From e3cf0975f9074f221974f7f7c82389786854999d Mon Sep 17 00:00:00 2001
From: Rory Prendergast <rory.prendergast@tanium.com>
Date: Tue, 2 Jan 2018 10:51:13 -0800
Subject: [PATCH 1/3] Adds whitelist for GIT_* env vars containing only GIT_SSH

---
 pre_commit/util.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pre_commit/util.py b/pre_commit/util.py
index 10d78d99..a0eb3764 100644
--- a/pre_commit/util.py
+++ b/pre_commit/util.py
@@ -76,8 +76,11 @@ def no_git_env():
     # while running pre-commit hooks in submodules.
     # GIT_DIR: Causes git clone to clone wrong thing
     # GIT_INDEX_FILE: Causes 'error invalid object ...' during commit
+
+    # list of explicitly whitelisted variables
+    allowed_git_envs = ['GIT_SSH']
     return {
-        k: v for k, v in os.environ.items() if not k.startswith('GIT_')
+        k: v for k, v in os.environ.items() if not k.startswith('GIT_') or k in allowed_git_envs
     }
 
 

From 9eadfb92fd8ac17987d9e7babf0b9c3dda85b410 Mon Sep 17 00:00:00 2001
From: Rory Prendergast <rory.prendergast@tanium.com>
Date: Tue, 2 Jan 2018 12:57:18 -0800
Subject: [PATCH 2/3] reduces line length

---
 pre_commit/util.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/pre_commit/util.py b/pre_commit/util.py
index a0eb3764..81cd3064 100644
--- a/pre_commit/util.py
+++ b/pre_commit/util.py
@@ -77,10 +77,9 @@ def no_git_env():
     # GIT_DIR: Causes git clone to clone wrong thing
     # GIT_INDEX_FILE: Causes 'error invalid object ...' during commit
 
-    # list of explicitly whitelisted variables
-    allowed_git_envs = ['GIT_SSH']
     return {
-        k: v for k, v in os.environ.items() if not k.startswith('GIT_') or k in allowed_git_envs
+        k: v for k, v in os.environ.items()
+        if not k.startswith('GIT_') or k in {'GIT_SSH'}
     }
 
 

From 355196f92ed46272f236b2f1e23ca0cf0d8be8bd Mon Sep 17 00:00:00 2001
From: Rory Prendergast <rory.prendergast@tanium.com>
Date: Tue, 2 Jan 2018 12:59:09 -0800
Subject: [PATCH 3/3] backs out unnecessary blank line

---
 pre_commit/util.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/pre_commit/util.py b/pre_commit/util.py
index 81cd3064..081adf27 100644
--- a/pre_commit/util.py
+++ b/pre_commit/util.py
@@ -76,7 +76,6 @@ def no_git_env():
     # while running pre-commit hooks in submodules.
     # GIT_DIR: Causes git clone to clone wrong thing
     # GIT_INDEX_FILE: Causes 'error invalid object ...' during commit
-
     return {
         k: v for k, v in os.environ.items()
         if not k.startswith('GIT_') or k in {'GIT_SSH'}