Skip to content

placeholder-uuid

Category: Mock Data
Severity: Warning
Triggered by: pyscn check --select mockdata

What it does

Flags UUID-shaped string literals with very low entropy: the nil UUID (00000000-0000-0000-0000-000000000000), all-ones, all-f, or long runs of repeated characters that nevertheless parse as a UUID.

Why is this a problem?

The nil UUID is a legitimate value in a few contexts, but in most application code it's a leftover from a stub DEFAULT_USER_ID = "00..." that was meant to be replaced. Because it parses and serialises like any other UUID, foreign-key lookups, log lines, and audit trails all accept it — and rows start collapsing onto the same "user" without anything raising an error.

Example

DEFAULT_USER_ID = "00000000-0000-0000-0000-000000000000"

Use instead

Generate a real UUID at the point of use, or require the caller to supply one. Don't carry a sentinel value that looks like data.

import uuid

def new_user_id() -> uuid.UUID:
    return uuid.uuid4()

Options

Option Default Description
mock_data.enabled false Opt-in.
mock_data.min_severity "info" Raise to "warning" to keep only this-level findings.
mock_data.ignore_tests true Skip test files.
mock_data.ignore_patterns [] Regex patterns matched against file paths.

References