From 71e0fcd5cf7f848db6ef9262c46a3f2944430fc6 Mon Sep 17 00:00:00 2001 From: Eric Brown Date: Tue, 15 Oct 2024 22:13:51 -0700 Subject: [PATCH] Default the assert rule to be disabled The point of the assert rule is to catch scenarios where Python builtin assert is used to guard or as a conditional in functions and not realize that running Python with optimizations (-O) would remove those assert statements. However, in practice, its unlikely folks use the optimize compile option as it doesn't provide much "optimization" anyway. Frankly it does very very little. Therefore this change defaults the assert rule to disabled to cut down on noise and probably false positives. Signed-off-by: Eric Brown --- precli/rules/python/stdlib/assert.py | 2 ++ tests/unit/rules/python/stdlib/assert/test_assert.py | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/precli/rules/python/stdlib/assert.py b/precli/rules/python/stdlib/assert.py index f1bf6b5f..77787737 100644 --- a/precli/rules/python/stdlib/assert.py +++ b/precli/rules/python/stdlib/assert.py @@ -62,6 +62,7 @@ def foobar(a: str = None): """ # noqa: E501 from typing import Optional +from precli.core.config import Config from precli.core.location import Location from precli.core.result import Result from precli.rules import Rule @@ -76,6 +77,7 @@ def __init__(self, id: str): cwe_id=703, message="Assert statements are disabled when optimizations are " "enabled.", + config=Config(enabled=False), ) def analyze_assert(self, context: dict) -> Optional[Result]: diff --git a/tests/unit/rules/python/stdlib/assert/test_assert.py b/tests/unit/rules/python/stdlib/assert/test_assert.py index 87dc005e..a97b1007 100644 --- a/tests/unit/rules/python/stdlib/assert/test_assert.py +++ b/tests/unit/rules/python/stdlib/assert/test_assert.py @@ -32,7 +32,7 @@ def test_rule_meta(self): rule.help_url == f"https://docs.securesauce.dev/rules/{self.rule_id}" ) - assert rule.default_config.enabled is True + assert rule.default_config.enabled is False assert rule.default_config.level == Level.WARNING assert rule.default_config.rank == -1.0 assert rule.cwe.id == 703 @@ -44,4 +44,4 @@ def test_rule_meta(self): ], ) def test(self, filename): - self.check(filename) + self.check(filename, enabled=[self.rule_id])