language-servers/ruff
1
0
Fork 0
mirror of https://github.com/astral-sh/ruff.git synced 2025-09-28 21:05:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Skip S608 for expressionless f-strings (#17999)

Browse source
This commit is contained in:
Max Mynter 2025-05-10 12:37:58 +02:00 committed by GitHub
parent cd1d906ffa
commit b765dc48e9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 14 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
crates/ruff_linter/resources/test/fixtures/flake8_bandit/S608.py vendored
View file

@ -166,3 +166,6 @@ query60 = f"""
foo foo
FROM ({user_input}) raw FROM ({user_input}) raw
""" """
# https://github.com/astral-sh/ruff/issues/17967
query61 = f"SELECT * FROM table" # skip expressionless f-strings

10
crates/ruff_linter/src/rules/flake8_bandit/rules/hardcoded_sql_expression.rs
View file

@ -100,7 +100,15 @@ pub(crate) fn hardcoded_sql_expression(checker: &Checker, expr: &Expr) {
} }
// f"select * from table where val = {val}" // f"select * from table where val = {val}"
Expr::FString(f_string) => concatenated_f_string(f_string, checker.locator()), Expr::FString(f_string)
if f_string
.value
.f_strings()
.any(|fs| fs.elements.iter().any(ast::FStringElement::is_expression)) =>
{
concatenated_f_string(f_string, checker.locator())
}
_ => return, _ => return,
}; };

2
crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S608_S608.py.snap
View file

@ -601,4 +601,6 @@ S608.py:164:11: S608 Possible SQL injection vector through string-based query co
167 | | FROM ({user_input}) raw 167 | | FROM ({user_input}) raw
168 | | """ 168 | | """
| |___^ S608 | |___^ S608
169 |
170 | # https://github.com/astral-sh/ruff/issues/17967
| |