mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git
synced 2024-11-22 12:11:26 +00:00
Mitigated possible directory escape scenario
This commit is contained in:
parent
fb98fd1e60
commit
d1fdaf186d
|
@ -31,8 +31,10 @@ class PullRepositoryChanges(Resource):
|
|||
|
||||
git_pull_command = ["git", "pull"]
|
||||
|
||||
|
||||
current_working_directory = os.getcwd()
|
||||
os.chdir("/etc/nixos")
|
||||
|
||||
|
||||
git_pull_process_descriptor = subprocess.Popen(
|
||||
git_pull_command,
|
||||
stdout=subprocess.PIPE,
|
||||
|
@ -43,6 +45,8 @@ class PullRepositoryChanges(Resource):
|
|||
|
||||
git_pull_process_descriptor.communicate()[0]
|
||||
|
||||
os.chdir(current_working_directory)
|
||||
|
||||
if git_pull_process_descriptor.returncode == 0:
|
||||
return {
|
||||
"status": 0,
|
||||
|
|
Loading…
Reference in a new issue