Webinar Recording: “Security Checks for Python Code” with Anthony Shaw

Last week we had a webinar on Python security with Anthony Shaw. He covered a number of places where Python code, including popular frameworks, run into security vulnerabilities. He also showed his PyCharm plugin for showing and fixing known vulnerabilities. The webinar recording is now available.

So much covered in this webinar! Anthony discussed common Python security vulnerabilities, how his plugin helps, how to run it in continuous integration, and more.

Timeline

  • 00:30: Demo the application being used
  • 01:30: Installing the plugin
  • 03:49: Show some reported vulnerabilities
  • 04:28: Running the checks manually
  • 05:15: First round of questions
  • 11:20: Investigate first vulnerability
  • 15:30: Second round of questions
  • 16:20: Browsing the shipped list of inspections/vulnerabilities
  • 20:58: Code inspection tool
  • 26:58: Third round of questions
  • 30:38: Django-specific app vulnerability
  • 36:35: Show documentation page with full list of vulnerabilities
  • 38:28: Fourth round of questions
  • 44:07: Running checks in continuous integration (CI) via Docker image, headless PyCharm
  • 47:07: Final round of questions
  • 51:18: Suppressing warnings on a specific line
  • 52:21: “View on Marketplace” for the GitHub Action
Posted in Webinar | Tagged | Leave a comment

PyCharm 2020.1 EAP 4

We have a new Early Access Program (EAP) version of PyCharm that can be now downloaded from our website.

We’ve been hard at work making PyCharm easier to use and adding and improving features to get PyCharm 2020.1 ready for release. We have some good ones for you to try in this build. This EAP also includes loads of fixes from the IntelliJ Platform teams.

New in PyCharm

Flake8-style # noqa suppression

Linters are incredibly useful tools for Python programmers. But sometimes the linter makes mistakes, and you get false positives. In such cases, you might want to disable or suppress the warnings.

To suppress warnings, # noqa comments have become a community standard for various third-party Python linters, such as pycodestyle.py and Flake8. Before, people who used these tools in addition to PyCharm (e.g. by running them as commit hooks or on CI) had to use both the IntelliJ-specific # noinspection XXX and # noqa comments to suppress warnings about the same error, which was both tedious and messy in the code.

noqa

We have improved our inspection capabilities. So now, not only can you use the # noinspection comments, but Flake8-style # noqa comments are now also recognized and treated as universal suppressing markers.

noqa2

What’s more, in cases where an existing Flake8 check directly matches one of our inspections, it’s possible to specify an exact Flake8 error code to suppress a particular message. The same is true for pycodestyle.py errors. So, for example, suppressing “E711 comparison to None should be ‘if cond is None:’” doesn’t prevent formatting errors on the same line from being reported.

noqa3

To learn more about this support, check out our documentation on disabling and enabling inspections.

Auto-import for Django custom template tags

With Django, you can set up a custom template tag to introduce functionality that is not covered by the built-in template tags. You are now prompted to auto-import and add {% load %} if a tag used in a Django template exists in the project but it wasn’t loaded. Place the caret at the custom tag name, press Alt+Enter, and select the file to load. PyCharm adds the {% load %} tag to the template file to fix the reference. Check out the documentation for more about this feature.

tag1

Other Improvements

In the spirit of making changes to improve the experience of working with PyCharm a little smoother:

  • PyCharm will apply all the settings from your previous version to your new version without you having to explicitly tell it to.
  • You can now update multiple plugins more effectively using the UpdateAll action. PyCharm will wait until all the plugins are downloaded before prompting you to restart. This way, you only need to restart PyCharm once to apply all the changes.
  • Git users can now see their favorite branches first in the branch dashboard if grouping is enabled in the tree.
  • If you are working with databases, you will be glad to know that TRUNCATE
    doesn’t trigger schema synchronization.
  • Using “Dump with ‘mysqldump’” on your local MySql database no longer fails if your user password is empty.
  • Starting from v2020.1, the configuration files will be stored in a different folder. For more information on where exactly these files will be stored on your machine, please refer to this article.
  • For the full list of what’s in this version, see the release notes.

Interested?

Download this EAP from our website. Alternatively, you can use the JetBrains Toolbox App to stay up to date throughout the entire EAP.
If you’re on Ubuntu 16.04 or later, you can use snap to get PyCharm EAP and stay up to date. You can find the installation instructions on our website.

Posted in Early Access Preview | Tagged | Leave a comment

PyCharm 2020.1 EAP 3

We have a new Early Access Program (EAP) version of PyCharm that can be now downloaded from our website.

We have concentrated on fixing the issues that needed to be fixed and making lots of improvements so the final PyCharm 2020.1 will be everything you hoped for. Here is a rundown of some of the things you can expect from this build.

Improved in PyCharm

  • The bug which saw users unable to save all the Live templates that were generated by duplicating and editing existing ones has been resolved.
  • When you have multiple print statements one after the other and you want to convert print to print() it now works correctly. So when you have multiple print statements one after the other, you can convert them all at once without ending up with a load of redundant import statements to deal with.
  • An error occurring with the Jupyter notebooks has been fixed. Now, if the notebook has been left open the preview won’t be blank when you restart PyCharm.
  • The Enum class no longer gives a false positive “Unexpected argument”.
  • No one wants to take incompatible plugins with them. So “until-build” versions that are out of date can now be deleted from your PyCharm.
  • Actually, this is just a select few improvements made in this build. We have a lot of improvements from the JetBrains WebStorm team which will go into the professional version. For more details on what’s new in this version, see the release notes.

Interested?

Download this EAP from our website. Alternatively, you can use the JetBrains Toolbox App to stay up to date throughout the entire EAP.
If you’re on Ubuntu 16.04 or later, you can use snap to get PyCharm EAP and stay up to date. You can find the installation instructions on our website.

Posted in Early Access Preview | Tagged | 1 Comment

PyCharm 2019.3.3

Our PyCharm release is now ready! We’ve added some important fixes to make sure we provide you with the best tool we can, so be sure to update to the newest version! You can get it from within PyCharm (Help | Check for Updates), using JetBrains Toolbox, or by downloading the new version from our website.

In this version of PyCharm

  • PyCharm will now always detect Git if it’s installed in the default directory on Windows, regardless of whether it’s on the PATH.
  • There’s good news for people developing apps that need to use the camera or microphone on macOS Mojave or later. In order to use these, the OS needs you to give permission to the application. As PyCharm doesn’t use either the microphone or camera, applications that tried to get permission would automatically be blocked. We’ve now resolved this problem.
  • SQL database users will be happy to hear we have fixed the issue with the freezes that occurred when autocompleting database table names in joins. Now you can again expect fast autocomplete results and work productively with your databases.
  • We know that some of you work with web technologies, which is why PyCharm Professional Edition includes all the JavaScript features from JetBrains WebStorm, and so when there is an issue, we make sure to include the fixes. This time it was a total IDE freeze issue that was caused by a JavaScript library, we have included the fix in PyCharm.

And many more small fixes, see our release notes for details.

Getting the New Version

You can update PyCharm by choosing Help | Check for Updates (or PyCharm | Check for Updates on macOS) in the IDE. PyCharm will be able to patch itself to the new version, there should no longer be a need to run the full installer.
If you’re on Ubuntu 16.04 or later, or any other Linux distribution that supports snap, you should not need to upgrade manually, you’ll automatically receive the new version.

Posted in Uncategorized | 6 Comments

PyCharm 2020.1 EAP 2

We have a new Early Access Program (EAP) version of PyCharm that can be now downloaded from our website.

Our work to create a better PyCharm 2020.1 continues with new features, usability improvements, and bug fixes making their way into our EAP build. If you want to be the first to try them out, and help us in the process, make sure to use our free EAP versions.

New in PyCharm

Install Python with PyCharm

We’ve made getting set up with Python even quicker. The process of getting your environment ready with everything you need to begin developing Python can now be done through PyCharm.

If PyCharm detects there is no Python on your machine, it provides you with two options: to download the latest Python versions from python.org or you can specify a path to the Python executable. This can help you stay up to date with the newest Python releases, and save you time hunting for a version of Python.

