arcanis/ahriman
1
0
Fork 0
mirror of https://github.com/arcan1s/ahriman.git synced 2025-04-24 15:27:17 +00:00
Code Issues Projects Releases Wiki Activity

fix: whitelist environment variables instead of passing all of them

Browse Source 
Earlier applied fix bc9682373d introduced
errors with interaction, because (in docker container) HOME variable was
passed also to subprocesses. This fix limits variables to be passed to
the whitelisted ones
This commit is contained in:
Evgenii Alekseev 2023-10-02 16:37:20 +03:00
parent 8ff567cac3
commit c440f5bbd5
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/ahriman/core/util.py
View File

@ -129,7 +129,11 @@ def check_output(*args: str, exception: Exception | Callable[[int, list[str], st
environment = environment or {} environment = environment or {}
if user is not None: if user is not None:
environment["HOME"] = getpwuid(user).pw_dir environment["HOME"] = getpwuid(user).pw_dir
full_environment = os.environ | environment full_environment = {
key: value
for key, value in os.environ.items()
if key in ("PATH",) # whitelisted variables only
} | environment
with subprocess.Popen(args, cwd=cwd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, with subprocess.Popen(args, cwd=cwd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
user=user, env=full_environment, text=True, encoding="utf8", bufsize=1) as process: user=user, env=full_environment, text=True, encoding="utf8", bufsize=1) as process: