Description
Description of the false positive
The ellipsis ... (three dots) is commonly used in Python to omit bodies for type hinting declarations. Since technically a lone ... is an expression statement, LGTM/CodeQL marks it as a statement without effect.
For example, we could have something like this:
@overload
def some_func(a: float) -> str:
... # body is omitted since this is just for type hinting
@overload
def some_func(a: int) -> int:
...
def some_func(a):
return a if isinstance(a, int) else str(a)
In this case, both @overload definitions exist only for type hinting. Only the final definition is actually executable at runtime. Emitting a warning for the type hint bodies is misleading; they have no effect on purpose.
Roughly, it should be fine to suppress the warning for def blocks if:
- the entire body is
... - it is in a type-declaration context such as
@overloadorProtocol
See PEP 8 on "Function annotations …" for reference.
Code samples or links to source code
URL to the alert on GitHub code scanning (optional)
https://github.com/maxfischer2781/asyncstdlib/security/code-scanning/33
https://github.com/maxfischer2781/asyncstdlib/security/code-scanning/98