Tool used: SonarCloud
Language: python
Rule: pythonbugs:S2259
The below is an attempt at a small size reproducer but for the real stuff look at public issue SonarCloud
fp_2.zip (810 Bytes)
Problem of potential null ptr dereference is reported on util.check_token_is_user(args.token)
although the previously called function parse_and_check_none_token(parser)
verifies that args.token
is not None
# main.py
import fp.utils as util
parser = util.set_args()
args = util.parse_and_check_none_token(parser)
util.check_token_is_user(args.token)
# fp/utils.py
import sys
import os
import argparse
def set_args():
"""Parses options common to all sonar-tools scripts"""
parser = argparse.ArgumentParser(description="False positive example")
parser.add_argument("--token", required=False, default=os.getenv("SONAR_TOKEN", None))
parser.add_argument("--url", required=False, default=os.getenv("SONAR_HOST_URL", "http://localhost:9000"))
return parser
def parse_and_check_none_token(parser):
args = parser.parse_args()
if args.token is None:
print("FATAL: Token missing", file=sys.stderr)
sys.exit(1)
return args
def check_token_is_user(token):
if token_type(token) != "user":
print(f"The provided token {token} is a {token_type(token)} token, a user token is required for sonar-tools")
sys.exit(2)
def token_type(token):
if token[0:4] == "sqa_":
return "global-analysis"
elif token[0:4] == "sqp_":
return "project-analysis"
else:
return "user"