Fix CVE-2023-40590 · gitpython-developers/GitPython@6029211 (original) (raw)

`@@ -5,7 +5,7 @@

`

5

5

`# the BSD License: http://www.opensource.org/licenses/bsd-license.php

`

6

6

`from future import annotations

`

7

7

`import re

`

8

``

`-

from contextlib import contextmanager

`

``

8

`+

import contextlib

`

9

9

`import io

`

10

10

`import logging

`

11

11

`import os

`

`@@ -14,6 +14,7 @@

`

14

14

`import subprocess

`

15

15

`import threading

`

16

16

`from textwrap import dedent

`

``

17

`+

import unittest.mock

`

17

18

``

18

19

`from git.compat import (

`

19

20

`defenc,

`

`@@ -963,8 +964,11 @@ def execute(

`

963

964

`redacted_command,

`

964

965

`'"kill_after_timeout" feature is not supported on Windows.',

`

965

966

` )

`

``

967

`+

Only search PATH, not CWD. This must be in the caller environment. The "1" can be any value.

`

``

968

`+

patch_caller_env = unittest.mock.patch.dict(os.environ, {"NoDefaultCurrentDirectoryInExePath": "1"})

`

966

969

`else:

`

967

970

`cmd_not_found_exception = FileNotFoundError # NOQA # exists, flake8 unknown @UndefinedVariable

`

``

971

`+

patch_caller_env = contextlib.nullcontext()

`

968

972

`# end handle

`

969

973

``

970

974

`stdout_sink = PIPE if with_stdout else getattr(subprocess, "DEVNULL", None) or open(os.devnull, "wb")

`

`@@ -980,21 +984,21 @@ def execute(

`

980

984

`istream_ok,

`

981

985

` )

`

982

986

`try:

`

983

``

`-

proc = Popen(

`

984

``

`-

command,

`

985

``

`-

env=env,

`

986

``

`-

cwd=cwd,

`

987

``

`-

bufsize=-1,

`

988

``

`-

stdin=istream or DEVNULL,

`

989

``

`-

stderr=PIPE,

`

990

``

`-

stdout=stdout_sink,

`

991

``

`-

shell=shell is not None and shell or self.USE_SHELL,

`

992

``

`-

close_fds=is_posix, # unsupported on windows

`

993

``

`-

universal_newlines=universal_newlines,

`

994

``

`-

creationflags=PROC_CREATIONFLAGS,

`

995

``

`-

**subprocess_kwargs,

`

996

``

`-

)

`

997

``

-

``

987

`+

with patch_caller_env:

`

``

988

`+

proc = Popen(

`

``

989

`+

command,

`

``

990

`+

env=env,

`

``

991

`+

cwd=cwd,

`

``

992

`+

bufsize=-1,

`

``

993

`+

stdin=istream or DEVNULL,

`

``

994

`+

stderr=PIPE,

`

``

995

`+

stdout=stdout_sink,

`

``

996

`+

shell=shell is not None and shell or self.USE_SHELL,

`

``

997

`+

close_fds=is_posix, # unsupported on windows

`

``

998

`+

universal_newlines=universal_newlines,

`

``

999

`+

creationflags=PROC_CREATIONFLAGS,

`

``

1000

`+

**subprocess_kwargs,

`

``

1001

`+

)

`

998

1002

`except cmd_not_found_exception as err:

`

999

1003

`raise GitCommandNotFound(redacted_command, err) from err

`

1000

1004

`else:

`

`@@ -1144,7 +1148,7 @@ def update_environment(self, **kwargs: Any) -> Dict[str, Union[str, None]]:

`

1144

1148

`del self._environment[key]

`

1145

1149

`return old_env

`

1146

1150

``

1147

``

`-

@contextmanager

`

``

1151

`+

@contextlib.contextmanager

`

1148

1152

`def custom_environment(self, **kwargs: Any) -> Iterator[None]:

`

1149

1153

`"""

`

1150

1154

``` A context manager around the above update_environment method to restore the

```