CodeQL documentation
CodeQL resources

__del__ is called explicitly

ID: py/explicit-call-to-delete Kind: problem Security severity: Severity: warning Precision: very-high Tags: - quality - reliability - correctness Query suites: - python-code-quality.qls - python-security-and-quality.qls

Click to see the query in the CodeQL repository

The __del__ special method is designed to be called by the Python virtual machine when an object is no longer reachable, but before it is destroyed. Calling a __del__ method explicitly may cause an object to enter an unsafe state.

Recommendation

If explicit clean up of an object is required, a close() method should be called or, better still, wrap the use of the object in a with statement.

Example

In the first example, rather than close the zip file in a conventional manner, the programmer has called __del__. A safer alternative is shown in the second example.

 def extract_bad(zippath, dest): zipped = ZipFile(zippath) try: zipped.extractall(dest) finally: zipped.__del__() def extract_good(zippath, dest): zipped = ZipFile(zippath) try: zipped.extractall(dest) finally: zipped.close()

References