SONARPY-4110 Rule S8492: "set.discard()" should be used instead of checking member… (#1072)

GitOrigin-RevId: 1a980aea27cec87786435de44534bfa1a6bad843

Author: guillaume-dequenne

python-checks/src/main/java/org/sonar/python/checks/OpenSourceCheckList.java

@@ -402,6 +402,7 @@ public Stream<Class<?>> getChecks() {
       SecureCookieCheck.class,
       SecureModeEncryptionAlgorithmsCheck.class,
       SelfAssignmentCheck.class,
+      SetDiscardOverRemoveCheck.class,
       SetDuplicateKeyCheck.class,
       SetUpdateOverForLoopCheck.class,
       SideEffectInTfFunctionCheck.class,

python-checks/src/main/java/org/sonar/python/checks/SetDiscardOverRemoveCheck.java

@@ -0,0 +1,102 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * You can redistribute and/or modify this program under the terms of
+ * the Sonar Source-Available License Version 1, as published by SonarSource Sàrl.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.checks;
+
+import java.util.List;
+import java.util.Optional;
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.PythonSubscriptionCheck;
+import org.sonar.plugins.python.api.SubscriptionContext;
+import org.sonar.plugins.python.api.quickfix.PythonQuickFix;
+import org.sonar.plugins.python.api.tree.Argument;
+import org.sonar.plugins.python.api.tree.CallExpression;
+import org.sonar.plugins.python.api.tree.ExpressionStatement;
+import org.sonar.plugins.python.api.tree.IfStatement;
+import org.sonar.plugins.python.api.tree.InExpression;
+import org.sonar.plugins.python.api.tree.QualifiedExpression;
+import org.sonar.plugins.python.api.tree.RegularArgument;
+import org.sonar.plugins.python.api.tree.Statement;
+import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatcher;
+import org.sonar.plugins.python.api.types.v2.matchers.TypeMatchers;
+import org.sonar.python.checks.utils.CheckUtils;
+import org.sonar.python.quickfix.TextEditUtils;
+import org.sonar.python.tree.TreeUtils;
+
+@Rule(key = "S8492")
+public class SetDiscardOverRemoveCheck extends PythonSubscriptionCheck {
+
+  private static final String MESSAGE = "Use \"discard()\" instead of checking membership before calling \"remove()\".";
+  private static final String QUICK_FIX_MESSAGE = "Replace with \"discard()\"";
+  private static final String REMOVE_METHOD_NAME = "remove";
+  private static final TypeMatcher SET_TYPE_MATCHER = TypeMatchers.isObjectInstanceOf("builtins.set");
+
+  @Override
+  public void initialize(Context context) {
+    context.registerSyntaxNodeConsumer(Tree.Kind.IF_STMT, SetDiscardOverRemoveCheck::checkIfStatement);
+  }
+
+  private static void checkIfStatement(SubscriptionContext ctx) {
+    IfStatement ifStatement = (IfStatement) ctx.syntaxNode();
+    if (ifStatement.isElif()
+      || ifStatement.elseBranch() != null
+      || !ifStatement.elifBranches().isEmpty()) {
+      return;
+    }
+    if (!(ifStatement.condition() instanceof InExpression inExpression) || inExpression.notToken() != null) {
+      return;
+    }
+    List<Statement> statements = ifStatement.body().statements();
+    if (statements.size() != 1 || !(statements.get(0) instanceof ExpressionStatement expressionStatement)) {
+      return;
+    }
+    if (expressionStatement.expressions().size() != 1
+      || !(expressionStatement.expressions().get(0) instanceof CallExpression callExpression)) {
+      return;
+    }
+    if (!(callExpression.callee() instanceof QualifiedExpression qualifiedExpression)
+      || !REMOVE_METHOD_NAME.equals(qualifiedExpression.name().name())) {
+      return;
+    }
+    List<Argument> arguments = callExpression.arguments();
+    if (arguments.size() != 1 || !(arguments.get(0) instanceof RegularArgument regularArgument)
+      || regularArgument.keywordArgument() != null) {
+      return;
+    }
+    if (!CheckUtils.areEquivalent(qualifiedExpression.qualifier(), inExpression.rightOperand())
+      || !CheckUtils.areEquivalent(regularArgument.expression(), inExpression.leftOperand())) {
+      return;
+    }
+    if (!SET_TYPE_MATCHER.isTrueFor(qualifiedExpression.qualifier(), ctx)) {
+      return;
+    }
+    var issue = ctx.addIssue(inExpression, MESSAGE);
+    createQuickFix(ifStatement, qualifiedExpression, regularArgument).ifPresent(issue::addQuickFix);
+  }
+
+  private static Optional<PythonQuickFix> createQuickFix(IfStatement ifStatement, QualifiedExpression qualifiedExpression, RegularArgument argument) {
+    String qualifierText = TreeUtils.treeToString(qualifiedExpression.qualifier(), false);
+    String argumentText = TreeUtils.treeToString(argument.expression(), false);
+    if (qualifierText == null || argumentText == null) {
+      return Optional.empty();
+    }
+    String replacement = "%s.discard(%s)".formatted(qualifierText, argumentText);
+    return Optional.of(PythonQuickFix.newQuickFix(QUICK_FIX_MESSAGE)
+      .addTextEdit(TextEditUtils.replace(ifStatement, replacement))
+      .build());
+  }
+}