PyCharm detects if Python is installed

F-strings refactoring

F-strings, the new string formatting for Python 3.6, is said to be more readable, more concise, and less error-prone than other ways of formatting. With refactoring, it is important that you can trust what you expect to happen, to happen. Unfortunately, for f-strings, this hasn’t been the case lately as some users have reported issues with escaping. So in this EAP, we have done something about it.

We have made a couple of fixes for f-strings. The first is now curly braces escape properly, and the second, % characters escape properly when converting to f-string literal. So there should be no more unexpected changes to the result of your code after automatic refactoring to f-strings.

f-string refactoring with escaping

Important vulnerability issue fixed

We take vulnerabilities very seriously in PyCharm and with the other JetBrains teams have worked to quickly fix an issue with a port listening on a wildcard interface when the PyCharm console opened. We’ve restricted it to listen only from the localhost. This fix will prevent any possible unwanted connections originating from the network.

Fixed in this Version

  • PyCharm can now detect Django template tags added to built-ins via the settings and provide you with the corresponding code and navigation assistance.
  • Pyi stubs for distutils has been bundled to remove some issues PyCharm had with completion suggestions for it, we have also bundled pyi stubs for hashlib too.
  • The Convert from variadic to normal parameters intention would break if the same parameter was used multiple times in the function body, this is now resolved.
  • Our navigation bar has now been sorted, literally. The file list now uses a natural sort order to display files 1, 2, 12, 21, 121 — you get the idea. So you can more easily find what you are looking for.
  • For more details on what’s new in this version, see the release notes.

Interested?

Download this EAP from our website. Alternatively, you can use the JetBrains Toolbox App to stay up to date throughout the entire EAP.
If you’re on Ubuntu 16.04 or later, you can use snap to get PyCharm EAP and stay up to date. You can find the installation instructions on our website.

Posted in Early Access Preview | 4 Comments

Webinar: “Security Checks for Python Code” with Anthony Shaw

Software has security issues, Python is software, so how do Python developers avoid common traps? In this webinar, Anthony Shaw discusses the topic of security vulnerabilities, how code quality tools can help, and demonstrates the PyCharm plugin he wrote to let the IDE help.

– Wednesday, February 19th
– 5:00 PM – 6:00 PM CET (11:00 AM – 12:00 PM EST)
Register here
– Aimed at intermediate Python developers

DSGN-8785 Webinar- Security Checks for Python Code with Anthony Shaw_1300x880_mail_button_register

Speaker

Anthony Shaw is a Python researcher from Australia. He publishes articles about Python, software, and automation to over 1 million readers annually. Anthony is an open-source software advocate, Fellow of the Python Software Foundation, and a member of the Apache Software Foundation.

Posted in Webinar | Tagged | Leave a comment

Webinar Recording: “Advanced Debugging in PyCharm”

Last week we held a special webinar for “Advanced Debugging in PyCharm”. Special how? In person, in the St. Petersburg office, with the two PyCharm team members in charge of the debugger, and a huge webinar audience. The recording is now available.

In this webinar, Liza Shashkova covered a long list of intermediate debugger tips and features, done in the context of writing a Tetris game using Arcade. Quite a number of really useful features, including some that even the pros might not know about.

Andrey Lisin did one section on remote debugging in PyCharm Professional, followed by a series of slides on the architecture of debuggers. This came from an internal talk Liza and he gave to the team when we were planning upcoming features.

Liza has a repo for her part and Andrey’s material is also available.

We wound up with a big turnout of attendees with a bunch of good questions: just what we were hoping for.

Posted in Uncategorized | 2 Comments

PyCharm 2020.1 EAP starts now

There are two types of people in the world: those who can wait to open a package they’ve received, and people like me, who need to see what’s inside this very second.

PyCharm isn’t delivered in the mail though, and that’s why we have something even better for impatient people. The early access program (EAP) shows you what’s in the package a couple months before you get it. Take a sneak peek, and get PyCharm’s first EAP now!

New in PyCharm

JetBrains Mono

EAP 1 - JetBrains Mono

We recently announced our font designed especially for programming. This means that we’ve optimized the font for reading vertically, and other optimizations like code-specific ligatures. If you haven’t seen it yet, be sure to check out the page where we introduce JetBrains Mono, it clearly shows how it makes programming a more enjoyable experience.

From PyCharm 2020.1 onward, this font is chosen as a default in the editor. If you had previously configured another font, be sure to try out JetBrains Mono to see if you like it. You can configure the font in Settings | Editor | Font.

Further Improvements

  • Some Version Control features just got better! On the Branches popup (Find action, Ctrl/Cmd-Shift-A, and then look for ‘Branches’), there’s now a refresh icon that will fetch changes from the git remote and a search box that allows you to quickly find your branch.
  • We’ve updated the ‘Python Debug Server’ run configuration. It used to be called ‘Python Remote Debug’, and we think this name makes clearer what it does. When you run this configuration, PyCharm will listen to an incoming connection from your script. To use it, you need to modify your script, and ensure that the parameters to the settrace call are correct: it should be the hostname how the script (from where it’s running) can access the host where the IDE is running, and the appropriate port. You need to ensure yourself that the hostname correctly resolves for the script, and that all firewalls are appropriately configured for the connection to succeed. A common way to punch through firewalls is to use this feature together with SSH remote forwarding. If you want PyCharm to do this for you, a remote interpreter can handle all the details in the background.
  • To see everything that’s new in this release, check out the release notes.

Interested?

Download this EAP from our website. Alternatively, you can use the JetBrains Toolbox App to stay up to date throughout the entire EAP.

If you’re on Ubuntu 16.04 or later, you can use snap to get PyCharm EAP, and stay up to date. You can find the installation instructions on our website.

Posted in Early Access Preview | Tagged | 1 Comment

PyCharm 2019.3.2

We’ve been taking some time to polish PyCharm further, so be sure to update to the newest version! You can get it from within PyCharm (Help | Check for Updates), using JetBrains Toolbox, or by downloading the new version from our website.

Improved in PyCharm

  • An issue where PyCharm’s debugger would ignore breakpoints in certain conditions has been resolved
  • Running code on remote interpreters on FreeBSD with elevated privileges now works as expected
  • There are many small differences between SQL dialects, and we’re always working hard to make sure that our database tooling gets them all right. Fixed in this version are: \gset for PostgreSQL, MEMBER OF for MySQL, and more. Open the Database tool window in PyCharm Professional Edition, and let us know if everything works right for you database!
  • The Node.JS debugger will now correctly stop at breakpoints after editing the JavaScript code while running [Pro only]

And many more small fixes, see our release notes for details.

Getting the New Version

You can update PyCharm by choosing Help | Check for Updates (or PyCharm | Check for Updates on macOS) in the IDE. PyCharm will be able to patch itself to the new version, there should no longer be a need to run the full installer.

If you’re on Ubuntu 16.04 or later, or any other Linux distribution that supports snap, you should not need to upgrade manually, you’ll automatically receive the new version.

Posted in Release Announcements | Tagged | 1 Comment

Webinar: “Advanced Debugging in PyCharm”

PyCharm’s debugger is one of its most popular features. But many just stick to the basics and don’t learn intermediate and advanced features. In this webinar, two of PyCharm’s core developers who work on the debugger show its less-known but powerful features, while talking a bit about the debugger architecture and future improvements.

  • Thursday, January 23rd
  • 5:00 PM – 6:00 PM CET (11:00 AM – 12:00 PM EST)
  • Register here
  • Aimed at intermediate Python developers

Webinar_PyCharm_AdvancedDebugging_register_now

Outline

Here’s what we’re thinking about covering. Got something you’d like to see? Add a comment below and we can try to work it into the schedule.

  • Architecture overview
  • Intermediate features
    • More about breakpoints
    • Use logging instead of print()
    • Watch expressions
    • Smart stepping and stepping filters
    • Attach to process
    • Show return values
    • Run with Python Console
    • On-demand loading

Speakers

Elizaveta Shashkova is a software developer of the PyCharm IDE at JetBrains. She’s been working on Python debugger for several years and currently she’s focused on Data Science tools.

Andrey Lisin is a software developer at JetBrains. He is the current maintainer of the PyCharm debugging subsystem. Before that, he was doing back-end development and machine learning.

Posted in Webinar | Tagged | 3 Comments