Jason R. Coombs <jar...@jaraco.com> added the comment:
The preferred API as implemented in Python 3.9 and importlib_resources 1.1 is the `files()` API. This simpler API returns a Traversable object, a pathlib-like handle to the contents of a package. This approach side-steps the issues described above. In particular, `is_resource` no longer has a purpose. Path traversal is handled naturally through `Traversable.join_path`. Resources in subdirectories are now supported. Parent objects ('..') are allowed, but only incidentally and allowed in the same way as they're allowed for any Python code. That is, one can call `files('multiprocessing').joinpath('../../../../etc/passwd')`, but that provides no advantage over `pathlib.Path('/etc/passwd')`. I believe this new API addresses the concerns presented. Please open a new issue (here or in github.com/python/importlib_resources) if there are further concerns needing attention. ---------- nosy: +jaraco resolution: -> fixed stage: -> resolved status: open -> closed _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue36128> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com