Skip to content

Commit

Permalink
Chore: Suppress unqualified CodeQL admonitions
Browse files Browse the repository at this point in the history
GitHub's CodeQL flags [1] those spots with "Unused global variable" [2].

Based on a suggestion [3], this patch attempts to use the
`advanced-security/dismiss-alerts` [4] GitHub Action recipe to provide
measures to suppress CodeQL flagging by using inline code annotations.

[1] https://github.com/crate/crate-python/security/code-scanning
[2] https://codeql.github.com/codeql-query-help/python/py-unused-global-variable/
[3] github/codeql#11427 (comment)
[4] https://github.com/advanced-security/dismiss-alerts
  • Loading branch information
amotl committed Nov 13, 2024
1 parent 313dd6f commit fa2b5f4
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 3 deletions.
16 changes: 16 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -63,3 +63,19 @@ jobs:
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
# define the output folder for SARIF files
output: sarif-results

# Unlock inline mechanism to suppress CodeQL warnings.
# https://github.com/github/codeql/issues/11427#issuecomment-1721059096
- name: Dismiss alerts
# if: github.ref == 'refs/heads/main'
uses: advanced-security/dismiss-alerts@v1
with:
# specify a 'sarif-id' and 'sarif-file'
sarif-id: ${{ steps.analyze.outputs.sarif-id }}
sarif-file: sarif-results/${{ matrix.language }}.sarif
env:
GITHUB_TOKEN: ${{ github.token }}
6 changes: 3 additions & 3 deletions src/crate/client/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,6 @@
# regex!
__version__ = "1.0.0"

apilevel = "2.0"
threadsafety = 1
paramstyle = "qmark"
apilevel = "2.0" # codeql[py/unused-global-variable]

Check notice

Code scanning / CodeQL

Unused global variable Note

The global variable 'apilevel' is not used.
threadsafety = 1 # codeql[py/unused-global-variable]

Check notice

Code scanning / CodeQL

Unused global variable Note

The global variable 'threadsafety' is not used.
paramstyle = "qmark" # codeql[py/unused-global-variable]

Check notice

Code scanning / CodeQL

Unused global variable Note

The global variable 'paramstyle' is not used.

0 comments on commit fa2b5f4

Please sign in to comment.