René's URL Explorer Experiment

Title: CVE-2023-40590 fix capitalized all environment variables on Windows · Issue #1646 · gitpython-developers/GitPython · GitHub

Open Graph Title: CVE-2023-40590 fix capitalized all environment variables on Windows · Issue #1646 · gitpython-developers/GitPython

X Title: CVE-2023-40590 fix capitalized all environment variables on Windows · Issue #1646 · gitpython-developers/GitPython

Description: This fix: 6029211 capitalized all environment variables on Windows. It can be illustrated by this short program: import subprocess print(subprocess.check_output( "set | findstr /c:SystemRoot /i", shell=True, universal_newlines=True )) im...

Open Graph Description: This fix: 6029211 capitalized all environment variables on Windows. It can be illustrated by this short program: import subprocess print(subprocess.check_output( "set | findstr /c:SystemRoot /i", s...

X Description: This fix: 6029211 capitalized all environment variables on Windows. It can be illustrated by this short program: import subprocess print(subprocess.check_output( "set | findstr /c:SystemRoot /...

Opengraph URL: https://github.com/gitpython-developers/GitPython/issues/1646

X: @github

direct link

Domain: github.com

Hey, it has json ld scripts:

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"CVE-2023-40590 fix capitalized all environment variables on Windows","articleBody":"This fix:\r\nhttps://github.com/gitpython-developers/GitPython/commit/6029211d729a0dd81e08fcc9c1a3ab7fe9af85c9\r\ncapitalized all environment variables on Windows. It can be illustrated by this short program:\r\n```\r\nimport subprocess\r\n\r\nprint(subprocess.check_output(\r\n    \"set | findstr /c:SystemRoot /i\", shell=True, universal_newlines=True\r\n))\r\n\r\nimport git\r\n\r\nprint(subprocess.check_output(\r\n    \"set | findstr /c:SystemRoot /i\", shell=True, universal_newlines=True\r\n))\r\n```\r\n\r\nThe output is:\r\n```\r\nSystemRoot=C:\\Windows\r\n\r\nSYSTEMROOT=C:\\Windows\r\n```\r\n\r\nThis side effect breaks our use case currently. We use gnu make in cygwin for our build, in which all environment variables are case sensitive.\r\n\r\nThe core problem was `unittest.mock.patch.dict(os.environ, {\"NoDefaultCurrentDirectoryInExePath\": \"1\"})` -- in which it will try to treat `os.environ` as a dictionary, but `os.environ` is not just a simple dictionary. It actually remembers the original casing of the environment variable. Unfortunately when reading it as dictionary it capitalize all letters.\r\n\r\nWe can also observe the same side effect with this code below:\r\n```\r\nimport os\r\nimport subprocess\r\nimport unittest.mock\r\n\r\nprint(subprocess.check_output(\r\n    \"set | findstr /c:SystemRoot /i\", shell=True, universal_newlines=True\r\n))\r\n\r\nwith unittest.mock.patch.dict(os.environ, {\"NoDefaultCurrentDirectoryInExePath\": \"1\"}):\r\n    pass\r\n\r\nprint(subprocess.check_output(\r\n    \"set | findstr /c:SystemRoot /i\", shell=True, universal_newlines=True\r\n))\r\n```\r\n\r\nThe side effect is the same as above.","author":{"url":"https://github.com/irwand","@type":"Person","name":"irwand"},"datePublished":"2023-09-06T21:21:24.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":1},"url":"https://github.com/1646/GitPython/issues/1646"}

