Issue 36053: pkgutil.walk_packages jumps out from given path if there is package with the same name in sys.path (original) (raw)

Issue36053

Created on 2019-02-20 16:37 by karkucik, last changed 2022-04-11 14:59 by admin.

| Messages (6) | | | | | | | | | | | | | | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ---------------------- | | | ------------------ | | | --------- | | ------------------ | ------------------------------------ | ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | msg336111 - (view) | Author: Piotr Karkut (karkucik) * | Date: 2019-02-20 16:37 | | | | | | | | | | | | | When walk_packages encounter a package with a name that is available in sys.path, it will abandon the current package, and start walking the package from the sys.path. Consider this file layout: ``` PYTHONPATH/ ├──package1/ | ├──core | | ├──some_package/ | | | ├──__init__.py | | | └──mod.py | | └──__init__.py | └──__init__.py └──some_package/ | ├──__init__.py | └──another_mod.py └──__init__.py ``` The result of walking package1 will be: ``` >> pkgutil.walk_packages('PYTHONPATH/package1') ModuleInfo(module_finder=FileFinder('PYTHONPATH/package1/core'), name='some_package', ispkg=True) ModuleInfo(module_finder=FileFinder('PYTHONPATH/some_package), name='another_mod', ispkg=False) ``` I'm not sure if it is a security issue, but it definitely should not jump off the given path. | | msg339028 - (view) | Author: Piotr Karkut (karkucik) * | Date: 2019-03-28 10:06 | | | | | | | | | | | | | Bump | | | | | | | | | | | | | | | msg339573 - (view) | Author: Alyssa Coghlan (ncoghlan) * | Date: 2019-04-07 11:52 | | | | | | | | | | | | | Piotr: does it always jump out, or does it only jump out if the relevant module has already been imported? (The tests for walk_packages are relatively weak and never generate conflicting names, so it's entirely plausible that there are caching side effects that make it do strange things) | | | | | | | | | | | | | | | msg339603 - (view) | Author: Piotr Karkut (karkucik) * | Date: 2019-04-08 09:14 | | | | | | | | | | | | | Nick: From what I've checked, it jumps in case the module is already imported. The problem is that the original implementation is quite naive, and it's trying to import the module before looking for it in `sys.modules` - So if the module with a conflicting name is in PYTHONPATH and has higher priority, it'd be imported instead of the correct one. And then, as the module is imported, it'd be available in `sys.modules`. | | | | | | | | | | | | | | | msg343747 - (view) | Author: Piotr Karkut (karkucik) * | Date: 2019-05-28 08:22 | | | | | | | | | | | | | Bump? | | | | | | | | | | | | | | | msg348381 - (view) | Author: Piotr Karkut (karkucik) * | Date: 2019-07-24 12:03 | | | | | | | | | | | | | bump | | | | | | | | | | | | | |