The zipimporter.zipimporter constructor does some path exploration to
find out if it was given a path that is "contained" in a zip file. Right
now if it gets the path:
/some/path/archive.zip/jython/modules/foo.py
It walks up this path looking for an object that is a regular file. So,
it tries:
/some/path/archive.zip/jython/modules/
/some/path/archive.zip/jython/
/some/path/archive.zip
And then stops, since it has found a regular file. However, for paths
that are not contained in zip files, such as this:
/some/path/to/a/project/jython/Lib/foo.py
It will walk up the directory hierarchy, but never find a regular file:
/some/path/to/a/project/jython/Lib/
/some/path/to/a/project/jython/
/some/path/to/a/project/
/some/path/to/a/project/
/some/path/to/a/
/some/path/to/
/some/path/
/some/
We're trying to sandbox Jython and so use the JVM SecurityManager to
prohibit access to most files -- as a result, this directory climbing is
inconvenient for us. It seems to me that if you find that the path is
not a regular file, but does exist, then it must not be contained in any
zip files, so you can bail immediately. Does this change sound OK?
|
