IO,

Iterator,

List,

Mapping,

Optional,

Pattern,

Sequence,

def py_where(program: str, path: Optional[PathLike] = None) -> List[str]:

"""Perform a path search to assist :func:`is_cygwin_git`.

This is not robust for general use. It is an implementation detail of

:func:`is_cygwin_git`. When a search following all shell rules is needed,

:func:`shutil.which` can be used instead.

:note: Neither this function nor :func:`shutil.which` will predict the effect of an

executable search on a native Windows system due to a :class:`subprocess.Popen`

call without ``shell=True``, because shell and non-shell executable search on

Windows differ considerably.

"""

# From: http://stackoverflow.com/a/377028/548792

winprog_exts = _get_exe_extensions()

return new_cmdline

def _safer_popen_windows(

command: Union[str, Sequence[Any]],

*,

shell: bool = False,

env: Optional[Mapping[str, str]] = None,

**kwargs: Any,

) -> subprocess.Popen:

"""Call :class:`subprocess.Popen` on Windows but don't include a CWD in the search.

This avoids an untrusted search path condition where a file like ``git.exe`` in a

malicious repository would be run when GitPython operates on the repository. The

process using GitPython may have an untrusted repository's working tree as its

current working directory. Some operations may temporarily change to that directory

before running a subprocess. In addition, while by default GitPython does not run

external commands with a shell, it can be made to do so, in which case the CWD of

the subprocess, which GitPython usually sets to a repository working tree, can

itself be searched automatically by the shell. This wrapper covers all those cases.

:note: This currently works by setting the ``NoDefaultCurrentDirectoryInExePath``

environment variable during subprocess creation. It also takes care of passing

Windows-specific process creation flags, but that is unrelated to path search.

:note: The current implementation contains a race condition on :attr:`os.environ`.

GitPython isn't thread-safe, but a program using it on one thread should ideally

be able to mutate :attr:`os.environ` on another, without unpredictable results.

See comments in https://github.com/gitpython-developers/GitPython/pull/1650.

"""

# CREATE_NEW_PROCESS_GROUP is needed for some ways of killing it afterwards. See:

# https://docs.python.org/3/library/subprocess.html#subprocess.Popen.send_signal

# https://docs.python.org/3/library/subprocess.html#subprocess.CREATE_NEW_PROCESS_GROUP

creationflags = subprocess.CREATE_NO_WINDOW | subprocess.CREATE_NEW_PROCESS_GROUP

# When using a shell, the shell is the direct subprocess, so the variable must be

# set in its environment, to affect its search behavior. (The "1" can be any value.)

if shell:

safer_env = {} if env is None else dict(env)

safer_env["NoDefaultCurrentDirectoryInExePath"] = "1"

else:

safer_env = env

# When not using a shell, the current process does the search in a CreateProcessW

# API call, so the variable must be set in our environment. With a shell, this is

# unnecessary, in versions where https://github.com/python/cpython/issues/101283 is

# patched. If not, in the rare case the ComSpec environment variable is unset, the

# shell is searched for unsafely. Setting NoDefaultCurrentDirectoryInExePath in all

# cases, as here, is simpler and protects against that. (The "1" can be any value.)

with patch_env("NoDefaultCurrentDirectoryInExePath", "1"):

return subprocess.Popen(

command,

shell=shell,

env=safer_env,

creationflags=creationflags,

**kwargs,

)

if os.name == "nt":

safer_popen = _safer_popen_windows

else:

safer_popen = subprocess.Popen

# } END utilities

# { Classes