From f8792d9c5c6fd26282fd1025e3b6e7abd455ddd5 Mon Sep 17 00:00:00 2001
From: Frej Drejhammar <frej.drejhammar@gmail.com>
Date: Fri, 15 Apr 2016 15:39:12 +0200
Subject: [PATCH] Switch from os.popen() to subprocess.check_output() for
 running git rev-parse

os.popen() uses the shell, this is dangerous when the branch-name
contains characters which are interpreted by the shell, therefore switch
to subprocess.check_output() which doesn't involve the shell.

This closes issue #66.
---
 hg2git.py | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/hg2git.py b/hg2git.py
index c58cade..6634521 100755
--- a/hg2git.py
+++ b/hg2git.py
@@ -7,6 +7,7 @@ from mercurial import hg,util,ui,templatefilters
 import re
 import os
 import sys
+import subprocess
 
 # default git branch name
 cfg_master='master'
@@ -105,12 +106,10 @@ def save_cache(filename,cache):
 def get_git_sha1(name,type='heads'):
   try:
     # use git-rev-parse to support packed refs
-    cmd="git rev-parse --verify refs/%s/%s 2>%s" % (type,name,os.devnull)
-    p=os.popen(cmd)
-    l=p.readline()
-    p.close()
+    ref="refs/%s/%s" % (type,name)
+    l=subprocess.check_output(["git", "rev-parse", "--verify", "--quiet", ref])
     if l == None or len(l) == 0:
       return None
     return l[0:40]
-  except IOError:
+  except subprocess.CalledProcessError:
     return None
-- 
2.11.4.GIT