pycharm-security icon indicating copy to clipboard operation
pycharm-security copied to clipboard

Published 20 hours ago verified publisher icon tonybaloney

False positive STR100 inspection on gettext calls

Open RaphaelKimmig opened this issue 4 years ago • 0 comments

When using string.format with the result of gettext calls the STR100 inspection "Calling format with insecure string" is triggered.

The snippet below triggers the inspection:

from django.utils.translation import gettext as _

def greet(person):
        return _("Hello {name}").format(name=person)

I would expect the inspection not to flag static strings passed through gettext (and gettext_lazy) as the usage above is consistent with djangos internal usage.

  • Plugin version is 1.22.1
  • PyCharm version is 220.2.3

RaphaelKimmig avatar Oct 28 '20 08:10 RaphaelKimmig