Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkgutil.find_loader accepts invalid module names #59477

Closed
ncoghlan opened this issue Jul 7, 2012 · 6 comments
Closed

pkgutil.find_loader accepts invalid module names #59477

ncoghlan opened this issue Jul 7, 2012 · 6 comments
Labels
stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error

Comments

@ncoghlan
Copy link
Contributor

ncoghlan commented Jul 7, 2012

BPO 15272
Nosy @brettcannon, @birkenfeld, @ncoghlan, @merwok, @ericsnowcurrently

Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2016-09-08.16:40:11.818>
created_at = <Date 2012-07-07.10:19:46.901>
labels = ['type-bug', 'library']
title = 'pkgutil.find_loader accepts invalid module names'
updated_at = <Date 2016-09-08.16:40:11.814>
user = 'https://github.com/ncoghlan'

bugs.python.org fields:

activity = <Date 2016-09-08.16:40:11.814>
actor = 'eric.snow'
assignee = 'none'
closed = True
closed_date = <Date 2016-09-08.16:40:11.818>
closer = 'eric.snow'
components = ['Library (Lib)']
creation = <Date 2012-07-07.10:19:46.901>
creator = 'ncoghlan'
dependencies = []
files = []
hgrepos = []
issue_num = 15272
keywords = []
message_count = 6.0
messages = ['164806', '165155', '165499', '165515', '165953', '275060']
nosy_count = 6.0
nosy_names = ['brett.cannon', 'georg.brandl', 'ncoghlan', 'eric.araujo', 'Arfrever', 'eric.snow']
pr_nums = []
priority = 'normal'
resolution = 'out of date'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue15272'
versions = ['Python 3.6']
@ncoghlan
Copy link
Contributor Author

ncoghlan commented Jul 7, 2012

The pkgutil import emulation is insane and permits modules identifiers to contain paths.

Identified in bpo-15230 (reporting some very surprising behaviour from runpy.run_module).

@ncoghlan
Copy link
Contributor Author

I've taken 3.2 and 2.7 off the list - no doubt someone, somewhere is relying on this particular piece of missing input validation, so it's not worth risking breakage in a point release.

I think it's worth fixing for 3.3, though.

@ncoghlan ncoghlan added the type-bug An unexpected behavior, bug, or error label Jul 10, 2012
@ncoghlan
Copy link
Contributor Author

I'll add a regression test for this as part of my purge of any internal usage of the pkgutil import emulation.

@ncoghlan ncoghlan self-assigned this Jul 15, 2012
@ncoghlan
Copy link
Contributor Author

OK, this one is trickier than I thought - the exact behaviour depends on how you traverse the code, and I believe a PEP-302 importer is technically allowed to accept "/" in module names. (Unless there's a module names "must be valid identifiers" in there somewhere that I have forgotten about)

Punting on it for the moment.

@ncoghlan ncoghlan removed their assignment Jul 15, 2012
@brettcannon
Copy link
Member

PEP-302 just says that find_module "will be called with the fully qualified name of the module." And importation by file name was removed in Python 3 (at some point; don't remember exact feature release). So supporting slashes in a module name is probably not necessary anymore.

@ericsnowcurrently
Copy link
Member

pkgutil has since been updated to use importlib, meaning it relies on importlib to sort this out.

@ericsnowcurrently ericsnowcurrently added the stdlib Python modules in the Lib dir label Sep 8, 2016
@ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brettcannon @ncoghlan @ericsnowcurrently