diff options
| author | Jason R. Coombs <jaraco@jaraco.com> | 2019-01-17 16:49:49 -0500 |
|---|---|---|
| committer | Jason R. Coombs <jaraco@jaraco.com> | 2019-01-20 21:26:23 -0500 |
| commit | 20f38687bbcf0e668902d37d51023f1fddc55273 (patch) | |
| tree | f26514ab785653562af0c0f7b893cb552e67f984 | |
| parent | bfe286c3a95615a1d927c46cbe3d8ce890bab2b0 (diff) | |
| download | external_python_setuptools-20f38687bbcf0e668902d37d51023f1fddc55273.tar.gz external_python_setuptools-20f38687bbcf0e668902d37d51023f1fddc55273.tar.bz2 external_python_setuptools-20f38687bbcf0e668902d37d51023f1fddc55273.zip | |
Update docs to match implementation that resource names are rooted at the package. Ref #1635.
| -rw-r--r-- | changelog.d/1635.change.rst | 1 | ||||
| -rw-r--r-- | docs/pkg_resources.txt | 4 | ||||
| -rw-r--r-- | pkg_resources/__init__.py | 10 |
3 files changed, 6 insertions, 9 deletions
diff --git a/changelog.d/1635.change.rst b/changelog.d/1635.change.rst new file mode 100644 index 00000000..7227ce0d --- /dev/null +++ b/changelog.d/1635.change.rst @@ -0,0 +1 @@ +Resource paths are passed to ``pkg_resources.resource_string`` and similar no longer accept paths that traverse parents. Violations of this expectation raise DeprecationWarnings and will become errors. diff --git a/docs/pkg_resources.txt b/docs/pkg_resources.txt index 0c9fb5f2..21aac814 100644 --- a/docs/pkg_resources.txt +++ b/docs/pkg_resources.txt @@ -1132,8 +1132,8 @@ relative to the root of the identified distribution; i.e. its first path segment will be treated as a peer of the top-level modules or packages in the distribution. -Note that resource names must be ``/``-separated paths and cannot be absolute -(i.e. no leading ``/``) or contain relative names like ``".."``. Do *not* use +Note that resource names must be ``/``-separated paths rooted at the package +and cannot contain relative names like ``".."``. Do *not* use ``os.path`` routines to manipulate resource paths, as they are *not* filesystem paths. diff --git a/pkg_resources/__init__.py b/pkg_resources/__init__.py index a5bed9a6..a3f1c56f 100644 --- a/pkg_resources/__init__.py +++ b/pkg_resources/__init__.py @@ -1489,8 +1489,7 @@ class NullProvider: >>> warned.clear() >>> vrp('/foo/bar.txt') >>> bool(warned) - True - >>> warned.clear() + False >>> vrp('foo/../../bar.txt') >>> bool(warned) True @@ -1499,14 +1498,11 @@ class NullProvider: >>> bool(warned) False """ - invalid = ( - path.startswith('/') or - re.search(r'\B\.\.\B', path) - ) + invalid = '..' in path.split('/') if not invalid: return - msg = "Use of .. or leading / in a resource path is not allowed." + msg = "Use of .. in a resource path is not allowed." # for compatibility, warn; in future # raise ValueError(msg) warnings.warn( |