Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit ca965ec

Browse files
authored
Merge pull request #1609 from Beuc/block-insecure-options-clone-non-multi
Block insecure non-multi options in clone/clone_from
2 parents c09a71e + 5c59e0d commit ca965ec

File tree

2 files changed

+25
-1
lines changed

2 files changed

+25
-1
lines changed

‎git/repo/base.py‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1203,6 +1203,8 @@ def _clone(
12031203

12041204
if not allow_unsafe_protocols:
12051205
Git.check_unsafe_protocols(str(url))
1206+
if not allow_unsafe_options:
1207+
Git.check_unsafe_options(options=list(kwargs.keys()), unsafe_options=cls.unsafe_git_clone_options)
12061208
if not allow_unsafe_options and multi_options:
12071209
Git.check_unsafe_options(options=multi_options, unsafe_options=cls.unsafe_git_clone_options)
12081210

‎test/test_repo.py‎

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -282,6 +282,17 @@ def test_clone_unsafe_options(self, rw_repo):
282282
rw_repo.clone(tmp_dir, multi_options=[unsafe_option])
283283
assert not tmp_file.exists()
284284

285+
unsafe_options = [
286+
{"upload-pack": f"touch {tmp_file}"},
287+
{"u": f"touch {tmp_file}"},
288+
{"config": "protocol.ext.allow=always"},
289+
{"c": "protocol.ext.allow=always"},
290+
]
291+
for unsafe_option in unsafe_options:
292+
with self.assertRaises(UnsafeOptionError):
293+
rw_repo.clone(tmp_dir, **unsafe_option)
294+
assert not tmp_file.exists()
295+
285296
@with_rw_repo("HEAD")
286297
def test_clone_unsafe_options_allowed(self, rw_repo):
287298
with tempfile.TemporaryDirectory() as tdir:
@@ -341,6 +352,17 @@ def test_clone_from_unsafe_options(self, rw_repo):
341352
Repo.clone_from(rw_repo.working_dir, tmp_dir, multi_options=[unsafe_option])
342353
assert not tmp_file.exists()
343354

355+
unsafe_options = [
356+
{"upload-pack": f"touch {tmp_file}"},
357+
{"u": f"touch {tmp_file}"},
358+
{"config": "protocol.ext.allow=always"},
359+
{"c": "protocol.ext.allow=always"},
360+
]
361+
for unsafe_option in unsafe_options:
362+
with self.assertRaises(UnsafeOptionError):
363+
Repo.clone_from(rw_repo.working_dir, tmp_dir, **unsafe_option)
364+
assert not tmp_file.exists()
365+
344366
@with_rw_repo("HEAD")
345367
def test_clone_from_unsafe_options_allowed(self, rw_repo):
346368
with tempfile.TemporaryDirectory() as tdir:
@@ -1410,4 +1432,4 @@ def test_ignored_raises_error_w_symlink(self):
14101432
os.symlink(tmp_dir / "target", tmp_dir / "symlink")
14111433

14121434
with pytest.raises(GitCommandError):
1413-
temp_repo.ignored(tmp_dir / "symlink/file.txt")
1435+
temp_repo.ignored(tmp_dir / "symlink/file.txt")

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /