search

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.51k stars 1.49k forks source link

LGTM.com - false positive #3134

Open jpopadak opened 4 years ago

jpopadak commented 4 years ago

Description of the false positive The code in question is already checking if the value is null or not. I think the algorithm might be getting tripped up on the || of the first if statement highlighted.

URL to the alert on the project page on LGTM.com https://lgtm.com/projects/g/jpopadak/CoreMatchers/latest/files/src/CoreMatchers/Matchers/IsEqual.cs#x3b4e50392ea9d8ef:1

Code in question https://github.com/jpopadak/CoreMatchers/blob/master/src/CoreMatchers/Matchers/IsEqual.cs#L70-L91

hvitved commented 4 years ago

Thanks a lot for reporting this. I agree that it is a false positive, but it is currently too involved for our analysis to handle (indeed, I too had to look closely at the code to see that the value could not be null). For now, I have made sure to record this example in our test suite.