From cacc3c2057ab14faaf6c5b679bb2dbb6f8b98f8e Mon Sep 17 00:00:00 2001 From: Joe Urciuoli Date: Wed, 19 Sep 2018 13:40:23 -0400 Subject: [PATCH] Fix dependency_for final argument Fixed issue where part of the utility language helper internals was passing the wrong kind of argument to the Python ``__import__`` builtin as the list of modules to be imported. The issue produced no symptoms within the core library but could cause issues with external applications that redefine the ``__import__`` builtin or otherwise instrument it. Pull request courtesy Joe Urciuoli. Per the submitter: "The fourth argument provided to `__import__` (which `import_` feeds in to) is supposed to be a a list of strings, but this code is passing a single string. This was causing the sqlalchemy `import_` function to break the string (for example 'interfaces') into an array of single characters ['i', 'n', ...], which causes the actual `__import__` to not find the module `sqlalchemy.orm.i` (since it's trying to import `sqlalchemy.orm.i` and `sqlalchemy.orm.n` .. etc)" No issue could be reproduced locally as it seems you can put anything non- empty/None into that last argument, even a list like ``['X']``, and all the sub-modules seem to appear. Omit it, and then the sub-modules aren't present. Perhaps it just runs the module or not if this attribute is present. Change-Id: Ia15c74620f24d24f0df4882f9b36a04e2c3725b8 Pull-request: https://github.com/zzzeek/sqlalchemy/pull/473 --- doc/build/changelog/unreleased_12/pr473.rst | 9 +++++++++ lib/sqlalchemy/util/langhelpers.py | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 doc/build/changelog/unreleased_12/pr473.rst diff --git a/doc/build/changelog/unreleased_12/pr473.rst b/doc/build/changelog/unreleased_12/pr473.rst new file mode 100644 index 0000000000..6ee55164f6 --- /dev/null +++ b/doc/build/changelog/unreleased_12/pr473.rst @@ -0,0 +1,9 @@ +.. change:: + :tags: bug, misc + + Fixed issue where part of the utility language helper internals was passing + the wrong kind of argument to the Python ``__import__`` builtin as the list + of modules to be imported. The issue produced no symptoms within the core + library but could cause issues with external applications that redefine the + ``__import__`` builtin or otherwise instrument it. Pull request courtesy Joe + Urciuoli. diff --git a/lib/sqlalchemy/util/langhelpers.py b/lib/sqlalchemy/util/langhelpers.py index 81bfee30ac..c2ebf7637c 100644 --- a/lib/sqlalchemy/util/langhelpers.py +++ b/lib/sqlalchemy/util/langhelpers.py @@ -859,7 +859,7 @@ def dependency_for(modulename): # unfortunately importlib doesn't work that great either tokens = modulename.split(".") mod = compat.import_( - ".".join(tokens[0:-1]), globals(), locals(), tokens[-1]) + ".".join(tokens[0:-1]), globals(), locals(), [tokens[-1]]) mod = getattr(mod, tokens[-1]) setattr(mod, obj.__name__, obj) return obj -- 2.47.2