Fix leaking environment variables by Plazmaz · Pull Request #662 · gitpython-developers/GitPython (original) (raw)

When cloning a repo, GitPython will leak environment variables in error messages. For instance, this code:

import git
repo = git.Repo('https://www.github.com/Plazmaz/${PATH}')
repo.clone('testrepo/$PATH')

will output something like:

Traceback (most recent call last):
  File "test.py", line 2, in <module>
    repo = repo.Repo('https://www.github.com/Plazmaz/${PATH}', unsafe=True)
  File "GitPython/git/repo/base.py", line 133, in __init__
    raise NoSuchPathError(epath)
git.exc.NoSuchPathError: <THE CONTENTS OF $PATH>

This behavior has unwanted security implications. To counter this, I've added an unsafe variable, which will allow for environment variables to be expanded, otherwise, this behavior is disabled. By default, this variable is set to True. However, when used with environment variables, a warning is displayed. Hopefully, this will eventually be set to False by default. When running the same code, but with unsafe set to False, here's the output:

Traceback (most recent call last):
  File "test.py", line 2, in <module>
    repo = repo.Repo('https://www.github.com/Plazmaz/${PATH}', unsafe=False)
  File "GitPython/git/repo/base.py", line 133, in __init__
    raise NoSuchPathError(epath)
git.exc.NoSuchPathError: 
Documents/https:/www.github.com/Plazmaz/${PATH}