Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[False positive] py/call-to-non-callable on _decorated_ __call__ magic methods #11408

Open
amotl opened this issue Nov 24, 2022 · 1 comment
Open
Labels
acknowledged GitHub staff acknowledges this issue false-positive not security This issue does not relate to a security query Python

Comments

@amotl
Copy link

amotl commented Nov 24, 2022

Hi there,

thanks a stack for bringing LGTM to CodeQL. We used your kickstart template PR crate/crash#373 for making the transition happen on one of our Python repositories and wanted to report back about a potential false positive, after mitigating all other admonitions on our end before.

With kind regards,
Andreas.

Description of the false positive

py/call-to-non-callable is raised on decorated __call__ magic methods.

Code samples or links to source code

class FooBarCommand(Command):

    @noargs_command
    def __call__(self, cmd, *args, **kwargs):
        return f"{cmd}: foobar"

URL to the alert on GitHub code scanning (optional)

Thoughts

I wonder if anything can be done about it, other than manually dismissing corresponding admonitions? Do you have any other suggestions on this matter?

@MathiasVP
Copy link
Contributor

Hi @amotl,

Indeed, this looks like a false positive. Thank you for reporting it!

Like I said in #11407, since our current focus is on improving our security analysis we will put this on our backlog and prioritize it if we get enough reports of the same underlying issue in other projects. We'll let you know here as soon as it's fixed!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
acknowledged GitHub staff acknowledges this issue false-positive not security This issue does not relate to a security query Python
Projects
None yet
Development

No branches or pull requests

2 participants