# HG changeset patch
# User Mateusz Kwapich <mitrandir@fb.com>
# Date 1458691511 25200
#      Tue Mar 22 17:05:11 2016 -0700
# Branch stable
# Node ID 197eed39e3d5e9a8cadfd9ba5839eb14cc265caa
# Parent  34d43cb85de8d06764039d8868eee19d00fddeab
convert: add new, non-clowny interface for shelling out to git (SEC)

CVE-2016-3069 (1/5)

To avoid shell injection and for the sake of simplicity let's use the
common.commandline for calling git.

--- mercurial-2.2.2.orig/hgext/convert/git.py
+++ mercurial-2.2.2/hgext/convert/git.py
@@ -8,13 +8,13 @@
 import os
 from mercurial import util
 from mercurial.node import hex, nullid
 from mercurial.i18n import _
 
-from common import NoRepo, commit, converter_source, checktool
+from common import NoRepo, commit, converter_source, checktool, commandline
 
-class convert_git(converter_source):
+class convert_git(converter_source, commandline):
     # Windows does not support GIT_DIR= construct while other systems
     # cannot remove environment variable. Just assume none have
     # both issues.
     if util.safehasattr(os, 'unsetenv'):
         def gitopen(self, s, noerr=False):
@@ -37,17 +37,33 @@ class convert_git(converter_source):
                 (sin, so, se) = util.popen3('GIT_DIR=%s %s' % (self.path, s))
                 return so
             else:
                 return util.popen('GIT_DIR=%s %s' % (self.path, s), 'rb')
 
+    def _gitcmd(self, cmd, *args, **kwargs):
+        return cmd('--git-dir=%s' % self.path, *args, **kwargs)
+
+    def gitrun0(self, *args, **kwargs):
+        return self._gitcmd(self.run0, *args, **kwargs)
+
+    def gitrun(self, *args, **kwargs):
+        return self._gitcmd(self.run, *args, **kwargs)
+
+    def gitrunlines0(self, *args, **kwargs):
+        return self._gitcmd(self.runlines0, *args, **kwargs)
+
+    def gitrunlines(self, *args, **kwargs):
+        return self._gitcmd(self.runlines, *args, **kwargs)
+
     def gitread(self, s):
         fh = self.gitopen(s)
         data = fh.read()
         return data, fh.close()
 
     def __init__(self, ui, path, rev=None):
         super(convert_git, self).__init__(ui, path, rev=rev)
+        commandline.__init__(self, ui, 'git')
 
         if os.path.isdir(path + "/.git"):
             path += "/.git"
         if not os.path.exists(path + "/objects"):
             raise NoRepo(_("%s does not look like a Git repository") % path)