From 1f3caa31f1b63908235e341418a0804ed37a320a Mon Sep 17 00:00:00 2001 From: Eliah Kagan Date: Mon, 25 Dec 2023 11:33:40 -0500 Subject: [PATCH] Further clarify comment in test_hook_uses_shell_not_from_cwd --- test/test_index.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/test/test_index.py b/test/test_index.py index d352faa6c..8a64e2293 100644 --- a/test/test_index.py +++ b/test/test_index.py @@ -1032,16 +1032,16 @@ def test_hook_uses_shell_not_from_cwd(self, rw_dir, case): maybe_chdir = cwd(rw_dir) if chdir_to_repo else contextlib.nullcontext() repo = Repo.init(rw_dir) - # We need an impostor shell that works on Windows and that can be distinguished - # from the real bash.exe. But even if the real bash.exe is absent or unusable, - # we should verify that the impostor is not run. So the impostor needs a clear - # side effect (unlike in TestGit.test_it_executes_git_not_from_cwd). Popen on - # Windows uses CreateProcessW, which disregards PATHEXT; the impostor may need - # to be a binary executable to ensure the vulnerability is found if present. No - # compiler need exist, shipping a binary in the test suite may target the wrong - # architecture, and generating one in a bespoke way may cause virus scanners to - # give a false positive. So we use a Bash/Python polyglot for the hook and use - # the Python interpreter itself as the bash.exe impostor. But an interpreter + # We need an impostor shell that works on Windows and that the test can + # distinguish from the real bash.exe. But even if the real bash.exe is absent or + # unusable, we should verify the impostor is not run. So the impostor needs a + # clear side effect (unlike in TestGit.test_it_executes_git_not_from_cwd). Popen + # on Windows uses CreateProcessW, which disregards PATHEXT; the impostor may + # need to be a binary executable to ensure the vulnerability is found if + # present. No compiler need exist, shipping a binary in the test suite may + # target the wrong architecture, and generating one in a bespoke way may trigger + # false positive virus scans. So we use a Bash/Python polyglot for the hook and + # use the Python interpreter itself as the bash.exe impostor. But an interpreter # from a venv may not run when copied outside of it, and a global interpreter # won't run when copied to a different location if it was installed from the # Microsoft Store. So we make a new venv in rw_dir and use its interpreter.