kfr
(Kent Fritz)
September 13, 2022, 12:06am
1
I’m using Developer Edition Version 8.9.2 (build 46101) to scan a python project, and it’s flagging logging of tainted value pulled from an HTTP header, but the value has (I believe) been sanitized. (See code boxed in red in attached image)
Is there any control in this version that can suppress this? Or, is this a known issue that is perhaps fixed in a later version?
Colin
(Colin)
September 13, 2022, 12:26pm
2
Hey there.
I’ve moved your post to the section on reporting false-positives.
Hey SonarSource Community!
False-positives happen , as do false-negatives, and we’re eager to fix them. We are thrilled when our users report problems, so we can make our products better.
What is a false-positive (FP)?
A false-positive is when an issue is raised unexpectedly on code that should not trigger an issue, or where the suggested action doesn’t make any sense for the code.
What is a false-negative (FN)?
A false-negative is when an issue should be raised on a piece of code, but isn’t…
I would recommend reading this post, and providing a reproducer (not a screenshot of code)
Thanks!