Sometimes you may see alerts that you don't agree with or that you feel are not useful to you. You may also want to ignore an alert if you would rather not spend a long time re-writing your code for little potential benefit. In cases like these, you can disable individual alerts by adding 'suppression comments' to selected lines of your source code.
An alert suppression is an inline comment which is made up of:
- A suppression annotation, which is not case sensitive:
LGTM. For Java, you can also use
- An optional query identifier,
You can find the query identifier next to the
@id property in the metadata at the top of most query files. If you don't specify a query identifier, then all alerts generated by the code on the commented line are suppressed. Adding an identifier allows you to selectively suppress alerts for a specific query. For further information on query identifiers, see Query metadata.
The syntax of suppression comments is language-dependent:
# lgtm..." for Python
Additionally, for Python the
#noqa comment without any trailing text is also interpreted as a suppression comment. It has the same effect as
Whitespace is allowed both before and after the the word
lgtm and the
Adding suppression comments
If you would like to suppress alerts for more than one query on the same line of code, you should include
lgtm annotations for each query on that line. For example:
# lgtm[query1-id] lgtm[query2-id]" for Python
@SuppressWarnings annotations in Java
For code written in Java, you can also suppress alerts flagged using Java built-in
@SuppressWarnings annotations. For these annotations, you must specify the
query-id for the alert that you want to suppress:
You typically add the annotation to a code element, and it'll suppress all alerts for the query within that element, not just on the line the annotation was added.
The code snippet below - without the suppression comment - is taken from the standard Python library and uses multiple inheritance to define a class:
In general, multiple inheritance should be used with care. The main issue is when both base classes define the same method, and one is unintentionally overridden. The 'conflicting attributes in base classes' query flags this type of override. If the override is deliberate, as it is in the example, you can add a suppression comment to suppress the alert. Its query identifier is
Excluding commented alerts from your analysis
If you perform analysis using LGTM, the suppression comments are automatically recognized. However, if you use alert suppression alongside a QL command line tool, such as
analyzeSnapshot, you must add the
query to your query suite file (or list of queries) so that the tool can identify the suppression comments. For example, the alert suppression query can be directly referenced in a query suite for analysis of Python code as follows:
Alternatively, if you are using
analyzeSnapshot and you haven't specified a
--suite flag, you can add the alert suppression query to your list of queries using the
--queries flag. For further information see
When you implement alert suppression, your analysis won't generate alerts for the lines of code where you have added suppression comments. You may wish to take further action, depending on your reason for using alert suppression.
What should I do if an alert is a false positive?
If you believe that a particular alert generated by a standard query is a false positive that should not have been reported, consider raising an issue in the query repository. In the case of custom queries which are problematic, please report issues to the relevant author or distributor. For more information about the query language used to write queries, see Learning QL.