Codiga has joined Datadog!

Read the Blog·

Interested in our Static Analysis?

Sign up
← All posts
Julien Delange Wednesday, October 26, 2022

Python: do not use empty array as function parameters



Julien Delange, Founder and CEO

Julien is the CEO of Codiga. Before starting Codiga, Julien was a software engineer at Twitter and Amazon Web Services.

Julien has a PhD in computer science from Universite Pierre et Marie Curie in Paris, France.

See all articles

What is a default parameter in Python?

A default parameter in Python is a default value assigned to a function parameter. If I define the function foo with a parameter bar = 3, it ensures that if no value is passed for this parameter, the default value 3 will be used.

def foo(bar=3):
  return bar + 2

n = foo()   # returns 5
n = foo(10) # return 12

The major caveat is that default parameters are only evaluated once and may cause problems when a function is called more than once.

Why does an empty array as a default parameter in Python may cause a problem?

As parameters are evaluated only ONCE, returning or using an array with a default parameter may create an issue, as the value from a previous call may be reused in a later call.

Let's look at a concrete example.

import typing

def foo(bar: typing.List[int] = []):
    return bar

l1 = foo()
l2 = foo()

When executing the code above, at the second call, the value of the first call was reused, which is (almost) never what we want.

$ python
[42, 42]

This is a common issue in Python code already documented (see the Common Gotchas for Python).

How to avoid having issues with an empty array as default parameter in Python?

The idea is not to use an array as a default parameter and instead is None. Then, inside the function, we check if a value has been passed and assign it.

There is the corrected version of the code shown above.

import typing

def foo(bar: typing.Optional[typing.List[int]]=None):
    if bar is None:
        res = []
        res = bar
    return res

l1 = foo()
l2 = foo()

When executing the code, we have the correct result.

$ python

Automatically empty array as default parameter in Python

Codiga provides IDE plugins and integrations with GitHub, GitLab, or Bitbucket to detect empty arrays as default parameters. The Codiga static code analysis detects this issue directly in your IDE or code reviews.

In particular, this analysis rule produces a warning each time there is an empty array as a default parameter in a function definition.

Avoid empty array parameter

To use this rule consistently, all you need to do is to install the integration in your IDE (for VS Code or JetBrains) or code management system and add a codiga.yml file at the root of your profile with the following content:

  - python-security

It will then check all your Python code against 100+ rules that detect unsafe and insecure code and suggests fixes for each of them.

More resources

Are you interested in Datadog Static Analysis?

Sign up