Skip to content

gh-146310: Fix ensurepip to treat empty WHEEL_PKG_DIR as unset#146357

Open
kimimgo wants to merge 3 commits intopython:mainfrom
kimimgo:fix/ensurepip-empty-wheel-pkg-dir-146310
Open

gh-146310: Fix ensurepip to treat empty WHEEL_PKG_DIR as unset#146357
kimimgo wants to merge 3 commits intopython:mainfrom
kimimgo:fix/ensurepip-empty-wheel-pkg-dir-146310

Conversation

@kimimgo
Copy link

@kimimgo kimimgo commented Mar 24, 2026
edited by bedevere-app bot
Loading

Fixes #146310

Path('') resolves to the current working directory (PosixPath('.')), so when WHEEL_PKG_DIR is an empty string (not None), ensurepip searches CWD for wheel files. This can cause unexpected behavior or crashes if CWD contains files matching pip-*.whl.

Changes

  • Lib/ensurepip/__init__.py: Add truthiness check so empty strings are treated the same as None
  • Lib/test/test_ensurepip.py: Add test verifying empty WHEEL_PKG_DIR does not search CWD

Before/After

# Before: Path('').resolve() -> PosixPath('/current/working/dir')
# Empty string was treated as a valid directory path

# After: Empty string treated as None -> use bundled wheel

@kimimgo
pythongh-146310: Fix ensurepip to treat empty WHEEL_PKG_DIR as unset
ca5ccee 
Path('') resolves to CWD, so an empty WHEEL_PKG_DIR string caused
ensurepip to search the current working directory for wheel files.
Add a truthiness check to treat empty strings the same as None.
@bedevere-app bedevere-app bot mentioned this pull request Mar 24, 2026
Open
vstinner
vstinner reviewed Mar 24, 2026
View reviewed changes
@kimimgo
Address review: simplify condition, use import_fresh_module, update NEWS
6ed8ebf 
Per @vstinner:
- Simplify to 'if _pkg_dir:' instead of walrus + is not None
- Replace mock-based test with import_fresh_module for both '' and None
- Reword NEWS to describe old behavior instead of fix
@kimimgo
Copy link
Author

kimimgo commented Mar 24, 2026

Thanks @vstinner! Updated all three points:

  • Simplified to if _pkg_dir:
  • Replaced test with import_fresh_module covering both '' and None
  • Reworded NEWS entry

vstinner
vstinner approved these changes Mar 25, 2026
View reviewed changes
Copy link
Member

@vstinner vstinner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vstinner vstinner added needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes labels Mar 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vstinner vstinner vstinner approved these changes

@pfmoore pfmoore Awaiting requested review from pfmoore pfmoore is a code owner

@pradyunsg pradyunsg Awaiting requested review from pradyunsg pradyunsg is a code owner

Assignees

No one assigned

Labels

awaiting merge needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ensurepip looks for wheels in CWD when WHEEL_PKG_DIR is an empty string

2 participants

@kimimgo @vstinner