route-pattern	/_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format)
route-controller	voltron_issues_fragments
route-action	issue_layout
fetch-nonce	v2:5c41055b-a454-55c5-39e6-f10f9b43586c
current-catalog-service-hash	81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114
request-id	EA7A:12F8:1B832D9:2679A31:69692A1C
html-safe-nonce	c42462294f9d34bad4eb2599852895c98a74750a20e2ce2959405431bae2b662
visitor-payload	eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJFQTdBOjEyRjg6MUI4MzJEOToyNjc5QTMxOjY5NjkyQTFDIiwidmlzaXRvcl9pZCI6IjIxNTIzMTkxMzQ0MDM3MzQwNDQiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ==
visitor-hmac	3707ac447d563798f0f98bce35b9cb6d543d896b59882e890f9c60631304c0cf
hovercard-subject-tag	issue:1884770708
github-keyboard-shortcuts	repository,issues,copilot
google-site-verification	Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-url	https://collector.github.com/github/collect
analytics-location	///voltron/issues_fragments/issue_layout
fb:app_id	1401488693436528
apple-itunes-app	app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/gitpython-developers/GitPython/1646/issue_layout
twitter:image	https://opengraph.githubassets.com/ce534e7df73f18592197f2729066d394247671b433a8313317e5f85c261275b3/gitpython-developers/GitPython/issues/1646
twitter:card	summary_large_image
og:image	https://opengraph.githubassets.com/ce534e7df73f18592197f2729066d394247671b433a8313317e5f85c261275b3/gitpython-developers/GitPython/issues/1646
og:image:alt	This fix: 6029211 capitalized all environment variables on Windows. It can be illustrated by this short program: import subprocess print(subprocess.check_output( "set \| findstr /c:SystemRoot /i", s...
og:image:width	1200
og:image:height	600
og:site_name	GitHub
og:type	object
og:author:username	irwand
hostname	github.com
expected-hostname	github.com
None	54182691a21263b584d2e600b758e081b0ff1d10ffc0d2eefa51cf754b43b51d
turbo-cache-control	no-preview
go-import	github.com/gitpython-developers/GitPython git https://github.com/gitpython-developers/GitPython.git
octolytics-dimension-user_id	503709
octolytics-dimension-user_login	gitpython-developers
octolytics-dimension-repository_id	1126087
octolytics-dimension-repository_nwo	gitpython-developers/GitPython
octolytics-dimension-repository_public	true
octolytics-dimension-repository_is_fork	false
octolytics-dimension-repository_network_root_id	1126087
octolytics-dimension-repository_network_root_nwo	gitpython-developers/GitPython
turbo-body-classes	logged-out env-production page-responsive
disable-turbo	false
browser-stats-url	https://api.github.com/_private/browser/stats
browser-errors-url	https://api.github.com/_private/browser/errors
release	d69ac0477df0f87da03b8b06cebd187012d7a930
ui-target	full
theme-color	#1e2327
color-scheme	light dark

Links:

