Do not allow ``python -m pylint ...`` to import user code (#3396)

``python -m pylint ...`` adds the current working directory as the first element of ``sys.path``. This opens up a potential security hole where ``pylint`` will import user level code as long as that code resides in modules having the same name as stdlib or pylint's own modules. Close #3386
author: Claudiu Popa <pcmanticore@gmail.com> 2020-02-11 13:08:01 +0100
committer: GitHub <noreply@github.com> 2020-02-11 13:08:01 +0100
commit: 51c646bf70a6e0a86492bfd2ddd1885671d64d67 (patch)
tree: 130997adace95c62546cddca1ee37fe214b2b3fa /ChangeLog
parent: e792b36af8c889a6c85fc792c6b00c1b88cae828 (diff)
download: pylint-git-51c646bf70a6e0a86492bfd2ddd1885671d64d67.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 8bd4fe84b..874300c48 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,15 @@ What's New in Pylint 2.5.0?
 
 Release date: TBA
 
+* Do not allow ``python -m pylint ...`` to import user code
+
+  ``python -m pylint ...`` adds the current working directory as the first element
+  of ``sys.path``. This opens up a potential security hole where ``pylint`` will import
+  user level code as long as that code resides in modules having the same name as stdlib
+  or pylint's own modules.
+
+  Close #3386
+
 * Add `dummy-variables-rgx` option for `_redeclared-assigned-name` check.
 
   Close #3341
author	Claudiu Popa <pcmanticore@gmail.com>	2020-02-11 13:08:01 +0100
committer	GitHub <noreply@github.com>	2020-02-11 13:08:01 +0100
commit	51c646bf70a6e0a86492bfd2ddd1885671d64d67 (patch)
tree	130997adace95c62546cddca1ee37fe214b2b3fa /ChangeLog
parent	e792b36af8c889a6c85fc792c6b00c1b88cae828 (diff)
download	pylint-git-51c646bf70a6e0a86492bfd2ddd1885671d64d67.tar.gz