Explicitly disallow resource paths starting with single backslash

Previously, such paths were disallowed implicitly as they were treated as Windows absolute paths. Since Python 3.13, paths starting with a single backslash are not considered Windows-absolute, so we treat them specially. This change makes the existing doctest pass with Python 3.13. Partially fixes #4196
pypa · May 14, 2024 · d53bf15 · d53bf15
1 parent 544b332
commit d53bf15
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/pkg_resources/__init__.py b/pkg_resources/__init__.py
@@ -1604,14 +1604,15 @@ def _validate_resource_path(path):
             os.path.pardir in path.split(posixpath.sep)
             or posixpath.isabs(path)
             or ntpath.isabs(path)
+            or path.startswith("\\")
         )
         if not invalid:
             return
 
         msg = "Use of .. or absolute path in a resource path is not allowed."
 
         # Aggressively disallow Windows absolute paths
-        if ntpath.isabs(path) and not posixpath.isabs(path):
+        if (path.startswith("\\") or ntpath.isabs(path)) and not posixpath.isabs(path):
             raise ValueError(msg)
 
         # for compatibility, warn; in future