Activity log for bug #1669825

Date Who What changed Old value New value Message
2017-03-03 15:30:22 Gábor Antal bug added bug
2017-03-03 15:30:39 Gábor Antal hacking: assignee Gábor Antal (gabor.antal)
2017-03-03 15:31:53 Gábor Antal description The H904 rule is poorly regex implemented, which causes false positive and false negative results too. False positive: the rule shoots on the codes, however they should not (live example at [1]): LOG = logging.getLogger(__name__) def lowerize(st): return st.lower() def foo(random_string): LOG.error("%s is bad" % random_string) # True positive LOG.error(lowerize("%s is good" % random_string)) # False positive False negative: the rule should shoot on the code, but it does not (live example at [2]): logger = logging.getLogger(__name__) def lowerize(st): return st.lower() def foo(random_string): logger.error("%s is bad" % random_string) # False negative [1]: https://github.com/openstack/trove/blob/master/trove/common/auth.py#L64 [2]: https://github.com/openstack/trove/blob/master/trove/db/sqlalchemy/migration.py#L62 The H904 rule is poorly regex implemented [0], which causes false positive and false negative results too. False positive: the rule shoots on the codes, however they should not (live example at [1]):     LOG = logging.getLogger(__name__)     def lowerize(st):         return st.lower()     def foo(random_string):         LOG.error("%s is bad" % random_string) # True positive         LOG.error(lowerize("%s is good" % random_string)) # False positive False negative: the rule should shoot on the code, but it does not (live example at [2]):     logger = logging.getLogger(__name__)     def lowerize(st):         return st.lower()     def foo(random_string):         logger.error("%s is bad" % random_string) # False negative [0]: https://review.openstack.org/#/c/343824/2/hacking/checks/other.py [1]: https://github.com/openstack/trove/blob/master/trove/common/auth.py#L64 [2]: https://github.com/openstack/trove/blob/master/trove/db/sqlalchemy/migration.py#L62
2017-03-03 15:39:40 Balazs Gibizer hacking: status New Confirmed
2017-03-03 15:58:20 Gábor Antal summary False positive and false negative resulst for H904 False positive and false negative results for H904
2019-09-25 09:34:06 Balazs Gibizer hacking: assignee Gábor Antal (gabor.antal)