2017-03-03 15:31:53 |
Gábor Antal |
description |
The H904 rule is poorly regex implemented, which causes false positive and false negative results too.
False positive: the rule shoots on the codes, however they should not (live example at [1]):
LOG = logging.getLogger(__name__)
def lowerize(st):
return st.lower()
def foo(random_string):
LOG.error("%s is bad" % random_string) # True positive
LOG.error(lowerize("%s is good" % random_string)) # False positive
False negative: the rule should shoot on the code, but it does not (live example at [2]):
logger = logging.getLogger(__name__)
def lowerize(st):
return st.lower()
def foo(random_string):
logger.error("%s is bad" % random_string) # False negative
[1]: https://github.com/openstack/trove/blob/master/trove/common/auth.py#L64
[2]: https://github.com/openstack/trove/blob/master/trove/db/sqlalchemy/migration.py#L62 |
The H904 rule is poorly regex implemented [0], which causes false positive and false negative results too.
False positive: the rule shoots on the codes, however they should not (live example at [1]):
LOG = logging.getLogger(__name__)
def lowerize(st):
return st.lower()
def foo(random_string):
LOG.error("%s is bad" % random_string) # True positive
LOG.error(lowerize("%s is good" % random_string)) # False positive
False negative: the rule should shoot on the code, but it does not (live example at [2]):
logger = logging.getLogger(__name__)
def lowerize(st):
return st.lower()
def foo(random_string):
logger.error("%s is bad" % random_string) # False negative
[0]: https://review.openstack.org/#/c/343824/2/hacking/checks/other.py
[1]: https://github.com/openstack/trove/blob/master/trove/common/auth.py#L64
[2]: https://github.com/openstack/trove/blob/master/trove/db/sqlalchemy/migration.py#L62 |
|