Content-Length: 3095 | pFad | http://github.com/gitpython-developers/GitPython/pull/1609.patch

thub.com From 5c59e0d63da6180db8a0b349f0ad36fef42aceed Mon Sep 17 00:00:00 2001 From: Sylvain Beucler Date: Mon, 10 Jul 2023 16:10:10 +0200 Subject: [PATCH] Block insecure non-multi options in clone/clone_from Follow-up to #1521 --- git/repo/base.py | 2 ++ test/test_repo.py | 24 +++++++++++++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/git/repo/base.py b/git/repo/base.py index 2fc9cf1fe..1fa98d8c7 100644 --- a/git/repo/base.py +++ b/git/repo/base.py @@ -1203,6 +1203,8 @@ def _clone( if not allow_unsafe_protocols: Git.check_unsafe_protocols(str(url)) + if not allow_unsafe_options: + Git.check_unsafe_options(options=list(kwargs.keys()), unsafe_options=cls.unsafe_git_clone_options) if not allow_unsafe_options and multi_options: Git.check_unsafe_options(options=multi_options, unsafe_options=cls.unsafe_git_clone_options) diff --git a/test/test_repo.py b/test/test_repo.py index 07c1e9adf..5c66aeeb1 100644 --- a/test/test_repo.py +++ b/test/test_repo.py @@ -282,6 +282,17 @@ def test_clone_unsafe_options(self, rw_repo): rw_repo.clone(tmp_dir, multi_options=[unsafe_option]) assert not tmp_file.exists() + unsafe_options = [ + {"upload-pack": f"touch {tmp_file}"}, + {"u": f"touch {tmp_file}"}, + {"config": "protocol.ext.allow=always"}, + {"c": "protocol.ext.allow=always"}, + ] + for unsafe_option in unsafe_options: + with self.assertRaises(UnsafeOptionError): + rw_repo.clone(tmp_dir, **unsafe_option) + assert not tmp_file.exists() + @with_rw_repo("HEAD") def test_clone_unsafe_options_allowed(self, rw_repo): with tempfile.TemporaryDirectory() as tdir: @@ -341,6 +352,17 @@ def test_clone_from_unsafe_options(self, rw_repo): Repo.clone_from(rw_repo.working_dir, tmp_dir, multi_options=[unsafe_option]) assert not tmp_file.exists() + unsafe_options = [ + {"upload-pack": f"touch {tmp_file}"}, + {"u": f"touch {tmp_file}"}, + {"config": "protocol.ext.allow=always"}, + {"c": "protocol.ext.allow=always"}, + ] + for unsafe_option in unsafe_options: + with self.assertRaises(UnsafeOptionError): + Repo.clone_from(rw_repo.working_dir, tmp_dir, **unsafe_option) + assert not tmp_file.exists() + @with_rw_repo("HEAD") def test_clone_from_unsafe_options_allowed(self, rw_repo): with tempfile.TemporaryDirectory() as tdir: @@ -1410,4 +1432,4 @@ def test_ignored_raises_error_w_symlink(self): os.symlink(tmp_dir / "target", tmp_dir / "symlink") with pytest.raises(GitCommandError): - temp_repo.ignored(tmp_dir / "symlink/file.txt") \ No newline at end of file + temp_repo.ignored(tmp_dir / "symlink/file.txt")

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier! Saves Data!