Fix mypy warning "Missing return statement" #1789
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In git.index.base.IndexFile.from_tree, control was never able to fall off the end, but mypy reported a "Missing return statement" because it could not infer that the context manager didn't suppress any exceptions. This was for two reasons. An ExitStack context manager suppresses exceptions in some uses and not others, depending on the context manager objects its enter_context method is called with. In this case, that was sufficient to produce the mypy warning regardless of other changes, so I converted it to nested with-statements. The nesting depth is only 2, so this is not really any worse. (I also reworded the comments for clarity and adjusted their spacing.) The more important cause, however, could also produce this warning in code that uses GitPython, as git.index.util.TemporaryFileSwap is public. Its __exit__ method was annotated to return bool. This was itself reported by mypy as an error, because a context manager __exit__ method that never suppresses exceptions should either always (implicitly) return None and be annotated as such, or it can return False as this implementation does but should then have its return type annotated as Literal[False]. So this also changes TemporaryFileSwap.__exit__'s return type annotation from bool to Literal[False]. If this were nonpublic or being newly designed, it may be better for it to instead return None implicitly, but I think that would technically be a breaking change (though it would be very unusual, and not a good idea, for any code to ever rely on the distinction). With both these changes made, both those mypy warnings go away, and code using GitPython will not get a warning if it makes similar direct use of TemporaryFileSwap. (An alternative might be to dedent the return statement out of the with-statement in IndexFile.from_tree, but this would make less clear to readers that it does not suppress exceptions. Furthermore, the change to TemporaryFileSwap.__exit__ would still have to be made for mypy to consider it correctly typed.)
|
Thanks again for all your great work! GitPython seems to have a limitless supply of little and big issues to fix 😅. I just noticed that the commit message is the PR message, but with markdown annotations removed. Personally, I'd love to think that soon we will have tools that will render commit messages as markdown to make having such annotations valuable, and even if not I find markdown easy-enough on the eye to look at it verbatim. Please do feel free to write markdown in commit messages (and even subject lines) to have less work in cases like these. |
This is descriptively accurate, but the sequence was that I wrote it without Markdown, and then added the Markdown later. I'm accustomed to writing commit messages with little to no Markdown, and sometimes it would actually be easier for me to do so even if adding Markdown later. (This is not the case for text in general; I don't wait to add Markdown later in most documents that will ultimately be Markdown.)
Thanks. There are definitely also some situations where writing it once with Markdown will be easier, and I'll strive to remember that option. This kind of a side issue, but one narrow situation where I've found it is very useful to put Markdown in a commit message (when the commit is going on GitHub) is when talking about a specific decorator and writing its name with Likewise, one situation where I've found it more important than usual to put Markdown in a pull request description is when otherwise a name with leading or trailing double-underscores would appear without them and in bold. I can see that a benefit of writing pull request titles in Markdown (usually I don't) is when something like this appears in them. The titles appear unrendered in most places, but in automatically generated release notes they are rendered, so one gets things like "del" when one means " |
lettuce-bot bot
added a commit
to lettuce-financial/github-bot-signed-commit
that referenced
this pull request
Jan 10, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [GitPython](https://togithub.com/gitpython-developers/GitPython) | `==3.1.40` -> `==3.1.41` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>gitpython-developers/GitPython (GitPython)</summary> ### [`v3.1.41`](https://togithub.com/gitpython-developers/GitPython/releases/tag/3.1.41): - fix Windows security issue [Compare Source](https://togithub.com/gitpython-developers/GitPython/compare/3.1.40...3.1.41) The details about the Windows security issue [can be found in this advisory](https://togithub.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx). Special thanks go to [@​EliahKagan](https://togithub.com/EliahKagan) who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️. #### What's Changed - Add `__all__` in git.exc by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1719 - Set submodule update cadence to weekly by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1721 - Never modify sys.path by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1720 - Bump git/ext/gitdb from `8ec2390` to `ec58b7e` by [@​dependabot](https://togithub.com/dependabot) in [gitpython-developers/GitPython#1722 - Revise comments, docstrings, some messages, and a bit of code by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1725 - Use zero-argument super() by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1726 - Remove obsolete note in \_iter_packed_refs by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1727 - Reorganize test_util and make xfail marks precise by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1729 - Clarify license and make module top comments more consistent by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1730 - Deprecate compat.is\_<platform>, rewriting all uses by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1732 - Revise and restore some module docstrings by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1735 - Make the rmtree callback Windows-only by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1739 - List all non-passing tests in