Ken Jin <kenjin4...@gmail.com> added the comment:
@Serhiy, While this approach solves the getfile problem, I don't think this will solve the other problem of pydoc leaking secrets stored in python files: Quoting from Marc-Andre Lemburg's message: > the tool also makes available all Python modules which can be found on > sys.path of the user starting pydoc -p. It shows all doc-strings, functions, > the class structure and literal values of any constants found in those > modules. > In a corporate environment this can easily result in data leaks of e.g. > unreleased software, personal information, disclosure of NDA protected code, > designs, algorithms and other secrets. Quoting from Victor's messages: > pydoc shows global constant values in the doc. So yes, if you find a > settings.py of a Django project, you can discover secrets. Ultimately, the problem seems to be that .py files (other than those in the stdlib) may contain sensitive info, which pydoc can read. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue42988> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
