S608: false positive SQL injection detected

[spaceone]

        print(dedent(
            r"""
            The local repository has been prepared. The repository can be updated using:

              univention-repository-update net

            The local host has been modified to use this local repository.  Other hosts
            must be re-configured by setting the Univention Configuration Registry (UCR)
            variable 'repository/online/server' to the FQDN of this host.

              ucr set repository/online/server="%(hostname)s.%(domainname)s"

            The setting is best set in a domain by defining UCR Policies, which
            set this variable on all hosts using this repository server. For example:

              udm policies/repositoryserver create \
                --position "cn=repository,cn=update,cn=policies,%(ldap/base)s" \
                --set name="%(hostname)s repository" \
                --set repositoryServer="%(hostname)s.%(domainname)s"
              udm container/dc modify \
                --dn "%(ldap/base)s" \
                --policy-reference "cn=%(hostname)s repository,cn=repository,cn=update,cn=policies,%(ldap/base)s"
            """ % configRegistry))

is detected false positively as S608.

[spaceone]

another false-positive raise Exception(f"Select a valid asset from {', '.join(ASSETS)}") from https://github.com/charliermarsh/ruff/issues/2854

[ska-kialo]

Got a false positive for this: LOG.info(f"Failed to delete {log_name} from Redis.", **log_kwargs)

[jlejeune]

I've the same issue, quite annoying... I've to skip that check temporary. Any news about a potential fix ?

[simon-liebehenschel]

This rule is triggered for simple strings that have ' and \n like

"Foo bar 'some_text/' spameggs.\n"

This rule is rather annoying than useful because of many false positives. I always had to disable it my projects.

Maybe it must be "opt-in" (instead of "opt-out") if it is too hard to reduce false positives.