search

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.48k stars 1.49k forks source link

LGTM.com - false positive #7497

Open chrisjsimpson opened 2 years ago

chrisjsimpson commented 2 years ago

Description of the false positive

Sensitive data (id) is logged here.

Logging in debug mode could/should not be a positive when using python's logger in debug mode.

URL to the alert on the project page on LGTM.com

https://lgtm.com/projects/g/Subscribie/subscribie/snapshot/c5c05a0744c3c7dc7af49f4aaa420ff26585e876/files/subscribie/models.py?sort=name&dir=ASC&mode=heatmap#x1399582e65f5c5fa:1

MathiasVP commented 2 years ago

Thanks for the issue @chrisjsimpson,

I've forwarded it to the Python team.

RasmusWL commented 2 years ago

I agree that this alert does not seem very useful.

Logging in debug mode could/should not be a positive when using python's logger in debug mode.

I disagree about this. Logging in debug mode is still logging.