CodeQL Cli - false positive - Missing Dispose call on local IDisposable on MemoryStream

[virenv]

Description of the false positive Error type: Missing Dispose call on local IDisposable

I ran csharp-lgtm-full.qls on my codebase. The result flag out usage of System.IO.MemoryStream class. This class implements IDisposable. However, the documentation says that MemoryStream does not hold on to any resources which needs to be disposed. (https://docs.microsoft.com/en-us/dotnet/api/system.io.memorystream?view=net-6.0)

Code that is flagged response.SetupProperty(r => r.Body, new MemoryStream());

I think this class should be added to ignore list based on the MSDN documentation.

[MathiasVP]

Indeed, this looks like a false positive. Thank you for reporting it!

Our current focus is on improving our security analysis. Because your report does not relate to a security query, we will put this on our backlog and prioritize it if we get enough reports of the same underlying issue in other projects. If you think that your report is related to our security analysis, please clarify that in a comment. Either way, we'll let you know here as soon as it's fixed!

As you might know, all of our queries are open source. If you do have an idea for a code change, we encourage you to open a pull request. GitHub Code Scanning and lgtm.com have facilities for suppressing individual alerts or disabling a query.

[virenms]

@MathiasVP : Thanks for the update. This particular issue is not related to security query. So, I will go with your decision based on project priorities. Let me see if I can fix it myself.

[MathiasVP]

Sounds great!