Skip to content

Commit 54709d9

Browse files
PlazmazPlazmaz
committed
Fix leaking environment variables
1 parent cf8dc25 commit 54709d9

File tree

1 file changed

+18
-6
lines changed

1 file changed

+18
-6
lines changed

git/repo/base.py

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
import os
1010
import re
1111
import sys
12+
import warnings
1213

1314
from git.cmd import (
1415
Git,
@@ -50,8 +51,11 @@
5051
__all__ = ('Repo',)
5152

5253

53-
def _expand_path(p):
54-
return osp.normpath(osp.abspath(osp.expandvars(osp.expanduser(p))))
54+
def _expand_path(p, unsafe=True):
55+
if unsafe:
56+
return osp.normpath(osp.abspath(osp.expandvars(osp.expanduser(p))))
57+
else:
58+
return osp.normpath(osp.abspath(osp.expanduser(p)))
5559

5660

5761
class Repo(object):
@@ -90,7 +94,7 @@ class Repo(object):
9094
# Subclasses may easily bring in their own custom types by placing a constructor or type here
9195
GitCommandWrapperType = Git
9296

93-
def __init__(self, path=None, odbt=DefaultDBType, search_parent_directories=False):
97+
def __init__(self, path=None, odbt=DefaultDBType, search_parent_directories=False, unsafe=True):
9498
"""Create a new Repo instance
9599
96100
:param path:
@@ -121,7 +125,10 @@ def __init__(self, path=None, odbt=DefaultDBType, search_parent_directories=Fals
121125
epath = os.getcwd()
122126
if Git.is_cygwin():
123127
epath = decygpath(epath)
124-
epath = _expand_path(epath or path or os.getcwd())
128+
if unsafe and ("%" in epath or "$" in epath):
129+
warnings.warn("The use of environment variables in paths is deprecated"
130+
+ "\nfor security reasons and may be removed in the future!!")
131+
epath = _expand_path(epath or path or os.getcwd(), unsafe)
125132
if not os.path.exists(epath):
126133
raise NoSuchPathError(epath)
127134

@@ -148,7 +155,7 @@ def __init__(self, path=None, odbt=DefaultDBType, search_parent_directories=Fals
148155
sm_gitpath = find_worktree_git_dir(dotgit)
149156

150157
if sm_gitpath is not None:
151-
self.git_dir = _expand_path(sm_gitpath)
158+
self.git_dir = _expand_path(sm_gitpath, unsafe)
152159
self._working_tree_dir = curpath
153160
break
154161

@@ -862,12 +869,17 @@ def init(cls, path=None, mkdir=True, odbt=DefaultDBType, **kwargs):
862869
the directory containing the database objects, i.e. .git/objects.
863870
It will be used to access all object data
864871
872+
:param unsafe:
873+
if specified, environment variables will not be escaped. This
874+
can lead to information disclosure, allowing attackers to
875+
access the contents of environment variables
876+
865877
:parm kwargs:
866878
keyword arguments serving as additional options to the git-init command
867879
868880
:return: ``git.Repo`` (the newly created repo)"""
869881
if path:
870-
path = _expand_path(path)
882+
path = _expand_path(path, unsafe)
871883
if mkdir and path and not osp.exists(path):
872884
os.makedirs(path, 0o755)
873885

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy