STINNER Victor <vstin...@python.org> added the comment:
Fidget-Spinner wrote on the PR: > AFAIK no. However, pydoc currently works by calling inspect on files it sees > in path, and this may reveal private code as Marc-Andre Lemburg pointed out > on the bpo. I will try the random url token he suggested via > secrets.token_urlsafe to see if it helps. pydoc shows global constant values in the doc. So yes, if you find a settings.py of a Django project, you can discover secrets. I'm working on bpo-42955 "Add sys.module_names: list of stdlib module names (Python and extension modules)". One option would be to restrict pydoc to stdlib modules by defaults, and ask to opt-in for discovery of any module installed on the system (sys.path). ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue42988> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
