LGTM.com - false positive - Githubissues

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

https://codeql.github.com

MIT License

7.48k stars 1.49k forks source link

LGTM.com - false positive #7241

Open mxsasha opened 2 years ago

mxsasha commented 2 years ago

Description of the false positive

LGTM claims I am logging a certificate, but I am not.

URL to the alert on the project page on LGTM.com

https://lgtm.com/projects/g/irrdnet/irrd/snapshot/ddff7a12fe36a1c5f5803d66c04d362a73c36f21/files/irrd/scripts/load_pgp_keys.py?sort=name&dir=ASC&mode=heatmap#x85ea279cf461c48:1

Same false positive, different code: https://lgtm.com/projects/g/irrdnet/irrd/snapshot/ddff7a12fe36a1c5f5803d66c04d362a73c36f21/files/irrd/mirroring/nrtm_operation.py#x342034d3040afa1b:1 https://lgtm.com/projects/g/irrdnet/irrd/snapshot/ddff7a12fe36a1c5f5803d66c04d362a73c36f21/files/irrd/mirroring/nrtm_operation.py?sort=name&dir=ASC&mode=heatmap#xe11d42db46c4e764:1

MathiasVP commented 2 years ago

Hi @mxsasha,

Thanks for reporting this false positive. I've forwarded it to the Python team.

In the meantime, if you want to suppress these alerts manually, you can use the alert-suppression feature on LGTM.