Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-04-14 07:41:00 +00:00
Code Issues Projects Releases Packages Wiki Activity

[3.14] gh-146121: Clarify security model of pkgutil.getdata (GH-148197) (GH-148206)

Browse source 
(cherry picked from commit cf59bf7647)

Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Stan Ulbrych <stan@python.org>
This commit is contained in:
Miss Islington (bot) 2026-04-07 12:48:29 +02:00 committed by GitHub
parent 25369a8c78
commit d786d59a8f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 26 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

28
Doc/library/pkgutil.rst
View file

@ -151,24 +151,48 @@ support.
:meth:`get_data <importlib.abc.ResourceLoader.get_data>` API. The
*package* argument should be the name of a package, in standard module format
(``foo.bar``). The *resource* argument should be in the form of a relative
filename, using ``/`` as the path separator. The parent directory name
``..`` is not allowed, and nor is a rooted name (starting with a ``/``).
filename, using ``/`` as the path separator.
The function returns a binary string that is the contents of the specified
resource.
This function uses the :term:`loader` method
:func:`~importlib.abc.FileLoader.get_data`
to support modules installed in the filesystem, but also in zip files,
databases, or elsewhere.
For packages located in the filesystem, which have already been imported,
this is the rough equivalent of::
d = os.path.dirname(sys.modules[package].__file__)
data = open(os.path.join(d, resource), 'rb').read()
Like the :func:`open` function, :func:`!get_data` can follow parent
directories (``../``) and absolute paths (starting with ``/`` or ``C:/``,
for example).
It can open compilation/installation artifacts like ``.py`` and ``.pyc``
files or files with :func:`reserved filenames <os.path.isreserved>`.
To be compatible with non-filesystem loaders, avoid using these features.
.. warning::
This function is intended for trusted input.
It does not verify that *resource* "belongs" to *package*.
If you use a user-provided *resource* path, consider verifying it.
For example, require an alphanumeric filename with a known extension, or
install and check a list of known resources.
If the package cannot be located or loaded, or it uses a :term:`loader`
which does not support :meth:`get_data <importlib.abc.ResourceLoader.get_data>`,
then ``None`` is returned. In particular, the :term:`loader` for
:term:`namespace packages <namespace package>` does not support
:meth:`get_data <importlib.abc.ResourceLoader.get_data>`.
.. seealso::
The :mod:`importlib.resources` module provides structured access to
module resources.
.. function:: resolve_name(name)