github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.66k stars 1.53k forks source link

LGTM.com - false positive (Disposable ... is created here but is not disposed.) #5293

Open Trojaner opened 3 years ago

Trojaner commented 3 years ago

Description of the false positive LGTM is warning here about a disposable not being disposed. However Dispose() is called in a lambda method.

URL to the alert on the project page on LGTM.com https://lgtm.com/projects/g/openmod/openmod/snapshot/1f5535ff85a02bc80f0cd72e823b2ab48e731380/files/framework/OpenMod.Core/Rcon/RconStartListener.cs?sort=name&dir=ASC&mode=heatmap#L63

hvitved commented 3 years ago

Indeed, this looks like a false positive. Thank you for reporting it!

Our current focus is on improving our security analysis. Because your report does not relate to a security query, we will put this on our backlog and prioritize it if we get enough reports of the same underlying issue in other projects. If you think that your report is related to our security analysis, please clarify that in a comment. Either way, we'll let you know here as soon as it's fixed!