Clarify a sentence around virtualenv security, see #1250

2026-01-07 04:33:21 +08:00 · 2019-12-31 19:20:59 +01:00
parent c8b3443d5f
commit e4cf9293c2
1 changed files with 2 additions and 2 deletions
--- a/jedi/api/environment.py
+++ b/jedi/api/environment.py
@@ -461,8 +461,8 @@ def _is_unix_safe_simple(real_path):
    # 2. The repository has an innocent looking folder called foobar. jedi
    #    searches for the folder and executes foobar/bin/python --version if
    #    there's also a foobar/bin/activate.
-    # 3. The bin/python is obviously not a python script but a bash script or
-    #    whatever the attacker wants.
+    # 3. The attacker has gained code execution, since he controls
+    #    foobar/bin/python.
    return uid == 0