CodeQL documentation
CodeQL resources

__del__ is called explicitly

ID: py/explicit-call-to-delete
Kind: problem
Security severity: 
Severity: warning
Precision: very-high
Tags:
   - reliability
   - correctness
Query suites:
   - python-security-and-quality.qls

Click to see the query in the CodeQL repository

The __del__ special method is designed to be called by the Python virtual machine when an object is no longer reachable, but before it is destroyed. Calling a __del__ method explicitly may cause an object to enter an unsafe state.

Recommendation

If explicit clean up of an object is required, a close() method should be called or, better still, wrap the use of the object in a with statement.

Example

In the first example, rather than close the zip file in a conventional manner the programmer has called __del__. A safer alternative is shown in the second example.



def extract_bad(zippath, dest):
    zipped = ZipFile(zippath)
    try:
        zipped.extractall(dest)
    finally:
        zipped.__del__()

def extract_good(zippath, dest):
    zipped = ZipFile(zippath)
    try:
        zipped.extractall(dest)
    finally:
        zipped.close()

References

  • © GitHub, Inc.
  • Terms
  • Privacy