False positives in python:S125

I have encountered false positives in 2 situations.

Rule S125 is sometimes picking up directives for static code analysis tools. In the following code line 1 will have S125 trigger, even though it is not python code.

# fmt: off
# pylint: disable=line-too-long

my_long_line_1 = 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'

This doesn’t just depend on the contents of the line, swapping line 1 and 2 will still have the alert on line 1 even though the pylint ... directive didn’t trigger it before. But you can stop the rule triggering by adding a blank line between the fmt and pylint directives.

The rule also triggers on some comments that look like a line with multiple statements

def foo():
    x = 0.5  # value in [0, 1]
    y = 0.5  # quantile; value in [0, 1]
    return x + y

Will have S125 trigger on line 3 but not line 2.

Sonarqube 9.5

Hello @James_Robson_SM, and sorry for the late reply.

Thank you for reporting this false positive. I agree that we should make sure the rule only raise when it’s clear that we have actual code commented, and not just comments that are syntactically valid Python.
I created SONARPY-1067 to fix this.


1 Like