CodeQL documentation

Comparison using is when operands support __eq__

ID: py/comparison-using-is
Kind: problem
Security severity: 
Severity: warning
Precision: high
Tags:
   - reliability
   - correctness
Query suites:
   - python-security-and-quality.qls

Click to see the query in the CodeQL repository

When you compare two values using the is or is not operator, it is the object identities of the two values that is tested rather than their equality. If the class of either of the values in the comparison redefines equality then the is operator may return False even though the objects compare as equal. Equality is defined by the __eq__ or, in Python2, __cmp__ method. To compare two objects for equality, use the == or != operator instead.

Recommendation

When you want to compare the value of two literals, use the comparison operator == or != in place of is or is not.

If the uniqueness property or performance are important then use an object that does not redefine equality.

Example

In the first line of the following example the programmer tests the value of value against DEFAULT using the is operator. Unfortunately, this may fail when the function is called with the string "default".

To function correctly, change the expression value is DEFAULT to value == DEFAULT. Alternatively, if the uniqueness property is desirable, then change the definition of DEFAULT to either of the alternatives below.


DEFAULT = "default"

def get_color(name, fallback):
    if name in COLORS:
        return COLORS[name]
    elif fallback is DEFAULT:
        return DEFAULT_COLOR
    else:
        return fallback

#This works
print (get_color("spam", "def" + "ault"))

#But this does not
print (get_color("spam", "default-spam"[:7]))

#To fix the above code change to object
DEFAULT = object()

#Or if you want better repr() output:
class Default(object):

    def __repr__(self):
        return "DEFAULT"

DEFAULT = Default()

References

  • © GitHub, Inc.
  • Terms
  • Privacy