SelfPrivacy/selfprivacy-rest-api
1
0
Fork 0
mirror of https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git synced 2024-12-01 19:06:45 +00:00
Code Issues Projects Releases Wiki Activity

Mitigated possible directory escape scenario

Browse source
This commit is contained in:
Illia Chub 2021-11-30 07:10:00 +02:00
parent fb98fd1e60
commit d1fdaf186d
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
selfprivacy_api/resources/services/update.py
View file

@ -31,8 +31,10 @@ class PullRepositoryChanges(Resource):
git_pull_command = ["git", "pull"] git_pull_command = ["git", "pull"]
current_working_directory = os.getcwd()
os.chdir("/etc/nixos") os.chdir("/etc/nixos")
git_pull_process_descriptor = subprocess.Popen( git_pull_process_descriptor = subprocess.Popen(
git_pull_command, git_pull_command,
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
@ -43,6 +45,8 @@ class PullRepositoryChanges(Resource):
git_pull_process_descriptor.communicate()[0] git_pull_process_descriptor.communicate()[0]
os.chdir(current_working_directory)
if git_pull_process_descriptor.returncode == 0: if git_pull_process_descriptor.returncode == 0:
return { return {
"status": 0, "status": 0,