Commit ca965ec

authored

Merge pull request #1609 from Beuc/block-insecure-options-clone-non-multi

Block insecure non-multi options in clone/clone_from

2 parents c09a71e + 5c59e0d commit ca965ecCopy full SHA for ca965ec

File tree

2 files changed

+25

-1

lines changed

git/repo
- base.py
test
- test_repo.py

2 files changed

+25

-1

lines changed

`‎git/repo/base.py‎`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1203,6 +1203,8 @@ def _clone(`
`1203`	`1203`
`1204`	`1204`	`if not allow_unsafe_protocols:`
`1205`	`1205`	`Git.check_unsafe_protocols(str(url))`
	`1206`	`+ if not allow_unsafe_options:`
	`1207`	`+ Git.check_unsafe_options(options=list(kwargs.keys()), unsafe_options=cls.unsafe_git_clone_options)`
`1206`	`1208`	`if not allow_unsafe_options and multi_options:`
`1207`	`1209`	`Git.check_unsafe_options(options=multi_options, unsafe_options=cls.unsafe_git_clone_options)`
`1208`	`1210`

`‎test/test_repo.py‎`

Lines changed: 23 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -282,6 +282,17 @@ def test_clone_unsafe_options(self, rw_repo):`
`282`	`282`	`rw_repo.clone(tmp_dir, multi_options=[unsafe_option])`
`283`	`283`	`assert not tmp_file.exists()`
`284`	`284`
	`285`	`+ unsafe_options = [`
	`286`	`+ {"upload-pack": f"touch {tmp_file}"},`
	`287`	`+ {"u": f"touch {tmp_file}"},`
	`288`	`+ {"config": "protocol.ext.allow=always"},`
	`289`	`+ {"c": "protocol.ext.allow=always"},`
	`290`	`+ ]`
	`291`	`+ for unsafe_option in unsafe_options:`
	`292`	`+ with self.assertRaises(UnsafeOptionError):`
	`293`	`+ rw_repo.clone(tmp_dir, **unsafe_option)`
	`294`	`+ assert not tmp_file.exists()`
	`295`	`+`
`285`	`296`	`@with_rw_repo("HEAD")`
`286`	`297`	`def test_clone_unsafe_options_allowed(self, rw_repo):`
`287`	`298`	`with tempfile.TemporaryDirectory() as tdir:`
`@@ -341,6 +352,17 @@ def test_clone_from_unsafe_options(self, rw_repo):`
`341`	`352`	`Repo.clone_from(rw_repo.working_dir, tmp_dir, multi_options=[unsafe_option])`
`342`	`353`	`assert not tmp_file.exists()`
`343`	`354`
	`355`	`+ unsafe_options = [`
	`356`	`+ {"upload-pack": f"touch {tmp_file}"},`
	`357`	`+ {"u": f"touch {tmp_file}"},`
	`358`	`+ {"config": "protocol.ext.allow=always"},`
	`359`	`+ {"c": "protocol.ext.allow=always"},`
	`360`	`+ ]`
	`361`	`+ for unsafe_option in unsafe_options:`
	`362`	`+ with self.assertRaises(UnsafeOptionError):`
	`363`	`+ Repo.clone_from(rw_repo.working_dir, tmp_dir, **unsafe_option)`
	`364`	`+ assert not tmp_file.exists()`
	`365`	`+`
`344`	`366`	`@with_rw_repo("HEAD")`
`345`	`367`	`def test_clone_from_unsafe_options_allowed(self, rw_repo):`
`346`	`368`	`with tempfile.TemporaryDirectory() as tdir:`
`@@ -1410,4 +1432,4 @@ def test_ignored_raises_error_w_symlink(self):`
`1410`	`1432`	`os.symlink(tmp_dir / "target", tmp_dir / "symlink")`
`1411`	`1433`
`1412`	`1434`	`with pytest.raises(GitCommandError):`
`1413`		`- temp_repo.ignored(tmp_dir / "symlink/file.txt")`
	`1435`	`+ temp_repo.ignored(tmp_dir / "symlink/file.txt")`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit ca965ec

File tree

2 files changed

2 files changed

`‎git/repo/base.py‎`

`‎test/test_repo.py‎`

0 commit comments