codeql icon indicating copy to clipboard operation
codeql copied to clipboard

Published 20 hours ago verified publisher icon github

Python: False positive: Tuple Destructuring

Open JLLeitschuh opened this issue 1 year ago • 1 comments
trafficstars

Description of the false positive

CodeQL incorrectly identifies dataflow occurring from a constant value when a tuple is being destructured.

Code samples or links to source code Screenshot 2024-07-17 at 1 17 28 PM

Here's it's very clear that status will always be 200 on this data flow path, but CodeQL incorrectly believes there is dataflow from the res.json() to the status variable.

https://github.com/Chainguard-Wolfi-Bites-Back/istio__istio/security/code-scanning/5

JLLeitschuh avatar Jul 17 '24 17:07 JLLeitschuh

Thank you for this false positive report. Resolving this issue is not a current product priority, but we acknowledge the report and will track it internally for future consideration, or if we observe repeated instances of the same problem.

This seems to have the same cause as https://github.com/github/codeql/issues/16976

aibaars avatar Jul 17 '24 18:07 aibaars