New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
os.path.abspath returns invalid path (resolves symbolic link) #87976
Comments
According to the python documentation os.path.abspath() does *not* resolve symbolic links. This however does not always seem to be true causing an invalid path return by abspath. This could potentially be exploited to crash python applications. Example for bug reproduction on a linux terminal:
From step 5 the correct/valid path is returned, from step 6 abspath returns an invalid path that is non-existing (contains non-existing "bug_abspath/bug_abspath" string. Tested on Thanks for any help, best wishes, Rene |
In POSIX, os.path.abspath(p) is normpath(join(os.getcwd(), p)). normpath() doesn't touch the filesystem, and it's documented that its "string manipulation may change the meaning of a path that contains symbolic links". You can use os.path.realpath() to resolve symbolic links in a path. |
Thanks Eryk for your fast response. Apparently I somehow skipped the remark On Mon, Apr 12, 2021 at 7:40 AM Eryk Sun <report@bugs.python.org> wrote:
-- ------------------------------------------------------- René Visser ------------------------------------------------------- |
If realpath() resolves too much, you'll have to resolve manually via os.path.islink() and os.readlink(). If you need strict resolution, use pathlib.Path.resolve(). In strict mode it raises FileNotFoundError if a path component doesn't exist. Also, even in non-strict mode, it raises RuntimeError for a symlink loop. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: