SonarLint is embedded as a Tool in:
. IDE, PyCharm 2022.2.1 (Professional Edition)
. .not bind Project to SonarQube/SonarCloud
. .no file exlussion
. .no Analysis properties
Language: Python
. Package : Flask 2.2
… Funtion: flask.send_file
SonarSource: 7.0.0.52289
It seems to me to be a false positive. I have two questions:
How can I block this false positive for my IDE (PyCharm.Professional)?
The same issue is raised on SonarQube, integrated and used in CI/CD project pipeline. How can I block this false positive on SonarQube server?
I’ve moved your post to the section on reporting false-postives.
Can you please review this thread and add the missing information? Specifically – what version of SonarLint you’re using, and if you’re using connected mode.
Would it be possible for you to provide a small, self-contained reproducer example project ? You can upload an archive on this thread. That would greatly help us.
You can navigate to the issue on SonarQube and change the status from ‘Open’ to ‘False Positive’. See here for more details. By the way, what is your SonarQube server version ?
You will need to connect your IDE project to your SonarQube project thanks to SonarLint. Once the issue is marked as ‘False Positive’ on the server, it should automatically be reflected in your IDE
I have created the following ticket to track this FP. Unfortunately, it is not an easy fix on our side, as we used to rely on typeshed to retrieve type information for Flask, but we are temporarily stuck with a slightly outdated version for now due to changes in the distribution of those stubs, for which we need to adapt the analyzer.
In the meantime, using the #NOSONAR annotation on the FP, or disabling the offending rule, is your best bet.