-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing taint flow #19153
Comments
Hi @Cheap-Cheer Thanks for your report. I've asked to CodeQL Python to take a look. |
Hi @Cheap-Cheer We only consider The team has investigated this specific issue before for the LoLLMs repository. They concluded that in this specific case it is fairly complex to determine that |
@jketema Thank you for your thoughtful answer! I really appreciate it! |
You're welcome. To work around the issue, your best option would be to define an |
Description of the false positive
Code samples or links to source code
URL to the alert on GitHub code scanning (optional)
I use the following query analysis code:
this is the results:

Starting from the
category
variable I specified, I tried to find all the nodes that it could potentially flow to. However, I only ended up with six results, which are marked in the figure above. Apparently, thepackage_full_path
in the row where the sixth point is located is also a node that category could flow to, but the results don't reflect this. Why is that? Thank you for your answer!The text was updated successfully, but these errors were encountered: