LGTM.com - false positive

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

https://codeql.github.com

MIT License

7.48k stars 1.49k forks source link

LGTM.com - false positive #8633

Open schmidtw opened 2 years ago

schmidtw commented 2 years ago

Description of the false positive

The warning is that I could create a HTTP:// based url, which is needed to support the ws:// protocol. In this case that is what the caller wants. Not all services are HTTPS://.

URL to the alert on the project page on LGTM.com

https://lgtm.com/projects/g/xmidt-org/curlws/snapshot/fd804131fd002481520e5298346183a8f8fa5ea3/files/src/utils.c?sort=name&dir=ASC&mode=heatmap#xf266ff1b6c8ff791:1

geoffw0 commented 2 years ago

I think in this case the result is accurate but is not relevant to the needs of your project. I suggest you dismiss/hide the result using the button in the LGTM interface, or perhaps customize the queries that you run for your project (see here).