hacking

False positive and false negative results for H904

Bug #1669825 reported by Gábor Antal
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
hacking
Confirmed
Undecided
Unassigned

Bug Description

The H904 rule is poorly regex implemented [0], which causes false positive and false negative results too.

False positive: the rule shoots on the codes, however they should not (live example at [1]):

    LOG = logging.getLogger(__name__)

    def lowerize(st):
        return st.lower()

    def foo(random_string):
        LOG.error("%s is bad" % random_string) # True positive
        LOG.error(lowerize("%s is good" % random_string)) # False positive

False negative: the rule should shoot on the code, but it does not (live example at [2]):

    logger = logging.getLogger(__name__)

    def lowerize(st):
        return st.lower()

    def foo(random_string):
        logger.error("%s is bad" % random_string) # False negative

[0]: https://review.openstack.org/#/c/343824/2/hacking/checks/other.py
[1]: https://github.com/openstack/trove/blob/master/trove/common/auth.py#L64
[2]: https://github.com/openstack/trove/blob/master/trove/db/sqlalchemy/migration.py#L62

See original description
Gábor Antal (gabor.antal)
Changed in hacking:
assignee: nobody → Gábor Antal (gabor.antal)
description: updated
Balazs Gibizer (balazs-gibizer)
Changed in hacking:
status: New → Confirmed
Gábor Antal (gabor.antal)
summary: - False positive and false negative resulst for H904
+ False positive and false negative results for H904
Balazs Gibizer (balazs-gibizer)
Changed in hacking:
assignee: Gábor Antal (gabor.antal) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.