Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork939
Commit1c65efb
committed
Show "not from cwd" test is broken for shell=True
This adds a test_it_executes_git_not_from_cwd case for shell=True.(This case also gives the command as a string, so the test need notbe further special-cased for non-Windows systems, where argumentlists aren't accepted with shell=True.)The test did not attempt to cover the shell=True case before,because I had erroneously assumed it worked similarity. It isactually very different, because when a shell is used, both theshell and the command the shell runs must be found and executed,and because the process creation GitPython performs is that of theshell process, with the state of the shell process being what isrelevant to how the path search is done for the git (or other)command.The code change here does not itself demonstrate that the test isbroken for shell=True, because that case passes. However, manuallyundoing the fix in cmd.py forCVE-2023-40590, which as expectedcauses the preexisting (implicitly shell=False case) to fail, does*not* cause the new shell=True case to fail. That case passes!That passing result in the absence of a fix forCVE-2023-40590 iserroneous, because the cmd.exe shell does search the CWD first whennothing has been done to prevent it.1 parent32c02d1 commit1c65efb
1 file changed
+10
-2
lines changedLines changed: 10 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
134 | 134 | | |
135 | 135 | | |
136 | 136 | | |
137 | | - | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
138 | 144 | | |
139 | 145 | | |
140 | 146 | | |
| |||
149 | 155 | | |
150 | 156 | | |
151 | 157 | | |
152 | | - | |
| 158 | + | |
| 159 | + | |
| 160 | + | |
153 | 161 | | |
154 | 162 | | |
155 | 163 | | |
| |||
0 commit comments
Comments
(0)