Implicit string concatenation in a list¶

ID: py/implicit-string-concatenation-in-list
Kind: problem
Security severity: 
Severity: warning
Precision: high
Tags:
   - quality
   - maintainability
   - readability
   - external/cwe/cwe-665
Query suites:
   - python-security-and-quality.qls

Click to see the query in the CodeQL repository

When two string literals abut each other the Python interpreter implicitly concatenates them into a single string. On occasion this can be useful, but is more commonly misleading or incorrect.

Recommendation¶

If the concatenation is deliberate, then use + to join the strings. This has no runtime overhead, and makes the intention clear.

Example¶

In the first function below, unclear, implicit string concatenation is used twice; once deliberately and once by accident. In the second function, clarified, the first concatenation is made explicit and the second is removed.

def unclear():
    # Returns [ "first part of long string and the second part", "/usr/local/usr/bin" ]
    return [

        "first part of long string"
        " and the second part",
        "/usr/local"
        "/usr/bin"
    ]

def clarified():
    # Returns [ "first part of long string and the second part", "/usr/local", "/usr/bin" ]
    return [
        "first part of long string" +
        " and the second part",
        "/usr/local",
        "/usr/bin"
    ]

References¶

Python language reference: String literal concatenation.
Common Weakness Enumeration: CWE-665.

© GitHub, Inc.
Terms
Privacy

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies:

Alternative Proxy