Open DimitriPapadopoulos opened 3 years ago
Thank you for your report. I agree that there's something odd going on here.
As this is not related to our security queries, and as we are currently focused on improving our security analysis, this issue will be added to our backlog and revisited if enough instances pop up.
Some notes (mostly for the benefit of whoever ends up working on this): The order of the decorators seems to be a red herring, as we are correctly identifying that the function in question has the classmethod
decorator. Somehow, though, this is not being propagated correctly through the rest of the analysis.
It's indeed a good idea to focus on security analysis.
In that case, I would suggest disabling other tests by default, because LGTM raises many false positives that give an unjustified bad image of open source projects.
Description of the false positive
In case of multiple class decorators,
@classmethod
does not seem to be taken into account unless it's the last in the list.URL to the alert on the project page on LGTM.com
https://lgtm.com/projects/g/nipy/nibabel/snapshot/e1c3f08bde4a58dd3fdc39b96d9a39b788a33bfc/files/nibabel/gifti/gifti.py?sort=name&dir=ASC&mode=heatmap#x2a1483ff4c3ffedd:1