diff options
author | Claudiu Popa <pcmanticore@gmail.com> | 2020-02-11 13:08:01 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-02-11 13:08:01 +0100 |
commit | 51c646bf70a6e0a86492bfd2ddd1885671d64d67 (patch) | |
tree | 130997adace95c62546cddca1ee37fe214b2b3fa /ChangeLog | |
parent | e792b36af8c889a6c85fc792c6b00c1b88cae828 (diff) | |
download | pylint-git-51c646bf70a6e0a86492bfd2ddd1885671d64d67.tar.gz |
Do not allow ``python -m pylint ...`` to import user code (#3396)
``python -m pylint ...`` adds the current working directory as the first element
of ``sys.path``. This opens up a potential security hole where ``pylint`` will import
user level code as long as that code resides in modules having the same name as stdlib
or pylint's own modules.
Close #3386
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -7,6 +7,15 @@ What's New in Pylint 2.5.0? Release date: TBA +* Do not allow ``python -m pylint ...`` to import user code + + ``python -m pylint ...`` adds the current working directory as the first element + of ``sys.path``. This opens up a potential security hole where ``pylint`` will import + user level code as long as that code resides in modules having the same name as stdlib + or pylint's own modules. + + Close #3386 + * Add `dummy-variables-rgx` option for `_redeclared-assigned-name` check. Close #3341 |