LGTM.com - false positive for py/uninitialized-local-variable

[rparini]

Description of the false positive

The error says that a variable may be used before it is initialized but the variable is defined on the line above. I cannot see a way that it would not be initialized.

URL to the alert on the project page on LGTM.com

It does not appear in LGTM.com (seems the py/uninitialized-local-variable alert is hidden by default) but on GitHub, using the CodeQL action, it is https://github.com/rparini/cxroots/security/code-scanning/28 Apologies if this is the wrong place for this report.

[MathiasVP]

Hi @rparini.

Indeed, this looks like a false positive. Thank you for reporting it 🙇! I've forwarded it to the Python team.

Our current focus is on improving our security analysis. Because your report does not relate to a security query, we will put this on our backlog and prioritize it if we get enough reports of the same underlying issue in other projects. We'll let you as soon as it's fixed!

As a temporary workaround, you can setup GitHub Code Scanning to suppress individual alerts or disable the py/uninitialized-local-variable query altogether.

[rparini]

Hi @MathiasVP, thanks for acknowledging. Is there some documentation on how to exclude the py/uninitialized-local-variable query completely? I can see how I would add more queries in the docs but not how I would exclude some.

[MathiasVP]

Unfortunately, this isn't super easy to do right now. Here's an answer describes how to do it. Making it easier to disable specific queries is something we're working on at the moment!