This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author karkucik
Recipients karkucik
Date 2019-02-20.16:37:07
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1550680627.64.0.854320242724.issue36053@roundup.psfhosted.org>
In-reply-to
Content 
When walk_packages encounter a package with a name that is available in sys.path, it will abandon the current package, and start walking the package from the sys.path.

Consider this file layout:

```
PYTHONPATH/
├──package1/
|   ├──core   
|   |   ├──some_package/
|   |   |   ├──__init__.py
|   |   |   └──mod.py
|   |   └──__init__.py
|   └──__init__.py
└──some_package/
   |   ├──__init__.py
   |   └──another_mod.py
   └──__init__.py
```

The result of walking package1 will be:

```
>> pkgutil.walk_packages('PYTHONPATH/package1')

ModuleInfo(module_finder=FileFinder('PYTHONPATH/package1/core'), name='some_package', ispkg=True)
ModuleInfo(module_finder=FileFinder('PYTHONPATH/some_package), name='another_mod', ispkg=False)
```

I'm not sure if it is a security issue, but it definitely should not jump off the given path.
History
Date User Action Args
2019-02-20 16:37:07karkuciksetrecipients: + karkucik
2019-02-20 16:37:07karkuciksetmessageid: <1550680627.64.0.854320242724.issue36053@roundup.psfhosted.org>
2019-02-20 16:37:07karkuciklinkissue36053 messages
2019-02-20 16:37:07karkucikcreate