test summaries by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1740 - Document some minor subtleties in test_util.py by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1749 - Always read metadata files as UTF-8 in setup.py by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1748 - Test native Windows on CI by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1745 - Test macOS on CI by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1752 - Let close_fds be True on all platforms by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1753 - Fix IndexFile.from_tree on Windows by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1751 - Remove unused TASKKILL fallback in AutoInterrupt by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1754 - Don't return with operand when conceptually void by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1755 - Group .gitignore entries by purpose by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1758 - Adding dubious ownership handling by [@​marioaag](https://togithub.com/marioaag) in [gitpython-developers/GitPython#1746 - Avoid brittle assumptions about preexisting temporary files in tests by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1759 - Overhaul noqa directives by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1760 - Clarify some Git.execute kill_after_timeout limitations by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1761 - Bump actions/setup-python from 4 to 5 by [@​dependabot](https://togithub.com/dependabot) in [gitpython-developers/GitPython#1763 - Don't install black on Cygwin by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1766 - Extract all "import gc" to module level by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1765 - Extract remaining local "import gc" to module level by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1768 - Replace xfail with gc.collect in TestSubmodule.test_rename by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1767 - Enable CodeQL by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1769 - Replace some uses of the deprecated mktemp function by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1770 - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [gitpython-developers/GitPython#1773 - Run some Windows environment variable tests only on Windows by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1774 - Fix TemporaryFileSwap regression where file_path could not be Path by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1776 - Improve hooks tests by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1777 - Fix if items of Index is of type PathLike by [@​stegm](https://togithub.com/stegm) in [gitpython-developers/GitPython#1778 - Better document IterableObj.iter_items and improve some subclasses by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1780 - Revert "Don't install black on Cygwin" by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1783 - Add missing pip in $PATH on Cygwin CI by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1784 - Shorten Iterable docstrings and put IterableObj first by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1785 - Fix incompletely revised Iterable/IterableObj docstrings by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1786 - Pre-deprecate setting Git.USE_SHELL by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1782 - Deprecate Git.USE_SHELL by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1787 - In handle_process_output don't forward finalizer result by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1788 - Fix mypy warning "Missing return statement" by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1789 - Fix two remaining Windows untrusted search path cases by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1792 #### New Contributors - [@​marioaag](https://togithub.com/marioaag) made their first contribution in [gitpython-developers/GitPython#1746 - [@​stegm](https://togithub.com/stegm) made their first contribution in [gitpython-developers/GitPython#1778 **Full Changelog**: gitpython-developers/GitPython@3.1.40...3.1.41 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/lettuce-financial/github-bot-signed-commit). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMjcuMCIsInVwZGF0ZWRJblZlciI6IjM3LjEyNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
renovate bot
added a commit
to allenporter/flux-local
that referenced
this pull request
Jan 11, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [GitPython](https://togithub.com/gitpython-developers/GitPython) | `==3.1.40` -> `==3.1.41` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>gitpython-developers/GitPython (GitPython)</summary> ### [`v3.1.41`](https://togithub.com/gitpython-developers/GitPython/releases/tag/3.1.41): - fix Windows security issue [Compare Source](https://togithub.com/gitpython-developers/GitPython/compare/3.1.40...3.1.41) The details about the Windows security issue [can be found in this advisory](https://togithub.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx). Special thanks go to [@​EliahKagan](https://togithub.com/EliahKagan) who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️. #### What's Changed - Add `__all__` in git.exc by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1719 - Set submodule update cadence to weekly by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1721 - Never modify sys.path by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1720 - Bump git/ext/gitdb from `8ec2390` to `ec58b7e` by [@​dependabot](https://togithub.com/dependabot) in [gitpython-developers/GitPython#1722 - Revise comments, docstrings, some messages, and a bit of code by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1725 - Use zero-argument super() by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1726 - Remove obsolete note in \_iter_packed_refs by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1727 - Reorganize test_util and make xfail marks precise by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1729 - Clarify license and make module top comments more consistent by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1730 - Deprecate compat.is\_<platform>, rewriting all uses by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1732 - Revise and restore some module docstrings by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1735 - Make the rmtree callback Windows-only by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1739 - List all non-passing tests in test summaries by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1740 - Document some minor subtleties in test_util.py by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1749 - Always read metadata files as UTF-8 in setup.py by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1748 - Test native Windows on CI by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1745 - Test macOS on CI by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1752 - Let close_fds be True on all platforms by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1753 - Fix IndexFile.from_tree on Windows by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1751 - Remove unused TASKKILL fallback in AutoInterrupt by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1754 - Don't return with operand when conceptually void by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1755 - Group .gitignore entries by purpose by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1758 - Adding dubious ownership handling by [@​marioaag](https://togithub.com/marioaag) in [gitpython-developers/GitPython#1746 - Avoid brittle assumptions about preexisting temporary files in tests by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1759 - Overhaul noqa directives by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1760 - Clarify some Git.execute kill_after_timeout limitations by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1761 - Bump actions/setup-python from 4 to 5 by [@​dependabot](https://togithub.com/dependabot) in [gitpython-developers/GitPython#1763 - Don't install black on Cygwin by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1766 - Extract all "import gc" to module level by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1765 - Extract remaining local "import gc" to module level by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1768 - Replace xfail with gc.collect in TestSubmodule.test_rename by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1767 - Enable CodeQL by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1769 - Replace some uses of the deprecated mktemp function by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1770 - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [gitpython-developers/GitPython#1773 - Run some Windows environment variable tests only on Windows by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1774 - Fix TemporaryFileSwap regression where file_path could not be Path by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1776 - Improve hooks tests by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1777 - Fix if items of Index is of type PathLike by [@​stegm](https://togithub.com/stegm) in [gitpython-developers/GitPython#1778 - Better document IterableObj.iter_items and improve some subclasses by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1780 - Revert "Don't install black on Cygwin" by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1783 - Add missing pip in $PATH on Cygwin CI by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1784 - Shorten Iterable docstrings and put IterableObj first by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1785 - Fix incompletely revised Iterable/IterableObj docstrings by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1786 - Pre-deprecate setting Git.USE_SHELL by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1782 - Deprecate Git.USE_SHELL by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1787 - In handle_process_output don't forward finalizer result by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1788 - Fix mypy warning "Missing return statement" by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1789 - Fix two remaining Windows untrusted search path cases by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1792 #### New Contributors - [@​marioaag](https://togithub.com/marioaag) made their first contribution in [gitpython-developers/GitPython#1746 - [@​stegm](https://togithub.com/stegm) made their first contribution in [gitpython-developers/GitPython#1778 **Full Changelog**: gitpython-developers/GitPython@3.1.40...3.1.41 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/allenporter/flux-local). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMjcuMCIsInVwZGF0ZWRJblZlciI6IjM3LjEyNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
JoeWang1127
pushed a commit
to googleapis/sdk-platform-java
that referenced
this pull request
Apr 6, 2024
](https://renovatebot.com){kind=link}
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [GitPython](https://togithub.com/gitpython-developers/GitPython) | `==3.1.40` -> `==3.1.41` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ### GitHub Vulnerability Alerts #### [CVE-2024-22190](https://togithub.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx) ### Summary This issue exists because of an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. ### Details Although GitPython often avoids executing programs found in an untrusted search path since 3.1.33, two situations remain where this still occurs. Either can allow arbitrary code execution under some circumstances. #### When a shell is used GitPython can be told to run `git` commands through a shell rather than as direct subprocesses, by passing `shell=True` to any method that accepts it, or by both setting `Git.USE_SHELL = True` and not passing `shell=False`. Then the Windows `cmd.exe` shell process performs the path search, and GitPython does not prevent that shell from finding and running `git` in the current directory. When GitPython runs `git` directly rather than through a shell, the GitPython process performs the path search, and currently omits the current directory by setting `NoDefaultCurrentDirectoryInExePath` in its own environment