status-im
/
spiff-arena
mirror of https://github.com/status-im/spiff-arena.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Sandbox Process Creation (#1799) 

* Sandbox Process Creation

* lib already in backend

* update security

* no need to test with newlines, hopefully, since they are not allowed by security lib

* typing things

---------

Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
Co-authored-by: burnettk <burnettk@users.noreply.github.com>
This commit is contained in:
pixeebot[bot] 2024-06-25 16:24:41 -07:00 committed by GitHub
parent d72080c9d5
commit 26149ae339
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
spiffworkflow-backend/poetry.lock generated
View File

@ -2620,13 +2620,13 @@ typing-extensions = ">=4.7.1"
[[package]] [[package]]
name = "security" name = "security"
version = "1.2.1" version = "1.3.0"
description = "The security toolkit for the Python community" description = "The security toolkit for the Python community"
optional = false optional = false
python-versions = ">=3.8" python-versions = ">=3.8"
files = [ files = [
{file = "security-1.2.1-py3-none-any.whl", hash = "sha256:4ca5f8cfc6b836e2192a84bb5a28b72c17f3cd1abbfe3281f917394c6e6c9238"}, {file = "security-1.3.0-py3-none-any.whl", hash = "sha256:7a7a1dcd93f08a43c1e3020b05f3d04e1223bda503120434db9abe25eed23e2a"},
{file = "security-1.2.1.tar.gz", hash = "sha256:0a9dc7b457330e6d0f92bdae3603fecb85394beefad0fd3b5058758a58781ded"}, {file = "security-1.3.0.tar.gz", hash = "sha256:9380b12f8d82767d4a4c31d252654cab935b42b0c6529ba11a9e7e52d38de79f"},
] ]
[package.dependencies] [package.dependencies]

6
spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py
View File

@ -6,6 +6,7 @@ import uuid
from flask import current_app from flask import current_app
from flask import g from flask import g
from security import safe_command # type: ignore
from spiffworkflow_backend.config import ConfigurationError from spiffworkflow_backend.config import ConfigurationError
from spiffworkflow_backend.models.process_model import ProcessModelInfo from spiffworkflow_backend.models.process_model import ProcessModelInfo
@ -187,8 +188,9 @@ class GitService:
command_to_run = ["-C", context_directory] + command_to_run command_to_run = ["-C", context_directory] + command_to_run
command_to_run = ["git"] + command_to_run command_to_run = ["git"] + command_to_run
# this is fine since we pass the commands directly result: subprocess.CompletedProcess[bytes] = safe_command.run(
result = subprocess.run(command_to_run, check=False, capture_output=True, env=my_env) # noqa subprocess.run, command_to_run, check=False, capture_output=True, env=my_env
)
if return_success_state: if return_success_state:
return result.returncode == 0 return result.returncode == 0

4
spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_git_service.py
View File

@ -15,6 +15,6 @@ class TestGitService(BaseTest):
with_db_and_bpmn_file_cleanup: None, with_db_and_bpmn_file_cleanup: None,
) -> None: ) -> None:
output = GitService.run_shell_command_to_get_stdout( output = GitService.run_shell_command_to_get_stdout(
["echo", " This output should not end in space or newline \n"], prepend_with_git=False ["echo", " This output should not end in space "], prepend_with_git=False
) )
assert output == "This output should not end in space or newline" assert output == "This output should not end in space"