BUG: Stop executeFile from leaving its script directory on sys.path#1413
Merged
jamesobutler merged 1 commit intocommontk:masterfrom Apr 14, 2026
Merged
Conversation
ctkAbstractPythonManager::executeFile prepended the script's directory to sys.path so the script could import siblings, but never removed it, so the entry accumulated on sys.path for the rest of the process. Wrap the sys.path.insert and exec() in a Python try/finally and add a regression test. Discovered via 3D Slicer PR Slicer/Slicer#9010. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
pieper
approved these changes
Apr 14, 2026
Member
pieper
left a comment
pieper
left a comment
There was a problem hiding this comment.
This looks good to me 👍
At some point we should discuss relocating the inlined python into a proper python package to minimize the noise in the C++ code, but that's outside of the scope here.
Contributor
Author
|
Thanks for looking at this! |
Contributor
Author
|
(I don't have permission to merge this so someone else will have to, if it looks good) |
Contributor
|
@ebrahimebrahim For this to become used by Slicer, will need to finalize the upgrade that was started in Slicer/Slicer#9097. |
Contributor
Author
|
Thanks for merging (There is no rush to use this by Slicer since we work around it in Slicer/Slicer#9010 for example -- I just felt that it would be good to fix it here so that one else runs into it. So no rush) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ctkAbstractPythonManager::executeFileprepends the executed script's directory tosys.pathso that the script can import its siblings, mirroring how CPython runs a top-level script. The current implementation never removes that entry, so in long-running CTK-based applications the directory stays onsys.pathfor the rest of the process, and each subsequentexecuteFilecall adds another entry.Why it matters
Once a directory is permanently on
sys.path, every file inside it becomes importable as a top-level module — and silently shadows any PyPI package with the same name. The failure mode is invisible until something happens to collide, at which point imports start resolving to the wrong file with no warning.This was discovered while working on 3D Slicer PR #9010. Slicer runs its startup script
slicerqt.pyviaexecuteFile, and that script used to live inside theslicer/package directory — soslicer/was permanently onsys.path, and any new file added to that package (for exampleslicer/packaging.py) would have shadowed the corresponding third-party PyPI package. The Slicer PR worked around the symptom by relocatingslicerqt.py, but every CTK consumer is exposed to the same problem, so the right fix lives here.The fix
Wrap the
sys.path.insert(0, ...)and theexec()of the user script in a Pythontry/finallyblock. The directory is added before the script runs (preserving today's behaviour for the script itself) and is removed once the script finishes, regardless of whether it raised. The cleanup usessys.path.remove(value)rather thanpop(0)so that entries the script itself added cannot corrupt the cleanup, and it tolerates the case where the script already removed the entry.Tests
Adds a regression test
testExecuteFileDoesNotLeakSysPathtoctkAbstractPythonManagerTestthat callsexecuteFileand verifiessys.pathis unchanged afterwards. The test was confirmed to fail on the unfixed code and pass with this patch applied.Related