LGTM.com - false positive - contextlib.suppress not seen as thrown exception

[ikelos]

Description of the false positive

A variable is defined, and then redefined inside a contextlib.suppress context manager call.

import contextlib
var1 = 'default value'
with contextlib.suppress(Excpetion):
    var1 = None / 0
print(var1)

LGTM reports this as:

This assignment to var1 is unnecessary as it is redefined before this value is used.

However, the contextlib.suppress call may silently bypass statements within the block and so the future assignment may not happen (meaning the initial assignment is necessary and should not be reported as an alert).

URL to the alert on the project page on LGTM.com

https://lgtm.com/projects/g/volatilityfoundation/volatility3/snapshot/eec6dd37661a3268680d1cd30dfb2e8fe5bb969d/files/volatility3/framework/plugins/windows/dlllist.py?sort=name&dir=ASC&mode=heatmap#xc5fd51aac399607e:1

[aeisenberg]

Indeed, this looks like a false positive. Thank you for reporting it!

Our current focus is on improving our security analysis. Because your report does not relate to a security query, we will put this on our backlog and prioritize it if we get enough reports of the same underlying issue in other projects. If you think that your report is related to our security analysis, please clarify that in a comment. Either way, we'll let you know here as soon as it's fixed!

As you might know, all of our queries are open source. If you do have an idea for a code change, we encourage you to open a pull request. GitHub Code Scanning and lgtm.com have facilities for suppressing individual alerts or disabling a query.

[github-actions[bot]]

This issue is stale because it has been open 14 days with no activity. Comment or remove the Stale label in order to avoid having this issue closed in 7 days.

[github-actions[bot]]

This issue was closed because it has been inactive for 7 days.