Message3906

Author ethan-10gen
Recipients ethan-10gen
Date 2008-12-10.16:38:39
SpamBayes Score 6.395913e-06
Marked as misclassified No
Message-id <1228927120.69.0.0978038010707.issue1199@psf.upfronthosting.co.za>
In-reply-to
Content
The zipimporter.zipimporter constructor does some path exploration to
find out if it was given a path that is "contained" in a zip file. Right
now if it gets the path:

/some/path/archive.zip/jython/modules/foo.py

It walks up this path looking for an object that is a regular file. So,
it tries:

/some/path/archive.zip/jython/modules/
/some/path/archive.zip/jython/
/some/path/archive.zip

And then stops, since it has found a regular file. However, for paths
that are not contained in zip files, such as this:

/some/path/to/a/project/jython/Lib/foo.py

It will walk up the directory hierarchy, but never find a regular file:

/some/path/to/a/project/jython/Lib/
/some/path/to/a/project/jython/
/some/path/to/a/project/
/some/path/to/a/project/
/some/path/to/a/
/some/path/to/
/some/path/
/some/

We're trying to sandbox Jython and so use the JVM SecurityManager to
prohibit access to most files -- as a result, this directory climbing is
inconvenient for us. It seems to me that if you find that the path is
not a regular file, but does exist, then it must not be contained in any
zip files, so you can bail immediately. Does this change sound OK?
History
Date User Action Args
2008-12-10 16:38:41ethan-10gensetrecipients: + ethan-10gen
2008-12-10 16:38:40ethan-10gensetmessageid: <1228927120.69.0.0978038010707.issue1199@psf.upfronthosting.co.za>
2008-12-10 16:38:40ethan-10genlinkissue1199 messages
2008-12-10 16:38:40ethan-10gencreate