[MEDIUM] falsify.py: make_subprocess_falsifier silently discards non-zero subprocess exit #8

New issue

Closed

opened 2026-05-19 04:42:47 +00:00 by foravo_admin · 1 comment

foravo_admin commented

2026-05-19 04:42:47 +00:00

Owner

Imported from GitHub issue M00C1FER/mesh-review#5.

Source: https://github.com/M00C1FER/mesh-review/issues/5
Original author: @M00C1FER
Original state: closed

Finding 4 — MEDIUM

File: src/mesh_review/review/falsify.py
Function: make_subprocess_falsifier() → inner closure
Commit fixing this: 834f8d8441226ac383868a9cb8ac5c69b650581e (PR #1)

Description

make_subprocess_falsifier calls subprocess.run() but does not check the returncode:

proc = subprocess.run(
    cmd + [prompt], capture_output=True, text=True, timeout=timeout_s
)
# returncode never checked
parsed = _parse_falsifier_output(proc.stdout)

A non-zero exit (CLI error, missing model) causes proc.stdout to be empty or contain error text, which _parse_falsifier_output cannot parse, returning None. This falls through to a generic "model returned unparseable output" error — correct result, but the root cause (non-zero exit / stderr) is lost.

Fix Applied

if proc.returncode != 0:
    return {"falsified": False, "confidence": 0.0,
            "rationale": f"{cli}: exited {proc.returncode}: {proc.stderr.strip()[:200]}"}

Imported from GitHub issue `M00C1FER/mesh-review#5`. Source: https://github.com/M00C1FER/mesh-review/issues/5 Original author: @M00C1FER Original state: closed  --- ## Finding 4 — MEDIUM **File:** `src/mesh_review/review/falsify.py` **Function:** `make_subprocess_falsifier()` → inner closure **Commit fixing this:** 834f8d8441226ac383868a9cb8ac5c69b650581e (PR #1) ### Description `make_subprocess_falsifier` calls `subprocess.run()` but does not check the returncode: ```python proc = subprocess.run( cmd + [prompt], capture_output=True, text=True, timeout=timeout_s ) # returncode never checked parsed = _parse_falsifier_output(proc.stdout) ``` A non-zero exit (CLI error, missing model) causes `proc.stdout` to be empty or contain error text, which `_parse_falsifier_output` cannot parse, returning `None`. This falls through to a generic `"model returned unparseable output"` error — correct result, but the root cause (non-zero exit / stderr) is lost. ### Fix Applied ```python if proc.returncode != 0: return {"falsified": False, "confidence": 0.0, "rationale": f"{cli}: exited {proc.returncode}: {proc.stderr.strip()[:200]}"} ```

foravo_admin

2026-05-19 04:42:47 +00:00

closed this issue
added the
code-review
label

foravo_admin commented

2026-05-19 04:42:47 +00:00

Author

Owner

Imported from GitHub issue comment M00C1FER/mesh-review#5:4362220530.

Source: https://github.com/M00C1FER/mesh-review/issues/5#issuecomment-4362220530
Original author: @M00C1FER

Fixed by merged PR #1.

Imported from GitHub issue comment `M00C1FER/mesh-review#5:4362220530`. Source: https://github.com/M00C1FER/mesh-review/issues/5#issuecomment-4362220530 Original author: @M00C1FER  --- Fixed by merged PR #1.