kfr
September 13, 2022, 12:06am
1
I’m using Developer Edition Version 8.9.2 (build 46101) to scan a python project, and it’s flagging logging of tainted value pulled from an HTTP header, but the value has (I believe) been sanitized. (See code boxed in red in attached image)
Is there any control in this version that can suppress this? Or, is this a known issue that is perhaps fixed in a later version?
Colin
September 13, 2022, 12:26pm
2
Hey there.
I’ve moved your post to the section on reporting false-positives.
Hey SonarSource Community!
False-positives happen , as do false-negatives, and we’re eager to fix them. We are thrilled when our users report problems, so we can make our products better.
I would recommend reading this post, and providing a reproducer (not a screenshot of code)
Thanks!
