From d1fdaf186d4ed28db9dbc6205200329f9ace77a2 Mon Sep 17 00:00:00 2001
From: Illia Chub <ilchub@localhost.localdomain>
Date: Tue, 30 Nov 2021 07:10:00 +0200
Subject: [PATCH] Mitigated possible directory escape scenario

---
 selfprivacy_api/resources/services/update.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/selfprivacy_api/resources/services/update.py b/selfprivacy_api/resources/services/update.py
index 4ef4a4b..ff812b4 100644
--- a/selfprivacy_api/resources/services/update.py
+++ b/selfprivacy_api/resources/services/update.py
@@ -31,8 +31,10 @@ class PullRepositoryChanges(Resource):
 
         git_pull_command = ["git", "pull"]
 
-
+        current_working_directory = os.getcwd()
         os.chdir("/etc/nixos")
+
+
         git_pull_process_descriptor = subprocess.Popen(
             git_pull_command,
             stdout=subprocess.PIPE,
@@ -43,6 +45,8 @@ class PullRepositoryChanges(Resource):
 
         git_pull_process_descriptor.communicate()[0]
 
+        os.chdir(current_working_directory)
+
         if git_pull_process_descriptor.returncode == 0:
             return {
                 "status": 0,