Description
In api/project.py, os.chdir() is called to change the working directory:
def process_git_history(self, ignore: Optional[List[str]] = []) -> GitGraph:
original_dir = Path.cwd()
os.chdir(self.path) # line ~104
git_graph = build_commit_graph(self.path, self.analyzer, self.name, ignore)
os.chdir(original_dir) # line ~110
return git_graphos.chdir() changes the CWD for the entire process. In a multi-threaded web server, concurrent requests will interfere with each other. Additionally, if an exception occurs between the two chdir calls, the directory is never restored.
Impact
- Concurrent requests can corrupt each other's working directory
- An exception leaves the process in an unexpected CWD permanently
Suggested Fix
Use subprocess(cwd=...) or pathlib with absolute paths instead of changing global process state. If os.chdir() is unavoidable, use a try/finally block at minimum.
Context
Found during code review of PR #522.
Description
In
api/project.py,os.chdir()is called to change the working directory:os.chdir()changes the CWD for the entire process. In a multi-threaded web server, concurrent requests will interfere with each other. Additionally, if an exception occurs between the twochdircalls, the directory is never restored.Impact
Suggested Fix
Use
subprocess(cwd=...)orpathlibwith absolute paths instead of changing global process state. Ifos.chdir()is unavoidable, use atry/finallyblock at minimum.Context
Found during code review of PR #522.