methods and properties that don't access instance data should be static Code Smell `RSPEC-2325`](https://rules.sonarsource.com/python/RSPEC-2325/) - [New-style classes should be used Code Smell `RSPEC-1722`](https://rules.sonarsource.com/python/RSPEC-1722/) - [Parentheses should not be used after certain keywords Code Smell `RSPEC-1721`](https://rules.sonarsource.com/python/RSPEC-1721/) - [Track "TODO" and "FIXME" comments that do not contain a reference to a person Code Smell `RSPEC-1707`](https://rules.sonarsource.com/python/RSPEC-1707/) - [Module names should comply with a naming convention Code Smell `RSPEC-1578`](https://rules.sonarsource.com/python/RSPEC-1578/) - [Comments should not be located at the end of lines of code Code Smell `RSPEC-139`](https://rules.sonarsource.com/python/RSPEC-139/) - [Lines should not end with trailing whitespaces Code Smell `RSPEC-1131`](https://rules.sonarsource.com/python/RSPEC-1131/) - [Files should contain an empty newline at the end Code Smell `RSPEC-113`](https://rules.sonarsource.com/python/RSPEC-113/) - [Long suffix "L" should be upper case Code Smell `RSPEC-1129`](https://rules.sonarsource.com/python/RSPEC-1129/) - [Unnecessary imports should be removed Code Smell `RSPEC-1128`](https://rules.sonarsource.com/python/RSPEC-1128/) Extracted from rules page using ```js console.log(Array.from(document.querySelectorAll('ol[class^="RulesList"] a')).map(x => `- [${x.textContent.replace("__", "\_\_")} \`${x.href.split("/").at(-2)}\`](${x.href})`).join("\n")) ```

now for the tedious task of validating what is already implemented :P