v2.1.15

Harmon758 · rickprice · commit 2a21f09d6870 · 2024-10-28T19:23:27.000-04:00
Try to merge changes from the patch, modified call to maybe_patch_caller_env

More code changes

More changes

Fix syntax error

Add blank line to remove it

Remove blank line again

Fix syntax error

Fix syntax error

Fix Python3 f string

Add in venv, and sort list

Change name of package to be more correct
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-2.1.14
+2.1.15
diff --git a/doc/source/changes.rst b/doc/source/changes.rst
@@ -2,6 +2,11 @@
 Changelog
 =========
 
+2.1.15 - Bugfixes
+=================
+
+Fix requirements.txt formatting and version lock gitdb2 to <3 for Python 2 compatibility.
+
 2.1.14 - Bugfixes
 =================
 
diff --git a/git/cmd.py b/git/cmd.py
@@ -124,6 +124,59 @@ def pump_stream(cmdline, name, stream, is_decode, handler):
         return finalizer(process)
 
 
+def _safer_popen_windows(command, shell, env=None, **kwargs):
+    """Call :class:`subprocess.Popen` on Windows but don't include a CWD in the search.
+    This avoids an untrusted search path condition where a file like ``git.exe`` in a
+    malicious repository would be run when GitPython operates on the repository. The
+    process using GitPython may have an untrusted repository's working tree as its
+    current working directory. Some operations may temporarily change to that directory
+    before running a subprocess. In addition, while by default GitPython does not run
+    external commands with a shell, it can be made to do so, in which case the CWD of
+    the subprocess, which GitPython usually sets to a repository working tree, can
+    itself be searched automatically by the shell. This wrapper covers all those cases.
+    :note: This currently works by setting the ``NoDefaultCurrentDirectoryInExePath``
+        environment variable during subprocess creation. It also takes care of passing
+        Windows-specific process creation flags, but that is unrelated to path search.
+    :note: The current implementation contains a race condition on :attr:`os.environ`.
+        GitPython isn't thread-safe, but a program using it on one thread should ideally
+        be able to mutate :attr:`os.environ` on another, without unpredictable results.
+        See comments in https://github.com/gitpython-developers/GitPython/pull/1650.
+    """
+    # CREATE_NEW_PROCESS_GROUP is needed for some ways of killing it afterwards. See:
+    # https://docs.python.org/3/library/subprocess.html#subprocess.Popen.send_signal
+    # https://docs.python.org/3/library/subprocess.html#subprocess.CREATE_NEW_PROCESS_GROUP
+    creationflags = subprocess.CREATE_NO_WINDOW | subprocess.CREATE_NEW_PROCESS_GROUP
+
+    # When using a shell, the shell is the direct subprocess, so the variable must be
+    # set in its environment, to affect its search behavior. (The "1" can be any value.)
+    if shell:
+        safer_env = {} if env is None else dict(env)
+        safer_env["NoDefaultCurrentDirectoryInExePath"] = "1"
+    else:
+        safer_env = env
+
+    # When not using a shell, the current process does the search in a CreateProcessW
+    # API call, so the variable must be set in our environment. With a shell, this is
+    # unnecessary, in versions where https://github.com/python/cpython/issues/101283 is
+    # patched. If not, in the rare case the ComSpec environment variable is unset, the
+    # shell is searched for unsafely. Setting NoDefaultCurrentDirectoryInExePath in all
+    # cases, as here, is simpler and protects against that. (The "1" can be any value.)
+    with patch_env("NoDefaultCurrentDirectoryInExePath", "1"):
+        return Popen(
+            command,
+            shell=shell,
+            env=safer_env,
+            creationflags=creationflags,
+            **kwargs
+        )
+
+
+if os.name == "nt":
+    safer_popen = _safer_popen_windows
+else:
+    safer_popen = Popen
+
+
 def dashify(string):
     return string.replace('_', '-')
 
@@ -144,11 +197,6 @@ def dict_to_slots_and__excluded_are_none(self, d, excluded=()):
 # value of Windows process creation flag taken from MSDN
 CREATE_NO_WINDOW = 0x08000000
 
-## CREATE_NEW_PROCESS_GROUP is needed to allow killing it afterwards,
-# see https://docs.python.org/3/library/subprocess.html#subprocess.Popen.send_signal
-PROC_CREATIONFLAGS = (CREATE_NO_WINDOW | subprocess.CREATE_NEW_PROCESS_GROUP
-                      if is_win else 0)
-
 
 class Git(LazyMixin):
 
@@ -721,19 +769,18 @@ def execute(self, command,
         log.debug("Popen(%s, cwd=%s, universal_newlines=%s, shell=%s, istream=%s)",
                   command, cwd, universal_newlines, shell, istream_ok)
         try:
-            proc = Popen(command,
-                         env=env,
-                         cwd=cwd,
-                         bufsize=-1,
-                         stdin=istream,
-                         stderr=PIPE,
-                         stdout=stdout_sink,
-                         shell=shell is not None and shell or self.USE_SHELL,
-                         close_fds=is_posix,  # unsupported on windows
-                         universal_newlines=universal_newlines,
-                         creationflags=PROC_CREATIONFLAGS,
-                         **subprocess_kwargs
-                         )
+            proc = safer_popen(
+                command,
+                env=env,
+                cwd=cwd,
+                bufsize=-1,
+                stdin=istream,
+                stderr=PIPE,
+                stdout=stdout_sink,
+                shell=shell is not None and shell or self.USE_SHELL,
+                universal_newlines=universal_newlines,
+                **subprocess_kwargs
+            )
         except cmd_not_found_exception as err:
             raise GitCommandNotFound(command, err)
 
diff --git a/git/index/fun.py b/git/index/fun.py
@@ -13,7 +13,7 @@
 )
 import subprocess
 
