This PR adds sanitization of the values passed to Printf, Sprintf and Fprintf (and derivatives like the logging functions). The values that need to be sanitized are the ones from the code being analyzed. The values are sanitized either:
using the %q format when the additional quoting doesn't impact usage.
using the formautil.Sanitize and formatutil.SanitizeRepr functions, which wrap around %q with an additional step of removing the extra quotes.
Sanitization has to be carefully introduced because we also use terminal escape codes for coloring the output.
Issue #, if available:
38
There is also a small functionality extension with the addition of "context" in the code identifiers that will allow us to match things only under a certain "context" (for now, it matches the parent function string under which the code identifier is matched).
This PR adds sanitization of the values passed to
Printf,SprintfandFprintf(and derivatives like the logging functions). The values that need to be sanitized are the ones from the code being analyzed. The values are sanitized either:%qformat when the additional quoting doesn't impact usage.formautil.Sanitizeandformatutil.SanitizeReprfunctions, which wrap around%qwith an additional step of removing the extra quotes. Sanitization has to be carefully introduced because we also use terminal escape codes for coloring the output.Issue #, if available:
38
There is also a small functionality extension with the addition of "context" in the code identifiers that will allow us to match things only under a certain "context" (for now, it matches the parent function string under which the code identifier is matched).