during the `Popen` call. Although the `cmd.exe` shell will honor this environment variable when present, GitPython does not currently pass it into the shell subprocess's environment. Furthermore, because GitPython sets the subprocess CWD to the root of a repository's working tree, using a shell will run a malicious `git.exe` in an untrusted repository even if GitPython itself is run from a trusted location. This also applies if `Git.execute` is called directly with `shell=True` (or after `Git.USE_SHELL = True`) to run any command. #### When hook scripts are run On Windows, GitPython uses `bash.exe` to run hooks that appear to be scripts. However, unlike when running `git`, no steps are taken to avoid finding and running `bash.exe` in the current directory. This allows the author of an untrusted fork or branch to cause a malicious `bash.exe` to be run in some otherwise safe workflows. An example of such a scenario is if the user installs a trusted hook while on a trusted branch, then switches to an untrusted feature branch (possibly from a fork) to review proposed changes. If the untrusted feature branch contains a malicious `bash.exe` and the user's current working directory is the working tree, and the user performs an action that runs the hook, then although the hook itself is uncorrupted, it runs with the malicious `bash.exe`. Note that, while `bash.exe` is a shell, this is a separate scenario from when `git` is run using the unrelated Windows `cmd.exe` shell. ### PoC On Windows, create a `git.exe` file in a repository. Then create a `Repo` object, and call any method through it (directly or indirectly) that supports the `shell` keyword argument with `shell=True`: ```powershell mkdir testrepo git init testrepo cp ... testrepo git.exe # Replace "..." with any executable of choice. python -c "import git; print(git.Repo('testrepo').git.version(shell=True))" ``` The `git.exe` executable in the repository directory will be run. Or use no `Repo` object, but do it from the location with the `git.exe`: ```powershell cd testrepo python -c "import git; print(git.Git().version(shell=True))" ``` The `git.exe` executable in the current directory will be run. For the scenario with hooks, install a hook in a repository, create a `bash.exe` file in the current directory, and perform an operation that causes GitPython to attempt to run the hook: ```powershell mkdir testrepo cd testrepo git init mv .git/hooks/pre-commit.sample .git/hooks/pre-commit cp ... bash.exe # Replace "..." with any executable of choice. echo "Some text" >file.txt git add file.txt python -c "import git; git.Repo().index.commit('Some message')" ``` The `bash.exe` executable in the current directory will be run. ### Impact The greatest impact is probably in applications that set `Git.USE_SHELL = True` for historical reasons. (Undesired console windows had, in the past, been created in some kinds of applications, when it was not used.) Such an application may be vulnerable to arbitrary code execution from a malicious repository, even with no other exacerbating conditions. This is to say that, if a shell is used to run `git`, the full effect of CVE-2023-40590 is still present. Furthermore, as noted above, running the application itself from a trusted directory is not a sufficient mitigation. An application that does not direct GitPython to use a shell to run `git` subprocesses thus avoids most of the risk. However, there is no such straightforward way to prevent GitPython from running `bash.exe` to interpret hooks. So while the conditions needed for that to be exploited are more involved, it may be harder to mitigate decisively prior to patching. ### Possible solutions A straightforward approach would be to address each bug directly: - When a shell is used, pass `NoDefaultCurrentDirectoryInExePath` into the subprocess environment, because in that scenario the subprocess is the `cmd.exe` shell that itself performs the path search. - Set `NoDefaultCurrentDirectoryInExePath` in the GitPython process environment during the `Popen` call made to run hooks with a `bash.exe` subprocess. These need only be done on Windows. --- ### Release Notes <details> <summary>gitpython-developers/GitPython (GitPython)</summary> ### [`v3.1.41`](https://togithub.com/gitpython-developers/GitPython/releases/tag/3.1.41): - fix Windows security issue [Compare Source](https://togithub.com/gitpython-developers/GitPython/compare/3.1.40...3.1.41) The details about the Windows security issue [can be found in this advisory](https://togithub.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx). Special thanks go to [@​EliahKagan](https://togithub.com/EliahKagan) who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️. #### What's Changed - Add `__all__` in git.exc by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1719 - Set submodule update cadence to weekly by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1721 - Never modify sys.path by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1720 - Bump git/ext/gitdb from `8ec2390` to `ec58b7e` by [@​dependabot](https://togithub.com/dependabot) in [gitpython-developers/GitPython#1722 - Revise comments, docstrings, some messages, and a bit of code by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1725 - Use zero-argument super() by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1726 - Remove obsolete note in \_iter_packed_refs by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1727 - Reorganize test_util and make xfail marks precise by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1729 - Clarify license and make module top comments more consistent by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1730 - Deprecate compat.is\_<platform>, rewriting all uses by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1732 - Revise and restore some module docstrings by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1735 - Make the rmtree callback Windows-only by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1739 - List all non-passing tests in test summaries by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1740 - Document some minor subtleties in