tausbn
commented
3 years ago Thank you for your report. This appears to be some sort of package installation weirdness.
First of all, by downloading the database and running the query locally, I was able to determine that the version of send_keys that we resolve the given call to indeed does not have the vk_packet argument. However, looking at the latest version of pywinauto we see that that the argument is indeed present in the 0.6.8 version of the library. This means pip is likely installing the wrong version of the pywinauto library.
Looking at the extraction log, we see the following output from pip:
[2021-05-11 00:14:58] [build-stdout] Collecting pywinauto
[2021-05-11 00:14:58] [build-stdout] Downloading pywinauto-0.6.8-py2.py3-none-any.whl (362 kB)
[2021-05-11 00:14:58] [build-stdout] Collecting comtypes
[2021-05-11 00:14:58] [build-stdout] Downloading comtypes-1.1.10.tar.gz (145 kB)
[2021-05-11 00:14:59] [build-stdout] Collecting pywinauto
[2021-05-11 00:14:59] [build-stdout] Downloading pywinauto-0.6.7-py2.py3-none-any.whl (361 kB)
[2021-05-11 00:14:59] [build-stdout] Downloading pywinauto-0.6.6-py3-none-any.whl (365 kB)So indeed, pip appears to be installing an outdated version of pywinauto. It's not entirely clear to me why this may be happening.
As our main focus at the moment is on improving our security analysis, and as this is not a security-related query, I can't give you an indication of when this issue will be fixed. In the meantime, you can suppress the warning as described in the LGTM help.
Description of the false positive
The false alert message is: "Keyword argument 'vk_packet' is not a supported parameter name of function send_keys."
Actually 'vk_packet' is a supported parameter name of function send_keys.
URL to the alert on the project page on LGTM.com
https://lgtm.com/projects/g/beuaaa/pywinauto_recorder/snapshot/99f471e378bc9a2175fe53590c720deb2d8dab77/files/pywinauto_recorder/player.py?sort=name&dir=ASC&mode=heatmap#x1c5c289d150c63c:1