Lines Matching full:git

4 Subject: [PATCH] python3-git: CVE-2022-24439 fix from PR 1521
7 Since the URL is passed directly to git clone, and the remote-ext helper
20  git/cmd.py                    | 51 ++++++++++++++++++++++++--
21  git/exc.py                    |  8 ++++
22  git/objects/submodule/base.py | 19 ++++++----
23  git/remote.py                 | 69 +++++++++++++++++++++++++++++++----
24  git/repo/base.py              | 44 ++++++++++++++++++----
27 diff --git a/git/cmd.py b/git/cmd.py
29 --- a/git/cmd.py
30 +++ b/git/cmd.py
39 @@ -31,7 +32,9 @@ from git.util import is_cygwin_git, cygpath, expand_path, remove_password_if_pre
50 @@ -225,6 +228,8 @@ class Git(LazyMixin):
59 @@ -400,6 +405,44 @@ class Git(LazyMixin):
67 +        Apart from the usual protocols (http, git, ssh),
68 +        Git allows "remote helpers" that have the form `<transport>::<address>`,
71 +        - https://git-scm.com/docs/gitremote-helpers
72 +        - https://git-scm.com/docs/git-remote-ext
85 +        Some options that are passed to `git <command>` can be used to execute
104 @@ -1068,12 +1111,12 @@ class Git(LazyMixin):
119 @@ -1154,7 +1197,7 @@ class Git(LazyMixin):
128 diff --git a/git/exc.py b/git/exc.py
130 --- a/git/exc.py
131 +++ b/git/exc.py
147 diff --git a/git/objects/submodule/base.py b/git/objects/submodule/base.py
149 --- a/git/objects/submodule/base.py
150 +++ b/git/objects/submodule/base.py
165 -        clone = git.Repo.clone_from(url, module_checkout_path, **kwargs)
166 +        clone = git.Repo.clone_from(url, module_checkout_path, allow_unsafe_options=allow_unsafe_o…
168          if cls._need_gitfile_submodules(repo.git):
191          ## See #525 for ensuring git urls in config-files valid under Windows.
212 diff --git a/git/remote.py b/git/remote.py
214 --- a/git/remote.py
215 +++ b/git/remote.py
222 +        # https://git-scm.com/docs/git-fetch#Documentation/git-fetch.txt---upload-packltupload-pac…
227 +        # https://git-scm.com/docs/git-pull#Documentation/git-pull.txt---upload-packltupload-packgt
232 +        # https://git-scm.com/docs/git-push#Documentation/git-push.txt---execltgit-receive-packgt
247          """Configure URLs on current remote (cf command git remote set_url)
255 +            Git.check_unsafe_protocols(new_url)
259 -            self.repo.git.remote(scmd, self.name, new_url, old_url, **kwargs)
260 +            self.repo.git.remote(scmd, "--", self.name, new_url, old_url, **kwargs)
262 -            self.repo.git.remote(scmd, self.name, new_url, **kwargs)
263 +            self.repo.git.remote(scmd, "--", self.name, new_url, **kwargs)
268          """Adds a new url on current remote (special case of git remote set_url)
279          """Deletes a new url on current remote (special case of git remote set_url)
293 -        repo.git.remote(scmd, name, Git.polish_url(url), **kwargs)
294 +        url = Git.polish_url(url)
296 +            Git.check_unsafe_protocols(url)
297 +        repo.git.remote(scmd, "--", name, url, **kwargs)
317 +                    Git.check_unsafe_protocols(ref)
320 +            Git.check_unsafe_options(options=list(kwargs.keys()), unsafe_options=self.unsafe_git_f…
322          proc = self.repo.git.fetch("--", self, *args, as_process=True, with_stdout=False,
337          kwargs = add_progress(kwargs, self.repo.git, progress)
339 +        refspec = Git._unpack_args(refspec or [])
342 +                Git.check_unsafe_protocols(ref)
345 +            Git.check_unsafe_options(options=list(kwargs.keys()), unsafe_options=self.unsafe_git_p…
347          proc = self.repo.git.pull("--", self, refspec, with_stdout=False, as_process=True,
362          kwargs = add_progress(kwargs, self.repo.git, progress)
364 +        refspec = Git._unpack_args(refspec or [])
367 +                Git.check_unsafe_protocols(ref)
370 +            Git.check_unsafe_options(options=list(kwargs.keys()), unsafe_options=self.unsafe_git_p…
372          proc = self.repo.git.push("--", self, refspec, porcelain=True, as_process=True,
375 diff --git a/git/repo/base.py b/git/repo/base.py
377 --- a/git/repo/base.py
378 +++ b/git/repo/base.py
379 @@ -24,7 +24,11 @@ from git.compat import (
381  from git.config import GitConfigParser
382  from git.db import GitCmdObjectDB
383 -from git.exc import InvalidGitRepositoryError, NoSuchPathError, GitCommandError
384 +from git.exc import (
389  from git.index import IndexFile
390  from git.objects import Submodule, RootModule, Commit
391  from git.refs import HEAD, Head, Reference, TagReference
398 +        # https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---upload-packltupload-pac…
403 +        # https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---configltkeygtltvaluegt
413 … def _clone(cls, git: 'Git', url: PathLike, path: PathLike, odb_default_type: Type[GitCmdObjectDB],
427 +            Git.check_unsafe_protocols(str(url))
429 +            Git.check_unsafe_options(options=multi_options, unsafe_options=cls.unsafe_git_clone_op…
431 …proc = git.clone("--", multi, Git.polish_url(str(url)), clone_path, with_extended_output=True, as_…
432                           v=True, universal_newlines=True, **add_progress(kwargs, git, progress))
444          :param path: is the full path of the new repo (traditionally ends with ./<name>.git).
453              * All remaining keyword arguments are given to the git-clone command
455          :return: ``git.Repo`` (the newly cloned repo)"""
456 -        return self._clone(self.git, self.common_dir, path, type(self.odb), progress, multi_option…
457 +        return self._clone(self.git, self.common_dir, path, type(self.odb), progress, multi_option…
469 … :param url: valid git url, see http://www.kernel.org/pub/software/scm/git/docs/git-clone.html#URLS
477          git = cls.GitCommandWrapperType(os.getcwd())
479              git.update_environment(**env)
480 -        return cls._clone(git, url, to_path, GitCmdObjectDB, progress, multi_options, **kwargs)
481 +        return cls._clone(git, url, to_path, GitCmdObjectDB, progress, multi_options,