Skip to content

Commit d38e721

Browse files
committed
Issue warnings whenever Git.USE_SHELL is accessed
With a special message when it is assigned a True value, which is the dangerous use that underlies its deprecation. The warnings are all DeprecationWarning.
1 parent df4c5c0 commit d38e721

File tree

1 file changed

+61
-17
lines changed

1 file changed

+61
-17
lines changed

git/cmd.py

Lines changed: 61 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
import sys
2020
from textwrap import dedent
2121
import threading
22+
import warnings
2223

2324
from git.compat import defenc, force_bytes, safe_decode
2425
from git.exc import (
@@ -54,6 +55,7 @@
5455
TYPE_CHECKING,
5556
TextIO,
5657
Tuple,
58+
Type,
5759
Union,
5860
cast,
5961
overload,
@@ -307,8 +309,45 @@ def dict_to_slots_and__excluded_are_none(self: object, d: Mapping[str, Any], exc
307309

308310
## -- End Utilities -- @}
309311

312+
_USE_SHELL_DEFAULT_MESSAGE = (
313+
"Git.USE_SHELL is deprecated, because only its default value of False is safe. "
314+
"It will be removed in a future release."
315+
)
316+
317+
_USE_SHELL_DANGER_MESSAGE = (
318+
"Setting Git.USE_SHELL to True is unsafe and insecure, and should be avoided, "
319+
"because the effect of shell metacharacters and shell expansions cannot usually be "
320+
"accounted for. In addition, Git.USE_SHELL is deprecated and will be removed in a "
321+
"future release."
322+
)
323+
324+
325+
def _warn_use_shell(extra_danger: bool) -> None:
326+
warnings.warn(
327+
_USE_SHELL_DANGER_MESSAGE if extra_danger else _USE_SHELL_DEFAULT_MESSAGE,
328+
DeprecationWarning,
329+
stacklevel=3,
330+
)
331+
332+
333+
class _GitMeta(type):
334+
"""Metaclass for :class:`Git`.
335+
336+
This helps issue :class:`DeprecationWarning` if :attr:`Git.USE_SHELL` is used.
337+
"""
310338

311-
class Git:
339+
@property
340+
def USE_SHELL(cls: Type[Git]) -> bool:
341+
_warn_use_shell(False)
342+
return cls._USE_SHELL
343+
344+
@USE_SHELL.setter
345+
def USE_SHELL(cls: Type[Git], value: bool) -> None:
346+
_warn_use_shell(value)
347+
cls._USE_SHELL = value
348+
349+
350+
class Git(metaclass=_GitMeta):
312351
"""The Git class manages communication with the Git binary.
313352
314353
It provides a convenient interface to calling the Git binary, such as in::
@@ -358,25 +397,30 @@ def __setstate__(self, d: Dict[str, Any]) -> None:
358397
GIT_PYTHON_TRACE = os.environ.get("GIT_PYTHON_TRACE", False)
359398
"""Enables debugging of GitPython's git commands."""
360399

361-
USE_SHELL = False
362-
"""Deprecated. If set to ``True``, a shell will be used when executing git commands.
400+
_USE_SHELL: bool = False
363401

364-
Prior to GitPython 2.0.8, this had a narrow purpose in suppressing console windows
365-
in graphical Windows applications. In 2.0.8 and higher, it provides no benefit, as
366-
GitPython solves that problem more robustly and safely by using the
367-
``CREATE_NO_WINDOW`` process creation flag on Windows.
402+
@property
403+
def USE_SHELL(self) -> bool:
404+
"""Deprecated. If set to ``True``, a shell will be used to execute git commands.
368405
369-
Code that uses ``USE_SHELL = True`` or that passes ``shell=True`` to any GitPython
370-
functions should be updated to use the default value of ``False`` instead. ``True``
371-
is unsafe unless the effect of shell expansions is fully considered and accounted
372-
for, which is not possible under most circumstances.
406+
Prior to GitPython 2.0.8, this had a narrow purpose in suppressing console
407+
windows in graphical Windows applications. In 2.0.8 and higher, it provides no
408+
benefit, as GitPython solves that problem more robustly and safely by using the
409+
``CREATE_NO_WINDOW`` process creation flag on Windows.
373410
374-
See:
411+
Code that uses ``USE_SHELL = True`` or that passes ``shell=True`` to any
412+
GitPython functions should be updated to use the default value of ``False``
413+
instead. ``True`` is unsafe unless the effect of shell expansions is fully
414+
considered and accounted for, which is not possible under most circumstances.
375415
376-
- :meth:`Git.execute` (on the ``shell`` parameter).
377-
- https://github.com/gitpython-developers/GitPython/commit/0d9390866f9ce42870d3116094cd49e0019a970a
378-
- https://learn.microsoft.com/en-us/windows/win32/procthread/process-creation-flags
379-
"""
416+
See:
417+
418+
- :meth:`Git.execute` (on the ``shell`` parameter).
419+
- https://github.com/gitpython-developers/GitPython/commit/0d9390866f9ce42870d3116094cd49e0019a970a
420+
- https://learn.microsoft.com/en-us/windows/win32/procthread/process-creation-flags
421+
"""
422+
_warn_use_shell(False)
423+
return self._USE_SHELL
380424

381425
_git_exec_env_var = "GIT_PYTHON_GIT_EXECUTABLE"
382426
_refresh_env_var = "GIT_PYTHON_REFRESH"
@@ -1138,7 +1182,7 @@ def execute(
11381182

11391183
stdout_sink = PIPE if with_stdout else getattr(subprocess, "DEVNULL", None) or open(os.devnull, "wb")
11401184
if shell is None:
1141-
shell = self.USE_SHELL
1185+
shell = self._USE_SHELL
11421186
_logger.debug(
11431187
"Popen(%s, cwd=%s, stdin=%s, shell=%s, universal_newlines=%s)",
11441188
redacted_command,

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy