search

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.48k stars 1.49k forks source link

LGTM.com - false positive #8768

Open rmontanana opened 2 years ago

rmontanana commented 2 years ago

No _more_tags attribute can not be found in sources (neither in mine nor in scikit-learn sources), you can check yourselves URL to the alert on the project page on LGTM.com https://lgtm.com/projects/g/Doctorado-ML/Odte/snapshot/cd2c1f27669bb72ddf16e7fba2e238f4355630d6/files/odte/Odte.py?sort=name&dir=ASC&mode=heatmap#x3ebeadd144fa5946:1

aibaars commented 2 years ago

Thanks for the report. Looking in the CodeQL database for functions named _more_tags gives 85 "non-source code" results in the installed dependencies. I guess this is what causes the alert. It's probably still a false positive though. See: https://lgtm.com/query/5737975573705646674/

A slightly modified version of the CodeQL query on your project is https://lgtm.com/query/2028370745721699661/ . This suggests that CodeQL found something at sklearn/base.py:345 and sklearn/base.py:653 .

rmontanana commented 2 years ago

I believe it has to be a false positive. I've cloned scikit-learn to try to find the double definition as function and as attribute of _more_tags and:

Look at this output:

grep -irn _more_tags *py|grep -v "def _more_tags("                                                 
base.py:352:            if hasattr(base_class, "_more_tags"):
base.py:353:                # need the if because mixins might not have _more_tags
base.py:356:                more_tags = base_class._more_tags(self)

and this other with all the results:

grep -irn _more_tags *py                                                                         
base.py:346:    def _more_tags(self):
base.py:352:            if hasattr(base_class, "_more_tags"):
base.py:353:                # need the if because mixins might not have _more_tags
base.py:356:                more_tags = base_class._more_tags(self)
base.py:669:    def _more_tags(self):
base.py:724:    def _more_tags(self):
base.py:755:    def _more_tags(self):
base.py:986:    def _more_tags(self):
base.py:993:    def _more_tags(self):
calibration.py:459:    def _more_tags(self):
dummy.py:414:    def _more_tags(self):
dummy.py:664:    def _more_tags(self):
isotonic.py:435:    def _more_tags(self):
kernel_approximation.py:714:    def _more_tags(self):
kernel_approximation.py:966:    def _more_tags(self):
kernel_ridge.py:157:    def _more_tags(self):
multiclass.py:591:    def _more_tags(self):
multiclass.py:910:    def _more_tags(self):
multioutput.py:240:    def _more_tags(self):
multioutput.py:508:    def _more_tags(self):
multioutput.py:837:    def _more_tags(self):
multioutput.py:957:    def _more_tags(self):
naive_bayes.py:726:    def _more_tags(self):
naive_bayes.py:858:    def _more_tags(self):
naive_bayes.py:1001:    def _more_tags(self):
naive_bayes.py:1372:    def _more_tags(self):
pipeline.py:718:    def _more_tags(self):
random_projection.py:440:    def _more_tags(self):