Mercurial > hg
changeset 28659:197eed39e3d5 stable
convert: add new, non-clowny interface for shelling out to git (SEC)
CVE-2016-3069 (1/5)
To avoid shell injection and for the sake of simplicity let's use the
common.commandline for calling git.
author | Mateusz Kwapich <mitrandir@fb.com> |
---|---|
date | Tue, 22 Mar 2016 17:05:11 -0700 |
parents | 34d43cb85de8 |
children | cdda7b96afff |
files | hgext/convert/git.py |
diffstat | 1 files changed, 18 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/hgext/convert/git.py Sun Mar 20 21:52:21 2016 -0700 +++ b/hgext/convert/git.py Tue Mar 22 17:05:11 2016 -0700 @@ -11,7 +11,7 @@ from mercurial.node import hex, nullid from mercurial.i18n import _ -from common import NoRepo, commit, converter_source, checktool +from common import NoRepo, commit, converter_source, checktool, commandline class submodule(object): def __init__(self, path, node, url): @@ -25,7 +25,7 @@ def hgsubstate(self): return "%s %s" % (self.node, self.path) -class convert_git(converter_source): +class convert_git(converter_source, commandline): # Windows does not support GIT_DIR= construct while other systems # cannot remove environment variable. Just assume none have # both issues. @@ -71,6 +71,21 @@ def gitpipe(self, s): return util.popen3('GIT_DIR=%s %s' % (self.path, s)) + def _gitcmd(self, cmd, *args, **kwargs): + return cmd('--git-dir=%s' % self.path, *args, **kwargs) + + def gitrun0(self, *args, **kwargs): + return self._gitcmd(self.run0, *args, **kwargs) + + def gitrun(self, *args, **kwargs): + return self._gitcmd(self.run, *args, **kwargs) + + def gitrunlines0(self, *args, **kwargs): + return self._gitcmd(self.runlines0, *args, **kwargs) + + def gitrunlines(self, *args, **kwargs): + return self._gitcmd(self.runlines, *args, **kwargs) + def popen_with_stderr(self, s): p = subprocess.Popen(s, shell=True, bufsize=-1, close_fds=util.closefds, @@ -88,6 +103,7 @@ def __init__(self, ui, path, revs=None): super(convert_git, self).__init__(ui, path, revs=revs) + commandline.__init__(self, ui, 'git') if os.path.isdir(path + "/.git"): path += "/.git"