Asserting a tuple¶
ID: py/asserts-tupleKind: problemSecurity severity: Severity: errorPrecision: very-highTags: - quality - reliability - correctness - external/cwe/cwe-670Query suites: - python-security-and-quality.qls
Click to see the query in the CodeQL repository
When you define anassert statement to test a tuple the test will either always succeed (if the tuple is non-empty) or always fail (if the tuple is empty).
This error usually occurs when the programmer writesassert(condition,message) instead of the correct formassertcondition,message
Recommendation¶
Review the code and determine the purpose of theassert statement:
If the “tuple” has been created in error, then remove the parentheses and correct the statement
If validation of a tuple is intended, then you should define an
assertstatement for each element of the tuple.
Example¶
The statementassert(xxx,yyy) attempts to test a “tuple”(xxx,yyy). The original intention may be any of the alternatives listed below:
assertxxxandyyy# Alternative 1a. Check both expressions are trueassertxxx,yyy# Alternative 1b. Check 'xxx' is true, 'yyy' is the failure message.tuple=(xxx,yyy)# Alternative 2. Check both elements of the tuple match expectations.asserttuple[0]==xxxasserttuple[1]==yyy
If you want to define a validity check on the values of a tuple then these must be tested individually.
References¶
Python Language Reference:The assert statement.
Tutorials Point:Assertions in Python.
Common Weakness Enumeration:CWE-670.