LGTM.com - false positive

[ulf1]

Description of the false positive

• It's the result of a function and not a classic tuple unpacking.
• The called function: https://www.statsmodels.org/stable/generated/statsmodels.tsa.stattools.adfuller.html

URL to the alert on the project page on LGTM.com

• https://lgtm.com/projects/g/ulf1/numpy-fracadf/snapshot/3eb5cdfa0fb972fa3d61f5f43a7e8362a15c0cee/files/numpy_fracadf/fracadf2.py?sort=name&dir=ASC&mode=heatmap#x3c4960f24168c79e:1
• https://lgtm.com/projects/g/ulf1/numpy-fracadf/snapshot/3eb5cdfa0fb972fa3d61f5f43a7e8362a15c0cee/files/numpy_fracadf/fracadf2.py#x3c4960f24168c79e:1

and

• https://lgtm.com/projects/g/ulf1/numpy-fracadf/snapshot/3eb5cdfa0fb972fa3d61f5f43a7e8362a15c0cee/files/numpy_fracadf/fracadf1.py#x819701b01fde6775:1
• https://lgtm.com/projects/g/ulf1/numpy-fracadf/snapshot/3eb5cdfa0fb972fa3d61f5f43a7e8362a15c0cee/files/numpy_fracadf/fracadf1.py#x819701b01fde6775:1

[RasmusWL]

Hi @ulf1, after looking at the definition for statsmodels.tsa.stattools.adfuller I agree that this is a false positive. Thank you for reporting it!

Our current focus is on improving our security analysis. Because your report does not relate to a security query, we will put this on our backlog and prioritize it if we get enough reports of the same underlying issue in other projects. If you think that your report is related to our security analysis, please clarify that in a comment. Either way, we'll let you know here as soon as it's fixed!

Just FYI, all of our queries are open source, so if you do have an idea for a code change, we encourage you to open a pull request. I also want to point out that both GitHub Code Scanning and LGTM.com have facilities for suppressing individual alerts or disabling a query.