CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
7.53k
stars
1.5k
forks
source link
False positive: Unread local variable used in Java assert #17531
Open
simonhir opened 2 hours ago
Description of the false positive
Variables that are only used in junit
assert
statements likeassertEquals
are marked asUnread local variable
.Code samples or links to source code
I.e. https://github.com/it-at-m/refarch/blob/e18859331d0f55b43aae3170f947b840df1fde9c/refarch-integrations/refarch-dms-integration/refarch-dms-integration-core/src/test/java/de/muenchen/refarch/integration/dms/adapter/out/fabasoft/FabasoftAdapterTest.java#L84-L86 where
procedureResponse
is marked asUnread local variable
. This makes also no difference if Lombokval
is used or the direct type.Above code extracted for reference:
URL to the alert on GitHub code scanning (optional)
https://github.com/it-at-m/refarch/security/code-scanning/36 https://github.com/it-at-m/refarch/security/code-scanning/55 (same line but with direct type String)