test_util.py by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1749 - Always read metadata files as UTF-8 in setup.py by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1748 - Test native Windows on CI by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1745 - Test macOS on CI by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1752 - Let close_fds be True on all platforms by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1753 - Fix IndexFile.from_tree on Windows by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1751 - Remove unused TASKKILL fallback in AutoInterrupt by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1754 - Don't return with operand when conceptually void by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1755 - Group .gitignore entries by purpose by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1758 - Adding dubious ownership handling by [@​marioaag](https://togithub.com/marioaag) in [gitpython-developers/GitPython#1746 - Avoid brittle assumptions about preexisting temporary files in tests by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1759 - Overhaul noqa directives by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1760 - Clarify some Git.execute kill_after_timeout limitations by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1761 - Bump actions/setup-python from 4 to 5 by [@​dependabot](https://togithub.com/dependabot) in [gitpython-developers/GitPython#1763 - Don't install black on Cygwin by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1766 - Extract all "import gc" to module level by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1765 - Extract remaining local "import gc" to module level by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1768 - Replace xfail with gc.collect in TestSubmodule.test_rename by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1767 - Enable CodeQL by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1769 - Replace some uses of the deprecated mktemp function by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1770 - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [gitpython-developers/GitPython#1773 - Run some Windows environment variable tests only on Windows by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1774 - Fix TemporaryFileSwap regression where file_path could not be Path by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1776 - Improve hooks tests by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1777 - Fix if items of Index is of type PathLike by [@​stegm](https://togithub.com/stegm) in [gitpython-developers/GitPython#1778 - Better document IterableObj.iter_items and improve some subclasses by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1780 - Revert "Don't install black on Cygwin" by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1783 - Add missing pip in $PATH on Cygwin CI by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1784 - Shorten Iterable docstrings and put IterableObj first by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1785 - Fix incompletely revised Iterable/IterableObj docstrings by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1786 - Pre-deprecate setting Git.USE_SHELL by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1782 - Deprecate Git.USE_SHELL by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1787 - In handle_process_output don't forward finalizer result by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1788 - Fix mypy warning "Missing return statement" by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1789 - Fix two remaining Windows untrusted search path cases by [@​EliahKagan](https://togithub.com/EliahKagan) in [gitpython-developers/GitPython#1792 #### New Contributors - [@​marioaag](https://togithub.com/marioaag) made their first contribution in [gitpython-developers/GitPython#1746 - [@​stegm](https://togithub.com/stegm) made their first contribution in [gitpython-developers/GitPython#1778 **Full Changelog**: gitpython-developers/GitPython@3.1.40...3.1.41 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/googleapis/sdk-platform-java). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In
git.index.base.IndexFile.from_tree, control was never able to fall off the end, butmypyreported a "Missing return statement" because it could not infer that the context manager didn't suppress any exceptions.This was for two reasons. An
ExitStackcontext manager suppresses exceptions in some uses and not others, depending on the context manager objects itsenter_contextmethod is called with. In this case, that was sufficient to produce themypywarning regardless of other changes, so I converted it to nestedwith-statements. The nesting depth is only 2, so this is not really any worse. (I also reworded the comments for clarity and adjusted their spacing.)The more important cause, however, could also produce this warning in code that uses GitPython, as
git.index.util.TemporaryFileSwapis public. Its__exit__method was annotated to returnbool. This was itself reported bymypyas an error, because a context manager__exit__method that never suppresses exceptions should either always (implicitly) returnNoneand be annotated as such, or it can returnFalseas this implementation does but should then have its return type annotated asLiteral[False].So this also changes
TemporaryFileSwap.__exit__'s return type annotation frombooltoLiteral[False]. If this were nonpublic or being newly designed, it may be better for it to instead returnNoneimplicitly, but I think that would technically be a breaking change (though it would be very unusual, and not a good idea, for any code to ever rely on the distinction).With both these changes made, both those
mypywarnings go away, and code using GitPython will not get a warning if it makes similar direct use ofTemporaryFileSwap.(An alternative might be to dedent the return statement out of the
with-statement inIndexFile.from_tree, but this would make less clear to readers that it does not suppress exceptions. Furthermore, the change toTemporaryFileSwap.__exit__would still have to be made formypyto consider it correctly typed.)