Major QA script improvement - eliminate false positives

FALSE POSITIVE FILTERS ADDED: 1. Skip functions with safe default patterns - Pattern: ${1:-default_value} - These already handle empty params safely - Example: find_largest_tables() { local limit="${1:-20}" } 2. Skip functions that only use params in local declarations - If $1-9 only appear in "local var=$1" lines - The function body doesn't use positional params directly - Example: Functions that immediately assign to locals 3. Skip echo/print wrapper functions - Functions that only echo their parameters don't need validation - Empty strings are valid (they just print empty lines) - Examples: print_info(), print_success(), print_error(), etc. - Detection: If params only used in echo/printf/print statements 4. Accept file existence checks as validation - Pattern: [ ! -f "$1" ] or [ -f "$1" ] - File checks ARE a form of validation - Added -f flag to validation regex IMPACT: - Eliminated ~18 false positives across mysql-analyzer.sh and common-functions.sh - print_* wrapper functions no longer flagged (8 functions) - Functions with ${1:-default} no longer flagged (3 functions) - capture_live_queries() no longer flagged (no params) - QA checker now shows genuinely problematic functions only RESULT: - More accurate HIGH issue detection - Reduced noise in QA reports - Focus on real parameter validation issues
2025-12-04 16:33:45 -05:00
parent 338dc4c288
commit ca2ba660c6
1 changed files with 22 additions and 1 deletions
@@ -473,11 +473,32 @@ while read -r file; do

        # Check if function uses parameters
        if grep -A 20 "^[[:space:]]*$func_name()" "$file" 2>/dev/null | grep -q '\$[1-9]'; then
+            # Skip if uses safe default pattern: ${1:-default}
+            if grep -A 5 "^[[:space:]]*$func_name()" "$file" 2>/dev/null | grep -qE '\$\{[1-9]:-'; then
+                continue
+            fi
+
+            # Skip if function doesn't actually use positional params (only uses local vars)
+            # Check first 10 lines of function - if all $1-9 are in local declarations only, skip
+            func_body=$(grep -A 10 "^[[:space:]]*$func_name()" "$file" 2>/dev/null)
+            if ! echo "$func_body" | grep -v "local.*=" | grep -q '\$[1-9]'; then
+                continue
+            fi
+
+            # Skip simple echo/print wrapper functions (validation not needed for display)
+            # If function only uses params in echo/print statements, it's safe
+            if echo "$func_body" | grep -E "^\s*(echo|printf|print)" | grep -q '\$[1-9]'; then
+                if ! echo "$func_body" | grep -v -E "^\s*(echo|printf|print|local|#)" | grep -q '\$[1-9]'; then
+                    continue
+                fi
+            fi
+
            # Check if it validates them (accepts both $1 and variable name patterns)
            # Pattern 1: [ -z "$1" ] or [ -n "$1" ]
            # Pattern 2: [ -z "$var_name" ] where var_name was assigned from $1
            # Pattern 3: [ $# -lt 1 ] or similar
-            if ! grep -A 5 "^[[:space:]]*$func_name()" "$file" 2>/dev/null | grep -qE '\[\s*-[nz]\s*"\$([1-9]|[a-zA-Z_][a-zA-Z0-9_]*)"\s*\]|\[\s*\$#\s*-'; then
+            # Pattern 4: if [ ! -f "$1" ] - file existence checks count as validation
+            if ! grep -A 5 "^[[:space:]]*$func_name()" "$file" 2>/dev/null | grep -qE '\[\s*-[nzf]\s*"\$([1-9]|[a-zA-Z_][a-zA-Z0-9_]*)"\s*\]|\[\s*!\s*-[nzf]\s*|\[\s*\$#\s*-'; then
                echo "HIGH|$file|$line_num|Function '$func_name' uses parameters without validation"
                count_issue "HIGH"
                ((count++))