Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Python: False positive: Tuple Destructuring #17008

Open
JLLeitschuh opened this issue Jul 17, 2024 · 1 comment
Open

Python: False positive: Tuple Destructuring #17008

JLLeitschuh opened this issue Jul 17, 2024 · 1 comment
Labels
false-positive

Comments

@JLLeitschuh
Copy link
Contributor

Description of the false positive

CodeQL incorrectly identifies dataflow occurring from a constant value when a tuple is being destructured.

Code samples or links to source code
Screenshot 2024-07-17 at 1 17 28 PM

Here's it's very clear that status will always be 200 on this data flow path, but CodeQL incorrectly believes there is dataflow from the res.json() to the status variable.

https://github.com/Chainguard-Wolfi-Bites-Back/istio__istio/security/code-scanning/5
@aibaars
Copy link
Contributor

aibaars commented Jul 17, 2024

Thank you for this false positive report. Resolving this issue is not a current product priority, but we acknowledge the report and will track it internally for future consideration, or if we observe repeated instances of the same problem.

This seems to have the same cause as #16976

@yoff yoff mentioned this issue Jul 22, 2024
Draft
@yoff yoff mentioned this issue Dec 3, 2024
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
false-positive
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JLLeitschuh @aibaars