List comprehension variable used in enclosing scope¶
ID: py/leaking-list-comprehensionKind: problemSecurity severity: Severity: warningPrecision: very-highTags: - portability - correctnessQuery suites: - python-security-and-quality.qls
Click to see the query in the CodeQL repository
In Python 2 list comprehensions are evaluated in the enclosing scope, which means that the iteration variable of a list comprehension is visible outside of the list comprehension. In Python 3 the iteration variable is no longer visible in the enclosing scope.
Code that uses the value of a list comprehension iteration variable after the list comprehension has finished will behave differently under Python 2 and Python 3.
Recommendation¶
Explicitly set the variable in the outer scope to the value that it would have held when run under Python 2. Then rename the list comprehension variable for additional clarity.
Example¶
In this example,x is initially assigned the value of 3. In Python 3,x will be unchanged as the list comprehension is evaluated in its own scope. In Python 2, evaluation of the list comprehension occurs in the scope oftwo_or_three, settingx to 2.
deftwo_or_three():x=3[0forxinrange(3)]returnx# Will return 2 in Python 2 and 3 in Python 3.print(two_or_three())
The following example is the same code as above, but the list comprehension variable is renamed to ensure it does not overwritex.
defjust_three():x=3[0foryinrange(3)]returnx# Will return always return 3.print(just_three())
References¶
Python Tutorial:List Comprehensions.
The History of Python:From List Comprehensions to Generator Expressions.
Python Language Reference:List displays.