mirror of
https://github.com/github/codeql.git
synced 2025-12-19 10:23:15 +01:00
19ee64d9ad
There have been multiple reports of false positives from this query over time. Now that it has `@security-severity 10.0`, these false positives look even worse. The query looks purely for calls to functions with certain names, not at whether the calls happen in a dangerous context. To justify a higher precision, the query should only flag calls that happen in a thread or another non-reentrant context.
247 B
247 B
lgtm,codescanning
- Lowered the precision of
cpp/potentially-dangerous-functionso it is run but not displayed on LGTM by default and so it's only run and displayed on Code Scanning if a broader suite likecpp-security-extendedis opted into.