diff options
| author | Sebastian Thiel <byronimo@gmail.com> | 2017-09-28 14:43:25 +0200 |
|---|---|---|
| committer | Sebastian Thiel <byronimo@gmail.com> | 2017-09-28 14:49:51 +0200 |
| commit | fb43244026643e540a2fac35b2997c6aa0e139c4 (patch) | |
| tree | 38c31cbb563849c63eab4f94571edeed6c05cfb8 /git/repo | |
| parent | f6cf7a7bd864fe1fb64d7bea0c231c6254f171e7 (diff) | |
| parent | 67291f0ab9b8aa24f7eb6032091c29106de818ab (diff) | |
| download | gitpython-fb43244026643e540a2fac35b2997c6aa0e139c4.tar.gz | |
Merge branch 'master' of https://github.com/Plazmaz/GitPython into Plazmaz-master
Diffstat (limited to 'git/repo')
| -rw-r--r-- | git/repo/base.py | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/git/repo/base.py b/git/repo/base.py index 74d56ee5..58e533aa 100644 --- a/git/repo/base.py +++ b/git/repo/base.py @@ -9,6 +9,7 @@ import logging import os import re import sys +import warnings from git.cmd import ( Git, @@ -86,7 +87,7 @@ class Repo(object): # Subclasses may easily bring in their own custom types by placing a constructor or type here GitCommandWrapperType = Git - def __init__(self, path=None, odbt=DefaultDBType, search_parent_directories=False): + def __init__(self, path=None, odbt=DefaultDBType, search_parent_directories=False, expand_vars=True): """Create a new Repo instance :param path: @@ -112,12 +113,18 @@ class Repo(object): :raise InvalidGitRepositoryError: :raise NoSuchPathError: :return: git.Repo """ + epath = path or os.getenv('GIT_DIR') if not epath: epath = os.getcwd() if Git.is_cygwin(): epath = decygpath(epath) - epath = expand_path(epath or path or os.getcwd()) + + epath = epath or path or os.getcwd() + if expand_vars and ("%" in epath or "$" in epath): + warnings.warn("The use of environment variables in paths is deprecated" + + "\nfor security reasons and may be removed in the future!!") + epath = expand_path(epath, expand_vars) if not os.path.exists(epath): raise NoSuchPathError(epath) @@ -144,7 +151,7 @@ class Repo(object): sm_gitpath = find_worktree_git_dir(dotgit) if sm_gitpath is not None: - self.git_dir = expand_path(sm_gitpath) + self.git_dir = expand_path(sm_gitpath, expand_vars) self._working_tree_dir = curpath break @@ -840,7 +847,7 @@ class Repo(object): return blames @classmethod - def init(cls, path=None, mkdir=True, odbt=DefaultDBType, **kwargs): + def init(cls, path=None, mkdir=True, odbt=DefaultDBType, expand_vars=True, **kwargs): """Initialize a git repository at the given path if specified :param path: @@ -858,12 +865,17 @@ class Repo(object): the directory containing the database objects, i.e. .git/objects. It will be used to access all object data + :param expand_vars: + if specified, environment variables will not be escaped. This + can lead to information disclosure, allowing attackers to + access the contents of environment variables + :parm kwargs: keyword arguments serving as additional options to the git-init command :return: ``git.Repo`` (the newly created repo)""" if path: - path = expand_path(path) + path = expand_path(path, expand_vars) if mkdir and path and not osp.exists(path): os.makedirs(path, 0o755) |