This rule raises an issue when a membership test using in or not in is performed on an empty collection literal such as [], {}, set(), tuple(), or frozenset().

Why is this an issue?

In Python, the membership operators in and not in test whether a value exists in a collection. When the collection is empty, these tests always produce predictable results:

• x in [] is always False because the value cannot exist in an empty collection
• x not in [] is always True because the value is indeed not in an empty collection

This pattern typically indicates one of three problems:

• dead code: the check serves no purpose and should be removed
• logic error: the collection should have been populated before the membership test
• incomplete implementation: the code was started but never finished

Consider this example:

if user_id in []:
    grant_access()

This condition will never be true, so grant_access() will never be called. The code is either incomplete, meaning the list should contain authorized user IDs, or the check is unnecessary and should be removed.

The issue applies to all Python collection types:

• empty list: []
• empty dict: {}, which creates an empty dictionary, not a set. When used with in, it tests keys.
• empty set: set()
• empty tuple: () or tuple()
• empty frozenset: frozenset()

What is the potential impact?

This issue can lead to bugs where conditions never evaluate as expected, causing:

• dead code paths: code that can never be reached
• security vulnerabilities: authorization checks that never pass or always pass
• logic errors: incorrect program behavior due to conditions that do not work as intended

The severity depends on the context. An authorization check that always fails could be a critical security issue, while a redundant check might only affect code maintainability.

How to fix it

If the collection should contain values, populate it with the appropriate elements before performing the membership test.

Code examples

Noncompliant code example

if user_id in []:  # Noncompliant: empty list
    grant_access()

Compliant solution

if user_id in ["admin", "user123", "moderator"]:
    grant_access()

Resources

Documentation

• Python Documentation - Membership test operations
• Python Documentation - Data Structures

Related rules

• {rule:python:S2583} - Conditionals should not always evaluate to the same value
• {rule:python:S1145} - Useless "if(true) {…​}" and "if(false){…​}" blocks should be removed