[False positive] `py/unused-local-variable` on SQLAlchemy model definition classes

Hi there,

thanks a stack for bringing LGTM to CodeQL. We used your kickstart template PR https://github.com/crate/crate-python/pull/467 for making the transition happen on one of our Python repositories and wanted to report back about a potential false positive, after mitigating all other admonitions on our end before.

With kind regards,
Andreas.


**Description of the false positive**

`py/unused-local-variable` is raised on SQLAlchemy model definition classes, which are only defined, but not used.


**Code samples or links to source code**

```python
class DummyTable(Base):
    __tablename__ = "t"
    pk = sa.Column(sa.String, primary_key=True)
    tags = sa.Column(ObjectArray)

Base.metadata.create_all()
```

- There is a corresponding PR, including the offending code, in a repro repository at https://github.com/crate-workbench/codeql-evaluations/pull/4.


**URL to the alert on GitHub code scanning (optional)**

- https://github.com/crate/crate-python/security/code-scanning/44
- https://github.com/crate-workbench/codeql-evaluations/security/code-scanning/2


**Thoughts**

I wonder if anything can be done about it, other than manually dismissing corresponding admonitions?

As far as we understand, CodeQL does not feature inline suppression comments/instructions, like what LGTM did with `lgtm[py/import-and-import-from]`, right? (https://github.com/crate/crate-python/commit/4397cc2e7)

Do you have any other suggestions on this matter?


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[False positive] `py/unused-local-variable` on SQLAlchemy model definition classes #11407

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[False positive] py/unused-local-variable on SQLAlchemy model definition classes #11407

Description