CodeQL documentation

Modification of dictionary returned by locals()

ID: py/modification-of-locals
Kind: problem
Severity: warning
Precision: very-high
   - reliability
   - correctness
Query suites:
   - python-security-and-quality.qls

Click to see the query in the CodeQL repository

The dictionary returned by locals() is not a view of the function’s locals, but a copy. Therefore, modification of the dictionary returned from locals() will not modify the local variables of the function.


If the intention is to modify a local variable, then do so directly.


In this example, rather than assigning to the variable z directly, the dictionary returned by locals() is modified.

def modifies_locals_sum(x, y):
    locals()['z'] = x + y
    #z will not be defined as modifications to locals() do not alter the local variables.
    return z

def fixed_sum(x, y):
    z = x + y
    return z