From f4c921bea04c21aff50fa555307de2b1a915de8d Mon Sep 17 00:00:00 2001 From: cschantz Date: Wed, 31 Dec 2025 21:57:31 -0500 Subject: [PATCH] Reduce false positives in integer comparison check Improvements: - Added more common integer variable patterns (crit, high, med, low, severity, line_num, port, pid, uid, gid, attempt, tries) - Skip variables with default value syntax ${var:-0} - Reduces false positives for counters, IDs, severity levels, and line numbers This significantly reduces noise in QA output while maintaining detection of genuinely unsafe integer comparisons. --- tools/toolkit-qa-check.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/tools/toolkit-qa-check.sh b/tools/toolkit-qa-check.sh index c0bbeb9..621fe0b 100755 --- a/tools/toolkit-qa-check.sh +++ b/tools/toolkit-qa-check.sh @@ -296,12 +296,17 @@ while IFS=: read -r file line_num line_content; do # Skip if variable is known to be integer from source [ "${SAFE_INTEGER_VARS[$var_name]}" = "1" ] && continue - # Skip common safe patterns (boolean flags, counters, status codes) - if [[ "$var_name" =~ ^(count|num|total|exit_code|status|i|j|k|index|ret|rc|has_|shown|found|enabled|disabled|flag|issues|errors|warnings)$ ]] || \ - [[ "$var_name" =~ (has_|_count|_num|_total|_exit|_status|_flag|_shown|_found|_enabled|_disabled|_issues|_errors|_warnings) ]]; then + # Skip common safe patterns (boolean flags, counters, status codes, line numbers, IDs) + if [[ "$var_name" =~ ^(count|num|total|exit_code|status|i|j|k|index|ret|rc|has_|shown|found|enabled|disabled|flag|issues|errors|warnings|crit|high|med|low|severity|line_num|port|pid|uid|gid|attempt|tries)$ ]] || \ + [[ "$var_name" =~ (has_|_count|_num|_total|_exit|_status|_flag|_shown|_found|_enabled|_disabled|_issues|_errors|_warnings|_crit|_high|_med|_low|_severity|_line|_port|_pid|_uid|_gid|_attempt|_tries) ]]; then continue # Likely safe (common integer/boolean variable patterns) fi + # Skip if used with default value syntax ${var:-0} + if echo "$line_content" | grep -qE '\$\{[^}]+:-[0-9]+\}'; then + continue # Has default value, safe + fi + echo "HIGH|$file|$line_num|Integer comparison: $var (verify not empty before comparison)" count_issue "HIGH" ((count++))