Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Git: don't expand envvars in Gitpython #8263

merged 1 commit into from Jun 15, 2021


Copy link

@stsewd stsewd commented Jun 14, 2021

- Gitpython expands envvars by default
  We execute gitpython outside the containers.
  Currently there isn't a way to exploit this vulnerability
  (looks like gitpython is aware of this and may change the default
  to false any time
- In some places we were executing git commands outside the container
  (to get the commit), let's always use the current env (docker in
@stsewd stsewd requested a review from a team June 14, 2021 21:14
@stsewd stsewd merged commit db0c0e2 into master Jun 15, 2021
@stsewd stsewd deleted the dont-expand-env-vars-gitpython branch June 15, 2021 23:25
@RuRo RuRo mentioned this pull request Jul 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

Successfully merging this pull request may close these issues.

None yet

2 participants