-from git.cmd import PROC_CREATIONFLAGS, handle_process_output
+from git.cmd import handle_process_output, safer_popen
 from git.compat import (
     PY3,
     defenc,
@@ -76,13 +76,12 @@ def run_commit_hook(name, index, *args):
     env['GIT_INDEX_FILE'] = safe_decode(index.path) if PY3 else safe_encode(index.path)
     env['GIT_EDITOR'] = ':'
     try:
-        cmd = subprocess.Popen([hp] + list(args),
+        cmd = safer_open([hp] + list(args),
                                env=env,
                                stdout=subprocess.PIPE,
                                stderr=subprocess.PIPE,
                                cwd=index.repo.working_dir,
-                               close_fds=is_posix,
-                               creationflags=PROC_CREATIONFLAGS,)
+                               close_fds=is_posix)
     except Exception as ex:
         raise HookExecutionError(hp, ex)
     else:
diff --git a/git/test/lib/helper.py b/git/test/lib/helper.py
@@ -16,6 +16,7 @@
 import textwrap
 import time
 import unittest
+import venv
 
 from git.compat import string_types, is_win
 from git.util import rmtree, cwd
@@ -36,7 +37,8 @@
 __all__ = (
     'fixture_path', 'fixture', 'StringProcessAdapter',
     'with_rw_directory', 'with_rw_repo', 'with_rw_and_rw_remote_repo',
-    'TestBase', 'TestCase',
+    'TestBase', 'VirtualEnvironment',
+    'TestCase',
     'SkipTest', 'skipIf',
     'GIT_REPO', 'GIT_DAEMON_PORT'
 )
@@ -83,13 +85,13 @@ def with_rw_directory(func):
     test succeeds, but leave it otherwise to aid additional debugging"""
 
     @wraps(func)
-    def wrapper(self):
+    def wrapper(self, *args, **kwargs):
         path = tempfile.mktemp(prefix=func.__name__)
         os.mkdir(path)
         keep = False
         try:
             try:
-                return func(self, path)
+                return func(self, path, *args, **kwargs)
             except Exception:
                 log.info("Test %s.%s failed, output is at %r\n",
                          type(self).__name__, func.__name__, path)
@@ -379,3 +381,46 @@ def _make_file(self, rela_path, data, repo=None):
         with open(abs_path, "w") as fp:
             fp.write(data)
         return abs_path
+
+
+class VirtualEnvironment:
+    """A newly created Python virtual environment for use in a test."""
+
+    __slots__ = ("_env_dir",)
+
+    def __init__(self, env_dir, with_pip):
+        if os.name == "nt":
+            self._env_dir = osp.realpath(env_dir)
+            venv.create(self.env_dir, symlinks=False, with_pip=with_pip)
+        else:
+            self._env_dir = env_dir
+            venv.create(self.env_dir, symlinks=True, with_pip=with_pip)
+
+    @property
+    def env_dir(self):
+        """The top-level directory of the environment."""
+        return self._env_dir
+
+    @property
+    def python(self):
+        """Path to the Python executable in the environment."""
+        return self._executable("python")
+
+    @property
+    def pip(self):
+        """Path to the pip executable in the environment, or RuntimeError if absent."""
+        return self._executable("pip")
+
+    @property
+    def sources(self):
+        """Path to a src directory in the environment, which may not exist yet."""
+        return os.path.join(self.env_dir, "src")
+
+    def _executable(self, basename):
+        if os.name == "nt":
+            path = osp.join(self.env_dir, "Scripts", basename + ".exe")
+        else:
+            path = osp.join(self.env_dir, "bin", basename)
+        if osp.isfile(path) or osp.islink(path):
+            return path
+        raise RuntimeError("no regular file or symlink " + str(path))
diff --git a/git/test/test_git.py b/git/test/test_git.py
@@ -38,9 +38,30 @@
 except ImportError:
     import mock
 
+try:
+    from pathlib import Path
+except ImportError:
+    from pathlib2 import Path
+
 from git.compat import is_win
 
 
+@contextlib.contextmanager
+def _patch_out_env(name):
+    try:
+        old_value = os.environ[name]
+    except KeyError:
+        old_value = None
+    else:
+        del os.environ[name]
+    try:
+        yield
+    finally:
+        if old_value is not None:
+            os.environ[name] = old_value
+
+
+
 class TestGit(TestBase):
 
     @classmethod
diff --git a/git/util.py b/git/util.py
@@ -192,6 +192,17 @@ def _get_exe_extensions():
 
 
 def py_where(program, path=None):
+    """Perform a path search to assist :func:`is_cygwin_git`.
+    This is not robust for general use. It is an implementation detail of
+    :func:`is_cygwin_git`. When a search following all shell rules is needed,
+    :func:`shutil.which` can be used instead.
+    :note: Neither this function nor :func:`shutil.which` will predict the effect of an
+        executable search on a native Windows system due to a :class:`subprocess.Popen`
+        call without ``shell=True``, because shell and non-shell executable search on
+        Windows differ considerably.
+    """
+
+
     # From: http://stackoverflow.com/a/377028/548792
     winprog_exts = _get_exe_extensions()
 
diff --git a/test-requirements.txt b/test-requirements.txt
@@ -1,6 +1,7 @@
-ddt>=1.1.1
 coverage
+ddt>=1.1.1
 flake8
+mock; python_version=='2.7'
 nose
 tox
-mock; python_version=='2.7'
+virtualenv