Skip to content	https://github.com/gitpython-developers/GitPython/issues/1646#start-of-content
	https://github.com/
Sign in	https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fgitpython-developers%2FGitPython%2Fissues%2F1646
GitHub CopilotWrite better code with AI	https://github.com/features/copilot
GitHub SparkBuild and deploy intelligent apps	https://github.com/features/spark
GitHub ModelsManage and compare prompts	https://github.com/features/models
MCP RegistryNewIntegrate external tools	https://github.com/mcp
ActionsAutomate any workflow	https://github.com/features/actions
CodespacesInstant dev environments	https://github.com/features/codespaces
IssuesPlan and track work	https://github.com/features/issues
Code ReviewManage code changes	https://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilities	https://github.com/security/advanced-security
Code securitySecure your code as you build	https://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they start	https://github.com/security/advanced-security/secret-protection
Why GitHub	https://github.com/why-github
Documentation	https://docs.github.com
Blog	https://github.blog
Changelog	https://github.blog/changelog
Marketplace	https://github.com/marketplace
View all features	https://github.com/features
Enterprises	https://github.com/enterprise
Small and medium teams	https://github.com/team
Startups	https://github.com/enterprise/startups
Nonprofits	https://github.com/solutions/industry/nonprofits
App Modernization	https://github.com/solutions/use-case/app-modernization
DevSecOps	https://github.com/solutions/use-case/devsecops
DevOps	https://github.com/solutions/use-case/devops
CI/CD	https://github.com/solutions/use-case/ci-cd
View all use cases	https://github.com/solutions/use-case
Healthcare	https://github.com/solutions/industry/healthcare
Financial services	https://github.com/solutions/industry/financial-services
Manufacturing	https://github.com/solutions/industry/manufacturing
Government	https://github.com/solutions/industry/government
View all industries	https://github.com/solutions/industry
View all solutions	https://github.com/solutions
AI	https://github.com/resources/articles?topic=ai
Software Development	https://github.com/resources/articles?topic=software-development
DevOps	https://github.com/resources/articles?topic=devops
Security	https://github.com/resources/articles?topic=security
View all topics	https://github.com/resources/articles
Customer stories	https://github.com/customer-stories
Events & webinars	https://github.com/resources/events
Ebooks & reports	https://github.com/resources/whitepapers
Business insights	https://github.com/solutions/executive-insights
GitHub Skills	https://skills.github.com
Documentation	https://docs.github.com
Customer support	https://support.github.com
Community forum	https://github.com/orgs/community/discussions
Trust center	https://github.com/trust-center
Partners	https://github.com/partners
GitHub SponsorsFund open source developers	https://github.com/sponsors
Security Lab	https://securitylab.github.com
Maintainer Community	https://maintainers.github.com
Accelerator	https://github.com/accelerator
Archive Program	https://archiveprogram.github.com
Topics	https://github.com/topics
Trending	https://github.com/trending
Collections	https://github.com/collections
Enterprise platformAI-powered developer platform	https://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security features	https://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI features	https://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 support	https://github.com/premium-support
Pricing	https://github.com/pricing
Search syntax tips	https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentation	https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in	https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fgitpython-developers%2FGitPython%2Fissues%2F1646
Sign up	https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fvoltron%2Fissues_fragments%2Fissue_layout&source=header-repo&source_repo=gitpython-developers%2FGitPython
Reload	https://github.com/gitpython-developers/GitPython/issues/1646
Reload	https://github.com/gitpython-developers/GitPython/issues/1646
Reload	https://github.com/gitpython-developers/GitPython/issues/1646
gitpython-developers	https://github.com/gitpython-developers
GitPython	https://github.com/gitpython-developers/GitPython
Please reload this page	https://github.com/gitpython-developers/GitPython/issues/1646
Notifications	https://github.com/login?return_to=%2Fgitpython-developers%2FGitPython
Fork 964	https://github.com/login?return_to=%2Fgitpython-developers%2FGitPython
Star 5k	https://github.com/login?return_to=%2Fgitpython-developers%2FGitPython
Code	https://github.com/gitpython-developers/GitPython
Issues 169	https://github.com/gitpython-developers/GitPython/issues
Pull requests 8	https://github.com/gitpython-developers/GitPython/pulls
Discussions	https://github.com/gitpython-developers/GitPython/discussions
Actions	https://github.com/gitpython-developers/GitPython/actions
Security Uh oh! There was an error while loading. Please reload this page.	https://github.com/gitpython-developers/GitPython/security
Please reload this page	https://github.com/gitpython-developers/GitPython/issues/1646
Insights	https://github.com/gitpython-developers/GitPython/pulse
Code	https://github.com/gitpython-developers/GitPython
Issues	https://github.com/gitpython-developers/GitPython/issues
Pull requests	https://github.com/gitpython-developers/GitPython/pulls
Discussions	https://github.com/gitpython-developers/GitPython/discussions
Actions	https://github.com/gitpython-developers/GitPython/actions
Security	https://github.com/gitpython-developers/GitPython/security
Insights	https://github.com/gitpython-developers/GitPython/pulse
New issue	https://github.com/login?return_to=https://github.com/gitpython-developers/GitPython/issues/1646
New issue	https://github.com/login?return_to=https://github.com/gitpython-developers/GitPython/issues/1646
#1650	https://github.com/gitpython-developers/GitPython/pull/1650
CVE-2023-40590 fix capitalized all environment variables on Windows	https://github.com/gitpython-developers/GitPython/issues/1646#top
#1650	https://github.com/gitpython-developers/GitPython/pull/1650
acknowledged	https://github.com/gitpython-developers/GitPython/issues?q=state%3Aopen%20label%3A%22acknowledged%22
help wanted	https://github.com/gitpython-developers/GitPython/issues?q=state%3Aopen%20label%3A%22help%20wanted%22
	https://github.com/irwand
	https://github.com/irwand
irwand	https://github.com/irwand
on Sep 6, 2023	https://github.com/gitpython-developers/GitPython/issues/1646#issue-1884770708
6029211	https://github.com/gitpython-developers/GitPython/commit/6029211d729a0dd81e08fcc9c1a3ab7fe9af85c9
acknowledged	https://github.com/gitpython-developers/GitPython/issues?q=state%3Aopen%20label%3A%22acknowledged%22
help wanted	https://github.com/gitpython-developers/GitPython/issues?q=state%3Aopen%20label%3A%22help%20wanted%22
	https://github.com
Terms	https://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacy	https://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Security	https://github.com/security
Status	https://www.githubstatus.com/
Community	https://github.community/
Docs	https://docs.github.com/
Contact	https://support.github.com?tags=dotcom-footer

Viewport: width=device-width

URLs of crawlers that visited me.