From 6401552579eff8ddbce39773a974e39312400f47 Mon Sep 17 00:00:00 2001 From: Jesse Schwartzentruber Date: Tue, 18 Jun 2024 10:07:55 -0400 Subject: [PATCH] [orion-ci] Strip out C:\Users\Administrator from PATH --- services/orion-decision/src/orion_decision/cli.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/services/orion-decision/src/orion_decision/cli.py b/services/orion-decision/src/orion_decision/cli.py index c8e93c26..1e3c7de6 100644 --- a/services/orion-decision/src/orion_decision/cli.py +++ b/services/orion-decision/src/orion_decision/cli.py @@ -331,7 +331,22 @@ def ci_launch() -> None: """CI task entrypoint.""" args = parse_ci_launch_args() configure_logging(level=args.log_level) + # copy environment and filter out `Administrator` paths + # which we shouldn't have access to + # this broke tox either in 4.15 or when some permission thing changed + # in the Windows AMI env = os_environ.copy() + if "PATH" in env: + env["PATH"] = ";".join( + p + for p in env["PATH"].split(";") + if p + # check if path starts with `\Users\Administrator\` + # skipping drive (parts[0]) and ignoring case + # this only works on English machines ¯\_(ツ)_/¯ + and [pt.casefold() for pt in Path(p).resolve().parts[1:3]] + == ["users", "administrator"] + ) # fetch secrets LOG.info("Fetching %d secrets", len(args.job.secrets)) for secret in args.job.secrets: