mirrors/ruff
1
0
Fork 0
mirror of https://github.com/astral-sh/ruff.git synced 2025-11-18 19:41:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

feat(S604): make truthiness unknown in special case

Browse source
This commit is contained in:
Igor Drokin 2025-10-27 21:21:05 +02:00
parent 96b60c11d9
commit be1c7ab9f3
3 changed files with 26 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

12
crates/ruff_linter/resources/test/fixtures/flake8_bandit/S604.py vendored
View file

@ -22,3 +22,15 @@ foo(shell=lambda: 0)
foo(shell=f"{b''}") foo(shell=f"{b''}")
x = 1 x = 1
foo(shell=f"{x=}") foo(shell=f"{x=}")
print(bool(dict(shell=f"{f""!s}")["shell"]))
# Unknown truthiness
print(bool(dict(shell=f"{"x":.0}")["shell"]))
class C:
def __gt__(self, other):
return ""
print(bool(dict(shell=f"{C() > C()}")["shell"]))

1
crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S604_S604.py.snap
View file

@ -90,4 +90,5 @@ S604 Function call with truthy `shell` parameter identified, security issue
23 | x = 1 23 | x = 1
24 | foo(shell=f"{x=}") 24 | foo(shell=f"{x=}")
| ^^^ | ^^^
25 | print(bool(dict(shell=f"{f""!s}")["shell"]))
| |

20
crates/ruff_python_ast/src/helpers.rs
View file

@ -1357,7 +1357,9 @@ fn is_non_empty_f_string(expr: &ast::ExprFString) -> bool {
Expr::ListComp(_) => true, Expr::ListComp(_) => true,
Expr::SetComp(_) => true, Expr::SetComp(_) => true,
Expr::DictComp(_) => true, Expr::DictComp(_) => true,
Expr::Compare(_) => true, // Compare can return any value, even empty string
// https://docs.python.org/3/reference/datamodel.html#object.__ge__
Expr::Compare(_) => false,
Expr::NumberLiteral(_) => true, Expr::NumberLiteral(_) => true,
Expr::BooleanLiteral(_) => true, Expr::BooleanLiteral(_) => true,
Expr::NoneLiteral(_) => true, Expr::NoneLiteral(_) => true,
@ -1399,12 +1401,16 @@ fn is_non_empty_f_string(expr: &ast::ExprFString) -> bool {
expr.value.iter().any(|part| match part { expr.value.iter().any(|part| match part {
ast::FStringPart::Literal(string_literal) => !string_literal.is_empty(), ast::FStringPart::Literal(string_literal) => !string_literal.is_empty(),
ast::FStringPart::FString(f_string) => { ast::FStringPart::FString(f_string) => {
f_string.elements.iter().all(|element| match element { !f_string.elements.is_empty()
InterpolatedStringElement::Literal(string_literal) => !string_literal.is_empty(), && f_string.elements.iter().all(|element| match element {
InterpolatedStringElement::Interpolation(f_string) => { InterpolatedStringElement::Literal(string_literal) => {
f_string.debug_text.is_some() || inner(&f_string.expression) !string_literal.is_empty()
} }
}) InterpolatedStringElement::Interpolation(f_string) => {
f_string.format_spec.is_none()
&& (f_string.debug_text.is_some() || inner(&f_string.expression))
}
})
} }
}) })
} }