bpo-36053 fix pkgutil.walk_packages by ekiro · Pull Request #11956 · python/cpython
When walk_packages encounter a package with a name that is available in sys.path, it will abandon the current package, and start walking the package from the sys.path.
Consider this file layout:
PYTHONPATH/
├──package1/
| ├──core
| | ├──some_package/
| | | ├──__init__.py
| | | └──mod.py
| | └──__init__.py
| └──__init__.py
└──some_package/
| ├──__init__.py
| └──another_mod.py
└──__init__.py
The result of walking package1 will be:
>> pkgutil.walk_packages('PYTHONPATH/package1')
ModuleInfo(module_finder=FileFinder('PYTHONPATH/package1/core'), name='some_package', ispkg=True)
ModuleInfo(module_finder=FileFinder('PYTHONPATH/some_package), name='another_mod', ispkg=False)
I'm not sure if it is a security issue, but it definitely should not jump off the given path.