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S8492.html

@@ -0,0 +1,48 @@
+<p>This rule raises an issue when code checks if an element exists in a set using the <code>in</code> operator before calling <code>remove()</code> on
+that element.</p>
+<h2>Why is this an issue?</h2>
+<p>Checking whether an element exists in a set before removing it is unnecessary:</p>
+<pre>
+if x in my_set:
+    my_set.remove(x)
+</pre>
+<p>This pattern has two problems:</p>
+<ol>
+  <li><strong>double lookup</strong>: the code performs two hash table lookups - one for the membership check (<code>in</code>) and another for the
+  removal (<code>remove()</code>). Each lookup has a cost.</li>
+  <li><strong>less idiomatic</strong>: Python provides the <code>discard()</code> method specifically for this use case. Using it makes the code more
+  Pythonic and signals intent more clearly.</li>
+</ol>
+<p>The <code>discard()</code> method combines both operations into a single call. It removes the element if it exists and does nothing otherwise:</p>
+<pre>
+my_set.discard(x)  # Single lookup, no exception if x is not present
+</pre>
+<h3>What is the potential impact?</h3>
+<p>Using <code>discard()</code> improves readability and removes a redundant hash table lookup. In loops or performance-critical code, eliminating
+these extra lookups can provide measurable improvements.</p>
+<h2>How to fix it</h2>
+<p>Replace the conditional check and <code>remove()</code> call with a single <code>discard()</code> call. The <code>discard()</code> method safely
+removes the element if it exists and does nothing if it does not, without raising an exception.</p>
+<h3>Code examples</h3>
+<h4>Noncompliant code example</h4>
+<pre data-diff-id="1" data-diff-type="noncompliant">
+my_set = {1, 2, 3, 4, 5}
+value = 3
+
+if value in my_set:  # Noncompliant
+    my_set.remove(value)
+</pre>
+<h4>Compliant solution</h4>
+<pre data-diff-id="1" data-diff-type="compliant">
+my_set = {1, 2, 3, 4, 5}
+value = 3
+
+my_set.discard(value)
+</pre>
+<h2>Resources</h2>
+<h3>Documentation</h3>
+<ul>
+  <li>Python Documentation - <a href="https://docs.python.org/3/library/stdtypes.html#frozenset.discard"><code>set.discard()</code> method</a></li>
+  <li>Python Documentation - <a href="https://docs.python.org/3/library/stdtypes.html#frozenset.remove"><code>set.remove()</code> method</a></li>
+</ul>
+

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S8492.json

@@ -0,0 +1,25 @@
+{
+  "title": "\"set.discard()\" should be used instead of checking membership before removal",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "2 min"
+  },
+  "tags": [
+    "performance",
+    "pythonic",
+    "idiom"
+  ],
+  "defaultSeverity": "Minor",
+  "ruleSpecification": "RSPEC-8492",
+  "sqKey": "S8492",
+  "scope": "All",
+  "quickfix": "targeted",
+  "code": {
+    "impacts": {
+      "MAINTAINABILITY": "LOW"
+    },
+    "attribute": "CLEAR"
+  }
+}

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json

@@ -329,6 +329,7 @@
     "S8414",
     "S8415",
     "S8490",
+    "S8492",
     "S8493",
     "S8494",
     "S8495",

python-checks/src/test/java/org/sonar/python/checks/SetDiscardOverRemoveCheckTest.java

@@ -0,0 +1,38 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) SonarSource Sàrl
+ * mailto:info AT sonarsource DOT com
+ *
+ * You can redistribute and/or modify this program under the terms of
+ * the Sonar Source-Available License Version 1, as published by SonarSource Sàrl.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.checks;
+
+import org.junit.jupiter.api.Test;
+import org.sonar.python.checks.quickfix.PythonQuickFixVerifier;
+import org.sonar.python.checks.utils.PythonCheckVerifier;
+
+class SetDiscardOverRemoveCheckTest {
+
+  @Test
+  void test() {
+    PythonCheckVerifier.verify("src/test/resources/checks/setDiscardOverRemove.py", new SetDiscardOverRemoveCheck());
+  }
+
+  @Test
+  void quickFixTest() {
+    String before = "my_set = {1, 2, 3}\nif x in my_set:\n    my_set.remove(x)\n";
+    String after = "my_set = {1, 2, 3}\nmy_set.discard(x)";
+    var check = new SetDiscardOverRemoveCheck();
+    PythonQuickFixVerifier.verify(check, before, after);
+    PythonQuickFixVerifier.verifyQuickFixMessages(check, before, "Replace with \"discard()\"");
+  }
+}