SonarLint is embedded as a Tool in:
. IDE, PyCharm 2022.2.1 (Professional Edition)
. .not bind Project to SonarQube/SonarCloud
. .no file exlussion
. .no Analysis properties
. Package : Flask 2.2
… Funtion: flask.send_file
It seems to me to be a false positive. I have two questions:
How can I block this false positive for my IDE (PyCharm.Professional)?
The same issue is raised on SonarQube, integrated and used in CI/CD project pipeline. How can I block this false positive on SonarQube server?
I have created the following ticket to track this FP. Unfortunately, it is not an easy fix on our side, as we used to rely on typeshed to retrieve type information for Flask, but we are temporarily stuck with a slightly outdated version for now due to changes in the distribution of those stubs, for which we need to adapt the analyzer.
In the meantime, using the #NOSONAR annotation on the FP, or disabling the offending rule, is your best bet.