SNMP OIDs are falsely detected as IP-Addresses and cause false positives on python:S1313

[exh...@gmail.com]

Consider the following example:

import snmp

class MyDevice:

    def __init__(self, ip):

        self.ip = ip

    def sysobject(self):

        return snmp.get(self.ip, '1.3.6.1.2.1.1.2.0')

This code will generate a violation of python:S1313 on line 10 with the following message:

Make this IP "1.3.6.1" address configurable.

SNMP OIDs are well-defined numbers. It is OK to hard-code them. Note that there is a way to infer them via so-called "MIB files" but this proves unreliable if you have to query devices from multiple vendors. Hard-coding OIDs is safe and reliable! It should not cause errors in sonarqube!

Note that even writing something like this will raise the same error, but this time on line 3:

import snmp

SYS_OBJECT_ID = '1.3.6.1.2.1.1.2.0'

class MyDevice:

    def __init__(self, ip):

        self.ip = ip

    def sysobject(self):

        return snmp.get(self.ip, SYS_OBJECT_ID)

[alban....@sonarsource.com]

Hi,

Thanks for your feedback, I can reproduce this false-positive, we will fix SONARPY-270 in a future release.

Regards,

Alban