62 lines
1.4 KiB
Markdown
62 lines
1.4 KiB
Markdown
---
|
|
status: pending
|
|
priority: p2
|
|
issue_id: "004"
|
|
tags: ["security", "reliability", "python"]
|
|
dependencies: []
|
|
---
|
|
|
|
# Add __init__.py to Namespace Packages
|
|
|
|
Add `__init__.py` files to implicit namespace packages to prevent import hijacking and ensure correct package resolution.
|
|
|
|
## Problem Statement
|
|
|
|
Both Security Sentinel (INP001) and Kieran Python Reviewer identified missing `__init__.py` files. While Python 3 supports implicit namespace packages, omitting `__init__.py` in standard packages can lead to ambiguity and potential security risks (import hijacking).
|
|
|
|
## Findings
|
|
|
|
- **Issue:** Missing `__init__.py` files.
|
|
- **Impact:** Security/Reliability. INP001 warning.
|
|
|
|
## Proposed Solutions
|
|
|
|
### Option 1: Add Empty __init__.py
|
|
|
|
**Approach:** Create empty `__init__.py` files in all directory levels that function as packages.
|
|
|
|
**Pros:**
|
|
- Explicitly defines packages.
|
|
- Resolves INP001.
|
|
|
|
**Cons:**
|
|
- Adds file clutter (minor).
|
|
|
|
## Recommended Action
|
|
|
|
**To be filled during triage.**
|
|
|
|
## Technical Details
|
|
|
|
**Likely locations:**
|
|
- `src/helia` (check if present)
|
|
- Subdirectories in `src/helia` where they are missing.
|
|
|
|
## Resources
|
|
|
|
- **Source:** Security Sentinel / Kieran Python Reviewer
|
|
|
|
## Acceptance Criteria
|
|
|
|
- [ ] `__init__.py` files added to all relevant source directories.
|
|
- [ ] Package imports verify correctly.
|
|
|
|
## Work Log
|
|
|
|
### 2025-12-20 - Initial Creation
|
|
|
|
**By:** Claude Code
|
|
|
|
**Actions:**
|
|
- Created todo based on code review findings.
|