Jason R. Coombs <jar...@jaraco.com> added the comment:
The preferred API as implemented in Python 3.9 and importlib_resources 1.1 is
the `files()` API. This simpler API returns a Traversable object, a
pathlib-like handle to the contents of a package. This approach side-steps the
issues described above. In particular, `is_resource` no longer has a purpose.
Path traversal is handled naturally through `Traversable.join_path`. Resources
in subdirectories are now supported.
Parent objects ('..') are allowed, but only incidentally and allowed in the
same way as they're allowed for any Python code. That is, one can call
`files('multiprocessing').joinpath('../../../../etc/passwd')`, but that
provides no advantage over `pathlib.Path('/etc/passwd')`.
I believe this new API addresses the concerns presented.
Please open a new issue (here or in github.com/python/importlib_resources) if
there are further concerns needing attention.
----------
nosy: +jaraco
resolution: -> fixed
stage: -> resolved
status: open -> closed
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue36128>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
