codeql
codeql copied to clipboard
github
LGTM.com - false positive for `sklearn.base.BaseEstimator._more_tags()`
Description of the false positive
Using multiple base classes from sklearn.base together, e.g.,
from sklearn.base import BaseEstimator, ClusterMixin
class Clustering(ClusterMixin, BaseEstimator):
...
LGTM identifies following error: Base classes have conflicting values for attribute '_more_tags': Function _more_tags and Function _more_tags.
I think that this is a false positive, because both functions _more_tags are used via the inspect.getmro function
def _get_tags(self):
collected_tags = {}
for base_class in reversed(inspect.getmro(self.__class__)):
if hasattr(base_class, "_more_tags"):
# need the if because mixins might not have _more_tags
# but might do redundant work in estimators
# (i.e. calling more tags on BaseEstimator multiple times)
more_tags = base_class._more_tags(self)
collected_tags.update(more_tags)
return collected_tags
Checkout the full definition
URL to the alert on the project page on LGTM.com https://lgtm.com/projects/g/moldyn/MoSAIC/snapshot/c1df9c1a96a193a3e400986fb71b550bf0c42e2f/files/src/mosaic/clustering.py?sort=name&dir=ASC&mode=heatmap#x8e6a118dd37a8a7:1
Indeed, this looks like a false positive. Thank you for reporting it!
Our current focus is on improving our security analysis. Because your report does not relate to a security query, we will put this on our backlog and prioritize it if we get enough reports of the same underlying issue in other projects. If you think that your report is related to our security analysis, please clarify that in a comment. Either way, we'll let you know here as soon as it's fixed!
As you might know, all of our queries are open source. If you do have an idea for a code change, we encourage you to open a pull request. GitHub Code Scanning and lgtm.com have facilities for suppressing individual alerts or disabling a query.
Thank you for your kind answer and as you noticed correctly it is neither a security issue nor urgent.